Trapdooring Discrete Logarithms on Elliptic Curves over Rings

  • Pascal Paillier
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1976)


This paper introduces three new probabilistic encryption schemes using elliptic curves over rings. The cryptosystems are based on three specific trapdoor mechanisms allowing the recipient to recover discrete logarithms on different types of curves. The first scheme is an embodiment of Naccache and Stern’s cryptosystem and realizes a discrete log encryption as originally wanted in [23] by Vanstone and Zuccherato. Our second scheme provides an elliptic curve version of Okamoto and Uchiyama’s probabilistic encryption, thus answering a question left open in [10] by the same authors. Finally, we introduce a Paillier-like encryption scheme based on the use of twists of anomalous curves. Our contributions provide probabilistic, homomorphic and semantically secure cryptosystems that concretize all previous research works on discrete log encryption in the elliptic curve setting.


Elliptic Curve Cryptosystems Discrete Logarithm Encryption Homomorphic Encryption Naccache-Stern Okamoto-Uchiyama Paillier 


  1. 1.
    J. C. Benaloh. Verifiable Secret-Ballot Elections. PhD Thesis, Yale University, 1988.Google Scholar
  2. 2.
    D. Coppersmith. Specialized Integer Factorization. In Advances in Cryptology, Proceedings of Eurocrypt’98, LNCS 1403, Springer-Verlag, pp. 542–545, 1992.Google Scholar
  3. 3.
    J. Feigenbaum, S. Kannan and N. Nisan. Lower Bounds on Random-Self-Reducibility. In Proceedings of Structures 1990, 1990.Google Scholar
  4. 4.
    P-A. Fouque, G. Poupard, and J. Stern. Sharing Decryption in the Context of Voting or Lotteries. In Proceedings of Financial Cryptography’ 00, LNCS, Springer-Verlag, 2000.Google Scholar
  5. 5.
    K. Koyama, U. Maurer, T. Okamoto and S. Vanstone. New Public-Key Schemes based on Elliptic Curves over the ring Zn. In Advances in Cryptology, Proceedings of Crypto’91, LNCS 576, Springer-Verlag, pp. 252–266, 1992.Google Scholar
  6. 6.
    J. McKee and R. Pinch. On a Cryptosystem of Vanstone and Zuccherato. Preprint, 1998.Google Scholar
  7. 7.
    A. Miyaji. Elliptic Curves over Fp Suitable for Cryptosystems. In Advances in Cryptology, Proceedings of Auscrypt’92, LNCS 718, Springer-Verlag, pp. 479–491, 1993.Google Scholar
  8. 8.
    D. Naccache and J. Stern. A New Cryptosystem based on Higher Residues. In Proceedings of the 5th CCCS, ACM Press, pp. 59–66, 1998.Google Scholar
  9. 9.
    T. Okamoto and S. Uchiyama. A New Public Key Cryptosystem as Secure as Factoring. In Advances in Cryptology, Proceedings of Eurocrypt’ 98, LNCS 1403, Springer Verlag, pp. 308–318, 1998.Google Scholar
  10. 10.
    T. Okamoto and S. Uchiyama. Security of an Identity-Based Cryptosystem and he Related Reductions. In Advances in Cryptology, Eurocrypt’98, LNCS 1403, pp. 546–560, Springer Verlag, 1998.CrossRefGoogle Scholar
  11. 11.
    P. Paillier. Public-Key Cryptosystems Based on Composite-Degree Residuosity Classes. In Advances in Cryptology, Eurocrypt’99, LNCS 1592, pp. 223–238, Springer Verlag, 1999.Google Scholar
  12. 12.
    P. Paillier and D. Pointcheval. Efficient Public-Key Cryptosystems Provably Secure Against Active Adversaries. In Advances in Cryptology, Asiacrypt’99, LNCS 1716, pp. 165–179, Springer Verlag, 1999.Google Scholar
  13. 13.
    G. Poupard and J. Stern. Fair Encryption of RSA Keys. In Advances in Cryptology, Eurocrypt’00, LNCS 1807, Springer Verlag, 2000.CrossRefGoogle Scholar
  14. 14.
    M. O. Rabin. Digital Signatures and Public-Key Encryptions as Intractable as Factorization. MIT Technical Report No 212, 1979.Google Scholar
  15. 15.
    R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, vol. 21, no. 2, pp. 120–126, 1978.zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    H.-G. Rück. On the Discrete Logarithm in the Divisor Class Group of Curves. Math. Comp, vol. 68, no. 226, pp. 805–806, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    H.-G. Rück. A Note on Eliiptic Curves over Finite Fields. Math. Comp, vol. 49, no. 179, pp. 301–304, 1987.zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    T. Sander, A. Young and M. Yung. Non-Interactive CryptoComputing for NC1. IEEE FOCS’99, 1999.Google Scholar
  19. 19.
    T. Satoh and K. Araki. Fermat Quotient and the Polynomial Time Discrete Log Algorithm for Anomalous Elliptic Curves. Preprint, 1997.Google Scholar
  20. 20.
    I. A. Semaev. Evaluation of Discrete Logarithms in a Group of p-Torsion Points of an Elliptic Curve in Characteristic p. Math. Comp., vol. 67, pp. 353–356, 1998.zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    J. H. Silverman. The Arithmetic of Elliptic Curves. Springer-Verlag, GTM 106, 1986.Google Scholar
  22. 22.
    N. Smart. The Discrete Logarithm Problem on Elliptic Curves of Trace One. Journal of Cryptology, vol. 12, no. 3, pp. 193–196, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    S. Vanstone and R. Zuccherato. Elliptic Curve Cryptosystem Using Curves of SmoothOrde r Over the Ring Zn. In IEEE Trans. Inf. Theory, vol. 43, no. 4, 1997.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Pascal Paillier
    • 1
  1. 1.Cryptography and Security GroupGemplus Card InternationalIssy-Les-Moulineaux

Personalised recommendations