Primary Elements in Cyclotomic Fields with Applications to Power Residue Symbols, and More

Higher-order power residues have enabled the construction of numerous public-key encryption schemes, authentication schemes, and digital signatures. Their explicit characterization is however challenging; an algorithm of Caranay and Scheidler computes $p$-th power residue symbols, with $p \le 13$ an odd prime, provided that primary elements in the corresponding cyclotomic field can be efficiently found. In this paper, we describe a new, generic algorithm to compute primary elements in cyclotomic fields; which we apply for $p=3,5,7,11,13$. A key insight is a careful selection of fundamental units as put forward by Dénes. This solves an essential step in the Caranay--Scheidler algorithm. We give a unified view of the problem. Finally, we provide the first efficient deterministic algorithm for the computation of the 9-th and 16-th power residue symbols

Primeless Factoring-Based Cryptography

Factoring-based public-key cryptosystems have an overall complexity which is dominated by the key-production algorithm, which requires the generation of prime numbers. This is most inconvenient in settings where the key-generation is not an one-off process, e.g., secure delegation of computation or EKE password-based key exchange protocols. To this end, we extend the Goldwasser-Micali (GM) cryptosystem to a provably secure system, denoted SIS, where the generation of primes is bypassed. By developing on the correct choice of the parameters of SIS, we align SIS's security guarantees (i.e., resistance to factoring of moduli, etc.) to those of other well-known factoring-based cryptosystems. Taking into consideration different possibilities to implement the fundamental operations, we explicitly compare and contrast the asymptotic complexity of well-known public-key cryptosystems (e.g., GM and/or RSA) with that of SIS's. The latter shows that once we are ready to accept an increase in the size of the moduli, SIS offers a generally lower asymptotic complexity than, e.g., GM or even RSA (when scaling correctly the number of encrypted bits). This would yield most significant speed-ups to applications like the aforementioned secure delegation of computation or protocols where a fresh key needs to be generated with every new session, e.g., EKE password-based key exchange protocols

Short Undeniable Signatures Based on Group Homomorphisms

This paper is devoted to the design and analysis of short undeniable signatures based on a random oracle. Exploiting their online property, we can achieve signatures with a fully scalable size depending on the security level. To this end, we develop a general framework based on the interpolation of group homomorphisms, leading to the design of a generic undeniable signature scheme called MOVA with batch verification and featuring non-transferability. By selecting group homomorphisms with a small group range, we obtain very short signatures. We also minimize the number of moves of the verification protocols by proposing some variants with only 2 moves in the random oracle model. We provide a formal security analysis of MOVA and assess the security in terms of the signature length. Under reasonable assumptions and with some carefully selected parameters, the MOVA scheme makes it possible to consider signatures of about 50 bits