Results 1 
6 of
6
Elliptic Curve Paillier Schemes
, 2001
"... . This paper is concerned with generalisations of Paillier's probabilistic encryption scheme from the integers modulo a square to elliptic curves over rings. Paillier himself described two public key encryption schemes based on anomalous elliptic curves over rings. It is argued that these schem ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
. This paper is concerned with generalisations of Paillier's probabilistic encryption scheme from the integers modulo a square to elliptic curves over rings. Paillier himself described two public key encryption schemes based on anomalous elliptic curves over rings. It is argued that these schemes are not secure. A more natural generalisation of Paillier's scheme to elliptic curves is given.
Trapdooring Discrete Logarithms on Elliptic Curves over Rings
, 2000
"... This paper introduces three new probabilistic encryption schemes using elliptic curves over rings. The cryptosystems are based on three specific trapdoor mechanisms allowing the recipient to recover discrete logarithms on di#erent types of curves. The first scheme is an embodiment of Naccache an ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
This paper introduces three new probabilistic encryption schemes using elliptic curves over rings. The cryptosystems are based on three specific trapdoor mechanisms allowing the recipient to recover discrete logarithms on di#erent types of curves. The first scheme is an embodiment of Naccache and Stern's cryptosystem and realizes a discrete log encryption as originally wanted in [23] by Vanstone and Zuccherato.
On the relations between noninteractive key distribution, identitybased encryption and trapdoor discrete log groups. Cryptology ePrint Archive, Report 2007/453
, 2007
"... Abstract. This paper investigates the relationships between identitybased noninteractive key distribution (IDNIKD) and identitybased encryption (IBE). It provides a new security model for IDNIKD, and a generic construction that converts a secure IDNIKD scheme into a secure IBE scheme. This con ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
Abstract. This paper investigates the relationships between identitybased noninteractive key distribution (IDNIKD) and identitybased encryption (IBE). It provides a new security model for IDNIKD, and a generic construction that converts a secure IDNIKD scheme into a secure IBE scheme. This conversion is used to explain the relationship between the IDNIKD scheme of Sakai, Ohgishi and Kasahara and the IBE scheme of Boneh and Franklin. The paper then explores the construction of IDNIKD and IBE schemes from general trapdoor discrete log groups. Two different concrete instantiations for such groups provide new, provably secure IDNIKD and IBE schemes. These schemes are suited to applications in which the Trusted Authority is computationally wellresourced, but clients performing encryption/decryption are highly constrained. Keywords: Identitybased encryption; identitybased noninteractive key distribution; trapdoor discrete logs. 1
Breaking RSA May Be As Difficult As Factoring
, 2005
"... If factoring is hard, then straight line programs cannot efficiently solve the low public exponent RSA problem. More precisely, no efficient algorithm can take an RSA public key as input and then output a straight line program that efficiently solves the low public exponent RSA problem for the given ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
If factoring is hard, then straight line programs cannot efficiently solve the low public exponent RSA problem. More precisely, no efficient algorithm can take an RSA public key as input and then output a straight line program that efficiently solves the low public exponent RSA problem for the given public key — unless factoring is easy. More generally, it suffices that the public exponent has a small factor. Of course, other kinds of algorithms may well be able to solve the RSA problem. 1
unknown title
"... On the relations between noninteractive key distribution, identitybased encryption and trapdoor discrete log groups ..."
Abstract
 Add to MetaCart
On the relations between noninteractive key distribution, identitybased encryption and trapdoor discrete log groups
Security and Efficiency Analyses of Public Key Cryptosystems
, 2001
"... This thesis analyzes the security and efficiency of public key cryptosystems. New attacks for several cryptosystems are proposed and the effectiveness of the attacks is evaluated. Furthermore, solutions are given to several unsolved problems in computational number theory and algebraic geometry theo ..."
Abstract
 Add to MetaCart
This thesis analyzes the security and efficiency of public key cryptosystems. New attacks for several cryptosystems are proposed and the effectiveness of the attacks is evaluated. Furthermore, solutions are given to several unsolved problems in computational number theory and algebraic geometry theory that are closely related to the security of public key cryptosystems. Moreover, new calculation methods are proposed to speed up encryption and decryption. This thesis consists of the following eight chapters. Chapter 1 is the introduction. We explain the main purpose of our studies and overview previous works related to our studies. Chapter 2 gives the preliminaries. We summarize the mathematics and cryptosystems appearing in this thesis. We analyze the security of several cryptosystems from Chapter 3 to Chapter 6. In Chapter 3, we investigate how the elliptic curve factoring method, which is an efficient attack for public key cryptosystems, especially RSA cryptosystem, can be speeded up. In Chapter 4, we analyze the security of a certain type of elliptic curve cryptosystem defined over a composite modulus. We also investigate the difficulty of a known problem  the problem of counting the number of points on an elliptic curve over the ring Z=nZ . This problem is assumed to be as difficult to solve as the cryptosystem is to break. We prove that this problem is computationally equivalent to a factoring problem. In Chapter 5, we investigate the difficulty of an elliptic curve discrete logarithm problem over a superanomalous elliptic curve. We prove that this problem can be solved in deterministic polynomial time. In Chapter 6, the multivariate RSA cryptosystem is defined and its security and efficiency are evaluated. We prove that this cryptosystem can be broken unde...