Tzong-Sun Wu, Yih-Sen Chen, Han-Yu Lin, and Tang-Kai Chang
Authenticated encryption, Paillier cryptosystem, homomorphism
Generally, encryption procedures provide the function of conﬁdentiality while digital signature techniques supply those of integrity and non-repudiation. In some conﬁdential applications, a signer might encrypt a signature along with its message and then send the ciphertext to a speciﬁed recipient such that only this recipient can recover the ciphertext and verify the signature. However, the
approach is costly in terms of the computational costs and the communicational overheads. To improve the eﬃciency, Horster et al. proposed an authenticated encryption (AE) scheme in 1994. Their scheme fulﬁlled both the functions of digital signature and public key encryption simultaneously. Since then, many AE schemes had been proposed. However, these previously proposed schemes are mainly based on the diﬃculty of solving discrete logarithm problems.
In 1999, Paillier introduced the public key probabilistic encryption schemes based on composite residuosity classes over Z∗n2 , where n (= pq) is an RSA modulus, and their scheme could be viewed as a new cryptographic mechanism. In this paper, we construct a new AE scheme based on Paillier’s scheme. Our scheme not only provides a secure solution to the transactions of e-commerce, but also extends Paillier’s system to a new application.