53 research outputs found
An efficient and secure RSA--like cryptosystem exploiting R\'edei rational functions over conics
We define an isomorphism between the group of points of a conic and the set
of integers modulo a prime equipped with a non-standard product. This product
can be efficiently evaluated through the use of R\'edei rational functions. We
then exploit the isomorphism to construct a novel RSA-like scheme. We compare
our scheme with classic RSA and with RSA-like schemes based on the cubic or
conic equation. The decryption operation of the proposed scheme turns to be two
times faster than RSA, and involves the lowest number of modular inversions
with respect to other RSA-like schemes based on curves. Our solution offers the
same security as RSA in a one-to-one communication and more security in
broadcast applications.Comment: 18 pages, 1 figur
Hard isogeny problems over RSA moduli and groups with infeasible inversion
We initiate the study of computational problems on elliptic curve isogeny
graphs defined over RSA moduli. We conjecture that several variants of the
neighbor-search problem over these graphs are hard, and provide a comprehensive
list of cryptanalytic attempts on these problems. Moreover, based on the
hardness of these problems, we provide a construction of groups with infeasible
inversion, where the underlying groups are the ideal class groups of imaginary
quadratic orders.
Recall that in a group with infeasible inversion, computing the inverse of a
group element is required to be hard, while performing the group operation is
easy. Motivated by the potential cryptographic application of building a
directed transitive signature scheme, the search for a group with infeasible
inversion was initiated in the theses of Hohenberger and Molnar (2003). Later
it was also shown to provide a broadcast encryption scheme by Irrer et al.
(2004). However, to date the only case of a group with infeasible inversion is
implied by the much stronger primitive of self-bilinear map constructed by
Yamakawa et al. (2014) based on the hardness of factoring and
indistinguishability obfuscation (iO). Our construction gives a candidate
without using iO.Comment: Significant revision of the article previously titled "A Candidate
Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the
constructions by giving toy examples, added "The Parallelogram Attack" (Sec
5.3.2). 54 pages, 8 figure
An Authentication Protocol for Future Sensor Networks
Authentication is one of the essential security services in Wireless Sensor
Networks (WSNs) for ensuring secure data sessions. Sensor node authentication
ensures the confidentiality and validity of data collected by the sensor node,
whereas user authentication guarantees that only legitimate users can access
the sensor data. In a mobile WSN, sensor and user nodes move across the network
and exchange data with multiple nodes, thus experiencing the authentication
process multiple times. The integration of WSNs with Internet of Things (IoT)
brings forth a new kind of WSN architecture along with stricter security
requirements; for instance, a sensor node or a user node may need to establish
multiple concurrent secure data sessions. With concurrent data sessions, the
frequency of the re-authentication process increases in proportion to the
number of concurrent connections, which makes the security issue even more
challenging. The currently available authentication protocols were designed for
the autonomous WSN and do not account for the above requirements. In this
paper, we present a novel, lightweight and efficient key exchange and
authentication protocol suite called the Secure Mobile Sensor Network (SMSN)
Authentication Protocol. In the SMSN a mobile node goes through an initial
authentication procedure and receives a re-authentication ticket from the base
station. Later a mobile node can use this re-authentication ticket when
establishing multiple data exchange sessions and/or when moving across the
network. This scheme reduces the communication and computational complexity of
the authentication process. We proved the strength of our protocol with
rigorous security analysis and simulated the SMSN and previously proposed
schemes in an automated protocol verifier tool. Finally, we compared the
computational complexity and communication cost against well-known
authentication protocols.Comment: This article is accepted for the publication in "Sensors" journal. 29
pages, 15 figure
A New Attack on Three Variants of the RSA Cryptosystem
International audienceIn 1995, Kuwakado, Koyama and Tsuruoka presented a new RSA-type scheme based on singular cubic curves y^2 ≡ x^3 + bx^2 (mod N) where N = pq is an RSA modulus. Then, in 2002, Elkamchouchi, Elshenawy and Shaban introduced an extension of the RSA scheme to the field of Gaussian integers using a modulus N = P Q where P and Q are Gaussian primes such that p = |P | and q = |Q| are ordinary primes. Later, in 2007, Castagnos's proposed a scheme over quadratic fields quotients with an RSA modulus N = pq. In the three schemes, the public exponent e is an integer satisfying the key equation ed − k^(p^2 − 1) (q^2 − 1) = 1. In this paper, we apply the continued fraction method to launch an attack on the three schemes when the private exponent d is sufficiently small. Our attack can be considered as an extension of the famous Wiener attack on RSA
A New RSA Variant Based on Elliptic Curves
We propose a new scheme based on ephemeral elliptic curves over the ring where is an RSA modulus with , , . The new scheme is a variant of both the RSA and the KMOV cryptosystems. The scheme can be used for both signature and encryption. We study the security of the new scheme and show that is immune against factorization attacks, discrete logarithm problem attacks, sum of two squares attacks, sum of four squares attacks, isomorphism attacks, and homomorphism attacks. Moreover, we show that the private exponents can be much smaller than the ordinary exponents for RSA and KMOV, which makes the decryption phase in the new scheme more efficient
- …