With apologies for the lazy language...since there can be multiple
numbers in the encryption space that map back to the same plain text
number, can I simply think of this as a way that one of the encryption
values is 'selected' during the encrypt process?
Taking my simple example, if I encrypt E() and decrypt D() the following
to test the homomorphic properties:
E(5 + 7) mod N = 208
D(E(5) * E(7) mod N^2) = D(19)
hmm, but D(19) = D(208) = 12 so we are all good.
Tim (hoping to get to some PIR soon!)
On 21/09/16 13:25, Ellison Anne Williams wrote:
> Ah, the math-magic of semantic encryption... :) (re: random zeta)
> We can certainly walk through the proof of the semantic encryption (the
> random zeta) as it is quite mathematically beautiful, but it will take us
> even further down the algebraic path.
> On Wed, Sep 21, 2016 at 8:19 AM, Tim Ellison <t.p.elli...@gmail.com> wrote:
>> On 19/09/16 18:36, Walter Ray-Dulany wrote:
>>> Let's see what we've got.
>>> ( (16**12)*(7**15) ) mod 225 = 208.
>>> I will leave it as an exercise to check that the decryption of 208 is in
>>> fact 12.
>> I like a challenge :-)
>> So we got to p=3, q=5, and my encrypted value c=208.
>> Following the Wideskies Pallier decryption algorithm,
>> Step (2):
>> N = p * q
>> = 15
>> lambda(N) = lcm(p-1,q-1)
>> = 4
>> Step (3):
>> mu = lambda(N) modinverse N
>> = 4
>> Step (4):
>> c' = c^lambda(N) mod N^2
>> = 208^4 mod 225
>> = 46
>> m' = L(c')
>> = ((c' - 1) / N) mod N
>> = (45 / 15) mod 15
>> = 3
>> m = (m' * mu) mod N
>> = 12
>> The fog is slowly clearing, though I'm totally baffled about how I can
>> pick a random zeta during encryption, and it plays no part in the