Results 1 
6 of
6
Efficient Undeniable Signature Schemes Based on Ideal Arithmetic in Quadratic Orders
 Ideal Arithmetic in Quadratic Orders, Conference on The Mathematics of PublicKey Cryptography
, 1999
"... this paper we present new undeniable signature schemes which are constructed over an imaginary quadratic field. The basic scheme contains zeroknowledge confirmation and disavowal protocols which require operations of cubic bit complexity by the signer. In case one omits the part of the protocols wh ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
this paper we present new undeniable signature schemes which are constructed over an imaginary quadratic field. The basic scheme contains zeroknowledge confirmation and disavowal protocols which require operations of cubic bit complexity by the signer. In case one omits the part of the protocols which is costly the confirmation and disavowal protocol are not zeroknowledge but honestverifier zeroknowledge; the remaining operations for the signer have quadratic bit complexity. Additionally, the information which can be learned by a dishonest verifier can be characterized but will not be helpful to fake new signatures. Even tracing the operations done in this part leaks no information. In our basic scheme, the secret key of the signer is not needed to perform the additional operations for the zeroknowledge property; one can delegate this part to be performed by a certified software running on a terminal or PC to which the chip card is connected. Tracing the computations done by the certified software is allowed. One only has to be guaranteed that the results computed by this program are not manipulated. So, either in the basic protocol or in applications in which one knows the verifier to be trustworthy the tasks of the signer using the secret information can be performed in quadratic bit complexity, e.g. on a smart card. Buchmann and Williams proposed the first algorithm which achieves the DiffieHellman key distribution scheme using the class group in an imaginary quadratic field [5]. Later, Hafner and McCurley discovered the subexponential algorithm against the discrete logarithm problem of the class group [20]. Since then, cryptosystems over class groups have not gained much attention in practice. Recently, Huhnlein et. al. proposed an ElGamaltype public key crypt...
Efficient implementation of cryptosystems based on nonmaximal imaginary quadratic orders
"... In [14] there is proposed an ElGamaltype cryptosystem based on nonmaximal imaginary quadratic orders with trapdoor decryption. The trapdoor information is the factorization of the nonfundamental discriminant p = 1p 2. The NICEcryptosystem (New Ideal Coset Encryption) [24, 12] is an e cient va ..."
Abstract

Cited by 6 (5 self)
 Add to MetaCart
In [14] there is proposed an ElGamaltype cryptosystem based on nonmaximal imaginary quadratic orders with trapdoor decryption. The trapdoor information is the factorization of the nonfundamental discriminant p = 1p 2. The NICEcryptosystem (New Ideal Coset Encryption) [24, 12] is an e cient variant thereof, which uses an element g k 2 Ker (;1;1 Cl) Cl ( p), where k is random and Cl: Cl ( p)! Cl ( 1) is a map between the class groups of the nonmaximal and maximal order, to mask the message in the ElGamal cryptosystem. This mask simply "disappears " during decryption, which essentially consists of computing;1 Cl.Thus NICE features quadratic decryption time and hence is very well suited for applications in which acentral server has to decrypt a large number of ciphertexts in a short time. In this work we will introduce an efficient batch decryption method for NICE, which allows to speed up the decryption by about 30 % for a batch size of 100 messages. In [17] there is proposed a NICESchnorrtype signature scheme. In this scheme one uses the group Ker (;1 Cl) instead of IF p. Thus instead of modular arithmetic one would need to apply standard ideal arithmetic (multiply and reduce) using algorithms from [5] for example. Because every group operation needs the application of the Extended Euclidean Algorithm the implementation would be very inefficient. Especially the signing process, which would typically be performed on a smartcard with limited computational power would be too slow to allow practical application. In this work we will introduce an entirely new arithmetic for elements in Ker (;1 Cl), which uses the generator and ringequivalence for exponentiation. Thus the signer essentially performs the exponentiation in (O 1 =pO 1) , which turns out to be about twenty times as fast as conventional ideal arithmetic. Furthermore in [17] it is shown, how one can further speed up this exponentiation by application of the Chinese Remainder Theorem for (O 1 =pO 1). With this arithmetic the signature generation is about forty times as fast as with conventional ideal arithmetic and more than twice as fast as in the original Schnorr scheme [26].
Rabin and RSA analogues based on nonmaximal imaginary quadratic orders
 Proceedings of ICICS '98, ISBN 898530514X
, 1998
"... Abstract. In [14] and [21] there are proposed ElGamaltype cryptosystems based on nonmaximal imaginary quadratic orders with fast trapdoor decryption. The trapdoor information is the factorization of the nonfundamental discriminant q = q 2.We will extend the ideas given there to set up Rabin and R ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
Abstract. In [14] and [21] there are proposed ElGamaltype cryptosystems based on nonmaximal imaginary quadratic orders with fast trapdoor decryption. The trapdoor information is the factorization of the nonfundamental discriminant q = q 2.We will extend the ideas given there to set up Rabin and RSA analogues based on nonmaximal imaginary quadratic orders. To implement theRabin analogue we will introduce a new algorithm, which reduces the computation of square roots in Cl ( q) to the computation of square roots in Cl (). This is more e cient than the classical Gaussian algorithm. If the class number h ()for =;p, p 3 mod 4 prime, is known, it is possible to extract square roots by a simple exponentiantion. In this case it is easy to set up RSA analogues as well. It will be shown, that breaking the Rabin analogue is as hard as factoring, just like the original scheme in (ZZ=nZZ). The major advantage of our schemes compared to the original Rabin and RSA schemes is that they are immune against the currently known low exponent attacks and the chosen ciphertext attack from [10].
Quadratic orders for NESSIE  Overview and parameter sizes of three public key families
, 2000
"... . In the scope of the European project NESSIE 1 there was issued a Call for Cryptographic Primitives [NESSIE] soliciting proposals for block ciphers, stream ciphers, hash functions, pseudorandom functions and public key primitives for digital signatures, encryption and identification. Since ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
. In the scope of the European project NESSIE 1 there was issued a Call for Cryptographic Primitives [NESSIE] soliciting proposals for block ciphers, stream ciphers, hash functions, pseudorandom functions and public key primitives for digital signatures, encryption and identification. Since the security of all popular puplic key cryptosystems is based on unproven assumptions and therefore nobody can guarantee that schemes based on factoring or the computation of discrete logarithms in some group, like the multiplicative group of a finite field or the jacobian of (hyper) elliptic curves over finite fields, will stay secure forever, it is especially important to provide a variety of different primitives and groups which may be utilized if a popular class of cryptosystems gets broken. In this work we propose three different public key families based on the discrete logarithm problem in quadratic orders to be considered for NESSIE. The two families based on (maximal) real...
An Adaptation of the NICE Cryptosystem to Real Quadratic Orders
"... Abstract. In 2000, Paulus and Takagi introduced a public key cryptosystem called NICE that exploits the relationship between maximal and nonmaximal orders in imaginary quadratic number fields. Relying on the intractability of integer factorization, NICE provides a similar level of security as RSA, ..."
Abstract
 Add to MetaCart
Abstract. In 2000, Paulus and Takagi introduced a public key cryptosystem called NICE that exploits the relationship between maximal and nonmaximal orders in imaginary quadratic number fields. Relying on the intractability of integer factorization, NICE provides a similar level of security as RSA, but has faster decryption. This paper presents REALNICE, an adaptation of NICE to orders in real quadratic fields. REALNICE supports smaller public keys than NICE, and while preliminary computations suggest that it is somewhat slower than NICE, it still significantly outperforms RSA in decryption. 1
A Block Cipher Using Rotation and Logical XOR Operations 1
"... Cryptography is the study of methods of sending messages in disguised form so that only the intended recipients can remove the disguise and read the messages. Information security has become a very critical aspect of modern communication systems. With the global acceptance of the Internet as a mediu ..."
Abstract
 Add to MetaCart
Cryptography is the study of methods of sending messages in disguised form so that only the intended recipients can remove the disguise and read the messages. Information security has become a very critical aspect of modern communication systems. With the global acceptance of the Internet as a medium of communication, virtually every computer in the world is connected to every other. It has created a new risk for the users of the computers with a constant threat of being hacked and being victims of data theft. In this connection data encryption has become an essential part of secure communication of the messages. In the present paper we propose a new method of encryption of data in blocks using the operations Rotation and Logical XOR.