Question regarding common modulus on elliptic curve cryptosystems

Zacheusz Siedlecki zacheusz.siedlecki at
Mon Mar 22 14:52:26 EDT 2010

[Moderator's note. Please please please don't top post. --Perry]

I think you should look for multisignature schemes. There are lots of it.
And BTW - right EC Pohlih-Hellman is not public key cryptosystem. I
missed your requirement.

2010/3/22, Jonathan Katz <jkatz at>:
> [Moderator's Note: Please please don't top post. --Perry]
> That paper was from 1980. A few things have changed since then. =)
> In any case, my point still stands: what you actually want is some e-cash
> system with some special properties. Commutative encryption is neither
> necessary nor (probably) sufficient for what you want. Have you at least
> looked at the literature (which must be well over 100 papers) on e-cash?
> On Mon, 22 Mar 2010, Sergio Lerner wrote:
>> Commutativity is a beautiful and powerful property. See "On the power of
>> Commutativity in Cryptography" by Adi Shamir.
>> Semantic security is great and has given a new provable sense of security,
>> but commutative building blocks can be combined to build the strangest
>> protocols without going into deep mathematics, are better suited for
>> teaching
>> crypto and for high-level protocol design. They are like the "Lego" blocks
>> of
>> cryptography!
>> Now I'm working on an new untraceable e-cash protocol which has some
>> additional properties. And I'm searching for a secure  commutable signing
>> primitive.
>> Best regards,
>> Sergio Lerner.
>> On 22/03/2010 09:56 a.m., Jonathan Katz wrote:
>>> Sounds like a bad idea -- at a minimum, your encryption will be
>>> deterministic.
>>> What are you actually trying to achieve? Usually once you understand
>>> that,
>>> you can find a protocol solving your problem already in the crypto
>>> literature.
>>> On Sun, 21 Mar 2010, Sergio Lerner wrote:
>>>> I looking for a public-key cryptosystem that allows commutation of the
>>>> operations of encription/decryption for different users keys
>>>> ( Ek(Es(m)) =  Es(Ek(m)) ).
>>>> I haven't found a simple cryptosystem in Zp or Z/nZ.
>>>> I think the solution may be something like the RSA analogs in elliptic
>>>> curves. Maybe a scheme that allows the use of a common modulus for all
>>>> users (RSA does not).
>>>> I've read on some factoring-based cryptosystem (like Meyer-Muller or
>>>> Koyama-Maurer-Okamoto-Vantone) but the cryptosystem authors say nothing
>>>> about the possibility of using a common modulus, neither for good nor
>>>> for
>>>> bad.
>>>> Anyone has a deeper knowledge on this crypto to help me?
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list