Security Estimates for Quadratic Field Based Cryptosystems

We describe implementations for solving the discrete logarithm problem in the class group of an imaginary quadratic field and in the infrastructure of a real quadratic field. The algorithms used incorporate improvements over previously-used algorithms, and extensive numerical results are presented demonstrating their efficiency. This data is used as the basis for extrapolations, used to provide recommendations for parameter sizes providing approximately the same level of security as block ciphers with $80,$ $112,$ $128,$ $192,$ and $256$-bit symmetric keys

A kilobit hidden SNFS discrete logarithm computation

We perform a special number field sieve discrete logarithm computation in a 1024-bit prime field. To our knowledge, this is the first kilobit-sized discrete logarithm computation ever reported for prime fields. This computation took a little over two months of calendar time on an academic cluster using the open-source CADO-NFS software. Our chosen prime $p$ looks random, and $p--1$ has a 160-bit prime factor, in line with recommended parameters for the Digital Signature Algorithm. However, our p has been trapdoored in such a way that the special number field sieve can be used to compute discrete logarithms in $\mathbb{F}\_p^*$ , yet detecting that p has this trapdoor seems out of reach. Twenty-five years ago, there was considerable controversy around the possibility of back-doored parameters for DSA. Our computations show that trapdoored primes are entirely feasible with current computing technology. We also describe special number field sieve discrete log computations carried out for multiple weak primes found in use in the wild. As can be expected from a trapdoor mechanism which we say is hard to detect, our research did not reveal any trapdoored prime in wide use. The only way for a user to defend against a hypothetical trapdoor of this kind is to require verifiably random primes

A usability study of elliptic curves

In the recent years, the need of information security has rapidly increased due to an enormous growth of data transmission. In this thesis, we study the uses of elliptic curves in the cryptography. We discuss the elliptic curves over finite fields, attempts to attack; discrete logarithm, Pollard’s rho algorithm, baby-step giant-step algorithm, Pohlig-Hellman algorithm, function field sieve, and number field sieve. The main cryptographic reason to use elliptic curves over finite fields is to provide arbitrarily large finite cyclic groups having a computationally difficult discrete logarithm problem

The Elgamal Cryptosystem is better than Th RSA Cryptosystem for Mental Poker

Cryptosystems are one of the most important parts of secure online poker card games. However, there is no research comparing the RSA Cryptosystem (RC) and Elgamal Cryptosystem (EC) for mental poker card games. This paper compares the RSA Cryptosystem and Elgamal Cryptosystem implementations of mental poker card games using distributed key generation schemes. Each implementation is based on a joint encryption/decryption of individual cards. Both implementations use shared private key encryption/decryption schemes and neither uses a trusted third party (TTP). The comparison criteria will be concentrated on the security and computational complexity of the game, collusions among the players and the debate between the discrete logarithm problem (DLP) and the factoring problem (FP) for the encryption/decryption schemes. Under these criteria, the comparison results demonstrate that the Elgamal Cryptosystem has better efficiency and effectiveness than RSA for mental poker card games

Quantum Attacks on Modern Cryptography and Post-Quantum Cryptosystems

Cryptography is a critical technology in the modern computing industry, but the security of many cryptosystems relies on the difficulty of mathematical problems such as integer factorization and discrete logarithms. Large quantum computers can solve these problems efficiently, enabling the effective cryptanalysis of many common cryptosystems using such algorithms as Shor’s and Grover’s. If data integrity and security are to be preserved in the future, the algorithms that are vulnerable to quantum cryptanalytic techniques must be phased out in favor of quantum-proof cryptosystems. While quantum computer technology is still developing and is not yet capable of breaking commercial encryption, these steps can be taken immediately to ensure that the impending development of large quantum computers does not compromise sensitive data

Stopping time signatures for some algorithms in cryptography

We consider the normalized distribution of the overall running times of some cryptographic algorithms, and what information they reveal about the algorithms. Recent work of Deift, Menon, Olver, Pfrang, and Trogdon has shown that certain numerical algorithms applied to large random matrices exhibit a characteristic distribution of running times, which depends only on the algorithm but are independent of the choice of probability distributions for the matrices. Different algorithms often exhibit different running time distributions, and so the histograms for these running time distributions provide a time-signature for the algorithms, making it possible, in many cases, to distinguish one algorithm from another. In this paper we extend this analysis to cryptographic algorithms, and present examples of such algorithms with time-signatures that are indistinguishable, and others with time-signatures that are clearly distinct.Comment: 20 page

Computation of Discrete Logarithms in GF(2^607)

International audienceWe describe in this article how we have been able to extend the record for computations of discrete logarithms in characteristic 2 from the previous record over GF(2^503) to a newer mark of GF(2^607), using Coppersmith's algorithm. This has been made possible by several practical improvements to the algorithm. Although the computations have been carried out on fairly standard hardware, our opinion is that we are nearing the current limits of the manageable sizes for this algorithm, and that going substantially further will require deeper improvements to the method