Results 1 
3 of
3
Security of an IdentityBased Cryptosystem and the Related Reductions
 In Advances in Cryptology, Eurocrypt'98, LNCS 1403
, 1998
"... Abstract. Recently an efficient solution to the discrete logarithm problem on elliptic curves over F, with p points (p: prime), socalled anornalous curues, was independently discovered by Semaev [14], Smart [17], and Satoh and Araki [12]. Since the solution is very efficient, i.e., 0(lpl3), the S ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Recently an efficient solution to the discrete logarithm problem on elliptic curves over F, with p points (p: prime), socalled anornalous curues, was independently discovered by Semaev [14], Smart [17], and Satoh and Araki [12]. Since the solution is very efficient, i.e., 0(lpl3), the SemaevSmartSatohAraki (SSSA) algorithm implies the possibility of realizing a trapdoor for the discrete logarithm problem, and we have tried to utilize the SSSA algorithm for constructing a cryptographic scheme. One of our trials was to realize an identitybased cryptosystem (keydistribution) which has been proven to be as secure as a primitive problem, called the DiffieHellman problem on an elliptic curve over Z/nZ (n = pq, p and q are primes) where Ep and E, are anomalous curves (anomalous EnDiffieHellman problem). Unfortunately we have found that the anomalous EnDiffieHellman problem is not secure (namely, our scheme is not secure). First, this paper introduces our trial of realizing an identitybased cryptosystem based on the SSSA algorithm, and then shows why the anomalous EnDiffieHellman problem is not secure. In addition, we generalize the observation of our breaking algorithm and present reductions of factoring n to computing the order ’ of an elliptic curve over Z/nZ. (These reductions roughly imply the equivalence of intractability between factoring and computing elliptic curve’s order.) The algorithm of breaking our identitybased cryptosystem is considered to be a special case of these reductions, and the essential reason why our system was broken can be clarified through these reductions: En in our system is a very specific curve such that the order of En (i.e., n) is trivially known.
Factoring Algorithms Based on NMR Quantum Computers
"... No polynomial time algorithms have been proposed for the factoring and discrete logarithm problems. However, Shor showed that these problems can be solved by a quantum Turing machine in 1994. Several devices have been proposed toward the realization of quantum computers. Among them, the NMR quantum ..."
Abstract
 Add to MetaCart
(Show Context)
No polynomial time algorithms have been proposed for the factoring and discrete logarithm problems. However, Shor showed that these problems can be solved by a quantum Turing machine in 1994. Several devices have been proposed toward the realization of quantum computers. Among them, the NMR quantum computer seems to be the nearest to the target goal. Since the NMR quantum computer has different features from ordinary ones, we cannot directly implement Shor’s algorithms. In this paper, we propose new simple algorithms that work on NMR quantum computers to solve the factoring and discrete logarithm problems. 1
Security and Efficiency Analyses of Public Key Cryptosystems
, 2001
"... This thesis analyzes the security and efficiency of public key cryptosystems. New attacks for several cryptosystems are proposed and the effectiveness of the attacks is evaluated. Furthermore, solutions are given to several unsolved problems in computational number theory and algebraic geometry theo ..."
Abstract
 Add to MetaCart
(Show Context)
This thesis analyzes the security and efficiency of public key cryptosystems. New attacks for several cryptosystems are proposed and the effectiveness of the attacks is evaluated. Furthermore, solutions are given to several unsolved problems in computational number theory and algebraic geometry theory that are closely related to the security of public key cryptosystems. Moreover, new calculation methods are proposed to speed up encryption and decryption. This thesis consists of the following eight chapters. Chapter 1 is the introduction. We explain the main purpose of our studies and overview previous works related to our studies. Chapter 2 gives the preliminaries. We summarize the mathematics and cryptosystems appearing in this thesis. We analyze the security of several cryptosystems from Chapter 3 to Chapter 6. In Chapter 3, we investigate how the elliptic curve factoring method, which is an efficient attack for public key cryptosystems, especially RSA cryptosystem, can be speeded up. In Chapter 4, we analyze the security of a certain type of elliptic curve cryptosystem defined over a composite modulus. We also investigate the difficulty of a known problem  the problem of counting the number of points on an elliptic curve over the ring Z=nZ . This problem is assumed to be as difficult to solve as the cryptosystem is to break. We prove that this problem is computationally equivalent to a factoring problem. In Chapter 5, we investigate the difficulty of an elliptic curve discrete logarithm problem over a superanomalous elliptic curve. We prove that this problem can be solved in deterministic polynomial time. In Chapter 6, the multivariate RSA cryptosystem is defined and its security and efficiency are evaluated. We prove that this cryptosystem can be broken unde...