Damgård–Jurik cryptosystem

Damgård–Jurik cryptosystem: The Damgård–Jurik cryptosystem^[1] is a generalization of the Paillier cryptosystem. It uses computations modulo $n s + 1$ where $n$ is an RSA modulus and $s$ a (positive) natural number. Paillier's scheme is the special case with $s = 1$ . The order $φ(n s + 1)$ (Euler's totient function) of $Z^*_{n^{s+1}}$ can be divided by $n s$ . Moreover $Z^*_{n^{s+1}}$ can be written as the direct product of $G \times H$ . $G$ is cyclic and of order $n s$ , while $H$ is isomorphic to $Z^*_n$ . For encryption, the message is transformed into the corresponding coset of the factor group $G / H$ and the security of the scheme relies on the difficulty of distinguishing random elements in different cosets of $H$ . It is semantically secure if it is hard to decide if two given elements are in the same coset. Like Paillier, the security of Damgård–Jurik can be proven under the decisional composite residuosity assumption.

Contents

1 Key generation

2 Encryption

3 Decryption

4 Simplification

5 See also

6 References

Key generation

Choose two large prime numbers p and q randomly and independently of each other.

Compute $n = p q$ and $λ = l c m (p - 1, q - 1)$ .

Choose an element $g \in Z^*_{n^{s+1}}$ such that $g=(1+n)^j x \;mod\; n^{s+1}$ for a known $j$ relative prime to $n$ and $x \in H$ .

Using the Chinese Remainder Theorem, choose $d$ such that $d \;mod\; n \in Z^*_n$ and $d= 0 \;mod\; \lambda$ . For instance $d$ could be $λ$ as in Paillier's original scheme.

The public (encryption) key is $(n, g)$ .

The private (decryption) key is $d$ .

Encryption

Let $m$ be a message to be encrypted where $m\in \mathbb Z_{n^s}$ .

Select random $r$ where $r\in \mathbb Z^{*}_{n^{s+1}}$ .

Compute ciphertext as: $c=g^m \cdot r^{n^s} \mod n^{s+1}$ .

Decryption

Ciphertext $c\in \mathbb Z^{*}_{n^{s+1}}$

Compute $c^d \;mod\;n^{s+1}$ . If c is a valid ciphertext then $c^d = (g^m r^{n^s})^d = ((1+n)^{jm}x^m r^{n^s})^d = (1+n)^{jmd \;mod\; n^s} (x^m r^{n^s})^{d \;mod\; \lambda} = (1+n)^{jmd \;mod\; n^s}$ .

Apply a recursive version of the Paillier decryption mechanism to obtain $j m d$ . As $j d$ is known, it is possible to compute $m=(jmd)\cdot (jd)^{-1} \;mod\;n^s$ .

Simplification

At the cost of no longer containing the classical Paillier cryptosystem as an instance, Damgård–Jurik can be simplified in the following way:

The base g is fixed as $g = n + 1$ .

The decryption exponent d is computed such that $d=1 \;mod\; n^s$ and $d=0 \;mod\; \lambda$ .

In this case decryption produces $c^d = (1+n)^{m} \;mod\; n^{s+1}$ . Using recursive Paillier decryption this gives us directly the plaintext m.

See also

The Damgård–Jurik cryptosystem interactive simulator demonstrates a voting application.

References

^ Ivan Damgård, Mads Jurik: A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System. Public Key Cryptography 2001: 119-136

v · d · e Public-key cryptography

Algorithms

Benaloh · Blum–Goldwasser · Cayley–Purser · CEILIDH · Cramer–Shoup · Damgård–Jurik · DH · DSA · EPOC · ECDH · ECDSA · EKE · ElGamal (encryption · signature scheme) · GMR · Goldwasser–Micali · HFE · IES · Lamport · McEliece · Merkle–Hellman · MQV · Naccache–Stern · NTRUEncrypt · NTRUSign · Paillier · Rabin · RSA · Okamoto–Uchiyama · Schnorr · Schmidt–Samoa · SPEKE · SRP · STS · Three-pass protocol · XTR

Theory

Discrete logarithm · Elliptic curve cryptography · RSA problem

Standardization

ANS X9F1 · CRYPTREC · IEEE P1363 · NESSIE · NSA Suite B

Topics

Digital signature · OAEP · Fingerprint · PKI · Web of trust · Key size

v · d · e Cryptography

History of cryptography · Cryptanalysis · Cryptography portal · Outline of cryptography

Symmetric-key algorithm · Block cipher · Stream cipher · Public-key cryptography · Cryptographic hash function · Message authentication code · Random numbers · Steganography

Categories:
Asymmetric-key cryptosystems

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

Damgaard-Jurik cryptosystem — The Damgård Jurik cryptosystem [Ivan Damgård, Mads Jurik: [http://www.brics.dk/RS/00/45/ A Generalisation, a Simplification and Some Applications of Paillier s Probabilistic Public Key System] . Public Key Cryptography 2001: 119 136] is a… … Wikipedia
Threshold cryptosystem — In cryptography, a cryptosystem is called a threshold cryptosystem , if in order to decrypt an encrypted message a number of parties exceeding a threshold is required to cooperate in the decryption protocol. The message is encrypted using a… … Wikipedia
Paillier cryptosystem — The Paillier cryptosystem, named after and invented by Pascal Paillier in 1999, is a probabilistic asymmetric algorithm for public key cryptography. The problem of computing n th residue classes is believed to be computationally difficult. This… … Wikipedia
McEliece cryptosystem — In cryptography, the McEliece cryptosystem is an asymmetric encryption algorithm developed in 1978 by Robert McEliece.[1] It was the first such scheme to use randomization in the encryption process. The algorithm has never gained much acceptance… … Wikipedia
Cramer–Shoup cryptosystem — The Cramer–Shoup system is an asymmetric key encryption algorithm, and was the first efficient scheme proven to be secure against adaptive chosen ciphertext attack using standard cryptographic assumptions. Its security is based on the… … Wikipedia
Naccache–Stern cryptosystem — Note: this is not to be confused with the Naccache–Stern knapsack cryptosystem. The Naccache–Stern cryptosystem is a homomorphic public key cryptosystem whose security rests on the higher residuosity problem. The Naccache–Stern cryptosystem was… … Wikipedia
Naccache–Stern knapsack cryptosystem — Note: this is not to be confused with the Naccache–Stern cryptosystem based on the higher residuosity problem. The Naccache–Stern Knapsack Cryptosystem is an atypical public key cryptosystem developed by David Naccache and Jacques Stern in 1997.… … Wikipedia
Niederreiter cryptosystem — In cryptography, the Niederreiter cryptosystem is a variation of the McEliece Cryptosystem developed in 1986 by Harald Niederreiter [1]. It applies the same idea to the parity check matrix H of a linear code. Niederreiter is equivalent to… … Wikipedia
Merkle–Hellman knapsack cryptosystem — The Merkle–Hellman knapsack cryptosystem was one of the earliest public key cryptosystems invented by Ralph Merkle and Martin Hellman in 1978.[1] Although its ideas are elegant, and far simpler than RSA, it has been broken.[2] Contents 1… … Wikipedia
Okamoto–Uchiyama cryptosystem — The Okamoto–Uchiyama cryptosystem was discovered in 1998 by T. Okamoto and S. Uchiyama. The system works in the group , where n is of the form p2q and p and q are large primes. Contents 1 Scheme definition 1.1 Key generation … Wikipedia

Academic Dictionaries and Encyclopedias

Damgård–Jurik cryptosystem

Contents

Key generation

Encryption

Decryption

Simplification

See also

References

Look at other dictionaries:

Share the article and excerpts

Academic Dictionaries and Encyclopedias

Wikipedia

Damgård–Jurik cryptosystem

Contents

Key generation

Encryption

Decryption

Simplification

See also

References

Look at other dictionaries:

Share the article and excerpts

Direct link