the decryption function. Consequently, it is easy to encrypt messages but difficult to decrypt messages, which is exactly what is needed in a computationally* secure cryptosystem. At least, this is what is needed in order to protect encrypted messages from would-be attackers. There is, however, one party that must be able to easily decrypt messages, namely, the intended recipient of the messages whose public key was used for encrypting the messages in the first place. This is where the notion of a trapdoor comes into play. A trapdoor is a piece of information that, when added to a one-way function f, is such that it enables f~* to be computed easily, i.e., computed in polynomial time. This trapdoor information should obviously be kept secret; in fact, the trapdoor information is precisely the private key in a public key cryptosystem. A one-way function together with a trapdoor is a one-way trapdoor function, which is the heart of a public key cryptosystem. A visual diagram of a one-way trapdoor function can be seen in Figure 2. Figure 3: An anonymous e-health authentication system.”! A basic illustration of the system is depicted in Figure 3.
