ENCRYPTION SCHEMES WITH ADDITIONAL PROPERTIES

US 20190319791A1
Filed: 04/12/2018
Published: 10/17/2019
Est. Priority Date: 04/12/2018
Status: Active Grant

First Claim

Patent Images

1. A method of encrypting a message m using a Paillier cryptosystem, comprising:

computing a ciphertext c based upon the message m, N, and r, where N is the product of two distinct primes p and q, and r is randomly chosen such that r∈

[1, N);

computing a first verification value based upon u and N, where u is randomly chosen such that u∈

[1, N);

computing a second verification value s based upon u, r, the ciphertext c, the verification value, and a hash function H.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments relate to a method of encrypting a message m using a Paillier cryptosystem, including: computing a ciphertext c based upon the message m, N, and r, where N is the product of two distinct primes p and q, and r is randomly chosen such that r∈[1, N); computing a first verification value based upon u and N, where u is randomly chosen such that u∈[1, N); computing a second verification value s based upon u, r, the ciphertext c, the verification value, and a hash function H.

1 Citation

19 Claims

1. A method of encrypting a message m using a Paillier cryptosystem, comprising:
- computing a ciphertext c based upon the message m, N, and r, where N is the product of two distinct primes p and q, and r is randomly chosen such that r∈
  
  [1, N);
  
  computing a first verification value based upon u and N, where u is randomly chosen such that u∈
  
  [1, N);
  
  computing a second verification value s based upon u, r, the ciphertext c, the verification value, and a hash function H.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein c=(1+mN)r^Nmod N².
  - 3. The method of claim 1, wherein U=u^Nmod N where U is the first verification value.
  - 4. The method of claim 3, wherein s=ur^emod N and where e=H(c, U).
  - 5. The method of claim 3, wherein s=ur^emod N and where e=H(c, U, pk) where pk is a public key.
  - 6. The method of claim 1, wherein V=H(u^Nmod N) where V is the first verification value.
  - 7. The method of claim 6, wherein s=ur^emod N and where e=H(c, V).
  - 8. The method of claim 6, wherein s=ur^emod N and where e=H(c, U, pk) where pk is a public key.
  - 9. The method of claim 1, wherein V=G(u^Nmod N) where V is the first verification value and G is a hash function different from hash function H.
  - 10. The method of claim 9, wherein s=ur^emod N and where e=H(c, V).
  - 11. The method of claim 9, wherein s=ur^emod N and where e=H(c, V, pk) where pk is a public key.
  - 12. The method of claim 1, further comprising generating a secret key sk and public key pk further including:
    - generating the two distinct primes p and q and computing N;
      
      computing λ
      
      =lcm(p−
      
      1, q−
      
      1);
      
      selecting the hash function H modeled as a random oracle with an identifier H_identifier; and
      
      wherein the public key pk={N, H_identifier} and the private key sk={λ
      
      }.

13. A method of decrypting a ciphertext using a Paillier cryptosystem including a value c, a first verification value, and a second verification value s, comprising:
- validating the ciphertext by checking the first verification value based upon the second verification value s, N, the value c, and a hash function H, where N is the product of two distinct primes p and q;
  
  deciphering the ciphertext to produce a message m from the value c using a secret key and N.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, wherein validating the ciphertext further includes:
    - computing e=H(c, V) and U=s^Nc^−
      
      emod N, where V is first verification value; and
      
      checking that the first verification value V equals H(U).
  - 15. The method of claim 13, wherein validating the ciphertext further includes:
    - computing e=H(c, V) and U=s^Nc^−
      
      emod N, where V is first verification value; and
      
      checking that the first verification value V equals G(U), where G is a hash function different from hash function H.
  - 16. The method of claim 13, wherein
  - 17. The method of claim 13, wherein deciphering the ciphertext to produce a message m further includes:
    - computing r=c^dmod N, where d is the secret key and d=N^−
      
      1mod λ
      
      where λ
      
      =lcm(p−
      
      1, q−
      
      1); and
      
      computing
  - 18. The method of claim 13, wherein validating the ciphertext further includes:
    - computing e=H(c, U), where U is verification value; and
      
      checking that the verification value U equals s^Nc^−
      
      emod N.
  - 19. The method of claim 13, wherein validating the ciphertext further includes a public key pk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
NXP B.V. (NXP Semiconductors NV)
Inventors
BOS, Joppe Willem, JOYE, Marc

Granted Patent

US 10,680,818 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 9/302   involving the integer facto...

H04L 9/3033   details relating to pseudo-...

H04L 9/3218   using proof of knowledge, e...

ENCRYPTION SCHEMES WITH ADDITIONAL PROPERTIES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

1 Citation

19 Claims

Specification

Solutions

Use Cases

Quick Links

ENCRYPTION SCHEMES WITH ADDITIONAL PROPERTIES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1 Citation

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links