Revisiting Prime Power RSA

Recently Sarkar (DCC 2014) has proposed a new attack on small decryption exponent when RSA Modulus is of the form N=p^rq for r>=2. This variant is known as Prime Power RSA. The work of Sarkar improves the result of May (PKC 2004) when r<=5. In this paper, we improve the existing results for r=3,4. We also study partial key exposure attack on Prime Power RSA. Our result improves the work of May (PKC 2004) for certain parameters

Security Estimates for Quadratic Field Based Cryptosystems

We describe implementations for solving the discrete logarithm problem in the class group of an imaginary quadratic field and in the infrastructure of a real quadratic field. The algorithms used incorporate improvements over previously-used algorithms, and extensive numerical results are presented demonstrating their efficiency. This data is used as the basis for extrapolations, used to provide recommendations for parameter sizes providing approximately the same level of security as block ciphers with $80,$ $112,$ $128,$ $192,$ and $256$-bit symmetric keys

Revisiting Shor's quantum algorithm for computing general discrete logarithms

We heuristically demonstrate that Shor's algorithm for computing general discrete logarithms, modified to allow the semi-classical Fourier transform to be used with control qubit recycling, achieves a success probability of approximately 60% to 82% in a single run. By slightly increasing the number of group operations that are evaluated quantumly, and by performing a limited search in the classical post-processing, we furthermore show how the algorithm can be modified to achieve a success probability exceeding 99% in a single run. We provide concrete heuristic estimates of the success probability of the modified algorithm, as a function of the group order, the size of the search space in the classical post-processing, and the additional number of group operations evaluated quantumly. In analogy with our earlier works, we show how the modified quantum algorithm may be simulated classically when the logarithm and group order are both known. Furthermore, we show how slightly better tradeoffs may be achieved, compared to our earlier works, if the group order is known when computing the logarithm.Comment: The pre-print has been extended to show how slightly better tradeoffs may be achieved, compared to our earlier works, if the group order is known. A minor issue with an integration limit, that lead us to give a rough success probability estimate of 60% to 70%, as opposed to 60% to 82%, has been corrected. The heuristic and results reported in the original pre-print are otherwise unaffecte

Efficient asynchronous accumulators for distributed PKI

Cryptographic accumulators are a tool for compact set representation and secure set membership proofs. When an element is added to a set by means of an accumulator, a membership witness is generated. This witness can later be used to prove the membership of the element. Typically, the membership witness has to be synchronized with the accumulator value, and to be updated every time another element is added to the accumulator. In this work we propose an accumulator that, unlike any prior scheme, does not require strict synchronization. In our construction a membership witness needs to be updated only a logarithmic number of times in the number of subsequent element additions. Thus, an out-of-date witness can be easily made current. Vice versa, a verifier with an out-of-date accumulator value can still verify a current membership witness. These properties make our accumulator construction uniquely suited for use in distributed applications, such as blockchain-based public key infrastructures

Public key exponent attacks on multi-prime power modulus using continued fraction expansion method

This paper proposes three public key exponent attacks of breaking the security of the prime power modulus =22 where and are distinct prime numbers of the same bit size. The first approach shows that the RSA prime power modulus =22 for q&lt;&lt;2q using key equation −()=1 where ()= 22(−1)(−1) can be broken by recovering the secret keys&nbsp; / from the convergents of the continued fraction expansion of e/−23/4 +1/2 . The paper also reports the second and third approaches of factoring multi-prime power moduli =2 2 simultaneously through exploiting generalized system of equations −()=1 and −()=1 respectively. This can be achieved in polynomial time through utilizing Lenstra Lenstra Lovasz (LLL) algorithm and simultaneous Diophantine approximations method for =1,2,…,

Ring-LWE Cryptography for the Number Theorist

In this paper, we survey the status of attacks on the ring and polynomial learning with errors problems (RLWE and PLWE). Recent work on the security of these problems [Eisentr\"ager-Hallgren-Lauter, Elias-Lauter-Ozman-Stange] gives rise to interesting questions about number fields. We extend these attacks and survey related open problems in number theory, including spectral distortion of an algebraic number and its relationship to Mahler measure, the monogenic property for the ring of integers of a number field, and the size of elements of small order modulo q.Comment: 20 Page

Certificate Transparency with Enhancements and Short Proofs

Browsers can detect malicious websites that are provisioned with forged or fake TLS/SSL certificates. However, they are not so good at detecting malicious websites if they are provisioned with mistakenly issued certificates or certificates that have been issued by a compromised certificate authority. Google proposed certificate transparency which is an open framework to monitor and audit certificates in real time. Thereafter, a few other certificate transparency schemes have been proposed which can even handle revocation. All currently known constructions use Merkle hash trees and have proof size logarithmic in the number of certificates/domain owners. We present a new certificate transparency scheme with short (constant size) proofs. Our construction makes use of dynamic bilinear-map accumulators. The scheme has many desirable properties like efficient revocation, low verification cost and update costs comparable to the existing schemes. We provide proofs of security and evaluate the performance of our scheme.Comment: A preliminary version of the paper was published in ACISP 201