181 research outputs found
Hard isogeny problems over RSA moduli and groups with infeasible inversion
We initiate the study of computational problems on elliptic curve isogeny
graphs defined over RSA moduli. We conjecture that several variants of the
neighbor-search problem over these graphs are hard, and provide a comprehensive
list of cryptanalytic attempts on these problems. Moreover, based on the
hardness of these problems, we provide a construction of groups with infeasible
inversion, where the underlying groups are the ideal class groups of imaginary
quadratic orders.
Recall that in a group with infeasible inversion, computing the inverse of a
group element is required to be hard, while performing the group operation is
easy. Motivated by the potential cryptographic application of building a
directed transitive signature scheme, the search for a group with infeasible
inversion was initiated in the theses of Hohenberger and Molnar (2003). Later
it was also shown to provide a broadcast encryption scheme by Irrer et al.
(2004). However, to date the only case of a group with infeasible inversion is
implied by the much stronger primitive of self-bilinear map constructed by
Yamakawa et al. (2014) based on the hardness of factoring and
indistinguishability obfuscation (iO). Our construction gives a candidate
without using iO.Comment: Significant revision of the article previously titled "A Candidate
Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the
constructions by giving toy examples, added "The Parallelogram Attack" (Sec
5.3.2). 54 pages, 8 figure
A New Cryptosystem Based On Hidden Order Groups
Let be a cyclic multiplicative group of order . It is known that the
Diffie-Hellman problem is random self-reducible in with respect to a
fixed generator if is known. That is, given and
having oracle access to a `Diffie-Hellman Problem' solver with fixed generator
, it is possible to compute in polynomial time (see
theorem 3.2). On the other hand, it is not known if such a reduction exists
when is unknown (see conjuncture 3.1). We exploit this ``gap'' to
construct a cryptosystem based on hidden order groups and present a practical
implementation of a novel cryptographic primitive called an \emph{Oracle Strong
Associative One-Way Function} (O-SAOWF). O-SAOWFs have applications in
multiparty protocols. We demonstrate this by presenting a key agreement
protocol for dynamic ad-hoc groups.Comment: removed examples for multiparty key agreement and join protocols,
since they are redundan
The One-More-RSA-Inversion Problems and the Security of Chaum\u27s Blind Signature Scheme
We introduce a new class of computational problems which we
call the ``one-more-RSA-inversion\u27\u27 problems. Our main result is that
two problems in this class, which we call the chosen-target and known-target
inversion problems respectively, have polynomially-equivalent computational
complexity. We show how this leads to a proof of security for Chaum\u27s RSA-based
blind signature scheme in the random oracle model based on the assumed hardness
of either of these problems. We define and prove analogous results for
``one-more-discrete-logarithm\u27\u27 problems. Since the appearence of the
preliminary version of this paper, the new problems we have introduced
have found other uses as well
New-Age Cryptography
We introduce new and general complexity theoretic hardness assumptions. These assumptions abstract out concrete properties of a random oracle and are significantly stronger than traditional cryptographic hardness assumptions; however, assuming their validity we can resolve a number of longstandingopen problems in cryptography
An Overview of Cryptography (Updated Version, 3 March 2016)
There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations.
A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998
On the post-quantum future of Elliptic Curve Cryptography
This thesis is a literature study on current published quantum-resistant isogeny-based key exchange protocols.
Here we cover the topic from foundations. Chapters 1 and 2 discuss classical computation models, algorithm complexity, and how these concepts support the security of modern elliptic curve cryptography methods, such as ECDH and ECDSA.
Next, in Chapters 3 to 5, we present quantum computation models, and how Shor's algorithm on quantum computers presents a threat to the future security of classical asymmetric cryptography. We explore the foundations of isogeny-based cryptography, and two key exchange protocols of this kind: SIDH and CSIDH.
Appendices A and B are provided for readers wanting more in-depth background explanations on the algebraic geometry of elliptic curves, and quantum mechanics respectively
- …