. Elliptic curves over the ring ZZ=nZZ where n is the product of two large primes have first been proposed for public key cryptosystems in [4]. The security of this system is based on the integer factorization problem, but it is unknown whether breaking the system is equivalent to factoring. In this paper, we present a variant of this cryptosystem for which breaking the system is equivalent to factoring the modulus n. Moreover, we extend the ideas to get a signature scheme based on elliptic curves over ZZ=nZZ. 1 Introduction In recent years, elliptic curves over finite fields have gained a lot of attention. The use of elliptic curves over finite fields in public key cryptography was suggested by Koblitz [3] and Miller [7]. The security of these cryptosystems is based on the difficulty of the discrete logarithm problem in the group of points on an elliptic curve. Later Vanstone et. al. proposed to use elliptic curves over the ring ZZ=nZZ, where n is the product of two large prime num...

We propose an elliptic curve scheme over the ring Z n 2, which is efficient and semantically secure in the standard model. There appears to be no previous elliptic curve cryptosystem based on factoring that enjoys both of these properties. KMOV scheme has been used as an underlying primitive to obtain efficiency and probabilistic encryption. Semantic security of the scheme is based on a new decisional assumption, namely, the Decisional Small-x e-Multiples Assumption. Confidence on this assumption is also discussed.

. This paper surveys RSA-type implementations based on Lucas sequences and on elliptic curves. The main focus is the way how some known attacks on RSA were extended to LUC, KMOV and Demytko's system. It also gives some directions for the choice of the most appropriate RSA-type system for a given application. 1. INTRODUCTION In 1978, Rivest, Shamir and Adleman [63] introduced the so-called RSA cryptosystem. Its security mainly relies on the difficulty of factoring carefully chosen large integers. After this breakthrough, other structures were proposed to produce analogues to RSA. So, Muller and Nobauer [54, 55] presented a cryptosystem using Dickson polynomials. This system was afterwards slightly modified and rephrased in terms of Lucas sequences by Smith and Lennon [70, 72]. More recently, Koyama, Maurer, Okamoto and Vanstone [41] exhibited new one-way trapdoor functions similar to RSA on elliptic curves, the so-called KMOV cryptosystem. Later, Demytko [20] also pointed out a new one-...

This report is a survey on public key cryptosystems that use the theory of elliptic curves. A considerable part will be about the theory of elliptic curves. Encryption systems, digital signature schemes and key agreement schemes using elliptic curves will be described. Their workload and bandwidth will be addressed and some attacks will be described. For all systems the security is based either on the elliptic curve discrete logarithm problem or on the difficulty of factorization. The differences between conventional and elliptic curve systems shall be addressed. Systems based on the elliptic curve discrete logarithm problem can be used with shorter keys to provide the same security, compared to similar conventional systems. Elliptic curve systems based on factoring are slightly more resistant as conventional systems against some attacks.

The cryptosystem proposed by Koyama is not semantically secure. Also, it is not secure against partial known plaintext attack, linearly related plaintext attack and low exponent attack. In this paper we propose a cryptosystem over singular cubic curve using the idea of Koyama and Kouichi et al. Our proposed cryptosystem is approximately two times faster than the cryptosystem given by Kouichi et al. with the same security label and more efficient than the Koyama scheme at higher security label. Further, the partially known plaintext attack and the linearly related plaintext attacks are analyzed and concluded that those are not possible in the proposed scheme.