A new public-key cryptosystem as secure as factoring

  • Tatsuaki Okamoto
  • Shigenori Uchiyama
Conference paper

DOI: 10.1007/BFb0054135

Part of the Lecture Notes in Computer Science book series (LNCS, volume 1403)
Cite this paper as:
Okamoto T., Uchiyama S. (1998) A new public-key cryptosystem as secure as factoring. In: Nyberg K. (eds) Advances in Cryptology — EUROCRYPT'98. EUROCRYPT 1998. Lecture Notes in Computer Science, vol 1403. Springer, Berlin, Heidelberg


This paper proposes a novel public-key cryptosystem, which is practical, provably secure and has some other interesting properties as follows:
  1. 1.

    Its trapdoor technique is essentially different from any other previous schemes including RSA-Rabin and Diffie-Hellman.

  2. 2.

    It is a probabilistic encryption scheme.

  3. 3.

    It can be proven to be as secure as the intractability of factoring n = p2q (in the sense of the security of the whole plaintext) against passive adversaries.

  4. 4.

    It is semantically secure under the p-subgroup assumption, which is comparable to the quadratic residue and higher degree residue assumptions.

  5. 5.

    Under the most practical environment, the encryption and decryption speeds of our scheme are comparable to (around twice slower than) those of elliptic curve cryptosystems.

  6. 6.

    It has a homomorphic property: E(m0, r0)E(m1, r1) mod n = E(@#@ m0 + m1, r2), where E(m, r) means a ciphertext of plaintext m as randomized by r and m0+ m1 < p.

  7. 7.

    Anyone can change a ciphertext, C = E(m, r), into another ciphertext, C′ = Chr' mod n, while preserving plaintext of C (i.e., C′ = E(m,r″)), and the relationship between C and C′ can be concealed.

Download to read the full conference paper text

Copyright information

© Springer-Verlag 1998

Authors and Affiliations

  • Tatsuaki Okamoto
    • 1
  • Shigenori Uchiyama
    • 1
  1. 1.NTT LaboratoriesYokosuka-shiJapan

Personalised recommendations