## Abstract

The Paillier scheme encryption, (m, r) → c=g^{m} r^{N} mod N^{2}, where m is in Z_{N}, r is in Z_{N} ^{*}, N=pq (p, q being strong primes) and g is an element of Z^{*}_{N}^{2} of order a multiple of N, is decrypted by mmodN= (L(c^{λ} mod N^{2})/L(g ^{λ} mod N^{2})) mod N, where L is defined on all u in Z^{*}_{N}^{2} such that umodN = 1, by L(u)=(u-1)/N. In the generalisation of the scheme by Damgård and Jurik, the modulus N^{2} is replaced by N^{1+s}, 1 ≤ s < p, q, but an explicit expression for decryption was not given. Rather a method, the only one known so far, was found for decryption, by first encoding the ciphertext and then using an algorithm of a quadratic order of complexity in s to extract the plaintext part by part therefrom. This gap is filled. An explicit expression for decryption in this setting is presented, which is more straight forward, linear in s in complexity and hence more efficient and reduces to the original Paillier L function for s=1.

Original language | English |
---|---|

Pages (from-to) | 163-166 |

Number of pages | 4 |

Journal | IET Information Security |

Volume | 1 |

Issue number | 4 |

DOIs | |

Publication status | Published - 1 Dec 2007 |