Paillier’s Cryptosystem Modulo p2q and Its Applications to Trapdoor Commitment Schemes

  • Katja Schmidt-Samoa
  • Tsuyoshi Takagi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3715)


In 1998/99, T. Okamoto and S. Uchiyama on the one hand and P. Paillier on the other hand introduced homomorphic encryption schemes semantically secure against passive adversaries (IND-CPA). Both schemes follow in the footsteps of Goldwasser-Micali, Benaloh-Fischer and Naccache-Stern cryptosystems, and yield their improvements above the latter by changing the group structure. Paillier’s scheme works in the group \({\mathbb Z}^{\times}_{n^{2}}\) where n is an RSA modulus, whilst Okamoto-Uchiyama is located in the group \({\mathbb Z}^{\times}_{n}\) for n of p2q type. The new schemes attracted much attention because of their rich mathematical structure. It is notable that Okamoto-Uchiyama is one-way under the p2q factoring assumption, whilst there is no reduction known from the one-wayness of Paillier’s scheme to a standard computational assumption.

In this paper we point out that the combination of both techniques yields a new scheme that inherits all the nice properties of Paillier’s scheme and that is one-way under the p2q factoring assumption. The one-wayness is based on a new trapdoor one-way function which might be of independent interest. In addition, we show how to construct trapdoor commitment schemes with practical applications based on our new scheme and on the trapdoor function. Among other things, we propose a trapdoor commitment scheme that perfectly meets the requirements to construct Shamir-Tauman on-line/off-line signatures.


homomorphic encryption trapdoor commitments trapdoor hash families on-line/off-line signatures chameleon signatures 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ADR02]
    An, J.H., Dodis, Y., Rabin, T.: On the security of joint signature and encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 83–107. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. [AM94]
    Adleman, L.M., McCurley, K.S.: Open problems in number theoretic complexity, ii. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 291–322. Springer, Heidelberg (1994)Google Scholar
  3. [BCP03]
    Bresson, E., Catalano, D., Pointcheval, D.: A simple public-key cryptosystem with a double trapdoor decryption mechanism and its applications. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 37–54. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. [BDHG99]
    Boneh, D., Durfee, G., Howgrave-Graham, N.: Factoring N = p r q for large r. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 326–337. Springer, Heidelberg (1999)Google Scholar
  5. [BK90]
    Boyar, J.F., Kurtz, S.A.: A discrete logarithm implementation of perfect zero-knowledge blobs. Journal of Cryptology 2(2), 63–76 (1990)MATHCrossRefMathSciNetGoogle Scholar
  6. [CF85]
    Cohen, J.D., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme. In: Symposium on Foundations of Computer Science – Proceedings of FOCS 1986, pp. 372–382 (1985)Google Scholar
  7. [CGHGN01]
    Catalano, D., Gennaro, R., Howgrave-Graham, N., Nguyen, P.: Paillier’s cryptosystem revisited. In: Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS-2001), pp. 206–214 (2001)Google Scholar
  8. [EGM96]
    Even, S., Goldreich, O., Micali, S.: On-line/off-line digital signatures. Journal of Cryptology 9(1), 35–67 (1996)MATHCrossRefMathSciNetGoogle Scholar
  9. [FF02]
    Fischlin, M., Fischlin, R.: The representation problem based on factoring. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 96–113. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. [FKM+]
    Fujisaki, E., Kobayashi, T., Morita, H., Oguro, H., Okamoto, T., Okazaki, S., Pointcheval, D., Uchiyama, S.: EPOC: Efficient probabilistic public-key encryption (submitted to ISO and NESSIE)Google Scholar
  11. [FOM91]
    Fujioka, A., Okamoto, T., Miyaguchi, S.: ESIGN: An efficient digital signature implementation for smart cards. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 446–457. Springer, Heidelberg (1991)Google Scholar
  12. [Gen04]
    Gennaro, R.: Multi-trapdoor commitments and their applications to proofs of knowledge secure under concurrent man-in-the-middle attacks. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 220–236. Springer, Heidelberg (2004)Google Scholar
  13. [GM84]
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28, 270–299 (1984)MATHCrossRefMathSciNetGoogle Scholar
  14. [KR00]
    Krawczyk, H., Rabin, T.: Chameleon signatures. In: NDSS, The Internet Society (2000)Google Scholar
  15. [Len87]
    Lenstra Jr., H.W.: Factoring integers with elliptic curves. Annals of Mathematics 126, 649–673 (1987)CrossRefMathSciNetGoogle Scholar
  16. [LL93]
    Lenstra, A.K., Lenstra Jr., H.W. (eds.): The Development of the Number Field Sieve. Lecture Notes in Mathematics, vol. 1554. Springer, Heidelberg (1993)MATHGoogle Scholar
  17. [NS98]
    Naccache, D., Stern, J.: A new public key cryptosystem based on higher residues. In: Proceedings of the 5th ACM Conference on Computer and Communications Security (CCS-1998), pp. 59–66. ACM Press, New York (1998)CrossRefGoogle Scholar
  18. [OP00]
    Okamoto, T., Pointcheval, D.: EPOC-3 - efficient probabilistic public-key encryption (2000) (submitted to IEEE P1363)Google Scholar
  19. [OU98]
    Okamoto, T., Uchiyama, S.: A new public-key cryptosystem as secure as factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 308–318. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  20. [Pai99]
    Paillier, P.: Public key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  21. [PO96]
    Peralta, R., Okamoto, E.: Faster factoring of integers of a special form. TIEICE: IEICE Transactions on Communications/Electronics/Information and Systems E79-A(4), 489–493 (1996)Google Scholar
  22. [ST01]
    Shamir, A., Tauman, Y.: Improved online/offline signature schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. [Tak98]
    Takagi, T.: Fast RSA-type cryptosystem modulo p k q. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 318–326. Springer, Heidelberg (1998)Google Scholar
  24. [Tak04]
    Takagi, T.: A fast RSA-type public-key primitive modulo p k q using Hensel lifting. IEICE Transactions E87-A(1), 94–101 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Katja Schmidt-Samoa
    • 1
  • Tsuyoshi Takagi
    • 2
  1. 1.Fachbereich InformatikTechnische Universität DarmstadtDarmstadtGermany
  2. 2.Hakodate, School of Systems Information ScienceFuture UniversityHokkaidoJapan

Personalised recommendations