In Eurocrypt’98 [1], Okamoto et al. exhibited a new trapdoor function based on the use of a special moduli (p2q) allowing easy discrete logarithm computations. The authors proved that the scheme’s resistance to chosen-plaintext attacks is equivalent to factoring n. Unfortunately, the proposed scheme suffers from not being a permutation (the expansion rate is ≅ 3), and hence cannot be used for public-key signatures. In this paper, we show how to refine the function into a trapdoor permutation that can be used for signatures. Interestingly, our variant still remains equivalent to factoring and seems to be the second known trapdoor permutation (Rabin-Williams’ scheme [3] being the first) provably as secure as a primitive problem.
CITATION STYLE
Paillier, P. (1999). A trapdoor permutation equivalent to factoring. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1560, pp. 219–222). Springer Verlag. https://doi.org/10.1007/3-540-49162-7_17
Mendeley helps you to discover research relevant for your work.