Results 1 
2 of
2
Generic Lower Bounds for Root Extraction and Signature Schemes in General Groups
 In proceedings of EUROCRYPT ’02, LNCS series
, 2002
"... We study the problem of root extraction in finite Abelian groups, where the group order is unknown. This is a natural generalization of the problem of decrypting RSA ciphertexts. We study the complexity of this problem for generic algorithms, that is, algorithms that work for any group and do not us ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
We study the problem of root extraction in finite Abelian groups, where the group order is unknown. This is a natural generalization of the problem of decrypting RSA ciphertexts. We study the complexity of this problem for generic algorithms, that is, algorithms that work for any group and do not use any special properties of the group at hand. We prove an exponential lower bound on the generic complexity of root extraction, even if the algorithm can choose the "public exponent" itself. In other words, both the standard and the strong RSA assumption are provably true w.r.t. generic algorithms. The results hold for arbitrary groups, so security w.r.t. generic attacks follows for any cryptographic construction based on root extracting. As an example of this, we revisit CramerShoup signature scheme [CS99]. We modify the scheme such that it becomes a generic algorithm. This allows us to implement it in RSA groups without the original restriction that the modulus must be a product of safe primes. It can also be implemented in class groups. In all cases, security follows from a well defined complexity assumption (the strong root assumption), without relying on random oracles, and the assumption is shown to be true w.r.t. generic attacks. 1
A Survey on IQ Cryptography
 In Proceedings of Public Key Cryptography and Computational Number Theory
, 2001
"... This paper gives a survey on cryptographic primitives based on class groups of imaginary quadratic orders (IQ cryptography, IQC). We present IQC versions of several well known cryptographic primitives, and we explain, why these primitives are secure if one assumes the hardness of the underlying p ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
This paper gives a survey on cryptographic primitives based on class groups of imaginary quadratic orders (IQ cryptography, IQC). We present IQC versions of several well known cryptographic primitives, and we explain, why these primitives are secure if one assumes the hardness of the underlying problems. We give advice on the selection of the cryptographic parameters and show the impact of this advice on the eciency of some IQ cryptosystems.