• Kim, Myungsun (Department of Information Security The University of Suwon) ;
  • Kim, Jihye (School of Electrical Engineering Kookmin University) ;
  • Cheon, Jung Hee (CHRI & Department of Mathematical Sciences Seoul National University)
  • Received : 2012.04.10
  • Published : 2013.03.01


In this work we deal with the problem of how to squeeze multiple ciphertexts without losing original message information. To do so, we formalize the notion of decomposability for public-key encryption and investigate why adding decomposability is challenging. We construct an ElGamal encryption scheme over extension fields, and show that it supports the efficient decomposition. We then analyze security of our scheme under the standard DDH assumption, and evaluate the performance of our construction.


Supported by : National Research Foundation of Korea (NRF)


  1. M. Kim and H. T. Lee, and J. H. Cheon, Mutual Private Set Intersection with Linear Complexity, WISA, 2011.
  2. H. W. Lenstra Jr., Factoring integers with elliptic curves, Ann. of Math. 126 (1987), no. 3, 649-673.
  3. H. W. Lenstra Jr., Finding isomorphisms between finite fields, Math. Comp. 56 (1991), no. 193, 329-347.
  4. D. Ma, C. Soriente, and G. Tsudik, New adversary and new threats: security in unat- tended sensor networks, IEEE Network 23 (2009), no. 2, 43-48.
  5. D. Ma and G. Tsudik, Extended abstract: forward-secure sequential aggregate authentication, IEEE Symposium on Security and Privacy, 86-91, 2007.
  6. H. Maier, Primes in short intervals, Michigan Math. J. 32 (1985), no. 2, 221-225.
  7. T. Okamoto and S. Uchiyama, A new public-key cryptosystem as secure as factoring, Advances in Cryptology-EuroCrypt, Kaisa Nyberg, 308-318, LNCS 1403, 1998.
  8. P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, Ad- vances in Cryptology-EuroCrypt, Jacques Stern, 223-238, LNCS 1592, 1999.
  9. R. Peralta, On the distribution of quadratic residues and nonresidues modulo a prime number, Math. Comp. 58 (1992), no. 197, 433-440.
  10. D. H. Phan and D. Pointcheval, Chosen-ciphertext security without redundancy, Ad- vances in Cryptology-AsiaCrypt, Chi-Sung Laih, 1-18, LNCS 2894, 2003.
  11. J. Pollard, Theorems on factorization and primality testing, Proc. Cambridge Philos. Soc. 76 (1974), 521-528.
  12. V. Shoup, A Computational Introduction to Number Theory and Algebra, Cambridge University Press, 2005.
  13. C. Umans, Fast polynomial factorization and modular composition in small characteristic, STOC'08, 481-490, ACM, New York, 2008.
  14. A. C. Yao, Protocols for secure computations, FOCS, 160-164, 1982.
  15. T. Yonemura, Y. Hanatani, T. Isogai, K. Ohkuma, and H. Muratani, Generating parameters for algebraic torus-based cryptosystems, CANS, Swee-Huay Heng and Rebecca Wright and Bok-Min Goi, 156-168, LNCS 6467, 2010.
  16. M. Abe, E. Kiltz, and T. Okamoto, Compact CCA-secure encryption for messages of arbitrary length, PKC, Stanis- law Jarecki and Gene Tsudik, 377-392, LNCS 5443, 2009.
  17. L. Adleman, The function field sieve, ANTS, Leonard Adleman and Ming-Deh Huang, 108-121, LNCS 877, 1994.
  18. P. Bateman and R. Horn, A heuristic asymptotic formula concerning the distribution of prime numbers, Math. Comp. 16 (1962), 363-367.
  19. P. Bateman and R. Stemmler, Waring's problem for algebraic number fields and primes of the form $(p^r-1)/(p^d-1)$, Illinois J. Math. 6 (1962), no. 1, 142-156.
  20. K. Barr and K. Asanovic, Energy-aware lossless data compression, ACMTrans. Comput. Syst. 24 (2006), no. 3, 250-291.
  21. E. Berlekamp, Factoring polynomials over large finite fields, Math. Comp. 24 (1970), no. 111, 713-735.
  22. D. Boneh, The decision Diffie-Hellman problem, ANTS, Joe Buhler, 48-63, LNCS 1423, 1998.
  23. D. Boneh, A. Joux, and P. Q. Nguyen, Why textbook ElGamal and RSA encryption are insecure, Advances in Cryptology-AsiaCrypt, Tatsuaki Okamoto, 30-43, LNCS 1976, 2000.
  24. R. Brent, An improved Monte Carlo factorization algorithm, BIT 20 (1980), no. 2, 176-184.
  25. D. Cantor and H. Zassenhaus, A new algorithm for factoring polynomials over finite fields, Math. Comp. 36 (1981), no. 154, 587-592.
  26. G. Castagnos and B. Chevallier-Mames, Towards a DL-based additively homomorphic encryption scheme, ISC, Juan Garay and Arjen Lenstra and Masahiro Mambo and Rene Peralta, 362-375, LNCS 4779, 2007.
  27. H. Chan, H.-C. Hsiao, A. Perrig, and D. Song, Secure distributed data aggregation, Foundations and Trends in Databases 3 (2011), no. 3, 149-201.
  28. J. Cooley and J. Tukey, An algorithm for the machine calculation of complex Fourier series, Math. Comp. 19 (1965), 297-301.
  29. I. Damgard and M. Jurik, A generalisation, a simplification and some applications of Paillier's probabilistic public-key system, Public Key Cryptography, Kwangjo Kim, 119-136, LNCS 1992, 2001.
  30. J. von zur Gathen, Who was who in polynomial factorization, ISSAC, Barry Trager, 2, 2006.
  31. M. Abdalla, M. Bellare, and P. Rogaway, The oracle Diffie-Hellman assumptions and an analysis of DHIES, CT-RSA, David Naccache, 143-158, LNCS 2020, 2001.
  32. M. Abe, E. Kiltz, and T. Okamoto, Chosen ciphertext security with optimal ciphertext overhead, Advances in Cryptology-AsiaCrypt, Josef Pieprzyk, 355-371, LNCS 5350, 2008.
  33. J. von zur Gathen and D. Panario, Factoring polynomials over finite fields: A survey, J. Symb. Comput. 31 (2001), no. 1-2, 3-17.
  34. J. von zur Gathen and V. Shoup, Computing Frobenius maps and factoring polynomials, Comput. Complexity 2 (1992), no. 3, 187-224.
  35. J. Fraleigh, A First Course in Abstract Algebra, 7th, Pearson Education, 2003.
  36. T. El Gamal, A Public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inform. Theory 31 (1985), no. 4, 469-472.
  37. C. Gentry, How to compress Rabin ciphertexts and signatures (and more), Advances in Cryptology-Crypto, Matthew K. Franklin, 179-200, LNCS 3152, 2004.
  38. O. Goldreich, S. Micali, and A. Wigderson, Proofs that yield nothing but their validity, or All languages in NP have zero-knowledge proof systems, J. Assoc. Comput. Mach. 38 (1991), no. 3, 691-729.
  39. D. Goldschlag, M. Reed, and Paul Syverson, Onion routing, Commun. ACM 42 (1999), no. 2, 39-41.
  40. S. Goldwasser and S. Micali, Probabilistic encryption, J. Comput. System Sci. 28 (1984), no. 2, 270-299.
  41. D. M. Gordon, Discrete logarithms in GF(p) using the number field sieve, SIAM J. Discrete Math. 6 (1993), no. 1, 124-138.
  42. J. Gower, Prime order primitive subgroups in torus-based cryptography, IACR Cryptology ePrint Archive 2006: 466, 2006.
  43. R. Granger and F. Vercauteren, On the discrete logarithm problem on algebraic tori, Advances in Cryptology-Crypto, Victor Shoup, 66-85, LNCS 3621, 2005.
  44. R. Heath-Brown, Differences between consecutive primes, Seminar on Number Theory, 1979-80 (French) Exp. No. 14, Univ. Bordeaux I, 1980.
  45. J. Hong, J. W. Kim, J. Kim, K. Park, and J. H. Cheon, Constant-round privacy pre- serving multiset union, Cryptology ePrint Archive 2011:138, 2011.
  46. T. W. Hungerford, Algebra, Springer, 1980.
  47. M. Huxley, On the difference between consecutive primes, Invent. Math. 15 (1972), 164-170.
  48. G. Itkis and L. Reyzin, Forward-secure signatures with optimal signing and verifying, Advances in Cryptology-Crypto, Joe Kilian, 332-354, LNCS 2139, 2001.
  49. R. Johnson, D. Molnar, D. Song, and D. Wagner, Homomorphic signature schemes, CT-RSA, Bart Preneel, 244-262, LNCS 2271, 2002.
  50. A. Joux and R. Lercier, The function field sieve in the medium prime case, Advances in Cryptology-EuroCrypt, Serge Vaudenay, 254-270, LNCS 4004, 2006.
  51. A. Joux, R. Lercier, N. Smart, and F. Vercauteren, The number field sieve in the medium prime case, Advances in Cryptology-Crypto, Cynthia Dwork, 326-344, LNCS 4117, 2006.
  52. E. Kaltofen, Polynomial factorization: a success story, ISSAC, J. Rafael Sendra, 3-4, 2003.
  53. E. Kaltofen and V. Shoup, Subquadratic-time factoring of polynomials over finite fields, Math. Comp. 67 (1998), no. 223, 1179-1197.
  54. A. Karatsuba and Y. Ofman, Multiplication of multidigit numbers on automata, Soviet Physics Doklady 7 (1963), 595-596.
  55. N. Kayal and N. Saxena, On the ring isomorphism & automorphism problems, Electronic Colloquium on Computational Complexity (ECCC), 11 (2004), no. 109.