902 research outputs found
Solving discrete logarithms on a 170-bit MNT curve by pairing reduction
Pairing based cryptography is in a dangerous position following the
breakthroughs on discrete logarithms computations in finite fields of small
characteristic. Remaining instances are built over finite fields of large
characteristic and their security relies on the fact that the embedding field
of the underlying curve is relatively large. How large is debatable. The aim of
our work is to sustain the claim that the combination of degree 3 embedding and
too small finite fields obviously does not provide enough security. As a
computational example, we solve the DLP on a 170-bit MNT curve, by exploiting
the pairing embedding to a 508-bit, degree-3 extension of the base field.Comment: to appear in the Lecture Notes in Computer Science (LNCS
A New PVSS Scheme with a Simple Encryption Function
A Publicly Verifiable Secret Sharing (PVSS) scheme allows anyone to verify
the validity of the shares computed and distributed by a dealer. The idea of
PVSS was introduced by Stadler in [18] where he presented a PVSS scheme based
on Discrete Logarithm. Later, several PVSS schemes were proposed. In [2],
Behnad and Eghlidos present an interesting PVSS scheme with explicit membership
and disputation processes. In this paper, we present a new PVSS having the
advantage of being simpler while offering the same features.Comment: In Proceedings SCSS 2012, arXiv:1307.8029. This PVSS scheme was
proposed to be used to provide a distributed Timestamping schem
A general construction for monoid-based knapsack protocols
We present a generalized version of the knapsack protocol proposed by D.
Naccache and J. Stern at the Proceedings of Eurocrypt (1997). Our new framework
will allow the construction of other knapsack protocols having similar security
features. We will outline a very concrete example of a new protocol using
extension fields of a finite field of small characteristic instead of the prime
field Z/pZ, but more efficient in terms of computational costs for
asymptotically equal information rate and similar key size.Comment: 18 pages, to appear on Advances in Mathematics of Communication
A novel group signature scheme without one way hash
The group signatures scheme was introduced by Chaum and van Heijst which allow members of a group to sign messages anonymously on behalf of the whole group. Only a
designated Group Manager is able to trace the identify of the group member who issued a valid signature. The group members sign a message with their secret key gsk and produce
a signature that cannot be linked to the identities of the signers without the secret key of the manager. The group manager can open the signature to recover the identities of the signers in case of any legal dispute. Group signatures have been widely used in Electronic markets where the sellers are the group members, the buyers are the veriers and the market administrator is the group manager.
We aim to propose a group signature scheme that is devoid of any one-way hash function and is based upon the Integer Factorization Problem (IFP). The scheme uses the concept
of safe primes to further enhance the security of the scheme. The scheme supports message recovery and hence the overload of sending the message is avoided. The scheme satisfies security properties such as Anonymity (The verier cannot link a signature to the identity
of the signer), Traceability (The Group Manager can trace the identity of the signer of any
valid signature), Unforgeability (A valid signature cannot be produced without the group
secret keys), Exculpability (Neither the GM nor any member can produce a signature on
behalf of a group member)
Quantum Period Finding is Compression Robust
We study quantum period finding algorithms such as Simon and Shor (and its
variants Eker{\aa}-H{\aa}stad and Mosca-Ekert). For a periodic function
these algorithms produce -- via some quantum embedding of -- a quantum
superposition , which requires a certain amount
of output qubits that represent . We show that one can lower this
amount to a single output qubit by hashing down to a single bit in an
oracle setting.
Namely, we replace the embedding of in quantum period finding circuits by
oracle access to several embeddings of hashed versions of . We show that on
expectation this modification only doubles the required amount of quantum
measurements, while significantly reducing the total number of qubits. For
example, for Simon's algorithm that finds periods in our hashing technique reduces the required output
qubits from down to , and therefore the total amount of qubits from
to . We also show that Simon's algorithm admits real world applications
with only qubits by giving a concrete realization of a hashed version of
the cryptographic Even-Mansour construction. Moreover, for a variant of Simon's
algorithm on Even-Mansour that requires only classical queries to Even-Mansour
we save a factor of (roughly) in the qubits.
Our oracle-based hashed version of the Eker{\aa}-H{\aa}stad algorithm for
factoring -bit RSA reduces the required qubits from
down to . We also show a real-world (non-oracle)
application in the discrete logarithm setting by giving a concrete realization
of a hashed version of Mosca-Ekert for the Decisional Diffie Hellman problem in
, thereby reducing the number of qubits by even a linear
factor from downto
A usability study of elliptic curves
In the recent years, the need of information security has rapidly increased due to an enormous growth of data transmission. In this thesis, we study the uses of elliptic curves in the cryptography. We discuss the elliptic curves over finite fields, attempts to attack; discrete logarithm, Pollard’s rho algorithm, baby-step giant-step algorithm, Pohlig-Hellman algorithm, function field sieve, and number field sieve. The main cryptographic reason to use elliptic curves over finite fields is to provide arbitrarily large finite cyclic groups having a computationally difficult discrete logarithm problem
A Novel Blind Signature Scheme Based On Discrete Logarithm Problem With Un-traceability
Blind Signatures are a special type of digital signatures which possess two special properties of blindness and untraceability, which are important for today’s real world applications that require authentication , integrity , security , anonymity and privacy.
David Chaum[2] was the first to propose the concept of blind signatures. The scheme's security was based on the difficulty of solving the factoring problem [3, 4]. Two properties that are important for a blind signature scheme in order to be used in various modern applications are blindness and untraceability[2, 5, 6] . Blindness means that the signer is not able to know the contents of the message while signing it, which is achieved by disguising (or blinding) the message through various methods. Untraceability refers to preventing the signer from linking the blinded message it signs to a later unblinded version that it may be called upon to verify.
Blind signatures based on discrete logarithm problem are still an area with much scope for research. We aim to propose a novel blind signature scheme with untraceability , based on the discrete logarithm problem
- …