A Trapdoor Permutation Equivalent to Factoring

  • Pascal Paillier
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1560)


In Eurocrypt’98 [1], Okamoto et al. exhibited a new trapdoor function based on the use of a special moduli (p2q) allowing easy discrete logarithm computations. The authors proved that the scheme’s resistance to chosen-plaintext attacks is equivalent to factoring n. Unfortunately, the proposed scheme suffers from not being a permutation (the expansion rate is ~ 3), and hence cannot be used for public-key signatures. In this paper, we show how to refine the function into a trapdoor permutation that can be used for signatures. Interestingly, our variant still remains equivalent to factoring and seems to be the second known trap-door permutation (Rabin-Williams’ scheme [3] being the first) provably as secure as a primitive problem.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    T. Okamoto and S. Uchiyama, A New Public-Key Cryptosystem as secure as Factoring, LNCS 1403, Advances in Cryptology, Proceedings of Eurocrypt’98, Springer-Verlag, pp. 308–318, 1998.Google Scholar
  2. 2.
    W. Diffie and M. Hellman, New Directions in Cryptography, IEEE Transaction on Information Theory, IT-22,6, pp. 644–654, 1995.MathSciNetGoogle Scholar
  3. 3.
    M. Rabin, Digitalized Signatures and Public-Key Functions as Intractable as Factorization, Technical Report No. 212, MIT Laboratory of Computer Science, Cambridge, pp. 1–16, 1979.Google Scholar
  4. 4.
    L. Goubin and J. Patarin, Trapdoor One-Way Permutations and Multivariate Polynomials, Proceedings of ICICS’97, LNCS 1334, Springer-Verlag, pp 356–368, 1997.Google Scholar
  5. 5.
    E. Okamoto and R. Peralta, Faster Factoring of Integers of a Special Form, IEICE Trans. Fundamentals, Vol. E79-A, No 4, pp 489–493, 1996.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Pascal Paillier
    • 1
    • 2
  1. 1.Cryptography DepartmentGEMPLUSIssy-Les-Moulineaux
  2. 2.Computer Science DepartmentENSTParis

Personalised recommendations