Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Paillier cryptosystem is a probabilistic asymmetric algorithm for public key cry

ID: 652960 • Letter: P

Question

Paillier cryptosystem is a probabilistic asymmetric algorithm for public key cryptography. Doesn't homomorphic encryption schemes have regular effects on the plaintext, and does that mean Pailliers cryptosystem missing the nonce? What is that I am missing?

I am also trying to understand if there are a disadvantage of Gentry's fully homomorphic scheme in terms of security (e.g. besides that the scheme is homomorphic how would it stand next to AES for example). Note that I do not refer to its impractical use due to its many series of computations.

Can anyone shed some light on these things for me, or perhaps point me in a direction where I can find information about it (I have been looking around, and the actual paper Gentry wrote is quite difficult to grasp for me and Pailliers cryptosystem eludes me a bit in this aspect).

Explanation / Answer

You seem to have some conceptual misunderstanding. A homomorphic property of an encryption scheme does not necessarily mean that it is deterministic.

There are examples like textbook RSA which has a multiplicatively homomorphic property (multiplying ciphertexts modulo the modulus gives you a ciphertext to the product of the two hidden plaintexts modulo the modulus), but is insecure due to its deterministic property, i.e., no IND-CPA security. Loosely speaking, you can test against given ciphertexts by trial encryptions using the respective public key with candidate plaintexts.

What is clearly true is that homomorphic encryption schemes can not be secure against adaptively chosen ciphertext attacks (IND-CCA2) as the homomorphism prevents this type of security. But everything below is possible. For instance, Paillier is secure against chosen plaintext attacks (IND-CPA), but is additively homomorphic.

Another (from the point of math) more simple example is additively homomorphic aka "exponential" ElGamal, which is simpler for illustration.

Related Questions

Page |12 Example: or failure Oil drilling company ventures into various location
Question #3359666
Page |2 TU Department of Physics, Astronomy, &Geosciences; Test 2 6. A 50 uF air
Question #2036382
Page |5 3, A twenty-year bond with a 8% coupon rate and a face value of S1000 ma
Question #2787390
Page |7 Q3 (30 points) The process diagram below reflects a Methanol (CH,0H) Pro
Question #700750
Page |89 Ba(NOa)a HNO3 Fe(NOs)s and KMnO and Comments Reagent AgNO3 White AgCl A
Question #552308
Page |97 5. A student analyzed an unknown sample that contained a single anion.
Question #554436
Page- FAFSA on th... Mildred 3.0 You don\'t have to. You order for me all the ti
Question #3047730
Page116, #64 What is wrong with the following \"proof\" by mathematical inductio
Question #3786341

Navigate

Previous
Paige, age 17, is claimed as a dependent on her parents\' 2015 return, on which
Next
Paily ad parts of the city? company s7data CASE Building a Culture of Safety OSH

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.