On 21/09/16 20:10, Walter Ray-Dulany wrote:
> Let me see if I understand you, but, if I do, then I would respond: "Yes."
> 
>> can I simply think of this as a way that one of the encryption values is
>> 'selected' during the encrypt process?
> 
> When encrypting, because of our friendly random zeta, we can get many
> different ciphertexts from the same message. As you point out, when taking
> E(5)*E(7) we can (and in your case, do) get another valid-but-distinct
> ciphertext corresponding to the message m=12. Additionally, there is some
> choice of zeta that would make E(12) encrypt to 19 instead of 208.

Yep, that's what I meant.

So why does Pirk provoke a different secure random number for each
encryption via Pailler#encrypt(BigInteger)?  I don't see that it
enhances the security, since whatever random value we choose the
decryption is based solely upon knowing our p and q.

Would it be ok to pick some zeta value when Paillier is initialized, and
stick with it?

Regards,
Tim

> On Wed, Sep 21, 2016 at 12:14 PM, Tim Ellison <t.p.elli...@gmail.com> wrote:
> 
>> With apologies for the lazy language...since there can be multiple
>> numbers in the encryption space that map back to the same plain text
>> number, can I simply think of this as a way that one of the encryption
>> values is 'selected' during the encrypt process?
>>
>> Taking my simple example, if I encrypt E() and decrypt D() the following
>> to test the homomorphic properties:
>>
>> E(5 + 7) mod N = 208
>> D(E(5) * E(7) mod N^2) = D(19)
>>
>> hmm, but D(19) = D(208) = 12 so we are all good.
>>
>> Regards,
>> Tim (hoping to get to some PIR soon!)
>>
>> On 21/09/16 13:25, Ellison Anne Williams wrote:
>>> Ah, the math-magic of semantic encryption... :) (re: random zeta)
>>>
>>> We can certainly walk through the proof of the semantic encryption (the
>>> random zeta) as it is quite mathematically beautiful, but it will take us
>>> even further down the algebraic path.
>>>
>>> On Wed, Sep 21, 2016 at 8:19 AM, Tim Ellison <t.p.elli...@gmail.com>
>> wrote:
>>>
>>>> On 19/09/16 18:36, Walter Ray-Dulany wrote:
>>>> <snip/>
>>>>> Let's see what we've got.
>>>>>
>>>>> ( (16**12)*(7**15) ) mod 225 = 208.
>>>>>
>>>>> I will leave it as an exercise to check that the decryption of 208 is
>> in
>>>>> fact 12.
>>>>
>>>> I like a challenge :-)
>>>>
>>>> So we got to p=3, q=5, and my encrypted value c=208.
>>>>
>>>> Following the Wideskies Pallier decryption algorithm,
>>>> Step (2):
>>>> N = p * q
>>>>   = 15
>>>>
>>>> lambda(N) = lcm(p-1,q-1)
>>>>           = 4
>>>>
>>>> Step (3):
>>>> mu = lambda(N) modinverse N
>>>>    = 4
>>>>
>>>> Step (4):
>>>> c' = c^lambda(N) mod N^2
>>>>    = 208^4 mod 225
>>>>    = 46
>>>>
>>>> Step(5):
>>>> m' = L(c')
>>>>    = ((c' - 1) / N) mod N
>>>>    = (45 / 15) mod 15
>>>>    = 3
>>>>
>>>> Step(6):
>>>> m = (m' * mu) mod N
>>>>   = 12
>>>>
>>>> yay!
>>>>
>>>> The fog is slowly clearing, though I'm totally baffled about how I can
>>>> pick a random zeta during encryption, and it plays no part in the
>>>> decryption.
>>>>
>>>> Regards,
>>>> Tim
>>>>
>>>
>>
> 

Reply via email to