An RSA family of trap-door permutations with a common domain and its applications

Abstract

Bellare, Boldyreva, Desai, and Pointcheval [1] recently proposed a new security requirement of the encryption schemes called "key-privacy." It asks that the encryption provide (in addition to privacy of the data being encrypted) privacy of the key under which the encryption was performed. Incidentally, Rivest, Shamir, and Tauman [2] recently proposed the notion of ring signature, which allows a member of an ad hoc collection of users S to prove that a message is authenticated by a member of 5 without revealing which member actually produced the signature. We are concerned with an underlying primitive element common to the key-privacy encryption and the ring signature schemes, that is, families of trap-door permutations with a common domain. For a standard RSA family of trap-door permutations, even if all of the functions in a family use RSA moduli of the same size (the same number of bits), it will have domains with different sizes. In this paper, we construct an RSA family of trap-door permutations with a common domain, and propose the applications of our construction to the key-privacy encryption and ring signature schemes, which have some advantage to the previous schemes. © International Association for Cryptologic Research 2004.