OPHELib is a library providing optimized homomorphic encryption functionality, at the moment focusing on the Paillier encryption scheme.
See BUILD.
If an attacker manages to factorize n, the whole system is broken.
According to NIST Special Publication 800-57 Part 1, Revision 4, Table 2, the strength for specific parameters as follows:
| Strength | Symmetric | RSA -> n | ECDSA -> α | Comments |
|---|---|---|---|---|
| ≤80 | 2TDEA | 1024 | 160-223 | Insecure |
| 112 | 3TDEA | 2048 | 224-255 | |
| 128 | AES-128 | 3072 | 256-383 | |
| 192 | AES-192 | 7680 | 384-511 | * |
*: Currently not included in the NIST standards for interoperability and efficiency reasons.
NIST does not provide an estimate for n=4096, but according to GPG it is around 140bit.
If an attacker guesses r, a single ciphertext can be broken. In the paper "Encryption Performance Improvements of the Paillier Cryptosystem", 70 bits are used for r.
Secomlib uses a random number of n bits.