An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information

  • Manuel Blum
  • Shafi Goldwasser
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 196)


This paper introduces the first probabilistic public-key encryption scheme which combines the following two properties:
  1. (1)

    Perfect secrecy with respect to polynomial time eavesdroppers: For all message spaces, no polynomial time bounded passive adversary who is tapping the lines, can compute any partial information about messages from their encodings, unless factoring composite integers is in probabilistic polynomial time.

  2. (2)

    Efficiecy: It compares favorably with the deterministic RSA public-key cryptosystem in both encoding and decoding time and bandwidth expansion.


The security of the system we propose can also be based on the assumption that the RSA function is intractable, maintaining the same cost for encoding and decoding and the Same data expansion. This implementation may have advantages in practice.

Key Words

probabilistic encryption partial information integer factorization passive adversaries chosen cyphertext attack 


  1. [ABCGM]
    Awerbach, Blum, Chor, Goldwasser, Micali, A Provably Fair Coin Toss in A Byzantine Network, Submitted to PODC 1985.Google Scholar
  2. [CG]
    Chor, Goldreich, RSA/Rabin Bits are \( {1 \mathord{\left/ {\vphantom {1 2}} \right. \kern-\nulldelimiterspace} 2} + \frac{1} {{poly \left( {\left| N \right|} \right)}} \) secure, Proc. of Crypto 84, Santa Barbara.Google Scholar
  3. [B]
    M. Blum, private communication.Google Scholar
  4. [BBS]
    L. Blum, M. Blum and M. Shub, A simple secure pseudo random number generator. Advances in Cryptology: Proc. of CRYPTO-82, ed D. Chaum. R.L. Rivest and A.T. Sherman. Plenum press 1983, pp 61–78.Google Scholar
  5. [BCS]
    Ben-Or, Chor, Shamir, On the Security of RSA Bits. Proceedings of 15th ACM symposuim on Theory of Computation, April 1983. pp. 421–430Google Scholar
  6. [BD]
    A. Broder. and D. Dolev. On Flipping Coins in Many Pockets. 25th IEEE FOCS, 1984.Google Scholar
  7. [BM]
    M. Blum and S. Micali, How to generate cryptographically strong sequences of pseudo-random bits Proc 23rd IEEE Symp. on Foundations of Computer Science, 1982, pp 112–117Google Scholar
  8. [DH]
    Diffie and Hellman, New Directions in Cryptography, IEEE Transactions on Infromation Theory.Google Scholar
  9. [GM]
    S. Goldwasser and S. Micali, Probabilistic Encryption, JCSS 28(2), 1984. ReferencesGoogle Scholar
  10. [GM2]
    Goldwasser and Micali, Probabilistic Encryption and How to Play Mental Poker Keeping Secret All Partial Infroniation, 1982 14th STOC.Google Scholar
  11. [GMT]
    S. Goldwasser, S. Micali and P. Tong, Why and how to establish a private code on a public network, Proc. 23rd IEEE Symp. on Foundations of Computer Science, 1982, pp 134–144Google Scholar
  12. [GMR]
    S. Goldwasser, S. Micali and R. Rivest, Probabilistic Signature SEcure Against Chosen Cyphertext Attack. In Preparation.Google Scholar
  13. [H]
    J. Hastad, On Using RSA with Low Exponent in A Public Key Network In Preparation.Google Scholar
  14. [L]
    D. Lipton. How to Cheat in Mental Poker.Google Scholar
  15. [Ra]
    M. Rabin, Digital Signatures as Intractable as Factorization.Google Scholar
  16. [RSA]
    R. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public key crypltosystems, Commun. ACM, vol. 21, Feb. 1978. pp 120–126MATHCrossRefMathSciNetGoogle Scholar
  17. [Y]
    A.C. Yao. Theory and applications of trapdoor functions, Proc. 23rd IEEE Symp. on Foundations of Computer Science, 1982, pp 80–91.Google Scholar
  18. [Sh]
    C. Shannon, A Mathematical Theory of Cryptography, 1945.Google Scholar
  19. [VV]
    V. Vazirani, U. Vazirani Trapdoor Pseudo-Random Number Generators with Applications to Protocol Design, 1983.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1985

Authors and Affiliations

  • Manuel Blum
    • 1
  • Shafi Goldwasser
    • 2
  1. 1.Computer Science DepartmentUniversity of California at BerkeleyBerkeleyUSA
  2. 2.Laboratory for Computer ScienceMassachusetts Institute of TechnologyCambridgeUSA

Personalised recommendations