This paper revisits Paillier's trapdoor one-way function, focusing on the computational problem underlying its one-wayness. A new computational problem called the one-more Paillier inversion problem is formulated. It is a natural extension of Paillier inversion problem to the setting where adversaries have access to an inversion oracle and a challenge oracle. The relation between the one-more Paillier inversion problem and the one-more RSA problem introduced by Bellare, et al. It is shown that the one-more Paillier inversion problem is hard if and only if the one-more RSA problem is hard. Based on this, a new identification scheme is proposed. It is shown that the assumed hardness of the one-more Paillier inversion problem leads to a proof that the proposed identification scheme achieves security against concurrent impersonation attack.%从计算难解性的角度重新考察Paillier的陷门单向函数,并提出多一次Paillier求逆问题这一关于Paillier求逆问题的推广问题.从计算难解性的角度考察了多一次Paillier求逆问题与Bellare等人提出的多一次RSA求逆问题之间的关系,并证明了在计算难解性的意义上,多一次Paillier求逆问题等价于多一次RSA求逆问题.以此为基础,进而提出一种新的鉴别方案,并证明在多一次Paillier求逆问题的难解性假设下这一鉴别方案具备并发安全性.
展开▼
