I’m engaged on MPCs (multi social gathering computation) in crypto, and now I’m creating a implementation of GG 18.
In signal part, algorithm wants MtA (multiply to dependancy) and makes use of Paillier key pair for this.
Paillier makes use of modulus N (= p * q, prime numbers utilized in key technology ). However we’d like modulus q (order of elliptic curve. spec256k1 for instance). so algorithm has some issues.
think about that Alice and Bob have a and b as their secrets and techniques. they usually wish to get alpha and beta so {that a}*b = alpha + beta, with out revealing their secrets and techniques.
GG18 says that for modulus drawback there are some issues:
a have to be lower than q ^ 3.
b have to be lower than q ^ 3.
beta have to be lower than q ^ 5.
N have to be larger than q^ 8.
in spec256k1, q = 115792089237316195423570985008687907852837564279074904382605163141518161494337, and could be very near 2 ^ 256
So q ^ 8 could be very near 2 ^ 2048.
if I generate random 1024 bit prime numbers p1 and p2 for pailier key technology, virtually by no means cannot fulfill this situation :
N = p1 * p2 > q ^ 8
what can I do? I can use larger numbers for p1 and p2 (1025 bit for instance. it give me a 2050 bit N that more often than not is bigger than q^ 8)
is there every other resolution? I want use 1024 bit numbers for p1 and p2.
(I take advantage of “p1” and “p2” as a substitute of “p” and “q” for Paillier key technology to stop confusion with “q” as order of elliptic curve)