Results 1  10
of
21
Towards the Equivalence of Breaking the DiffieHellman Protocol and Computing Discrete Logarithms
, 1994
"... Let G be an arbitrary cyclic group with generator g and order jGj with known factorization. G could be the subgroup generated by g within a larger group H. Based on an assumption about the existence of smooth numbers in short intervals, we prove that breaking the DiffieHellman protocol for G and ..."
Abstract

Cited by 69 (6 self)
 Add to MetaCart
Let G be an arbitrary cyclic group with generator g and order jGj with known factorization. G could be the subgroup generated by g within a larger group H. Based on an assumption about the existence of smooth numbers in short intervals, we prove that breaking the DiffieHellman protocol for G and base g is equivalent to computing discrete logarithms in G to the base g when a certain side information string S of length 2 log jGj is given, where S depends only on jGj but not on the definition of G and appears to be of no help for computing discrete logarithms in G. If every prime factor p of jGj is such that one of a list of expressions in p, including p \Gamma 1 and p + 1, is smooth for an appropriate smoothness bound, then S can efficiently be constructed and therefore breaking the DiffieHellman protocol is equivalent to computing discrete logarithms.
List Decoding of AlgebraicGeometric Codes
 IEEE Trans. on Information Theory
, 1999
"... We generalize Sudan's results for ReedSolomon codes to the class of algebraicgeometric codes, designing algorithms for list decoding of algebraic geometric codes which can decode beyond the conventional errorcorrection bound (d\Gamma1)=2, d being the minimumdistance of the code. Our main algorith ..."
Abstract

Cited by 41 (3 self)
 Add to MetaCart
We generalize Sudan's results for ReedSolomon codes to the class of algebraicgeometric codes, designing algorithms for list decoding of algebraic geometric codes which can decode beyond the conventional errorcorrection bound (d\Gamma1)=2, d being the minimumdistance of the code. Our main algorithm is based on an interpolation scheme and factorization of polynomials over algebraic function fields. For the latter problem we design a polynomialtime algorithm and show that the resulting overall listdecoding algorithm runs in polynomial time under some mild conditions. Several examples are included.
ZeroKnowledge Simulation of Boolean Circuits
, 1987
"... A zeroknowledge interactive proof is a protocol by which Alice can convince a polynomiallybounded Bob of the truth of some theorem without giving him any hint as to how the proof might proceed. Under cryptographic assumptions, we give a general technique for achieving this goal for any problem in ..."
Abstract

Cited by 37 (7 self)
 Add to MetaCart
A zeroknowledge interactive proof is a protocol by which Alice can convince a polynomiallybounded Bob of the truth of some theorem without giving him any hint as to how the proof might proceed. Under cryptographic assumptions, we give a general technique for achieving this goal for any problem in NP. This extends to a presumably larger class, which combines the powers of nondeterminism and randomness. Our protocol is powerful enough to allow Alice to convince Bob of theorems for which she does not even have a proof. Whenever Alice can convince herself probabilistically of a theorem, perhaps thanks to her knowledge of some trapdoor information, she can convince Bob as well, without compromising the trapdoor in any way. 1. INTRODUCTION The notion of zeroknowledge interactive proofs (ZKIP) introduced a few years ago by Goldwasser, Micali and Rackoff [GwMiRac85] has become a very active research area. Assume that Alice holds the proof of some theorem. A zeroknowledge interactive pr...
The DiffieHellman Protocol
 DESIGNS, CODES, AND CRYPTOGRAPHY
, 1999
"... The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor oneway function, a publickey cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the socalled DiffieHellman protoco ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor oneway function, a publickey cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the socalled DiffieHellman protocol, allowing two parties who share no secret information initially, to generate a mutual secret key. This paper summarizes the present knowledge on the security of this protocol.
Decoding AlgebraicGeometric Codes Beyond the ErrorCorrection Bound
, 1998
"... Generalizing the highnoise decoding methods of [1, 19] to the class of algebraicgeometric codes, we design the first polynomialtime algorithms to decode algebraicgeometric codes significantly beyond the conventional errorcorrection bound. Applying our results to codes obtained from curves with m ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
Generalizing the highnoise decoding methods of [1, 19] to the class of algebraicgeometric codes, we design the first polynomialtime algorithms to decode algebraicgeometric codes significantly beyond the conventional errorcorrection bound. Applying our results to codes obtained from curves with many rational points, we construct arbitrarily long, constantrate linear codes over a fixed field F q such that a codeword is efficiently, nonuniquely reconstructible after a majority of its letters have been arbitrarily corrupted. We also construct codes such that a codeword is uniquely and efficiently reconstructible after a majority of its letters have been corrupted by noise which is random in a specified sense. We summarize our results in terms of bounds on asymptotic parameters, giving a new characterization of decoding beyond the errorcorrection bound. 1 Introduction Errorcorrecting codes, originally designed to accommodate reliable transmission of information through unreliable ...
Chameleon Hashing without Key Exposure
, 2004
"... Chameleon signatures are based on well established hashand sign paradigm, where a chameleon hash function is used to compute the cryptographic message digest. Chameleon signatures simultaneously provide the properties of nonrepudiation and nontransferability for the signed message, i.e., the ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
Chameleon signatures are based on well established hashand sign paradigm, where a chameleon hash function is used to compute the cryptographic message digest. Chameleon signatures simultaneously provide the properties of nonrepudiation and nontransferability for the signed message, i.e., the designated recipient is capable of verifying the validity of the signature, but cannot disclose the contents of the signed information to convince any third party without the signer's consent.
Faster Square Roots in Annoying Finite Fields
"... Let q be an odd prime number. There are several methods known to compute square roots in Z=q: the quadraticextension methods of Legendre, Pocklington, Cipolla, Lehmer, et al., and the discretelogarithm methods of Tonelli, Shanks, et al. The quadraticextension methods use (3 + o(1)) lg q multiplic ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Let q be an odd prime number. There are several methods known to compute square roots in Z=q: the quadraticextension methods of Legendre, Pocklington, Cipolla, Lehmer, et al., and the discretelogarithm methods of Tonelli, Shanks, et al. The quadraticextension methods use (3 + o(1)) lg q multiplications and, on average, 2 + o(1) Jacobisymbol computations mod q. The discretelogarithm methods use only (1 + o(1)) lg q multiplications, after an easy precomputation of one element of Z=q, if ord2 (q 1) 2 o( p lg q). This paper presents an algorithm that uses only (1 + o(1)) lg q multiplications, after an easy precomputation of (lg q) O(1) elements of Z=q, if ord2 (q 1) 2 o( p lg q lg lg q). For example, the new algorithm can compute square roots in Z=q for q = 2 224 2 96 + 1 using 364 multiplications in Z=q and 1024 precomputed elements of Z=q. The same technique speeds up the SilverPohligHellman algorithm for computing discrete logarithms in any cyclic group of smooth order.
An analysis of Shanks’s algorithm for computing square roots in finite fields
 in Proc. 5th Conf. Canadian Number Theory Assoc
, 1999
"... Abstract We rigorously analyze Shanks's algorithm for computing square roots modulo a prime number. The initialization always requires two exponentiations. Averaged over all primes and possible inputs, the body of the algorithm requires 8/3 additional multiplications. We obtain exact values for the ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Abstract We rigorously analyze Shanks's algorithm for computing square roots modulo a prime number. The initialization always requires two exponentiations. Averaged over all primes and possible inputs, the body of the algorithm requires 8/3 additional multiplications. We obtain exact values for the mean and variance of the number of additional multiplications for a fixed prime, and finally show that the distribution is asymptotically normal.
Implementation of the Hypercube Variation of the Multiple Polynomial Quadratic Sieve
, 1995
"... We discuss the implementation of the Hypercube variation of the Multiple Polynomial Quadratic Sieve (HMPQS) integer factorization algorithm. HMPQS is a variation on Pomerance's Quadratic Sieve algorithm which inspects many quadratic polynomials looking for quadratic residues with small prime factors ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We discuss the implementation of the Hypercube variation of the Multiple Polynomial Quadratic Sieve (HMPQS) integer factorization algorithm. HMPQS is a variation on Pomerance's Quadratic Sieve algorithm which inspects many quadratic polynomials looking for quadratic residues with small prime factors. The polynomials are organized as the nodes of an ndimensional cube. Since changing polynomials on the hypercube is cheap, the optimal value for the size of the sieving interval is much smaller than in other implementations of the Multiple Polynomial Quadratic Sieve (MPQS). This makes HMPQS substantially faster than MPQS. We also describe a relatively fast way to find good parameters for the single large prime variation of the algorithm. Finally, we report on the performance of our implementation on factoring several large numbers for the Cunningham Project. Supported by National Science Foundation grant No. CCR9207204 1 Introduction Integer factorization algorithms are usually cate...
A User Efficient Fair Blind Signature Scheme for Untraceable Electronic Cash
 Journal of Information Science and Engineering
"... Blind signatures have been widely adopted to construct untraceable electronic cash systems since they are both unlinkable and unforgeable. Although unlinkability protects the privacy of customers and users, it may be abused by criminals for such purposes as to launder money or to safely get a ransom ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Blind signatures have been widely adopted to construct untraceable electronic cash systems since they are both unlinkable and unforgeable. Although unlinkability protects the privacy of customers and users, it may be abused by criminals for such purposes as to launder money or to safely get a ransom. The techniques of fair blind signatures are developed to deal with the abuse of unlinkability. In this paper we propose a user efficient fair blind signature scheme which makes it possible for a government or a judge to recover the link between a signature and the instance of the signing protocol which produces that signature when the unlinkability property is abused. Only two integers are required to form a signature in the proposed fair blind signature scheme. Furthermore, it only takes several modular multiplications for a user to obtain and verify a signature. It turns out that the scheme is suitable for situations where computation capability of users or customers is limited, such as smart cards and mobile units. Compared with existing blind signature schemes proposed in the literatures, our method reduces the computation required of users by more than 99%.