Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use of mod N instead of mod N^2 in proofs #19

Open
mortendahl opened this issue Jun 11, 2018 · 1 comment
Open

Use of mod N instead of mod N^2 in proofs #19

mortendahl opened this issue Jun 11, 2018 · 1 comment
Milestone
0.2.1

Comments

@mortendahl
Copy link
Owner

mortendahl commented Jun 11, 2018
edited

The use of mod N in the proofs of correct decryption key might be a non-standard assumption that we should make sure is okay to use. Hardness of DCR implies hardness of RSA inversion but may not imply RSA indistinguishability, which might be needed for the simulation proofs to go through (alternatively the simulator may be adaptable).

In any case, this should be addressed before making the next release, defaulting to the conservative case if not resolution is found.
@mortendahl mortendahl changed the title Use of mod N instead of mod NN in proofs Use of mod N instead of mod N^2 in proofs Jun 11, 2018
@mortendahl mortendahl added this to the 0.2 milestone Jul 2, 2018
@mortendahl mortendahl mentioned this issue Jul 28, 2018
Merged
@mortendahl mortendahl reopened this Aug 4, 2018
@mortendahl
Copy link
Owner Author

The fact that (x mod nn) mod n = x mod n settles the issue, making it safe to reveal x mod n instead of x mod nn

@omershlo omershlo mentioned this issue Oct 23, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.2.1
Development

No branches or pull requests
1 participant
@mortendahl