
	Where results make sense

Topic: Paillier cryptosystem

Related Topics

List of cryptography topics

In the News (Mon 28 Dec 09)

Northern Trust

Marvin Harrison

Peter Chernin

Gary Locke

Match Play

Penelope Cruz

Mickey Rourke

AR Rahman

Danny Boyle

Hugh Jackman

	Paillier cryptosystem - Wikipedia, the free encyclopedia
		The Paillier cryptosystem is an asymmetric algorithm for public key cryptography, invented by Pascal Paillier in 1999.
		Paillier's cryptosystem also allows for homomorphic addition of plaintext constants.
		Paillier and Pointcheval however went on to propose an improved cryptosystem that incorporates the combined hashing of message m with random r.
	en.wikipedia.org /wiki/Paillier_cryptosystem (390 words)

	Encyclopedia: Paillier cryptosystem (Site not responding. Last check: 2007-10-08)
		Asymmetric-key cryptosystems Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key.
		The Rabin cryptosystem is an asymmetric cryptographic technique, which like RSA is based on the difficulty of factorization.
		An understanding of some of the system level issues in the use of cryptography will be helpful to all who propose to use it, or who will have it deployed by default on their behalf.
	www.nationmaster.com /encyclopedia/Paillier-cryptosystem (1413 words)

	Talk:Paillier cryptosystem - Wikipedia, the free encyclopedia
		Paillier's security is based on the same assumptions as RSA.
		Both are based on the difficulty of integer factorization, yes.
		However, RSA is also based on the RSA problem, whereas Paillier is also based on something else called the higher-order residuosity problem (as opposed to quadratic residuosity problem).
	www.wikipedia.org /wiki/Talk:Paillier_cryptosystem (181 words)

	Encyclopedia: Semantic security (Site not responding. Last check: 2007-10-08)
		For a cryptosystem to bed semantically secure, it must be infeasible for a computationally-bounded adversary to derive significant information about a message (plaintext) when given only its ciphertext and the corresponding public encryption key.
		A cryptosystem (or cryptographic system) is the package of all procedures, protocols, cryptographic algorithms and instructions used for encoding and decoding messages using cryptography.
		A chosen ciphertext attack is an attack on a cryptosystem in which the cryptanalyst chooses ciphertext and causes it to be decrypted with an unknown key.
	www.nationmaster.com /encyclopedia/Semantic-security (1248 words)

	Extensions to the Paillier Cryptosystem with Applications to Cryptological Protocols
		The main contribution of this thesis is a simplification, a generalization and some modifications of the homomorphic cryptosystem proposed by Paillier in 1999, and several cryptological protocols that follow from these changes.
		The Paillier cryptosystem is an additive homomorphic cryptosystem, meaning that one can combine ciphertexts into a new ciphertext that is the encryption of the sum of the messages of the original ciphertexts.
		The generalized cryptosystem is also simplified in some ways, which results in a threshold decryption that is conceptually simpler than other proposals.
	www.brics.dk /BRICS/BRICS/DS/03/9 (434 words)

	ScienceDaily: Public-key cryptography
		An asymmetric key cryptosystem was published in 1976 by Whitfield Diffie and Martin Hellman, who, influenced by Ralph Merkle's work on public key distribution, disclosed a method of public key agreement.
		The ElGamal cryptosystem (invented by Taher ElGamal then of Netscape) relies on the (similar, and related) difficulty of the discrete logarithm problem, as does the closely related DSA developed by the NSA and NIST.
		Most are used in hybrid cryptosystems for reasons of efficiency; in such a cryptosystem, a shared secret key ("session key") is generated by one party, this much briefer session key is then encrypted by each recipient's public key.
	www.sciencedaily.com /encyclopedia/public_key_cryptography (3719 words)

	Cryptosystem (Site not responding. Last check: 2007-10-08)
		Project for factoring large integers, which is relevant to the security of the widely used RSA cryptosystem, as well as other issues in computational number theory with relevance for cryptology, and...
		Cryptosystem ME6 v6.34 by UCF crack serial number keygen patch activation co...
		Although the keys are mathematically related, if the cryptosystem has been designed and implemented securely, it is computationally infeasible to derive the private key from knowledge of the public...
	worldofwarcraftauthenticationkey.iniaauthentication.com /cryptosystem (711 words)

	iqexpand.com (Site not responding. Last check: 2007-10-08)
		proposed a mix of the RSA cryptosystem with the Paillier cryptosystem from Eurocrypt '99.
		Extensions to the Paillier Cryptosystem The article: I. Damgaard, and M. Jurik: A Generalisation, a Simplification and some Applications of Paillier's Probabilistic Public-Key System, to be presented at...
		Unfortunately, as was observed for example in [1], the Paillier cryptosystem is not veriable.
	paillier_cryptosystem.iqexpand.com /index.php?title=Paillier_cryptosystem&action=edit (350 words)

	UPC - MAK - Seminar 2001-2002 (Site not responding. Last check: 2007-10-08)
		We re-examine Paillier's cryptosystem, and show that by choosing a particular discrete log base $g$, and by introducing an alternative decryption procedure, we can extend the scheme to allow an arbitrary exponent $e$ instead of $N$.
		Paillier cryptosystem is an homomorphic probabilistic encryption scheme, whose security is based on the RSA problem.
		In this talk we explain two constructions of a threshold version of Paillier cryptosystem, the first one proposed by Fouque, Poupard, and Stern, and the other one by Damgard and Jurik.
	www-ma4.upc.es /mak/sem0102.html (3796 words)

	Enigma Variations : Abstracts (Site not responding. Last check: 2007-10-08)
		The XTR public key cryptosystem is a recent invention of Arjen Lenstra and Eric Verheul.
		Rather than being a new cryptosystem it is a a new representation of a certain subgroup of the multiplicative group of a finite field.
		Elliptic curve cryptosystem (ECC) is well-suited for the implementation on memory constraint environments due to its small key size.
	www.cs.bris.ac.uk /Research/CryptographySecurity/seminars/abstracts.html (10590 words)

	Phong NGUYEN -- Publications
		By studying the case $f(x)=x^e$ and $M$ is an RSA-modulus, we deduce that the one-wayness of RSAP is indeed equivalent to the RSA assumption, and we are led to conjecture that the one-wayness of the original Paillier scheme may not be equivalent to the RSA assumption with exponent $N$.
		We show that there is a flaw in the design of the scheme which has two implications: the cryptosystem is not semantically secure (each ciphertext leaks a non-negligible fraction of the plaintext), and the problem of decrypting ciphertexts can be reduced to a special closest vector problem which is much easier than the general problem.
		Abstract: Cryptosystems based on the knapsack problem were among the first public key systems to be invented and for a while were considered quite promising.
	www.di.ens.fr /~pnguyen/pub.html (4995 words)

	UvT: Abstract Pim Tuyls (Site not responding. Last check: 2007-10-08)
		We also investigate private outputs for the general case and fairness for the case of two-party computation based on homomorphic threshold cryptosystems.
		In this talk, we mainly focus on a new application which we call "Secure Profile Matching" where two parties jointly test whether some function of their profiles exceeds a given threshold, without divulging any information on their profiles.
		We show that by using the ElGamal encryption scheme, the key generation protocol can be performed efficiently in contrast to systems based on an RSA modulus such as Paillier's cryptosystem.
	www.uvt.nl /faculteiten/feb/nmc2004/tuyls (223 words)

	ISRI TECHNICAL REPORT ABSTRACTS (Site not responding. Last check: 2007-10-08)
		We present a voting protocol that protects voters privacy and achieves universal verifiability, receipt-freeness, and uncoercibility without ad hoc physical assumptions or procedural constraints (such as untappable channels, voting booths, smart cards, third-party randomizers, and so on).
		We discuss under which conditions the scheme allows voters to cast write-in ballots, and we show how it can be practically implemented through voter-verified (paper) ballots.
		The scheme allows voters to combine voting credentials with their chosen votes applying the homomorphic properties of certain probabilistic cryptosystems.
	reports-archive.adm.cs.cmu.edu /anon/isri2004/abstracts/04-116.html (98 words)

	Merkle's Puzzles: Encyclopedia topic (Site not responding. Last check: 2007-10-08)
		In cryptography (cryptography: Act of writing in code or cipher), Merkle's Puzzles is an early construction for a public-key (public-key: public-key cryptography is a form of modern cryptography which allows users to communicate...
		[follow hyperlink for more...]) cryptosystem, a protocol devised by Ralph Merkle (Ralph Merkle: more facts about this subject) in 1974 and published in 1978.
		It allows two parties to agree on a shared secret by exchanging messages, even if they have no secrets in common beforehand.
	www.absoluteastronomy.com /reference/merkles_puzzles (335 words)

	CIS: Threshold Cryptography
		This paper provides solutions for efficient threshold cryptosystems which are secure against adaptive adversaries even when the players cannot erase their local data.
		Solutions to the distributed generation of private keys for discrete-log based cryptosystems have been known for several years and used in a variety of protocols and in many research papers.
		This approach combines threshold cryptosystems (where the ability to perform these private key operations requires the cooperation of several parties, as in [GJKR96a] or [GJKR96b]) with the periodic refreshment and integrity protection of local shares (as in Proactive Secret Sharing of [HJKY95]).
	theory.lcs.mit.edu /~cis/cis-threshold.html (2306 words)

	Citations: Elliptic curve cryptosystems using curves of smooth order over the ring Zn - Vanstone, Zuccherato ... (Site not responding. Last check: 2007-10-08)
		Their security is based on the intractability of computing discrete logarithm in basis g without a secret element, the secret key.
		Their security is based on the intractability of computing discrete logarithm in the basis g without a secret data, the secret key, and easy using this trapdoor.
		The proposed cryptosystem In a recent cryptosystem proposed by Vanstone and Zuccherato [1] part of the public key is an integer N....
	citeseer.lcs.mit.edu /context/756632/0 (1232 words)

	Mailgate: sci.crypt.research: Re: Paillier cryptosystem has a (serious) flaw
		Mailgate: sci.crypt.research: Re: Paillier cryptosystem has a (serious) flaw
		This does not seem to be a major problem.
		Paillier cryptosystem has a (serious) fl, Miroslav Stampar
	mailgate.supereva.it /sci/sci.crypt.research/msg00583.html (105 words)

	Paillier's Cryptosystem Revisited - Catalano, Gennaro, Howgrave-Graham, Nguyen (ResearchIndex) (Site not responding. Last check: 2007-10-08)
		Paillier's Cryptosystem Revisited - Catalano, Gennaro, Howgrave-Graham, Nguyen (ResearchIndex)
		Abstract: We re-examine Paillier's cryptosystem, and show that by choosing a particular discrete log base g, and by introducing an alternative decryption procedure, we can extend the scheme to allow an arbitrary exponent e instead of N.
		The semantic security is now based on a new decisional assumption, namely the hardness of deciding whether an element is a \small" e-th residue modulo N.
	sherry.ifi.unizh.ch /604661.html (350 words)

	[No title] (Site not responding. Last check: 2007-10-08)
		In another embodiment, the computation means is realized using a Paillier cryptosystem, or a threshold Paillier cryptosystem using a public key-sharing scheme.
		The second problem is handled by using a key-sharing scheme (also Paillier), where decryption can only be done if a sufficient number of parties cooperate (and then only the sum is revealed, no detailed information).
		A public-key cryptosystem The cryptosystem we use is the public-key cryptosystem presented by Paillier.
	www.wipo.int /cgi-pct/guest/getbykey5?KEY=05/15462.050407&ELEMENT_SET=DECL (4950 words)

	UPC - MAK - Seminar 2002-2003 (Site not responding. Last check: 2007-10-08)
		This modification is reminiscent from the ones applied by Rabin and Williams to the well-known RSA cryptosystem.
		Thanks to the special properties of such schemes, we obtain efficiency similar to that of RSA cryptosystem, provably secure encryption (since recovering plaintext from ciphertext is as hard as factoring) and indistinguishability against plaintext attacks.
		Compared to Okamoto-Uchiyama's scheme, the previous IND-CPA cryptosystem in the standard model with one-wayness based on factoring, our scheme is drastically more efficient in encryption, and presents higher bandwith, achieving the same expansion factor as Paillier and ElGamal schemes.
	www-mat.upc.es /grup_de_cripto/sem0203.html (1415 words)

	[No title]
		We delve into two areas on our way to this goal: Blind Signatures, which allow for anonymous voting, and Paillier Cryptosystem, which gives us the ability to sum up votes even though they have been encrypted.
		From there, we try out a voting scheme without privacy and show how privacy without cheating can be added to this pretty simple scheme.
		Similarly, in the bottom figure, the registrar signs the voter's sealed vote, which the voter then passes on to the counter.
	web.mit.edu /6.857/OldStuff/Fall02/handouts/L15-voting.tex (1047 words)

	EWSCS 2003/EATTK 2003: Student Talks and Posters (abstracts)
		We propose a public-key cryptosystem which is derived from the Paillier cryptosystem.
		The scheme inherits the attractive homomorphic properties of Paillier encryption.
		The mix-net inherits several nice properties from the underlying cryptosystem, thus making it useful for a setting with small messages or high computational power, low-band width and that anyone can verify that the mix have been done correctly.
	www.cs.ioc.ee /yik/schools/win2003/talks.php (3895 words)

	Master Thesis (Diplomarbeit)
		Investigating the security of RSA based encryption schemes is one of the basic problems in modern cryptography.
		We then construct another construction of factoring based cryptosystem with a tight security proof.
		Finally we implement these cryptosystem in Java and compare their performance.
	www.informatik.tu-darmstadt.de /TI/KP/theses/proof.html (345 words)

	Mads J. Jurik: Research Page (Site not responding. Last check: 2007-10-08)
		Damgaard, and M. Jurik: A Generalisation, a Simplification and some Applications of Paillier's Probabilistic Public-Key System, to be presented at PKC 2001.
		Some source code implementing the cryptosystem is also available:
		Exception/IllegalVote.java - The following are exceptions thrown at different places due to problems with input to methods.
	www.daimi.au.dk /~jurik/research.html (312 words)

	Mailgate: sci.crypt.research: Paillier cryptosystem has a (serious) flaw
		Mailgate: sci.crypt.research: Paillier cryptosystem has a (serious) flaw
		Solution to the problem: part 5 needs to be changed from..to..
		Re: Paillier cryptosystem has a (serious, Amitabh Saxena
	mailgate.supereva.it /sci/sci.crypt.research/msg00581.html (129 words)

	Report on Eurocrypt 2000, by Richard Graveman
		Paillier’s cryptosystem is semantically secure, homomorphic, and has a large message space, so it can be used as a tool to build secret sharing, ZK, and, almost immediately, a voting system.
		It has linear communications complexity in the number of players and is secure in the RO model.
		is an important operation, this may be a design consideration for cryptosystems.
	www.ieee-security.org /Cipher/ConfReports/2000/CR2000-Eurocrypt.html (10086 words)

	Information Security and Algorithm Development
		THRESHOLD CRYPTOGRAPHYThreshold cryptosystems and signatures schemes provide ways to distribute trust throughout a group and increase the availability of cryptographic systems.
		Although the adversary is allowed to corrupt up to one half of the servers, the goal is to sustain the security of the underlying functionality.
		Recently [LP] we improved the distributed modular inversion protocol of Catalano, Gennaro and Halevi to make it secure against an adaptive adversary, thereby enabling threshold signature schemes with stronger security properties than any previous result.
	www.ai.mit.edu /projects/ntt/documents/biannual0106/9807-12-26/report.html (1742 words)

	Cryptology ePrint Archive (Site not responding. Last check: 2007-10-08)
		A Provably Secure and Efficient Verifiable Shuffle based on a Variant of the Paillier Cryptosystem
		We propose a variant of the Paillier cryptosystem that improves efficiency in encryption, re-encryption and decryption while preserving the homomorphic property.
		We then use this variant to construct a new verifiable shuffle system and prove its security.
	eprint.iacr.org /2005/162 (113 words)

	Research in Cryptography, Information Security and
		Our recent work explored guaranteeing security for threshold cryptosystems against such adaptive adversaries [1,2,3].
		Several open questions remain: Construct adaptively secure threshold implementations of the Cramer-Shoup and the Gennaro-Halevi-Rabin signature schemes; Construct adaptively secure threshold Paillier cryptosystem.
		Additional open problems in this area are the lower bounds on communication and round complexity of threshold cryptosystems, and threshold cryptography from general assumptions.
	www.ai.mit.edu /projects/ntt/documents/proposals2001/9807-12-26/proposal.html (1517 words)

Try your search on: Qwika (all wikis)