2,744 research outputs found
Revisiting Prime Power RSA
Recently Sarkar (DCC 2014) has proposed a new attack on small decryption exponent when RSA Modulus is of the form N=p^rq for r>=2.
This variant is known as Prime Power RSA. The work of Sarkar improves the result of May (PKC 2004) when r<=5.
In this paper, we improve the existing results for r=3,4. We also study partial key exposure attack on Prime Power RSA.
Our result improves the work of May (PKC 2004) for certain parameters
Security Estimates for Quadratic Field Based Cryptosystems
We describe implementations for solving the discrete logarithm problem in the
class group of an imaginary quadratic field and in the infrastructure of a real
quadratic field. The algorithms used incorporate improvements over
previously-used algorithms, and extensive numerical results are presented
demonstrating their efficiency. This data is used as the basis for
extrapolations, used to provide recommendations for parameter sizes providing
approximately the same level of security as block ciphers with
and -bit symmetric keys
Revisiting Shor's quantum algorithm for computing general discrete logarithms
We heuristically demonstrate that Shor's algorithm for computing general
discrete logarithms, modified to allow the semi-classical Fourier transform to
be used with control qubit recycling, achieves a success probability of
approximately 60% to 82% in a single run. By slightly increasing the number of
group operations that are evaluated quantumly, and by performing a limited
search in the classical post-processing, we furthermore show how the algorithm
can be modified to achieve a success probability exceeding 99% in a single run.
We provide concrete heuristic estimates of the success probability of the
modified algorithm, as a function of the group order, the size of the search
space in the classical post-processing, and the additional number of group
operations evaluated quantumly. In analogy with our earlier works, we show how
the modified quantum algorithm may be simulated classically when the logarithm
and group order are both known. Furthermore, we show how slightly better
tradeoffs may be achieved, compared to our earlier works, if the group order is
known when computing the logarithm.Comment: The pre-print has been extended to show how slightly better tradeoffs
may be achieved, compared to our earlier works, if the group order is known.
A minor issue with an integration limit, that lead us to give a rough success
probability estimate of 60% to 70%, as opposed to 60% to 82%, has been
corrected. The heuristic and results reported in the original pre-print are
otherwise unaffecte
Efficient asynchronous accumulators for distributed PKI
Cryptographic accumulators are a tool for compact set representation and secure set membership proofs. When an element is added to a set by means of an accumulator, a membership witness is generated. This witness can later be used to prove the membership of the element. Typically, the membership witness has to be synchronized with the accumulator value, and to be updated every time another element is added to the accumulator. In this work we propose an accumulator that, unlike any prior scheme, does not require strict synchronization.
In our construction a membership witness needs to be updated only a logarithmic number of times in the number of subsequent element additions. Thus, an out-of-date witness can be easily made current. Vice versa, a verifier with an out-of-date accumulator value can still verify a current membership witness. These properties make our accumulator construction uniquely suited for use in distributed applications, such as blockchain-based public key infrastructures
Public key exponent attacks on multi-prime power modulus using continued fraction expansion method
This paper proposes three public key exponent attacks of breaking the security of the prime power modulus =22 where and are distinct prime numbers of the same bit size. The first approach shows that the RSA prime power modulus =22 for q<<2q using key equation −()=1 where ()= 22(−1)(−1) can be broken by recovering the secret keys / from the convergents of the continued fraction expansion of e/−23/4 +1/2 . The paper also reports the second and third approaches of factoring multi-prime power moduli =2 2 simultaneously through exploiting generalized system of equations −()=1 and −()=1 respectively. This can be achieved in polynomial time through utilizing Lenstra Lenstra Lovasz (LLL) algorithm and simultaneous Diophantine approximations method for =1,2,…,
Ring-LWE Cryptography for the Number Theorist
In this paper, we survey the status of attacks on the ring and polynomial
learning with errors problems (RLWE and PLWE). Recent work on the security of
these problems [Eisentr\"ager-Hallgren-Lauter, Elias-Lauter-Ozman-Stange] gives
rise to interesting questions about number fields. We extend these attacks and
survey related open problems in number theory, including spectral distortion of
an algebraic number and its relationship to Mahler measure, the monogenic
property for the ring of integers of a number field, and the size of elements
of small order modulo q.Comment: 20 Page
Certificate Transparency with Enhancements and Short Proofs
Browsers can detect malicious websites that are provisioned with forged or
fake TLS/SSL certificates. However, they are not so good at detecting malicious
websites if they are provisioned with mistakenly issued certificates or
certificates that have been issued by a compromised certificate authority.
Google proposed certificate transparency which is an open framework to monitor
and audit certificates in real time. Thereafter, a few other certificate
transparency schemes have been proposed which can even handle revocation. All
currently known constructions use Merkle hash trees and have proof size
logarithmic in the number of certificates/domain owners.
We present a new certificate transparency scheme with short (constant size)
proofs. Our construction makes use of dynamic bilinear-map accumulators. The
scheme has many desirable properties like efficient revocation, low
verification cost and update costs comparable to the existing schemes. We
provide proofs of security and evaluate the performance of our scheme.Comment: A preliminary version of the paper was published in ACISP 201
- …