0

Most real-world RSA implementations add padding and such that break the multiplicative homomorphism of raw RSA. However, this multiplicative homomorphism can be useful.

I haven't seen any existing schemes that make RSA semantically secure but maintain the multiplicative homomorphism properly. The only scheme that I have seen here which, while clever, has a bound on the plaintext that makes it (in my opinion) not truly homomorphic. Is there an RSA scheme that is semantically secure and allows for multiplicative homomorphism with plaintexts over all of $n$?

EDIT: Someone suggested IND-CPA secure RSA padding with a partial homomorphic property answers this question, but I do not believe it does. I am looking for something that can take arbitrary plaintexts, whereas this scheme has a bound on the plaintext, which would imply padding is out of the question unless you can homomorphically determine and remove the padding after the fact. An example where this distinction is important could be a Plaintext Equality Test. Additionally, the state of the art may have changed in the past 5 years.

Zarquan
  • 313
  • 1
  • 8
  • OK, I've reopened it, but please note that a post that shows that the EDIT isn't valid would institute an answer by extension. – Maarten Bodewes Sep 24 '22 at 19:46
  • @MaartenBodewes Thanks for reopening it. I'm not sure what you mean by the second part of your statement. Do you mean that I shouldn't say "edit" or that I shouldn't have the last paragraph? – Zarquan Sep 28 '22 at 05:23

0 Answers0