Solving discrete logarithms on a 170-bit MNT curve by pairing reduction

Pairing based cryptography is in a dangerous position following the breakthroughs on discrete logarithms computations in finite fields of small characteristic. Remaining instances are built over finite fields of large characteristic and their security relies on the fact that the embedding field of the underlying curve is relatively large. How large is debatable. The aim of our work is to sustain the claim that the combination of degree 3 embedding and too small finite fields obviously does not provide enough security. As a computational example, we solve the DLP on a 170-bit MNT curve, by exploiting the pairing embedding to a 508-bit, degree-3 extension of the base field.Comment: to appear in the Lecture Notes in Computer Science (LNCS

A New PVSS Scheme with a Simple Encryption Function

A Publicly Verifiable Secret Sharing (PVSS) scheme allows anyone to verify the validity of the shares computed and distributed by a dealer. The idea of PVSS was introduced by Stadler in [18] where he presented a PVSS scheme based on Discrete Logarithm. Later, several PVSS schemes were proposed. In [2], Behnad and Eghlidos present an interesting PVSS scheme with explicit membership and disputation processes. In this paper, we present a new PVSS having the advantage of being simpler while offering the same features.Comment: In Proceedings SCSS 2012, arXiv:1307.8029. This PVSS scheme was proposed to be used to provide a distributed Timestamping schem

A general construction for monoid-based knapsack protocols

We present a generalized version of the knapsack protocol proposed by D. Naccache and J. Stern at the Proceedings of Eurocrypt (1997). Our new framework will allow the construction of other knapsack protocols having similar security features. We will outline a very concrete example of a new protocol using extension fields of a finite field of small characteristic instead of the prime field Z/pZ, but more efficient in terms of computational costs for asymptotically equal information rate and similar key size.Comment: 18 pages, to appear on Advances in Mathematics of Communication

A novel group signature scheme without one way hash

The group signatures scheme was introduced by Chaum and van Heijst which allow members of a group to sign messages anonymously on behalf of the whole group. Only a designated Group Manager is able to trace the identify of the group member who issued a valid signature. The group members sign a message with their secret key gsk and produce a signature that cannot be linked to the identities of the signers without the secret key of the manager. The group manager can open the signature to recover the identities of the signers in case of any legal dispute. Group signatures have been widely used in Electronic markets where the sellers are the group members, the buyers are the veriers and the market administrator is the group manager. We aim to propose a group signature scheme that is devoid of any one-way hash function and is based upon the Integer Factorization Problem (IFP). The scheme uses the concept of safe primes to further enhance the security of the scheme. The scheme supports message recovery and hence the overload of sending the message is avoided. The scheme satisfies security properties such as Anonymity (The verier cannot link a signature to the identity of the signer), Traceability (The Group Manager can trace the identity of the signer of any valid signature), Unforgeability (A valid signature cannot be produced without the group secret keys), Exculpability (Neither the GM nor any member can produce a signature on behalf of a group member)

Quantum Period Finding is Compression Robust

We study quantum period finding algorithms such as Simon and Shor (and its variants Eker{\aa}-H{\aa}stad and Mosca-Ekert). For a periodic function $f$ these algorithms produce -- via some quantum embedding of $f$ -- a quantum superposition $\sum_x |x\rangle|f(x)\rangle$, which requires a certain amount of output qubits that represent $|f(x)\rangle$. We show that one can lower this amount to a single output qubit by hashing $f$ down to a single bit in an oracle setting. Namely, we replace the embedding of $f$ in quantum period finding circuits by oracle access to several embeddings of hashed versions of $f$. We show that on expectation this modification only doubles the required amount of quantum measurements, while significantly reducing the total number of qubits. For example, for Simon's algorithm that finds periods in $f: \mathbb{F}_2^n \rightarrow \mathbb{F}_2^n$ our hashing technique reduces the required output qubits from $n$ down to $1$, and therefore the total amount of qubits from $2n$ to $n+1$. We also show that Simon's algorithm admits real world applications with only $n+1$ qubits by giving a concrete realization of a hashed version of the cryptographic Even-Mansour construction. Moreover, for a variant of Simon's algorithm on Even-Mansour that requires only classical queries to Even-Mansour we save a factor of (roughly) $4$ in the qubits. Our oracle-based hashed version of the Eker{\aa}-H{\aa}stad algorithm for factoring $n$-bit RSA reduces the required qubits from $(\frac 3 2 + o(1))n$ down to $(\frac 1 2 + o(1))n$. We also show a real-world (non-oracle) application in the discrete logarithm setting by giving a concrete realization of a hashed version of Mosca-Ekert for the Decisional Diffie Hellman problem in $\mathbb{F}_{p^m}$, thereby reducing the number of qubits by even a linear factor from $m \log p$ downto $\log p$

A usability study of elliptic curves

In the recent years, the need of information security has rapidly increased due to an enormous growth of data transmission. In this thesis, we study the uses of elliptic curves in the cryptography. We discuss the elliptic curves over finite fields, attempts to attack; discrete logarithm, Pollard’s rho algorithm, baby-step giant-step algorithm, Pohlig-Hellman algorithm, function field sieve, and number field sieve. The main cryptographic reason to use elliptic curves over finite fields is to provide arbitrarily large finite cyclic groups having a computationally difficult discrete logarithm problem

A Novel Blind Signature Scheme Based On Discrete Logarithm Problem With Un-traceability

Blind Signatures are a special type of digital signatures which possess two special properties of blindness and untraceability, which are important for today’s real world applications that require authentication , integrity , security , anonymity and privacy. David Chaum[2] was the first to propose the concept of blind signatures. The scheme's security was based on the difficulty of solving the factoring problem [3, 4]. Two properties that are important for a blind signature scheme in order to be used in various modern applications are blindness and untraceability[2, 5, 6] . Blindness means that the signer is not able to know the contents of the message while signing it, which is achieved by disguising (or blinding) the message through various methods. Untraceability refers to preventing the signer from linking the blinded message it signs to a later unblinded version that it may be called upon to verify. Blind signatures based on discrete logarithm problem are still an area with much scope for research. We aim to propose a novel blind signature scheme with untraceability , based on the discrete logarithm problem