The Paillier's Cryptosystem and Some Variants Revisited

TL;DR

This paper revisits Paillier's cryptosystem, highlighting differences with variants, simplifying related schemes, and proposing a more flexible, distributed key management approach suitable for cloud computing.

Contribution

It clarifies the distinctions between original and variant schemes, simplifies the Bresson-Catalano-Pointcheval decryption, and introduces a double trapdoor mechanism with distributed keys.

Findings

Simplified decryption procedure for Bresson-Catalano-Pointcheval scheme

Enhanced applicability to cloud computing environments

Distributed secret keys improve key management robustness

Abstract

At Eurocrypt'99, Paillier presented a public-key cryptosystem based on a novel computational problem. It has interested many researchers because it was additively homomorphic. In this paper, we show that there is a big difference between the original Paillier's encryption and some variants. The Paillier's encryption can be naturally transformed into a signature scheme but these variants miss the feature. In particular, we simplify the alternative decryption procedure of Bresson-Catalano-Pointcheval encryption scheme proposed at Asiacrypt'03. The new version is more applicable to cloud computing because of its double trapdoor decryption mechanism and its flexibility to be integrated into other cryptographic schemes. It captures a new feature that its two groups of secret keys can be distributed to different users so as to enhance the robustness of key management.