HVZK (Honest Verifier Zero Knowledge) For Paillier and Using Kryptology
My advice to researchers is quite simple. Pick a paper each week, and try and understand the core methods presented. Over this week I have been working on the Krytology library, and which uses the Pailler method to implement homomorphic encryption for its privacy-preserving method. And so to understand how we can prove that a secure Pailler key pair has been generated, I’ve been reading about the methods that the Kryptology library uses to implement privacy-preserving methods [1][here]:
The focus of the paper is to prove that a suitable private key has been created, so that the public key has all the possible values within the given field, and without leaking anything about the private key. In Paillier, we pick two large prime numbers (p and q)). We then calculate a modulus (N=pq) and ϕ(N)=(p−1)(q−1). We then make sure that gcd(pq,ϕ(N))=1.
One of the key properties is to prove that the value of N is square free (that is, it does not have a factor that is a square). Overall, Victor — the verifier — will not be able to factorize the modulus (N), so will have to trust Peggy in the creation of a secure modulus. For example, Peggy could…
