T.Okamoto, S.Uchiyama: A New Public-Key Cryptosystem as Secure as Factoring, Eurocrypt '98, Lecture Notes in Computer Science, Vol. 1403, SpringerVerlag, pp. 308-318, 1998.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....made concurrent zero knowledge in many practical scenarios, including the public key model. We assume throughout that the latter technique is used with all PK s. 4. 2 Proving that a Commitment Contains a Paillier Encryption Our scheme requires a proof that some value e is a Paillier encryption [34, 35] of a value x that the prover knows, under a given Paillier public key (g, n) and a similar proof where the ciphertext e is not given as input to the verifier; instead only a Pedersen commitment [36] to ciphertext e is given. The former proof is obtained, e.g. from [21] The latter proof is, to ....

T. Okamoto and S. Uchiyama A new public-key cryptosystem as secure as factoring. In EUROCRYPT '98, vol. 1403 of LNCS, pp. 308--318, 1998.

....made concurrent zero knowledge in many practical scenarios, including the public key model. We assume throughout that the latter technique is used with all PK s. 4. 2 Proving that a Commitment Contains a Paillier Encryption Our scheme requires a proof that some value e is a Paillier encryption [34, 35] of a value x that the prover knows, under a given Paillier public key (g; n) and a similar proof where the ciphertext e is not given as input to the veri er; instead only a Pedersen commitment [36] to ciphertext e is given. Protocols for carrying out the former proof have been realized [21] The ....

T. Okamoto and S. Uchiyama A new public-key cryptosystem as secure as factoring. In EUROCRYPT '98, vol. 1403 of LNCS, pp. 308-318, 1998.

....Shamir introduced the so called RSA for paranoids [6] This is a variant of the RSA cryptosystem in which one the two secret primes is much larger than the other one. Some attacks were subsequently reported in [3] In this report, we show that the cryptosystem proposed by Okamoto and Uchiyama [4] is subject to similar attacks. The first attack is a chosen ciphertext attack. Although aware of the existence of such an attack, Okamoto and Uchiyama do not give details how to precisely mount it. Note that this first attack does not break Okamoto and Uchiyama s cryptosystem. It simply means ....

....a user behaves differently depending on the message he receives, we can get one bit of his secret key. Further probes finally reveal the whole secret key. 2 Cryptosystem of Okamoto and Uchiyama This section briefly reviews the cryptosystem of Okamoto and Uchiyama. We refer to the original paper [4] for a complete description. System setup Each user selects two large k bit primes p and q, and computes n = p 2 q. He also chooses g 2 (Z=nZ) such that g p = g p Gamma1 mod p 2 has order p. The public parameters are n, g and k. The secret parameters are p and q. Encryption A message ....

[Article contains additional citation context not shown here]

T. Okamoto and S. Uchiyama: A new public-key cryptosystem as secure as factoring. To appear in Advances in Cryptology --- EUROCRYPT '98, LNCS, Springer-Verlag, 1998.

No context found.

T.Okamoto, S.Uchiyama: A New Public-Key Cryptosystem as Secure as Factoring, Eurocrypt '98, Lecture Notes in Computer Science, Vol. 1403, SpringerVerlag, pp. 308-318, 1998.

No context found.

T. Okamoto, and S. Uchiyama: A New Public-Key Cryptosystem as Secure as Factoring, Advances in Cryptology - EUROCRYPT '98, LNCS volume 1403, pp. 308-318. Springer Verlag, 1998.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC