Results 1  10
of
18
Publickey cryptosystems based on composite degree residuosity classes
 IN ADVANCES IN CRYPTOLOGY — EUROCRYPT 1999
, 1999
"... Abstract. This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to publickey cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes: a trapdoor permutation and two homomorphic pr ..."
Abstract

Cited by 614 (6 self)
 Add to MetaCart
Abstract. This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to publickey cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes: a trapdoor permutation and two homomorphic probabilistic encryption schemes computationally comparable to RSA. Our cryptosystems, based on usual modular arithmetics, are provably secure under appropriate assumptions in the standard model. 1
The Two Faces of Lattices in Cryptology
, 2001
"... Lattices are regular arrangements of points in ndimensional space, whose study appeared in the 19th century in both number theory and crystallography. Since the appearance of the celebrated LenstraLenstra Lov'asz lattice basis reduction algorithm twenty years ago, lattices have had surprising ..."
Abstract

Cited by 69 (16 self)
 Add to MetaCart
Lattices are regular arrangements of points in ndimensional space, whose study appeared in the 19th century in both number theory and crystallography. Since the appearance of the celebrated LenstraLenstra Lov'asz lattice basis reduction algorithm twenty years ago, lattices have had surprising applications in cryptology. Until recently, the applications of lattices to cryptology were only negative, as lattices were used to break various cryptographic schemes. Paradoxically, several positive cryptographic applications of lattices have emerged in the past five years: there now exist publickey cryptosystems based on the hardness of lattice problems, and lattices play a crucial role in a few security proofs.
Generalized compact knapsacks are collision resistant
 In ICALP (2
, 2006
"... n.A step in the direction of creating efficient cryptographic functions based on worstcase hardness was ..."
Abstract

Cited by 40 (14 self)
 Add to MetaCart
n.A step in the direction of creating efficient cryptographic functions based on worstcase hardness was
Lattice Reduction in Cryptology: An Update
 Lect. Notes in Comp. Sci
, 2000
"... Lattices are regular arrangements of points in space, whose study appeared in the 19th century in both number theory and crystallography. ..."
Abstract

Cited by 36 (7 self)
 Add to MetaCart
Lattices are regular arrangements of points in space, whose study appeared in the 19th century in both number theory and crystallography.
Quantum publickey cryptosystems
 in Proc. of CRYPT0 2000
, 2000
"... Abstract. This paper presents a new paradigm of cryptography, quantum publickey cryptosystems. In quantum publickey cryptosystems, all parties including senders, receivers and adversaries are modeled as quantum (probabilistic) polytime Turing (QPT) machines and only classical channels (i.e., no q ..."
Abstract

Cited by 28 (2 self)
 Add to MetaCart
Abstract. This paper presents a new paradigm of cryptography, quantum publickey cryptosystems. In quantum publickey cryptosystems, all parties including senders, receivers and adversaries are modeled as quantum (probabilistic) polytime Turing (QPT) machines and only classical channels (i.e., no quantum channels) are employed. A quantum trapdoor oneway function, f, plays an essential role in our system, in which a QPT machine can compute f with high probability, any QPT machine can invert f with negligible probability, and a QPT machine with trapdoor data can invert f. This paper proposes a concrete scheme for quantum publickey cryptosystems: a quantum publickey encryption scheme or quantum trapdoor oneway function. The security of our schemes is based on the computational assumption (over QPT machines) that a class of subsetsum problems is intractable against any QPT machine. Our scheme is very efficient and practical if Shor’s discrete logarithm algorithm is efficiently realized on a quantum machine.
Adapting Density Attacks to LowWeight Knapsacks
"... Abstract. Cryptosystems based on the knapsack problem were among the first publickey systems to be invented. Their high encryption/decryption rate attracted considerable interest until it was noticed that the underlying knapsacks often had a low density, which made them vulnerable to lattice attack ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Abstract. Cryptosystems based on the knapsack problem were among the first publickey systems to be invented. Their high encryption/decryption rate attracted considerable interest until it was noticed that the underlying knapsacks often had a low density, which made them vulnerable to lattice attacks, both in theory and practice. To prevent lowdensity attacks, several designers found a subtle way to increase the density beyond the critical density by decreasing the weight of the knapsack, and possibly allowing nonbinary coefficients. This approach is actually a bit misleading: we show that lowweight knapsacks do not prevent efficient reductions to lattice problems like the shortest vector problem, they even make reductions more likely. To measure the resistance of lowweight knapsacks, we introduce the novel notion of pseudodensity, and we apply the new notion to the OkamotoTanakaUchiyama (OTU) cryptosystem from Crypto ’00. We do not claim to break OTU and we actually believe that this system may be secure with an appropriate choice of the parameters. However, our research indicates that, in its current form, OTU cannot be supported by an argument based on density. Our results also explain why Schnorr and Hörner were able to solve at Eurocrypt ’95 certain highdensity knapsacks related to the ChorRivest cryptosystem, using lattice reduction.
Density Attack on the Knapsack Cryptosystems with Enumerative Source (Extended Abstract)
, 2003
"... ..."
Survey of Computational Assumptions Used in Cryptography Broken or Not by Shor's Algorithm
, 2001
"... We survey the computational assumptions of various cryptographic schemes, and discuss the security threat posed by Shor's quantum algorithm. ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We survey the computational assumptions of various cryptographic schemes, and discuss the security threat posed by Shor's quantum algorithm.
Lowdensity attack revisited
 Designs, Codes and Cryptography, 43(1):47–59
, 2007
"... The lowdensity attack proposed by Lagarias and Odlyzko is a powerful algorithm against the subset sum problem. The improvement algorithm due to Coster et al. would solve almost all the problems of density < 0.9408... in the asymptotical sense. On the other hand, the subset sum problem itself is kno ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
The lowdensity attack proposed by Lagarias and Odlyzko is a powerful algorithm against the subset sum problem. The improvement algorithm due to Coster et al. would solve almost all the problems of density < 0.9408... in the asymptotical sense. On the other hand, the subset sum problem itself is known as an NPhard problem, and a lot of efforts have been paid to establish publickey cryptosystems based on the problem. In these cryptosystems, densities of the subset sum problems should be higher than 0.9408... in order to avoid the lowdensity attack. For example, the ChorRivest cryptosystem adopted subset sum problems with relatively high densities. In this paper, we further improve the lowdensity attack by incorporating an idea that integral lattice points can be covered with polynomially many spheres of shorter radius and of lower dimension. As a result, the success probability of our attack can be higher than that of Coster et al.’s attack for fixed dimensions. The density bound is also improved for fixed dimensions. Moreover, we numerically show that our improved lowdensity attack makes the success probability higher in case of low Hamming weight solution, such as the ChorRivest cryptosystem, if we assume SVP oracle calls.