11. Paillier Cryptosystem
Key generation
𝒑, 𝒒 : 𝒈𝒄𝒅(𝒑𝒒, 𝒑 − 𝟏 𝒒 − 𝟏 ) = 𝟏 //equal length
𝒏 : 𝒑𝒒
𝝀 : 𝒍𝒄𝒎(𝒑 − 𝟏, 𝒒 − 𝟏)
𝒈 : 𝒈 ∈ 𝒁 𝒏 𝟐
∗
Ensure 𝑛 divides the order of 𝑔 by checking the existence of the
following modular multiplicative inverse:
μ = (𝑳 𝒈λ 𝒎𝒐𝒅 𝒏 𝟐 )−𝟏 𝒎𝒐𝒅 𝒏
𝑳 𝒖 =
𝒖−𝟏
𝒏
, quotient of u-1 divided by n
12. Paillier Cryptosystem
If using 𝑝, 𝑞 of equivalent length, a simpler variant of the above key
generation steps would be to set
𝑔 = 𝑛 + 1
λ = φ 𝑛
μ = φ(𝑛)−1
mod n
Where φ 𝑛 = (𝑝 − 1)(𝑞 − 1)
18. Implementation – Key Generation
1. Choose two large prime numbers p and q of equivalent length
randomly and independently.
1 −
1
(2 𝑐𝑒𝑟𝑡𝑎𝑖𝑛𝑡𝑦)
certainty
𝑐𝑒𝑟𝑡𝑎𝑖𝑛𝑡𝑦 = 10
0.9990234375
𝑐𝑒𝑟𝑡𝑎𝑖𝑛𝑡𝑦 = 20
0.99999904632
PrivateKey.java
28. Implementation – Randomize
Randomization is useful so a server does not know that you are
resubmitting a value they have already processed. Randomizing the
encrypted integer without needing the private key is based on the
homomorphic properties to add a randomly encrypted zero.