Probabilistic Encryption

  title={Probabilistic Encryption},
  author={Shafi Goldwasser and Silvio Micali},
  journal={J. Comput. Syst. Sci.},

Figures from this paper

How to make RSA and some other encryptions probabilistic

A new scheme of probabilistic subgroup-related encryption is introduced that is potentially semantically secure under reasonable cryptographic assumptions and some applications based on the RSA, Diffie-Hellman and ElGamal encryption algorithms are described.

An Introduction to Probabilistic Encryption

An introduction to probabilistic encryption is given, presenting the first probabilistic cryptosystem by Goldwasser and Micali. Furthermore, the required number-theoretic concepts are discussed and

A New Aspect for Security Notions: Secure Randomness in Public-Key Encryption Schemes

It is proved that indistinguishability and semantic security are not equivalent in general and it is shown that polynomial-time pseudorandomness is not always necessary for the equivalence.


A new probabilistic public key cryptosystem that is highly efficient in that it's message expansion is l+(k-l)/l, where k is the security parameter and 1 the length of the encrypted message.

Security of Signed ElGamal Encryption

It is shown that ElGamal encryption with an added Schnorr signature is secure against the adaptive chosen ciphertext attack, and a very practical scheme for private information retrieval that is based on blind decryption of Elgamal ciphertexts is proposed.

Joint encryption and message-efficient secure computation

This work establishes a connection between secure distributed computation and group-oriented cryptography, i.e., cryptographic methods in which subsets of individuals can act jointly as single agents with useful algebraic properties.

Combining Encryption and Proof of Knowledge in the Random Oracle Model

This paper presents a secure way of combining weak encryption schemes with proofs of knowledge made non-interactive through the use of a hash function so that the security of the resulting scheme can be proven solely in the random oracle model.

A Different Encryption System Based on the Integer Factorization Problem

A new one-way function is presented and from this function a homomorphic probabilistic scheme for encryption is proposed, provably secure under the new computational problem in the standard model.

Compact CCA-Secure Encryption for Messages of Arbitrary Length

A chosen-ciphertext secure variant of the ElGamal public-key encryption scheme which generates very compact ciphertexts for messages of arbitrary length which is proven based on the strong Diffie-Hellman assumption in the random oracle model.

How to Encrypt with the LPN Problem

This scheme enriches the range of available cryptographic primitives whose security relies on the hardness of the LPN problem and achieves indistinguishability under adaptive chosen plaintext attacks (IND-P2-C0).



Probabilistic encryption & how to play mental poker keeping secret all partial information

This paper proposes an Encryption Scheme that possess the following property : An adversary, who knows the encryption algorithm and is given the cyphertext, cannot obtain any information about the

Relativized cryptography

  • G. Brassard
  • Computer Science, Mathematics
    20th Annual Symposium on Foundations of Computer Science (sfcs 1979)
  • 1979
The main result presented here is the existence of a relativized model of computation under which there exists a provably secure transientkey cryptosystem.

Theory and application of trapdoor functions

  • A. Yao
  • Computer Science, Mathematics
    23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)
  • 1982
A new information theory is introduced and the concept of trapdoor functions is studied and applications of such functions in cryptography, pseudorandom number generation, and abstract complexity theory are examined.

On Computationally Secure Authentication Tags Requiring Short Secret Shared Keys

As an application of strongly universal-2 classes of hash functions, Wegman and Carter have proposed a provably secure authentication tag system that requires that the sender and the receiver share a rather long secret key if they wish to use the system more than once.

How to generate cryptographically strong sequences of pseudo random bits

  • M. BlumS. Micali
  • Computer Science, Mathematics
    23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)
  • 1982
A more operative definition of Randomness should be pursued in the light of modern Complexity Theory.

Communication theory of secrecy systems

  • C. Shannon
  • Computer Science, Mathematics
    Bell Syst. Tech. J.
  • 1949
A theory of secrecy systems is developed on a theoretical level and is intended to complement the treatment found in standard works on cryptography.

A method for obtaining digital signatures and public-key cryptosystems

An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key, soriers or other secure means are not needed to transmit keys.

How to simultaneously exchange a secret bit by flipping a symmetrically-biased coin

  • M. LubyS. MicaliC. Rackoff
  • Computer Science, Mathematics
    24th Annual Symposium on Foundations of Computer Science (sfcs 1983)
  • 1983
A cryptographic protocol allowing two mutually distrusting parties, A and B, each having a secret bit, to "simultaneously" exchange the values of those bits is presented, and a new tool to implement this protocol is developed: a slightly biased symmetric coin.


  • M. Rabin
  • Mathematics, Computer Science
  • 1979
It is proved that for any given n, if the authors can invert the function y = E (x1) for even a small percentage of the values y then they can factor n, which seems to be the first proved result of this kind.

A simple secure pseudo-random number generator

Two closely-related pseudo-random sequence generators are presented: The \/P-generatort with input P a prime, outputs the quotient digits obtained on dividing 1 by P and the x2 mod jV-generator, which promises many interesting applications, e.g., to publickey cryptography.