Information Technology Reference
In-Depth Information
Since
h
is the generator of the subgroup of order
p
, we have
h
p
= 1 mod
n
.
Thus,
c
′ is calculated as
p
cc
=
mod
n
=
(
)
mr
p
gh
mod
n
(3.3)
=
()
p
m
g
mod
n
=
()
m
p
g
mod
n
(
)
The message
m
is bounded by
T
, allowing it to be recovered in time
OT
using Pollard's lambda method [38].
The homomorphic property of the scheme is demonstrated in the follow-
ing way: Let
cg
mr
1
and
cg
mr
2
=
=
; then,
11
22
mm rr
+
+
cc
=
g
h
mod
n
1212
12
is a valid encryption of
m
1
+
m
2
,
cg
k
mod
ng h
=
m
+
kr
mod
n
1
1
1
is a valid encryption of
m
1
+
k
, and
c
k
mod
n
=
gh
kmrk
mod
n
11
1
is a valid encryption of
km
1
. Subtraction of encrypted messages and con-
stants can be done using
cc
−
mod and
c
1
g
−
k
mod
n
, respectively.
Multiplication of messages is done in the following way: Let
g
1
=
e
(
g
,
g
)
and
h
1
=
e
(
g
,
h
) since
g
generates
G
,
h
=
g
α
, for some α. Given ciphertexts
c
1
,
c
2
,
we choose random
r
∈
R
; a ciphertext to compute the product
m
1
m
2
is given by
n
12
=
(
)
(
)
r
m
r
mr
r
ec ch eg hghh
,
,
11
22
12 1
1
(
)
mr
α
mr
α
2
r
=
eg ggg
,
h
1
1
2
1
=
(
)
+
+
eg
mr
α
,
g
mr
α
h
r
(3.4)
11
2
2
1
mm
mr
+
mr
+++
α
rr
r
=
gh
12
12
21
12
1
1
mm r
gh
=
12
1
1
r
′ =
m
1
r
2
+
m
2
r
1
+ α
r
1
r
2
+
r
.
Search WWH ::
Custom Search