268 research outputs found
A key-exchange system based on imaginary quadratic fields
Treballs Finals de Grau de Matemà tiques, Facultat de Matemà tiques, Universitat de Barcelona, Any: 2021, Director: Artur Travesa i Grau[en] The aim of this project is to give an overview of the field of mathematical cryptography through the lenses of asymmetric protocols based on the Discrete Logarithm Problem over imaginary quadratic fields. The mathematical foundation is illustrated with the study of quadratic orders and their class groups, which are the relevant algebraic infrastructure for a Diffie-Hellman-type protocol known as Buchmann-Willams cryptosystem. The relationship between quadratic orders and binary quadratic forms is exploited to develop and explain the computational aspect of cryptography, providing convenient ways of machine computation. The connection between ideals in the maximal and non-maximal orders is the key to developing computationally-efficient cryptographic protocols over quadratic fields. In that sense, the Hühnlein-Jacobson and the Paulus-Takagi cryptosystems are introduced. Finally, the security component of the protocols is analyzed by discussing the
Discrete Logarithm Problem and measures to obtain conjectural security
Security Estimates for Quadratic Field Based Cryptosystems
We describe implementations for solving the discrete logarithm problem in the
class group of an imaginary quadratic field and in the infrastructure of a real
quadratic field. The algorithms used incorporate improvements over
previously-used algorithms, and extensive numerical results are presented
demonstrating their efficiency. This data is used as the basis for
extrapolations, used to provide recommendations for parameter sizes providing
approximately the same level of security as block ciphers with
and -bit symmetric keys
Practical improvements to class group and regulator computation of real quadratic fields
We present improvements to the index-calculus algorithm for the computation
of the ideal class group and regulator of a real quadratic field. Our
improvements consist of applying the double large prime strategy, an improved
structured Gaussian elimination strategy, and the use of Bernstein's batch
smoothness algorithm. We achieve a significant speed-up and are able to compute
the ideal class group structure and the regulator corresponding to a number
field with a 110-decimal digit discriminant
On the decisional Diffie-Hellman problem for class group actions on oriented elliptic curves
We show how the Weil pairing can be used to evaluate the assigned characters
of an imaginary quadratic order in an unknown ideal class
that connects two given
-oriented elliptic curves and . When specialized to ordinary elliptic curves over
finite fields, our method is conceptually simpler and often somewhat faster
than a recent approach due to Castryck, Sot\'akov\'a and Vercauteren, who rely
on the Tate pairing instead. The main implication of our work is that it breaks
the decisional Diffie-Hellman problem for practically all oriented elliptic
curves that are acted upon by an even-order class group. It can also be used to
better handle the worst cases in Wesolowski's recent reduction from the
vectorization problem for oriented elliptic curves to the endomorphism ring
problem, leading to a method that always works in sub-exponential time.Comment: 18 p
The Q-curve construction for endomorphism-accelerated elliptic curves
We give a detailed account of the use of -curve reductions to
construct elliptic curves over with efficiently computable
endomorphisms, which can be used to accelerate elliptic curve-based
cryptosystems in the same way as Gallant--Lambert--Vanstone (GLV) and
Galbraith--Lin--Scott (GLS) endomorphisms. Like GLS (which is a degenerate case
of our construction), we offer the advantage over GLV of selecting from a much
wider range of curves, and thus finding secure group orders when is fixed
for efficient implementation. Unlike GLS, we also offer the possibility of
constructing twist-secure curves. We construct several one-parameter families
of elliptic curves over equipped with efficient
endomorphisms for every p \textgreater{} 3, and exhibit examples of
twist-secure curves over for the efficient Mersenne prime
.Comment: To appear in the Journal of Cryptology. arXiv admin note: text
overlap with arXiv:1305.540
Hard isogeny problems over RSA moduli and groups with infeasible inversion
We initiate the study of computational problems on elliptic curve isogeny
graphs defined over RSA moduli. We conjecture that several variants of the
neighbor-search problem over these graphs are hard, and provide a comprehensive
list of cryptanalytic attempts on these problems. Moreover, based on the
hardness of these problems, we provide a construction of groups with infeasible
inversion, where the underlying groups are the ideal class groups of imaginary
quadratic orders.
Recall that in a group with infeasible inversion, computing the inverse of a
group element is required to be hard, while performing the group operation is
easy. Motivated by the potential cryptographic application of building a
directed transitive signature scheme, the search for a group with infeasible
inversion was initiated in the theses of Hohenberger and Molnar (2003). Later
it was also shown to provide a broadcast encryption scheme by Irrer et al.
(2004). However, to date the only case of a group with infeasible inversion is
implied by the much stronger primitive of self-bilinear map constructed by
Yamakawa et al. (2014) based on the hardness of factoring and
indistinguishability obfuscation (iO). Our construction gives a candidate
without using iO.Comment: Significant revision of the article previously titled "A Candidate
Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the
constructions by giving toy examples, added "The Parallelogram Attack" (Sec
5.3.2). 54 pages, 8 figure
Breaking the decisional Diffie-Hellman problem in totally non-maximal imaginary quadratic orders
This paper introduces an algorithm to efficiently break the Decisional Diffie-Hellman (DDH) assumption in totally non-maximal imaginary quadratic orders, specifically when , and is non-prime with knowledge of a single factor. Inspired by Shanks and Dedekind\u27s work on 3-Sylow groups, we generalize their observations to undermine DDH security
Linearly Homomorphic Encryption from DDH
We design a linearly homomorphic encryption scheme whose security relies on the hardness of the decisional Diffie-Hellman problem. Our approach requires some special features of the underlying group. In particular, its order is unknown and it contains a subgroup in which the discrete logarithm problem is tractable. Therefore, our instantiation holds in the class group of a non maximal order of an imaginary quadratic field. Its algebraic structure makes it possible to obtain such a linearly homomorphic scheme whose message space is the whole set of integers modulo a prime p and which supports an unbounded number of additions modulo p from the ciphertexts. A notable difference with previous works is that, for the first time, the security does not depend on the hardness of the factorization of integers. As a consequence, under some conditions, the prime p can be scaled to fit the application needs
- …