Results 1 
8 of
8
Timelock puzzles and timedrelease crypto
, 1996
"... 1 Introduction Our motivation is the notion of "timedrelease crypto, " where the goal is to encrypt a message so that it can not be decrypted by anyone, not even the sender, until a predetermined amount of time has passed. The goal is to "send information into the future ..."
Abstract

Cited by 103 (1 self)
 Add to MetaCart
1 Introduction Our motivation is the notion of &quot;timedrelease crypto, &quot; where the goal is to encrypt a message so that it can not be decrypted by anyone, not even the sender, until a predetermined amount of time has passed. The goal is to &quot;send information into the future. &quot; This problem was first discussed by Timothy May [6]. What are the applications of &quot;timedrelease crypto&quot;? Here are a few possibilities (some due to May):
A Chosen Text Attack on the RSA Cryptosystem and Some Discrete Logarithm Schemes
, 1986
"... some discrete logarithm schemes ..."
Modified MaurerYacobi's scheme and its applications
 Proc. Auscrypt’92
, 1993
"... In Eurocrypt'91, Maurer and Yacobi developed a method for building a trapdoor into the oneway function of exponentiation modulo a composite number which enables an identitybased noninteractive key distribution system. In this paper, we provide some improvements of their scheme and then prese ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
In Eurocrypt'91, Maurer and Yacobi developed a method for building a trapdoor into the oneway function of exponentiation modulo a composite number which enables an identitybased noninteractive key distribution system. In this paper, we provide some improvements of their scheme and then present a modified trapdoor oneway function by combining MaurerYacobi's scheme and RSA scheme. We demonstrate that a lot of applications can be constructed based on this modified scheme which are impossible in the original scheme. As examples, we present several protocols based on it, such as identifications, key distributions and signature schemes. We have implemented the PohligHellman and Pollard's aemethods for computing discrete logarithms modulo a composite number, which shows that average running time for computing logarithms is too large to be realizable in practice. Therefore, considering current algorithms and technology, we maintain that it is more efficient and practical to take a cert...
Efficient Generation of Prime Numbers
, 2000
"... The generation of prime numbers underlies the use of most publickey schemes, essentially as a major primitive needed for the creation of key pairs or as a computation stage appearing during various cryptographic setups. Surprisingly, despite decades of intense mathematical studies on primality test ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
The generation of prime numbers underlies the use of most publickey schemes, essentially as a major primitive needed for the creation of key pairs or as a computation stage appearing during various cryptographic setups. Surprisingly, despite decades of intense mathematical studies on primality testing and an observed progressive intensification of cryptographic usages, prime number generation algorithms remain scarcely investigated and most reallife implementations are of rather poor performance. Common generators typically output a nbit prime in heuristic average complexity O(n^4) or O(n^4/log n) and these figures, according to experience, seem impossible to improve significantly: this paper rather shows a simple way to substantially reduce the value of hidden constants to provide much more efficient prime generation algorithms. We apply our...
Some Numbertheoretic Conjectures and Their Relation to the Generation of Cryptographic Primes
, 1992
"... . The purpose of this paper is to justify the claim that a method for generating primes presented at EUROCRYPT'89 generates primes with virtually uniform distribution. Using convincing heuristic arguments, the conditional probability distributions of the size of the largest prime factor p 1 (n) ..."
Abstract
 Add to MetaCart
. The purpose of this paper is to justify the claim that a method for generating primes presented at EUROCRYPT'89 generates primes with virtually uniform distribution. Using convincing heuristic arguments, the conditional probability distributions of the size of the largest prime factor p 1 (n) of a number n on the order of N is derived, given that n satisfies one of the conditions 2n+1 is prime, 2an+1 is prime for a given a, or the d integers u 1 ; : : : ; u d , where u 1 = 2a 1 n + 1 and u t = 2a t u t\Gamma1 + 1 for 2 t d, are all primes for a given list of integers a 1 ; : : : ; a d . In particular, the conditional probabilities that n is itself a prime, or is of the form "k times a prime" for k = 2; 3; : : : ; is treated for the above conditions. It is shown that although for all k these probabilities strongly depend on the condition placed on n, the probability distribution of the relative size oe 1 (n) = log N p 1 (n) of the largest prime factor of n is virtually independent...
How to Choose Secret Parameters for RSA and its Extensions to Elliptic Curves
, 2001
"... Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA and its extensions to elliptic curves. Over elliptic curves, the analysis is more di#cult because ..."
Abstract
 Add to MetaCart
Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA and its extensions to elliptic curves. Over elliptic curves, the analysis is more di#cult because the underlying groups are not always cyclic.
How to Choose Secret Parameters for RSAtype Cryptosystems over Elliptic Curves
, 1997
"... . Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSAtype cryptosystems over elliptic curves. The analysis is more difficult because the underlying grou ..."
Abstract
 Add to MetaCart
. Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSAtype cryptosystems over elliptic curves. The analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curvebased analogues, the length of the RSAmodulus n is typically the same. Therefore, a factoring attack will succeed with equal probability against all RSAtype cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSAtype systems over elliptic curves if a fixed point is found. Keywords: RSAtype cryptosystems, Cycling attacks, Elliptic curves, Strong primes. 1. Introd...