Abstract
At ACM CCS’ 01, Catalano et al. proposed a mix of the RSA cryptosystem with the Paillier cryptosystem from Eurocrypt ’99. The resulting scheme, which we call RSAP, is a probabilistic cryptosystem which is both semantically secure under an appropriate decisional assumption and as efficient as RSA, but without the homomorphic property of the Paillier scheme. Interestingly, Sakurai and Takagi presented at PKC ’02 a proof that the one-wayness of RSAP was equivalent to the RSA assumption. However, we notice in this paper that the above proof is not completely correct (it works only in the case when a perfect oracle - i.e. an oracle that always provides correct answers - is given). We fix the proof by presenting a new proof based on low-dimensional lattices. The new proof, inspired by the work of Sakurai and Takagi, is somewhat related to Hensel lifting and the N-adic decomposition of integer exponentiation. Roughly speaking, we consider the problem of computing f(x) mod M l given f(x mod M and an exponent l > 1. By studying the case f(x) = x e and M is an RSA-modulus, we deduce that the one-wayness of RSAP is indeed equivalent to the RSA assumption, and we are led to conjecture that the one-wayness of the original Paillier scheme may not be equivalent to the RSA assumption with exponent N. By analogy, we also study the discrete logarithm case, namely when f(x) = g x and M is a prime, and we show that the corresponding problem is curiously equivalent to the discrete logarithm problem in the subgroup spanned by g.
Chapter PDF
Similar content being viewed by others
References
E. Bach and J. Shallit Algorithmic Number Theory, Vol. 1: Efficient Algorithms. MIT Press, 1996.
M. Blum and S. Micali. How to Generate Cryptographically Strong Sequences of Pseudo-Random Bits. SIAM Journal on Computing, Vol. 13, No. 4:850–864, 1984.
D. Catalano, R. Gennaro and N. Howgrave-Graham. The Bit Security of Paillier’s Encryption Scheme and its Applications. In Advances in Cryptology-Eurocrypt’ 01. LNCS vol. 2045, Springer, 2001, pages 229–243.
D. Catalano, R. Gennaro, N. Howgrave-Graham and P. Q. Nguyen. Paillier’s Cryptosystem Revisited. In 8th ACM Conference on Computer and Communication Security pp. 206–214, 2001.
H. Cohen. A Course in Computational Algebraic Number Theory. Graduate Texts in Mathematics, Vol 138, Springer, 1996.
I. Damgård and M. Jurik. A Generalization, a Simplification and Some Applications of Paillier’s Probabilistic Public-Key System. In Public key Cryptography, LNCS vol. 1992, 2001, pages 119–136.
R. Fischlin and C.P. Schnorr. Stronger Security Proofs for RSA and Rabin Bits. J. of Cryptology, 13(2):221–244, Spring 2000.
F. Gouvea. p-adic numbers. Universitext, Springer, 1997.
M. Grötschel, L. Lovász and A. Schrijver. Geometric Algorithms and Combinatorial Optimization. Springer-Verlag, 1993.
P. Q. Nguyen and J. Stern. The two faces of lattices in cryptology. In Proc. of CALC’ 01, volume 2146 of LNCS, Springer-Verlag, 2001.
P. Paillier. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In Advances in Cryptology-Eurocrypt’ 99, LNCS vol. 1592, Springer, 1997, pages 223–238.
K. Sakurai and T. Takagi. New Semantically Secure Public-Key Cryptosystems from the RSA Primitive In Public key Cryptography, LNCS vol. 2274, 2002, pages 1–16.
T. Takagi Fast RSA type Cryptosystems Using n-adic Expansion. In Proc. of Crypto’ 97, volume 1294 of LNCS, Springer-Verlag, 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Catalano, D., Nguyen, P.Q., Stern, J. (2002). The Hardness of Hensel Lifting: The Case of RSA and Discrete Logarithm. In: Zheng, Y. (eds) Advances in Cryptology — ASIACRYPT 2002. ASIACRYPT 2002. Lecture Notes in Computer Science, vol 2501. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36178-2_19
Download citation
DOI: https://doi.org/10.1007/3-540-36178-2_19
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00171-3
Online ISBN: 978-3-540-36178-7
eBook Packages: Springer Book Archive