New Semantically Secure Public-Key Cryptosystems from the RSA-Primitive

  • Kouichi Sakurai
  • Tsuyoshi Takagi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2274)


We analyze the security of the simplified Paillier (S-Paillier) cryptosystem, which was proposed by Catalano et al. We prove that the one-wayness of the S-Paillier scheme is as intractable as the standard RSA problem. We also prove that an adversary, which breaks the semantic security, can compute the least significant bits of the nonce. This observation is interesting, because the least significant bit of the nonce is the hard core bit of the encryption function. Moreover, we proposed a novel semantically secure cryptosystem, based on the one-way function {i1-01} mod n, where (e, n) is the RSA public-key and rMSB l (r) means that the l most significant bits of r are zeroed. We proved that the one-wayness of the proposed scheme is as intractable as the standard RSA problem. An adversary, which breaks the semantic security of the proposed scheme, can break the least significant bits of the nonce. These security results of the proposed scheme are similar to those of the S-Paillier cryptosystem. However, the proposed scheme is more efficient than the S-Paillier cryptosystem.


Encryption Scheme Random Integer Encryption Function Modular Exponentiation Choose Ciphertext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. BDPR98.
    M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations among notions of security for public-key encryption schemes,” CRYPTO’98, LNCS 1462, (1998), pp.26–45.Google Scholar
  2. CGH01.
    D. Catalano, R. Gennaro, and N. Howgraw-Graham; “The bit security of Paillier’s encryption scheme and its applications,” Eurocrypt 2001, LNCS 2045, pp.229–243, 2001.CrossRefGoogle Scholar
  3. CGHN01.
    D. Catalano, R. Gennaro, N. Howgrave-Graham, and P. Nguyen; “Paillier’s cryptosystem revisited,” to appear in the ACM conference on Computer and Communication Security, 2001.Google Scholar
  4. Cop96.
    D. Coppersmith, “Finding a small root of a univariate modular equation,” EUROCRYPT’ 96, LNCS 1070, pp.155–165, 1996.Google Scholar
  5. CFPR96.
    D. Coppersmith, M. Franklin, J. Patarin, M. Reiter, “Low-exponent RSA with related messages,” EUROCRYPT’ 96, LNCS 1070, (1996), pp.1–9.Google Scholar
  6. CS98.
    R. Cramer and V. Shoup, “A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack,” CRYPTO’98, LNCS 1462, pp.13–25, 1998.Google Scholar
  7. CS01.
    R. Cramer and V. Shoup, “Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-Key encryption,” Cryptology ePrint Archive, IACR,, 2001.
  8. DJ01.
    I. Damgård and M. Jurik; “A generalization, a simplification and some applications of Paillier’s probabilistic public-Key system,” PKC 2001, LNCS 1992, pp.119–136, 2001.Google Scholar
  9. FS00.
    R. Fischlin and C.P. Schnorr; “Stronger security proofs for RSA and Rabin bits,” Journal of Cryptology, 13 (2), pp.221–244, 2000.zbMATHCrossRefMathSciNetGoogle Scholar
  10. GM84.
    S. Goldwasser and S. Micali; “Probabilistic encryption,” Journal of Computer and System Science, Vol.28, No.2, pp.270–299, 1984.zbMATHCrossRefMathSciNetGoogle Scholar
  11. MS88.
    S. Micali and C. Schnorr, “Efficient, perfect random number generators,” Crypto’88, LNCS 403, pp.173–199, 1988.Google Scholar
  12. Oka90.
    T. Okamoto; “A fast signature scheme based on congruential polynomial operations,” IEEE Transactions on Information Theory, IT-36, pp.47–53, 1990.CrossRefMathSciNetGoogle Scholar
  13. OP01.
    T. Okamoto and D. Pointcheval, “The Gap-Problems: a new class of problems for the security of cryptographic schemes,” PKC 2001, LNCS 1992, pp.104–118, 2001.Google Scholar
  14. OU98.
    T. Okamoto and S. Uchiyama; “A new public-key cryptosystem as secure as factoring,” Eurocrypt’98, LNCS 1403, pp.308–318, 1998.Google Scholar
  15. Pai99.
    P. Paillier; “Public-key cryptosystems based on composite degree residuosity classes,” Eurocrypt’99, LNCS 1592, pp.223–238, 1999.Google Scholar
  16. Poi99.
    D. Pointcheval, “New public key cryptosystems based on the dependent-RSA problems,” Eurocryt’99, LNCS 1592, pp. 239–254, 1999.Google Scholar
  17. Tak97.
    T. Takagi, “Fast RSA-type cryptosystems using n-adic expansion,” CRYPTO’ 97, LNCS 1294, pp.372–384, 1997.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Kouichi Sakurai
    • 1
  • Tsuyoshi Takagi
    • 2
  1. 1.Department of Computer Science and Communication EngineeringKyushu UniversityFukuokaJapan
  2. 2.Fachbereich InformatikTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations