Efficient Cryptosystems from 2k-th Power Residue Symbols

  • Marc Joye
  • Benoît Libert
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7881)

Abstract

Goldwasser and Micali (1984) highlighted the importance of randomizing the plaintext for public-key encryption and introduced the notion of semantic security. They also realized a cryptosystem meeting this security notion under the standard complexity assumption of deciding quadratic residuosity modulo a composite number. The Goldwasser-Micali cryptosystem is simple and elegant but is quite wasteful in bandwidth when encrypting large messages. A number of works followed to address this issue and proposed various modifications.

This paper revisits the original Goldwasser-Micali cryptosystem using 2k-th power residue symbols. The so-obtained cryptosystems appear as a very natural generalization for k ≥ 2 (the case k = 1 corresponds exactly to the Goldwasser-Micali cryptosystem). Advantageously, they are efficient in both bandwidth and speed; in particular, they allow for fast decryption. Further, the cryptosystems described in this paper inherit the useful features of the original cryptosystem (like its homomorphic property) and are shown to be secure under a similar complexity assumption. As a prominent application, this paper describes the most efficient lossy trapdoor function based on quadratic residuosity.

Keywords

Public-key encryption quadratic residuosity Goldwasser-Micali cryptosystem homomorphic encryption standard model 

References

  1. 1.
    Abdalla, M., Ben Hamouda, F., Pointcheval, D.: Tighter reductions for forward-secure signature schemes. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 292–311. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Brakerski, Z., Naor, M., Ristenpart, T., Segev, G., Shacham, H., Yilek, S.: Hedged public-key encryption: How to protect against bad randomness. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 232–249. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Hofheinz, D., Yilek, S.: Possibility and impossibility results for encryption and commitment secure under selective opening. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 1–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Benaloh, J.D.C.: Verifiable Secret-Ballot Elections. PhD thesis, Yale University, New Haven, CT, USA (1987)Google Scholar
  6. 6.
    Blum, L., Blum, M., Shub, M.: Comparison of two pseudo-random number generators. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology: Proceedings of CRYPTO 1982, pp. 61–78. Plenum Press (1983)Google Scholar
  7. 7.
    Blum, L., Blum, M., Shub, M.: A simple unpredictable pseudo-random number generator. SIAM J. Comput. 15(2), 363–383 (1986)Google Scholar
  8. 8.
    Blum, M., Goldwasser, S.: An efficient probabilistic public-key encryption scheme which hides all partial information. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 289–299. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  9. 9.
    Boldyreva, A., Fehr, S., O’Neill, A.: On notions of security for deterministic encryption, and efficient constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 335–359. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Brakerski, Z., Segev, G.: Better security for deterministic public-key encryption: The auxiliary-input setting. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 543–560. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    Cohen, J.D., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme. In: 26th Annual Symposium on Foundations of Computer Science (FOCS 1985), pp. 372–382. IEEE Computer Society (1985)Google Scholar
  13. 13.
    Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178–189. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  14. 14.
    Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptology 10(4), 233–260 (1997)MathSciNetMATHCrossRefGoogle Scholar
  15. 15.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Dwork, C., Naor, M., Reingold, O., Stockmeyer, L.: Magic functions. Journal of the ACM 50(6), 852–921 (2003)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Freeman, D.M., Goldreich, O., Kiltz, E., Rosen, A., Segev, G.: More constructions of lossy and correlation-secure trapdoor functions. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 279–295. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. 18.
    Freeman, D.M., Goldreich, O., Kiltz, E., Rosen, A., Segev, G.: More constructions of lossy and correlation-secure trapdoor functions. J. Cryptology (2012)Google Scholar
  19. 19.
    Girault, M.: An identity-based identification scheme based on discrete logarithms modulo a composite number. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 481–486. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  20. 20.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)MathSciNetMATHCrossRefGoogle Scholar
  21. 21.
    Golreich, O.: Foundations of Cryptography, vol. II. Cambridge University Press (2004)Google Scholar
  22. 22.
    Groth, J.: Cryptography in subgroups of \(Z_n^*\). In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 50–65. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Hemenway, B., Ostrovsky, R.: Lossy trapdoor functions from smooth homomorphic hash proof systems. In: Electronic Colloquium on Computational Complexity, ECCC (2009)Google Scholar
  24. 24.
    Hofheinz, D., Kiltz, E.: Practical chosen ciphertext secure encryption from factoring. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 313–332. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Ireland, K., Rosen, M.: A Classical Introduction to Modern Number Theory, 2nd edn. Graduate Texts in Mathematics, vol. 84. Springer (1990)Google Scholar
  26. 26.
    ISO/IEC 18033-2. Information technology – Security techniques – Encryption algorithms – Part 2: Asymmetric ciphers. International Organization for Standardization (May 2006)Google Scholar
  27. 27.
    Joye, M., Paillier, P.: Fast generation of prime numbers on portable devices: An update. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 160–173. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  28. 28.
    Katz, J., Lindell, Y.: Introduction to Modern Cryptography. CRC Press (2007)Google Scholar
  29. 29.
    Katz, J., Yung, M.: Threshold cryptosystems based on factoring. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 192–205. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  30. 30.
    Kiltz, E., O’Neill, A., Smith, A.: Instantiability of RSA-OAEP under chosen-plaintext attack. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 295–313. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  31. 31.
    Kiltz, E., Pietrzak, K., Stam, M., Yung, M.: A new randomness extraction paradigm for hybrid encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 590–609. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  32. 32.
    Kurosawa, K., Katayama, Y., Ogata, W., Tsujii, S.: General public key residue cryptosystems and mental poker protocols. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 374–388. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  33. 33.
    Lemmermeyer, F.: Reciprocity Laws. Springer Monographs in Mathematics. Springer (2000)Google Scholar
  34. 34.
    Lim, C.H., Lee, P.J.: Security and performance of server-aided RSA computation protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 70–83. Springer, Heidelberg (1995)Google Scholar
  35. 35.
    McKee, J., Pinch, R.: Further attacks on server-aided RSA cryptosystems (1998) (unpublished manuscript)Google Scholar
  36. 36.
    Mol, P., Yilek, S.: Chosen-ciphertext security from slightly lossy trapdoor functions. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 296–311. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  37. 37.
    Monnerat, J., Vaudenay, S.: Generic homomorphic undeniable signatures. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 354–371. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  38. 38.
    Monnerat, J., Vaudenay, S.: Undeniable signatures based on characters: How to sign with one bit. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 69–85. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  39. 39.
    Naccache, D., Stern, J.: A new public key cryptosystem based on higher residues. In: ACM Conference on Computer and Communications Security (CCS 1998), pp. 59–66. ACM Press (1998)Google Scholar
  40. 40.
    Nguyen, P.Q.: Public-key cryptanalysis. In: Luengo, I. (ed.) Recent Trends in Cryptography, Contemporary Mathematics. AMS–RSME (2009)Google Scholar
  41. 41.
    Okamoto, T., Pointcheval, D.: The gap-problems: A new class of problems for the security of cryptographic schemes. In: Kim, K.-C. (ed.) PKC 2001. LNCS, vol. 1992, pp. 308–318. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  42. 42.
    Okamoto, T., Uchiyama, S.: A new public-key cryptosystem as secure as factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 308–318. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  43. 43.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  44. 44.
    Park, S.J., Lee, B.Y., Won, D.H.: A probabilistic encryption using very high residuosity and its applications. In: Global Telecommunications Conference (GLOBECOM 1995), pp. 1179–1182. IEEE Press (1995)Google Scholar
  45. 45.
    Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: Dwork, C. (ed.) 40th Annual ACM Symposium on Theory of Computing (STOC 2008), pp. 187–196. ACM Press (2008)Google Scholar
  46. 46.
    Pohlig, S.H., Hellman, M.E.: An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Tran. Inf. Theory 24(1), 106–110 (1978)MathSciNetMATHCrossRefGoogle Scholar
  47. 47.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: 37th Annual ACM Symposium on Theory of Computing (STOC 2005), pp. 84–93. ACM Press (2005)Google Scholar
  48. 48.
    Scheidler, R.: A public-key cryptosystem using purely cubic fields. J. Cryptology 11(2), 109–124 (1998)MathSciNetMATHCrossRefGoogle Scholar
  49. 49.
    Scheidler, R., Williams, H.C.: A public-key cryptosystem utilizing cyclotomic fields. Des. Codes Cryptography 6(2), 117–131 (1995)MathSciNetMATHCrossRefGoogle Scholar
  50. 50.
    Shoup, V.: A Computational Introduction to Number Theory and Algebra, 2nd edn. Cambridge University Press (2010)Google Scholar
  51. 51.
    Wee, H.: Dual projective hashing and its applications — lossy trapdoor functions and more. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 246–262. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  52. 52.
    Yan, S.Y.: Number Theory for Computing, 2nd edn. Springer (2002)Google Scholar
  53. 53.
    Zheng, Y., Matsumoto, T., Imai, H.: Residuosity problem and its applications to cryptography. Trans. IEICE E-71(8), 759–767 (1988)Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Marc Joye
    • 1
  • Benoît Libert
    • 1
  1. 1.TechnicolorCesson-Sévigné CedexFrance

Personalised recommendations