In Paillier cryptoststem many ciphertexts can correspond to the same plaintext. How can I modify the scheme so to make the correspondence between ciphertexts and plaintexts a one to one correspondece? I've already eliminated the randomness from the scheme (i.e. all encryptions are done with the same $r$).
My reason for this is that I want to compute the arithmetic mean of two encrypted numbers by repeatedly subtracting 2 (which I can do no-problem) until I hit 0 which I then need to detect.
How can I modify the scheme so to make the correspondence between ciphertexts and plaintexts a one to one correspondece?
You do realize that this would make encryption insecure, don't you? After all, someone who knows what an encrypted 1 looks like can subtract 1 until he gets one; this immediately reveals what value the original ciphertext stood for.
If security is not a requirement, might I suggest using the identity function as your encryption mechanism. It is deterministic, it can be implemented quite efficiently, and for that matter, it is fully homomorphic.
The Paillier is semantically secure. So, even the same values will have different ciphertext all the time. Amount of the different ciphertext can be calculated by the input size of the random $r \leftarrow \mathbb{Z}_n^*$, $=2^n-1$.
You can add the two values semantically, and decrypt their addition since Paillier is additive homomorphic.
$$E(a+b \bmod N) = E(a) \cdot E(b) $$ I.e. the multiplication of ciphertext is equal to addition of plaintexts.
Your problem will be their average, here division by 2. This is not possible since Paillier doesn't support multiplication!
