Public-Key Cryptosystems Based on Composite Degree Residuosity Classes

  • Pascal Paillier
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1592)


This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to public-key cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes: a trapdoor permutation and two homomorphic probabilistic encryption schemes computationally comparable to RSA. Our cryptosystems, based on usual modular arithmetics, are provably secure under appropriate assumptions in the standard model.


Encryption Scheme Signature Scheme Random Oracle Homomorphic Encryption Random Oracle Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    D. Angluin and D. Lichtenstein, Provable Security of Cryptosystems: A Survey, Computer Science Department, Yale University, TR-288, 1983.Google Scholar
  2. 2.
    M. Bellare and P. Rogaway, Random Oracles are Practical: a Paradigm for Designing Efficient Protocols, In Proceedings of the First CCS, ACM Press, pp. 62–73, 1993.Google Scholar
  3. 3.
    J. C. Benaloh, Verifiable Secret-Ballot Elections, PhD Thesis, Yale University, 1988.Google Scholar
  4. 4.
    R. Cramer, R. Gennaro and B. Schoenmakers, A Secure And Optimally Efficient Multi-Authority Election Scheme, LNCS 1233, Proceedings of Eurocrypt’97, Springer-Verlag, pp. 103–118, 1997.Google Scholar
  5. 5.
    W. Diffie and M. Hellman, New Directions in Cryptography, IEEE Transaction on Information Theory, IT-22,6, pp. 644–654, 1995.MathSciNetGoogle Scholar
  6. 6.
    C. Ding, D. Pei and A. Salomaa, Chinese Remainder Theorem — Applications in Computing, Coding, Cryptography, World Scientific Publishing, 1996.Google Scholar
  7. 7.
    T. ElGamal, A Public-Key Cryptosystem an a Signature Scheme Based on Discrete Logarithms, IEEE Trans. on Information Theory, IT-31, pp. 469–472, 1985.CrossRefMathSciNetGoogle Scholar
  8. 8.
    J. Feigenbaum, Locally Random Reductions in Interactive Complexity Theory, in Advances in Computational Complexity Theory, DIMACS Series on Discrete Mathematics and Theoretical Computer Science, vol. 13, American Mathematical Society, Providence, pp. 73–98, 1993.Google Scholar
  9. 9.
    S. Goldwasser and S. Micali, Probabilistic Encryption, JCSS Vol. 28 No 2, pp. 270–299, 1984.zbMATHMathSciNetGoogle Scholar
  10. 10.
    K. Koyama, U. Maurer, T. Okamoto and S. Vanstone, New Public-Key Schemes based on Elliptic Curves over the ring Zn, LNCS 576, Proceedings of Crypto’91, Springer-Verlag, pp. 252–266, 1992.Google Scholar
  11. 11.
    T. Matsumoto and H. Imai, Public Quadratic Polynomial-Tuples for Efficient Signature-Verification and Message-Encryption, LNCS 330, Proceedings of Eurocrypt’88, Springer-Verlag, pp. 419–453, 1988.Google Scholar
  12. 12.
    U. Maurer and S. Wolf, On the Complexity of Breaking the Diffie-Hellman Protocol.Google Scholar
  13. 13.
    R. Merkle and M. Hellman, Hiding Information and Signatures in Trapdoor Knapsacks, IEEE Trans. on Information Theory, Vol. 24, pp. 525–530, 1978.CrossRefGoogle Scholar
  14. 14.
    K. McCurley, A Key Distribution System Equivalent to Factoring, Journal of Cryptology, Vol. 1, pp. 95–105, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    R. McEliece, A Public-Key Cryptosystem Based on Algebraic Coding Theory, DSN Progress Report 42-44, Jet Propulsion Laboratories, Pasadena, 1978.Google Scholar
  16. 16.
    D. Naccache and J. Stern, A New Public-Key Cryptosystem Based on Higher Residues, LNCS 1403, Advances in Cryptology, Proceedings of Eurocrypt’98, Springer-Verlag, pp. 308–318, 1998.Google Scholar
  17. 17.
    D. Naccache and J. Stern, A New Public-Key Cryptosystem, LNCS 1233, Advances in Cryptology, Proceedings of Eurocrypt’97, Springer-Verlag, pp. 27–36, 1997.Google Scholar
  18. 18.
    P. Nguyen and J. Stern, Cryptanalysis of the Ajtai-Dwork Cryptosystem, LNCS 1462, Proceedings of Crypto’98, Springer-Verlag, pp. 223–242, 1998.Google Scholar
  19. 19.
    T. Okamoto and S. Uchiyama, A New Public-Key Cryptosystem as secure as Factoring, LNCS 1403, Advances in Cryptology, Proceedings of Eurocrypt’98, Springer-Verlag, pp. 308–318, 1998.Google Scholar
  20. 20.
    S. Park and D. Won, A Generalization of Public-Key Residue Cryptosystem, In Proceedings of 1993 Korean-Japan Joint Workshop on Information Security and Cryptology, pp. 202–206, 1993.Google Scholar
  21. 21.
    J. Patarin, The Oil and Vinegar Algorithm for Signatures, presented at the Dagstuhl Workshop on Cryptography, 1997.Google Scholar
  22. 22.
    J. Patarin and L. Goubin, Trapdoor One-Way Permutations and Multivariate Polynomials, LNCS 1334, Proceedings of ICICS’97, Springer-Verlag, pp. 356–368, 1997.Google Scholar
  23. 23.
    R. Peralta and E. Okamoto, Faster Factoring of Integers of a Special Form, IEICE, Trans. Fundamentals, E79-A, Vol. 4, pp. 489–493, 1996.Google Scholar
  24. 24.
    M. Rabin, Digital Signatures and Public-Key Encryptions as Intractable as Factorization, MIT Technical Report No 212, 1979.Google Scholar
  25. 25.
    R. Rivest, A. Shamir and L. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, Vol. 21, No 2, pp. 120–126, 1978.zbMATHCrossRefMathSciNetGoogle Scholar
  26. 26.
    A. Salomaa, Public-Key Cryptography, Springer-Verlag, 1990.Google Scholar
  27. 27.
    T. Sander and F. Tschudin, On Software Protection Via Function Hiding, Proceedings of Information Hiding Workshop’98, 1998.Google Scholar
  28. 28.
    S. Vanstone and R. Zuccherato, Elliptic Curve Cryptosystem Using Curves of Smooth Order Over the Ring Zn, IEEE Trans. Inf. Theory, Vol. 43, No 4, July 1997.Google Scholar
  29. 29.
    S. Vaudenay, Cryptanalysis of the Chor-Rivest Cryptosystem, LNCS 1462, Proceedings of Crypto’98, Springer-Verlag, pp. 243–256, 1998.Google Scholar
  30. 30.
    H. Williams, Some Public-Key Crypto-Functions as Intractable as Factorization, LNCS 196, Proceedings of Crypto’84, Springer-Verlag, pp. 66–70, 1985.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Pascal Paillier
    • 1
    • 2
  1. 1.Cryptography DepartmentGEMPLUSIssy-Les-MoulineauxFrance
  2. 2.Computer Science DepartmentENSTParis Cedex 13France

Personalised recommendations