164 research outputs found
Weak Composite Diffie-Hellman is not Weaker than Factoring
In1985, Shmuley proposed a theorem about intractability of Composite Diffie-Hellman [Sh85]. The Theorem of Shmuley may be paraphrased as saying that if there exist a probabilistic poly-time oracle machine which solves the Diffie-Hellman modulo an RSA-number with odd-order base then there exist a probabilistic algorithm which factors the modulo. In the other hand factorization of the module obtained only if we can solve the Diffie-Hellman with odd-order base. In this paper we show that even if there exist a probabilistic poly-time oracle machine which solves the problem only for even-order base and abstain answering the problem for odd-order bases still a probabilistic algorithm can be constructed which factors the modulo in poly-time for more than 98% of RSA-numbers
An extremely small and efficient identification scheme
This is a preprint of a book chapter published in Lecture Notes in Computer Science,1841, Springer-Verlag, Berlin (2000). The original publication is available at www.springerlink.com.We present a new identification scheme which is based on Legendre symbols modulo a certain hidden prime and which is naturally suited for low power, low memory applications
Divisibility, Smoothness and Cryptographic Applications
This paper deals with products of moderate-size primes, familiarly known as
smooth numbers. Smooth numbers play a crucial role in information theory,
signal processing and cryptography.
We present various properties of smooth numbers relating to their
enumeration, distribution and occurrence in various integer sequences. We then
turn our attention to cryptographic applications in which smooth numbers play a
pivotal role
Learning with Errors in the Exponent
We initiate the study of a novel class of group-theoretic intractability problems. Inspired by the theory of learning in presence of errors [Regev, STOC\u2705] we ask if noise in the exponent amplifies intractability. We put forth the notion of Learning with Errors in the Exponent (LWEE) and rather surprisingly show that various attractive properties known to exclusively hold for lattices carry over. Most notably are worst-case hardness and post-quantum resistance. In fact, LWEE\u27s duality is due to the reducibility to two seemingly unrelated assumptions: learning with errors and the representation problem [Brands, Crypto\u2793] in finite groups. For suitable parameter choices LWEE superposes properties from each individual intractability problem. The argument holds in the classical and quantum model of computation.
We give the very first construction of a semantically secure public-key encryption system in the standard model. The heart of our construction is an ``error recovery\u27\u27 technique inspired by [Joye-Libert, Eurocrypt\u2713] to handle critical propagations of noise terms in the exponent
Algorithms and cryptographic protocols using elliptic curves
En els darrers anys, la criptografia amb corbes el.lĂptiques ha
adquirit una importĂ ncia creixent, fins a arribar a formar part en
la actualitat de diferents estĂ ndards industrials. Tot i que s'han
dissenyat variants amb corbes el.lĂptiques de criptosistemes
clà ssics, com el RSA, el seu mà xim interès rau en la seva
aplicaciĂł en criptosistemes basats en el Problema del Logaritme
Discret, com els de tipus ElGamal. En aquest cas, els
criptosistemes el.lĂptics garanteixen la mateixa seguretat que els
construïts sobre el grup multiplicatiu d'un cos finit primer, però
amb longituds de clau molt menor.
Mostrarem, doncs, les bones propietats d'aquests criptosistemes,
aixĂ com els requeriments bĂ sics per a que una corba
sigui criptogrĂ ficament Ăştil, estretament relacionat amb la seva
cardinalitat. Revisarem alguns mètodes que permetin descartar
corbes no criptogrĂ ficament Ăştils, aixĂ com altres que permetin
obtenir corbes bones a partir d'una de donada. Finalment,
descriurem algunes aplicacions, com sĂłn el seu Ăşs en Targes
Intel.ligents i sistemes RFID, per concloure amb alguns avenços
recents en aquest camp.The relevance of elliptic curve cryptography has grown in recent
years, and today represents a cornerstone in many industrial
standards. Although elliptic curve variants of classical
cryptosystems such as RSA exist, the full potential of elliptic
curve cryptography is displayed in cryptosystems based on the
Discrete Logarithm Problem, such as ElGamal. For these, elliptic
curve cryptosystems guarantee the same security levels as their
finite field analogues, with the additional advantage of using
significantly smaller key sizes.
In this report we show the positive properties of elliptic curve
cryptosystems, and the requirements a curve must meet to be
useful in this context, closely related to the number of points.
We survey methods to discard cryptographically uninteresting
curves as well as methods to obtain other useful curves from
a given one. We then describe some real world applications
such as Smart Cards and RFID systems and conclude with a
snapshot of recent developments in the field
Grained integers and applications to cryptography
To meet the requirements of the modern communication society, cryptographic techniques are of central importance. In modern cryptography, we try to build cryptographic primitives, whose security can be reduced to solving a particular number theoretic problem for which no fast algorithmic method is known by now. Thus, any advance in the understanding of the nature of such problems indirectly gives insight in the analysis of some of the most practical cryptographic techniques. In this work we analyze exactly this aspect much more deeply: How can we use some of the purely theoretical results in number theory to answer very practical questions on the security of widely used cryptographic algorithms and how can we use such results in concrete implementations? While trying to answer these kinds of security-related questions, we always think two-fold: From a cryptographic, security-ensuring perspective and from a cryptanalytic one. After we outlined -- with a special focus on the historical development of these results -- the necessary analytic and algorithmic foundations of number theory, we first delve into the question how point addition on certain elliptic curves can be done efficiently. The resulting formulas have their application in the cryptanalysis of crypto systems that are insecure if factoring integers can be done efficiently. The rest of the thesis is devoted to the study of integers, all of whose prime factors are neither too small nor too large. We show with the help of two applications how one can use the properties of such kinds of integers to answer very practical questions in the design and the analysis of cryptographic primitives: The optimization of a hardware-realization of the cofactorization step of the General Number Field Sieve and the analysis of different standardized key-generation algorithms
Identity-based cryptography from paillier cryptosystem.
Au Man Ho Allen.Thesis (M.Phil.)--Chinese University of Hong Kong, 2005.Includes bibliographical references (leaves 60-68).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.iiiChapter 1 --- Introduction --- p.1Chapter 2 --- Preliminaries --- p.5Chapter 2.1 --- Complexity Theory --- p.5Chapter 2.2 --- Algebra and Number Theory --- p.7Chapter 2.2.1 --- Groups --- p.7Chapter 2.2.2 --- Additive Group Zn and Multiplicative Group Z*n --- p.8Chapter 2.2.3 --- The Integer Factorization Problem --- p.9Chapter 2.2.4 --- Quadratic Residuosity Problem --- p.11Chapter 2.2.5 --- Computing e-th Roots (The RSA Problem) --- p.13Chapter 2.2.6 --- Discrete Logarithm and Related Problems --- p.13Chapter 2.3 --- Public key Cryptography --- p.16Chapter 2.3.1 --- Encryption --- p.17Chapter 2.3.2 --- Digital Signature --- p.20Chapter 2.3.3 --- Identification Protocol --- p.22Chapter 2.3.4 --- Hash Function --- p.24Chapter 3 --- Paillier Cryptosystems --- p.26Chapter 3.1 --- Introduction --- p.26Chapter 3.2 --- The Paillier Cryptosystem --- p.27Chapter 4 --- Identity-based Cryptography --- p.30Chapter 4.1 --- Introduction --- p.31Chapter 4.2 --- Identity-based Encryption --- p.32Chapter 4.2.1 --- Notions of Security --- p.32Chapter 4.2.2 --- Related Results --- p.35Chapter 4.3 --- Identity-based Identification --- p.36Chapter 4.3.1 --- Security notions --- p.37Chapter 4.4 --- Identity-based Signature --- p.38Chapter 4.4.1 --- Security notions --- p.39Chapter 5 --- Identity-Based Cryptography from Paillier System --- p.41Chapter 5.1 --- Identity-based Identification schemes in Paillier setting --- p.42Chapter 5.1.1 --- Paillier-IBI --- p.42Chapter 5.1.2 --- CGGN-IBI --- p.43Chapter 5.1.3 --- GMMV-IBI --- p.44Chapter 5.1.4 --- KT-IBI --- p.45Chapter 5.1.5 --- Choice of g for Paillier-IBI --- p.46Chapter 5.2 --- Identity-based signatures from Paillier system . . --- p.47Chapter 5.3 --- Cocks ID-based Encryption in Paillier Setting . . --- p.48Chapter 6 --- Concluding Remarks --- p.51A Proof of Theorems --- p.53Chapter A.1 --- "Proof of Theorems 5.1, 5.2" --- p.53Chapter A.2 --- Proof Sketch of Remaining Theorems --- p.58Bibliography --- p.6
- …