par Liu, Lihua;Cao, Zhengjun
Référence Studies in Computational Intelligence, 149, page (181-187)
Publication Publié, 2008
Article révisé par les pairs
Résumé : In 1998, W. Mao proposed a verifiable encryption scheme. In the scheme Alice shall encrypt two prime numbers P and Q and disclose N = PQ. Bob shall verify the correctness of the encryption under an agreed public key. In the short paper, we show that Alice can only disclose N = PQ mod q, where q is the order of the cryptographic group used for zero-knowledge proof. Actually, the proof of bit-length proposed can only show the bit-length of the residue P̂ ∈ Zq in stead of P ∈ Z. To fix the scheme, it's sure that the order of the cryptographic group should be unknown by the prover. That means we should introduce another RSA modulus and base the Mao's scheme on RSA setting instead of the original ElGamal setting. © 2008 Springer-Verlag Berlin Heidelberg.