Results 1  10
of
16
Publickey cryptosystems based on composite degree residuosity classes
 IN ADVANCES IN CRYPTOLOGY — EUROCRYPT 1999
, 1999
"... Abstract. This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to publickey cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes: a trapdoor permutation and two homomorphic pr ..."
Abstract

Cited by 631 (6 self)
 Add to MetaCart
Abstract. This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to publickey cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes: a trapdoor permutation and two homomorphic probabilistic encryption schemes computationally comparable to RSA. Our cryptosystems, based on usual modular arithmetics, are provably secure under appropriate assumptions in the standard model. 1
Noisy Polynomial Interpolation and Noisy Chinese Remaindering
, 2000
"... Abstract. The noisy polynomial interpolation problem is a new intractability assumption introduced last year in oblivious polynomial evaluation. It also appeared independently in password identification schemes, due to its connection with secret sharing schemes based on Lagrange’s polynomial interpo ..."
Abstract

Cited by 41 (2 self)
 Add to MetaCart
Abstract. The noisy polynomial interpolation problem is a new intractability assumption introduced last year in oblivious polynomial evaluation. It also appeared independently in password identification schemes, due to its connection with secret sharing schemes based on Lagrange’s polynomial interpolation. This paper presents new algorithms to solve the noisy polynomial interpolation problem. In particular, we prove a reduction from noisy polynomial interpolation to the lattice shortest vector problem, when the parameters satisfy a certain condition that we make explicit. Standard lattice reduction techniques appear to solve many instances of the problem. It follows that noisy polynomial interpolation is much easier than expected. We therefore suggest simple modifications to several cryptographic schemes recently proposed, in order to change the intractability assumption. We also discuss analogous methods for the related noisy Chinese remaindering problem arising from the wellknown analogy between polynomials and integers. 1
Fast Variants of RSA
 CryptoBytes
, 2002
"... We survey four variants of RSA designed to speed up RSA decryption and signing. We only consider variants that are backwards compatible in the sense that a system using one of these variants can interoperate with systems using standard RSA. ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
We survey four variants of RSA designed to speed up RSA decryption and signing. We only consider variants that are backwards compatible in the sense that a system using one of these variants can interoperate with systems using standard RSA.
Efficient Undeniable Signature Schemes Based on Ideal Arithmetic in Quadratic Orders
 Ideal Arithmetic in Quadratic Orders, Conference on The Mathematics of PublicKey Cryptography
, 1999
"... this paper we present new undeniable signature schemes which are constructed over an imaginary quadratic field. The basic scheme contains zeroknowledge confirmation and disavowal protocols which require operations of cubic bit complexity by the signer. In case one omits the part of the protocols wh ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
this paper we present new undeniable signature schemes which are constructed over an imaginary quadratic field. The basic scheme contains zeroknowledge confirmation and disavowal protocols which require operations of cubic bit complexity by the signer. In case one omits the part of the protocols which is costly the confirmation and disavowal protocol are not zeroknowledge but honestverifier zeroknowledge; the remaining operations for the signer have quadratic bit complexity. Additionally, the information which can be learned by a dishonest verifier can be characterized but will not be helpful to fake new signatures. Even tracing the operations done in this part leaks no information. In our basic scheme, the secret key of the signer is not needed to perform the additional operations for the zeroknowledge property; one can delegate this part to be performed by a certified software running on a terminal or PC to which the chip card is connected. Tracing the computations done by the certified software is allowed. One only has to be guaranteed that the results computed by this program are not manipulated. So, either in the basic protocol or in applications in which one knows the verifier to be trustworthy the tasks of the signer using the secret information can be performed in quadratic bit complexity, e.g. on a smart card. Buchmann and Williams proposed the first algorithm which achieves the DiffieHellman key distribution scheme using the class group in an imaginary quadratic field [5]. Later, Hafner and McCurley discovered the subexponential algorithm against the discrete logarithm problem of the class group [20]. Since then, cryptosystems over class groups have not gained much attention in practice. Recently, Huhnlein et. al. proposed an ElGamaltype public key crypt...
A New PublicKey Cryptosystem over Quadratic Orders with Quadratic Decryption Time
, 2000
"... We present a new cryptosystem based on ideal arithmetic in quadratic orders. The method of our trapdoor is different from the DiffieHellman key distribution scheme or the RSA cryptosystem. The plaintext m is encrypted by mp r , where p is a fixed element and r is a random integer, so our proposed ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
We present a new cryptosystem based on ideal arithmetic in quadratic orders. The method of our trapdoor is different from the DiffieHellman key distribution scheme or the RSA cryptosystem. The plaintext m is encrypted by mp r , where p is a fixed element and r is a random integer, so our proposed cryptosystem is a probabilistic encryption scheme and has the homomorphy property. The most prominent property of our cryptosystem is the cost of the decryption, which is of quadratic bit complexity in the length of the public key. Our implementation shows that it is comparably as fast as the encryption time of the RSA cryptosystem with e = 2 16 + 1. The security of our cryptosystem is closely related to factoring the discriminant of a quadratic order. When we choose appropriate sizes of the parameters, the currently known fast algorithms, for examples, the elliptic curve method, the number field sieve, the HafnerMcCurley algorithm, are not applicable. We also discuss that the chosen cip...
Quadratic orders for NESSIE  Overview and parameter sizes of three public key families
, 2000
"... . In the scope of the European project NESSIE 1 there was issued a Call for Cryptographic Primitives [NESSIE] soliciting proposals for block ciphers, stream ciphers, hash functions, pseudorandom functions and public key primitives for digital signatures, encryption and identification. Since ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
. In the scope of the European project NESSIE 1 there was issued a Call for Cryptographic Primitives [NESSIE] soliciting proposals for block ciphers, stream ciphers, hash functions, pseudorandom functions and public key primitives for digital signatures, encryption and identification. Since the security of all popular puplic key cryptosystems is based on unproven assumptions and therefore nobody can guarantee that schemes based on factoring or the computation of discrete logarithms in some group, like the multiplicative group of a finite field or the jacobian of (hyper) elliptic curves over finite fields, will stay secure forever, it is especially important to provide a variety of different primitives and groups which may be utilized if a popular class of cryptosystems gets broken. In this work we propose three different public key families based on the discrete logarithm problem in quadratic orders to be considered for NESSIE. The two families based on (maximal) real...
Evaluation of security level of cryptography: ESIGN signature scheme
 CRYPTREC Project
, 2001
"... to be existentially unforgeable against chosenmessage attacks assuming that the approximate eth root (AER) problem is hard and that the employed hash function is a random function. While the AER problem has been studied by some researchers, it has not received as much attention as the integer fact ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
to be existentially unforgeable against chosenmessage attacks assuming that the approximate eth root (AER) problem is hard and that the employed hash function is a random function. While the AER problem has been studied by some researchers, it has not received as much attention as the integer factorization problem or the discrete logarithm problem. One way to p solve the AER problem is to factor the integer n, where n 2 q and p and q are primes of the same bitlength. The parameters recommended ensure that ESIGN resists all known attacks for factoring integers of this form. 2 Protocol specification 2.1 ESIGN key pairs For the security parameter pLen, k each entity does the following: 1. Randomly select two distinct primes, p, q, each of bitsize k and compute p n 2. Select an integer 4. 3. A’s public key is¢n£e£k¤; A’s private key is¢p£q¤. e¡ In addition, one needs to specify a hash function H¥whose output length is k bits. 2.2 ESIGN signature generation To sign a message m, an entity A with the private key¢p£q¤does the following: 1. Compute H¥¦¢m¤,and let be bit. H¢m¤ obtained from by H¥¦¢m¤ 2 q. deleting the most significant 2. Pick r uniformly from§r ¨ at random gcd¢r£p ¤ Zpq: 1©.
EPOC: Efficient Probabilistic PublicKey Encryption
"... We describe a novel publickey cryptosystem, EPOC (Efficient Probabilistic PublicKey Encryption), which has three versions: EPOC1, EPOC2 and EPOC3. EPOC1 is a publickey encryption system that uses a oneway trapdoor function and a random function (hash function). EPOC2 and EPOC3 are public ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We describe a novel publickey cryptosystem, EPOC (Efficient Probabilistic PublicKey Encryption), which has three versions: EPOC1, EPOC2 and EPOC3. EPOC1 is a publickey encryption system that uses a oneway trapdoor function and a random function (hash function). EPOC2 and EPOC3 are publickey encryption systems that use a oneway trapdoor function, two random functions (hash functions) and a symmetrickey encryption (e.g., onetime padding and blockciphers).
A survey of cryptosystems based on imaginary quadratic orders (Extended Abstract)
, 1999
"... Since nobody can guarantee that popular public key cryptosystems based on factoring or the computation of discrete logarithms in some group will stay secure forever, it is important to study different primitives and groups which may be utilized if a popular class of cryptosystems gets broken. A pro ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Since nobody can guarantee that popular public key cryptosystems based on factoring or the computation of discrete logarithms in some group will stay secure forever, it is important to study different primitives and groups which may be utilized if a popular class of cryptosystems gets broken. A promising candidate for a group in which the DLproblem seems to be hard is the class group Cl(\Delta) of an imaginary quadratic order, as proposed by Buchmann and Williams [BuWi88]. Recently this type of group has obtained much attention, because there was proposed a very efficient cryptosystem based on nonmaximal imaginary quadratic orders [PaTa98a], later on called NICE (for New Ideal Coset Encryption) with quadratic decryption time. To our knowledge this is the only scheme having this property. First implementations show that the time for decryption is comparable to RSA encryption with e = 2 16 + 1. Very recently there was proposed an efficient NICESchnorr type signature scheme [HuMe99]...
An efficient NICESchnorrtype signature scheme (Extended Abstract)
, 1999
"... Recently there was proposed a novel public key cryptosystem [11] based on nonmaximal imaginary quadratic orders with quadratic decryption time. This scheme was later on called NICE for New Ideal Coset Encryption [4]. First implementations show that the decryption is as efficient as RSAencryption ..."
Abstract
 Add to MetaCart
Recently there was proposed a novel public key cryptosystem [11] based on nonmaximal imaginary quadratic orders with quadratic decryption time. This scheme was later on called NICE for New Ideal Coset Encryption [4]. First implementations show that the decryption is as efficient as RSAencryption with e = 2 16 + 1. It was an open question whether it is possible to construct comparably efficient signature schemes based on nonmaximal imaginary quadratic orders. The major drawbacks of the ElGamaltype [5] and RSA/Rabintype signature schemes [6] proposed so far are the slow signature generation and the very inefficient system setup, which involves the computation of the class number h(\Delta 1 ) of the maximal order with a subexponential time algorithm. To avoid this tedious computation it was proposed to use totally nonmaximal orders, where h(\Delta 1 ) = 1, to set up DSA analogues. Very recently however it was shown in [8], that the discrete logarithm problem in this case ...