One-More Paillier Inversion and Concurrent Secure Identification
多一次Paillier求逆问题与并发安全的鉴别方案

This paper revisits Paillier's trapdoor one-way function,focusing on the computational problem underlying its one-wayness.A new computational problem called the one-more Paillier inversion problem is formulated.It is a natural extension of Paillier inversion problem to the setting where adversaries have access to an inversion oracle and a challenge oracle.The relation between the one-more Paillier inversion problem and the one-more RSA problem introduced by Bellare,et al.It is shown that the one-more Paillier inversion problem is hard if and only if the one-more RSA problem is hard.Based on this,a new identification scheme is proposed.It is shown that the assumed hardness of the one-more Paillier inversion problem leads to a proof that the proposed identification scheme achieves security against concurrent impersonation attack.