Group theory in cryptography

This paper is a guide for the pure mathematician who would like to know more about cryptography based on group theory. The paper gives a brief overview of the subject, and provides pointers to good textbooks, key research papers and recent survey papers in the area.Comment: 25 pages References updated, and a few extra references added. Minor typographical changes. To appear in Proceedings of Groups St Andrews 2009 in Bath, U

CSI-Otter: Isogeny-based (Partially) Blind Signatures from the Class Group Action with a Twist

In this paper, we construct the first provably-secure isogeny-based (partially) blind signature scheme. While at a high level the scheme resembles the Schnorr blind signature, our work does not directly follow from that construction, since isogenies do not offer as rich an algebraic structure. Specifically, our protocol does not fit into the linear identification protocol abstraction introduced by Hauck, Kiltz, and Loss (EUROCYRPT\u2719), which was used to generically construct Schnorr-like blind signatures based on modules such as classical groups and lattices. Consequently, our scheme is provably-secure in the poly-logarithmic (in the number of security parameter) concurrent execution and does not seem susceptible to the recent efficient ROS attack exploiting the linear nature of the underlying mathematical tool. In more detail, our blind signature exploits the quadratic twist of an elliptic curve in an essential way to endow isogenies with a strictly richer structure than abstract group actions (but still more restrictive than modules). The basic scheme has public key size $128$~B and signature size $8$~KB under the CSIDH-512 parameter sets---these are the smallest among all provably secure post-quantum secure blind signatures. Relying on a new ring variant of the group action inverse problem rGAIP, we can halve the signature size to 4~KB while increasing the public key size to 512~B. We provide preliminary cryptanalysis of rGAIP and show that for certain parameter settings, it is essentially as secure as the standard GAIP. Finally, we show a novel way to turn our blind signature into a partially blind signature, where we deviate from prior methods since they require hashing into the set of public keys while hiding the corresponding secret key---constructing such a hash function in the isogeny setting remains an open problem

Quantum e-commerce: A comparative study of possible protocols for online shopping and other tasks related to e-commerce

A set of quantum protocols for online shopping is proposed and analyzed to establish that it is possible to perform secure online shopping using different types of quantum resources. Specifically, a single photon based, a Bell state based and two 3-qubit entangled state based quantum online shopping schemes are proposed. The Bell state based scheme, being a completely orthogonal state based protocol, is fundamentally different from the earlier proposed schemes which were based on conjugate coding. One of the 3-qubit entangled state based scheme is build on the principle of entanglement swapping which enables us to accomplish the task without transmission of the message encoded qubits through the channel. Possible ways of generalizing the entangled state based schemes proposed here to the schemes which use multiqubit entangled states is also discussed. Further, all the proposed protocols are shown to be free from the limitations of the recently proposed protocol of Huang et al. (Quantum Inf. Process. 14, 2211-2225, 2015) which allows the buyer (Alice) to change her order at a later time (after initially placing the order and getting it authenticated by the controller). The proposed schemes are also compared with the existing schemes using qubit efficiency.Comment: It's shown that quantum e-commerce is not a difficult task, and it can be done in various way

An Elliptic Curve-based Signcryption Scheme with Forward Secrecy

An elliptic curve-based signcryption scheme is introduced in this paper that effectively combines the functionalities of digital signature and encryption, and decreases the computational costs and communication overheads in comparison with the traditional signature-then-encryption schemes. It simultaneously provides the attributes of message confidentiality, authentication, integrity, unforgeability, non-repudiation, public verifiability, and forward secrecy of message confidentiality. Since it is based on elliptic curves and can use any fast and secure symmetric algorithm for encrypting messages, it has great advantages to be used for security establishments in store-and-forward applications and when dealing with resource-constrained devices.Comment: 13 Pages, 5 Figures, 2 Table