IACR News item: 27 June 2020
Ying Guo, Zhenfu Cao, Xiaolei Dong
In Paillier's scheme, $c=y^{m}x^{n}\,\mathrm{mod}\,n^{2},\,m \in Z_{n},\,x \in Z_{n^{2}}^{*},\,n=PQ$ is a product of two large primes. Damgård and Jurik generalized Paillier's scheme to reduce the ciphertext expansion, $c=y^{m}x^{n^{s}}\,\mathrm{mod}\,n^{s+1},\,m \in Z_{n^{s}},\,x \in Z_{n^{s+1}}^{*}$. In this paper, we propose a new generalization of Paillier's scheme and prove that our scheme is IND-CPA secure under $k$-subgroup assumption for $\Pi_{k}$. Compared to Damgård and Jurik's generalization, our scheme has three advantages. (a)We use the modulus $P^{a}Q^{b}$ instead of $P^{a}Q^{a}$, so it is more general. (b)We use a general $y$ satisfying $P^{a-1} | order_{P^{a}}(y), \,Q^{b-1} | order_{Q^{b}}(y)$ instead of $y=(1+PQ)^{j}x \,\mathrm{mod}\,N$ which is used in Damgård and Jurik's generalization. (c)Our decryption scheme is more efficient than Damgård and Jurik's generalization system.
Additional news items may be found on the IACR news page.