Results 1  10
of
11
Publickey cryptosystems based on composite degree residuosity classes
 IN ADVANCES IN CRYPTOLOGY — EUROCRYPT 1999
, 1999
"... Abstract. This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to publickey cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes: a trapdoor permutation and two homomorphic pr ..."
Abstract

Cited by 944 (6 self)
 Add to MetaCart
Abstract. This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to publickey cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes: a trapdoor permutation and two homomorphic probabilistic encryption schemes computationally comparable to RSA. Our cryptosystems, based on usual modular arithmetics, are provably secure under appropriate assumptions in the standard model. 1
Sharing decryption in the context of voting or lotteries
, 2000
"... Several public key cryptosystems with additional homomorphic properties have been proposed so far. They allow to perform computation with encrypted data without the knowledge of any secret information. In many applications, the ability to perform decryption, i.e. the knowledge of the secret key, giv ..."
Abstract

Cited by 91 (6 self)
 Add to MetaCart
Several public key cryptosystems with additional homomorphic properties have been proposed so far. They allow to perform computation with encrypted data without the knowledge of any secret information. In many applications, the ability to perform decryption, i.e. the knowledge of the secret key, gives a huge power. A classical way to reduce the trust in such a secret owner, and consequently to increase the security, is to share the secret between many entities in such a way that cooperation between them is necessary to decrypt. In this paper, we propose a distributed version of the Paillier cryptosystem presented at Eurocrypt ’99. This shared scheme can for example be used in an electronic voting scheme or in a lottery where a random number related to the winning ticket has to be jointly chosen by all participants.
The Relationship Between Breaking the DiffieHellman Protocol and Computing Discrete Logarithms
, 1998
"... Both uniform and nonuniform results concerning the security of the DiffieHellman keyexchange protocol are proved. First, it is shown that in a cyclic group G of order jGj = Q p e i i , where all the multiple prime factors of jGj are polynomial in log jGj, there exists an algorithm that re ..."
Abstract

Cited by 47 (3 self)
 Add to MetaCart
Both uniform and nonuniform results concerning the security of the DiffieHellman keyexchange protocol are proved. First, it is shown that in a cyclic group G of order jGj = Q p e i i , where all the multiple prime factors of jGj are polynomial in log jGj, there exists an algorithm that reduces the computation of discrete logarithms in G to breaking the DiffieHellman protocol in G and has complexity p maxf(p i )g \Delta (log jGj) O(1) , where (p) stands for the minimum of the set of largest prime factors of all the numbers d in the interval [p \Gamma 2 p p+1; p+2 p p+ 1]. Under the unproven but plausible assumption that (p) is polynomial in log p, this reduction implies that the DiffieHellman problem and the discrete logarithm problem are polynomialtime equivalent in G. Second, it is proved that the DiffieHellman problem and the discrete logarithm problem are equivalent in a uniform sense for groups whose orders belong to certain classes: there exists a p...
DiffieHellman Oracles
 ADVANCES IN CRYPTOLOGY  CRYPTO '96 , LECTURE NOTES IN COMPUTER SCIENCE
, 1996
"... This paper consists of three parts. First, various types of DiffieHellman oracles for a cyclic group G and subgroups of G are defined and their equivalence is proved. In particular, the security of using a subgroup of G instead of G in the DiffieHellman protocol is investigated. Second, we derive ..."
Abstract

Cited by 46 (3 self)
 Add to MetaCart
(Show Context)
This paper consists of three parts. First, various types of DiffieHellman oracles for a cyclic group G and subgroups of G are defined and their equivalence is proved. In particular, the security of using a subgroup of G instead of G in the DiffieHellman protocol is investigated. Second, we derive several new conditions for the polynomialtime equivalence of breaking the DiffieHellman protocol and computing discrete logarithms in G which extend former results by den Boer and Maurer. Finally, efficient constructions of DiffieHellman groups with provable equivalence are described.
The DiffieHellman Protocol
 DESIGNS, CODES, AND CRYPTOGRAPHY
, 1999
"... The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor oneway function, a publickey cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the socalled DiffieHellman protoco ..."
Abstract

Cited by 29 (0 self)
 Add to MetaCart
The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor oneway function, a publickey cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the socalled DiffieHellman protocol, allowing two parties who share no secret information initially, to generate a mutual secret key. This paper summarizes the present knowledge on the security of this protocol.
Trapdooring Discrete Logarithms on Elliptic Curves over Rings
, 2000
"... This paper introduces three new probabilistic encryption schemes using elliptic curves over rings. The cryptosystems are based on three specific trapdoor mechanisms allowing the recipient to recover discrete logarithms on di#erent types of curves. The first scheme is an embodiment of Naccache an ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
This paper introduces three new probabilistic encryption schemes using elliptic curves over rings. The cryptosystems are based on three specific trapdoor mechanisms allowing the recipient to recover discrete logarithms on di#erent types of curves. The first scheme is an embodiment of Naccache and Stern's cryptosystem and realizes a discrete log encryption as originally wanted in [23] by Vanstone and Zuccherato.
Multiple trusted authorities in identifier based cryptography from pairings on elliptic curves,” HP
"... ..."
(Show Context)
On a cryptosystem of Vanstone and Zuccherato
, 1998
"... In [1], Vanstone and Zuccherato proposed a publickey elliptic curve cryptosystem in which the public key consists of an integer N and an elliptic curve E defined over the ring Z=NZ. Here N is a product of two secret primes p and q, each of special form, and the order of E modulo N is smooth. We pre ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In [1], Vanstone and Zuccherato proposed a publickey elliptic curve cryptosystem in which the public key consists of an integer N and an elliptic curve E defined over the ring Z=NZ. Here N is a product of two secret primes p and q, each of special form, and the order of E modulo N is smooth. We present three attacks, each of which factors the modulus N and hence breaks the cryptosystem. The first attack exploits the special form of p and q; the second exploits the smoothness of the elliptic curve; and the third attack breaks a proposed application of the system to user authentication. For parameters as in [1], the modulus can be factored within a fraction of a second. Keywords Cryptography, public key, authentication, discrete logarithm, elliptic curves, factoring. I. The proposed cryptosystem In a recent cryptosystem proposed by Vanstone and Zuccherato [1], part of the public key is an integer N which is a product of two secret primes p and q. An elliptic curve E over Z=NZ is ch...
Cryptography Over Elliptic Curve Of The Ring Fq[ɛ],ɛ 4 = 0
"... Abstract—Groups where the discrete logarithm problem (DLP) is believed to be intractable have proved to be inestimable building blocks for cryptographic applications. They are at the heart of numerous protocols such as key agreements, publickey cryptosystems, digital signatures, identification sche ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—Groups where the discrete logarithm problem (DLP) is believed to be intractable have proved to be inestimable building blocks for cryptographic applications. They are at the heart of numerous protocols such as key agreements, publickey cryptosystems, digital signatures, identification schemes, publicly verifiable secret sharings, hash functions and bit commitments. The search for new groups with intractable DLP is therefore of great importance.The goal of this article is to study elliptic curves over the ring Fq[ɛ], with Fq a finite field of order q and with the relation ɛ n =0, n ≥ 3. The motivation for this work came from the observation that several practical discrete logarithmbased cryptosystems, such as ElGamal, the Elliptic Curve Cryptosystems. In a first time, we describe these curves defined over a ring. Then, we study the algorithmic properties by proposing effective implementations for representing the elements and the group law. In anther article we study their cryptographic properties, an attack of the elliptic discrete logarithm problem, a new cryptosystem over these curves. Keywords—Elliptic Curve Over Ring, Discrete Logarithm Problem. I.
Biometric Security For Wireless Device
"... Despite the work being done to secure the air link portion of wireless communications, user devices remain a the weak spot. Improving the security features built into handheld devices such as smart phones and wireless PDAs will help to convince business and enterprise users to adopt wireless data. T ..."
Abstract
 Add to MetaCart
Despite the work being done to secure the air link portion of wireless communications, user devices remain a the weak spot. Improving the security features built into handheld devices such as smart phones and wireless PDAs will help to convince business and enterprise users to adopt wireless data. They need to be convinced that is if a handheld is lost or stolen, it will be is difficult for an unauthorized user to access information stored on the device or to use it to access a network containing sensitive data, such as a corporate intranet. One traditional approach to security is