A simple public-key cryptosystem with a double trapdoor decryption mechanism and its applications.

*(English)*Zbl 1205.94075
Laih, Chi Sung (ed.), Advances in cryptology – ASIACRYPT 2003. 9th international conference on the theory and application of cryptology and information security, Taipei, Taiwan, November 30 – December 4, 2003. Proceedings. Berlin: Springer (ISBN 3-540-20592-6/pbk). Lect. Notes Comput. Sci. 2894, 37-54 (2003).

Summary: At Eurocrypt ‘02 R. Cramer and V. Shoup [Lect. Notes Comput. Sci. 2332, 45–64 (2002; Zbl 1055.94011)] proposed a general paradigm to construct practical public-key cryptosystems secure against adaptive chosen-ciphertext attacks as well as several concrete examples. Among others they presented a variant of P. Paillier’s scheme [Lect. Notes Comput. Sci. 1592, 223–238 (1999; Zbl 0933.94027)] achieving such a strong security requirement and for which two, independent, decryption mechanisms are allowed. In this paper we revisit such scheme and show that by considering a different subgroup, one can obtain a different scheme (whose security can be proved with respect to a different mathematical assumption) that allows for interesting applications. In particular we show how to construct a perfectly hiding commitment schemes that allows for an on-line / off-line efficiency tradeoff. The scheme is computationally binding under the assumption that factoring is hard, thus improving on the previous construction by D. Catalano et al. [“Paillier’s cryptosystem revisited”, in: Proceedings of the 8th CCS. New York: ACM Press. 206–214 (2001)], see also [Lect. Notes Comput. Sci. 2045, 229–243 (2001; Zbl 0981.94016)] whose binding property was based on the assumption that inverting RSA\([N,N]\) (i.e. RSA with the public exponent set to \(N\)) is hard.

For the entire collection see [Zbl 1029.00081].

For the entire collection see [Zbl 1029.00081].

##### MSC:

94A60 | Cryptography |