You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The use of mod N in the proofs of correct decryption key might be a non-standard assumption that we should make sure is okay to use. Hardness of DCR implies hardness of RSA inversion but may not imply RSA indistinguishability, which might be needed for the simulation proofs to go through (alternatively the simulator may be adaptable).
In any case, this should be addressed before making the next release, defaulting to the conservative case if not resolution is found.
The text was updated successfully, but these errors were encountered:
mortendahl
changed the title
Use of mod N instead of mod NN in proofs
Use of mod N instead of mod N^2 in proofs
Jun 11, 2018
The use of mod N in the proofs of correct decryption key might be a non-standard assumption that we should make sure is okay to use. Hardness of DCR implies hardness of RSA inversion but may not imply RSA indistinguishability, which might be needed for the simulation proofs to go through (alternatively the simulator may be adaptable).
In any case, this should be addressed before making the next release, defaulting to the conservative case if not resolution is found.
The text was updated successfully, but these errors were encountered: