Support standard Paillier encryption and decryption?

[Jinstorm]

I noticed that in https://github.com/TNO-MPC/encryption_schemes.paillier/blob/main/src/tno/mpc/encryption_schemes/paillier/paillier.py#L505

It used a simplified version of Paillier which sets g=n+1, random value c=1, and discard the higher-order terms.

Does this encryption scheme only match the distributed partial-decryption implementation in https://github.com/TNO-MPC/protocols.distributed_keygen/blob/main/src/tno/mpc/protocols/distributed_keygen/distributed_keygen.py#L287, so that the distributed partial-decryption implementation cannot be used to decrypt ciphertext encrypted by the standard Paillier?

Also, is the proposed distributed Paillier key generation scheme limited to this simplified version or it can be directly used for the standard one?

[Quitlox]

In our implementation of standard Paillier, we wait with randomizing ciphertexts until the last moment (when the ciphertexts are actually communicated) (see also https://github.com/TNO-MPC/protocols.distributed_keygen/blob/main/README.md?plain=1#L195). The "higher order term" (i.e. the randomization) is therefore not dropped, but added at a later moment.

As for the choice of $g$, we indeed choose the "simple" variant of the key generation, which is easier and faster in implementation. This however is just a choice of parameters. If one implements a custom key generation which does choose $g$ differently, the decryption routine should still work as long as the parameters are set correctly.

As for the compatibility of the Paillier and Distributed Keygen modules, I am not sure I understand your question. In theory the ciphertexts produced by the Paillier and the DistributedKeygen module are fundamentally the same, but one can only use the decryption routine that matches the format of the secret key one has. In the distributedkeygen version, the secret key is distributed, and thus the decryption routine is very different.