Results 1  10
of
37
Fully distributed threshold RSA under standard assumptions
 ADVANCES IN CRYPTOLOGY — ASIACRYPT 2001, VOLUME ??? OF LNCS
, 2001
"... The aim of this article is to propose a fully distributed environment for the RSA scheme. What we have in mind is highly sensitive applications and even if we are ready to pay a price in terms of efficiency, we do not want any compromise of the security assumptions that we make. Recently Shoup propo ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
(Show Context)
The aim of this article is to propose a fully distributed environment for the RSA scheme. What we have in mind is highly sensitive applications and even if we are ready to pay a price in terms of efficiency, we do not want any compromise of the security assumptions that we make. Recently Shoup proposed a practical RSA threshold signature scheme that allows to share the ability to sign between a set of players. This scheme can be used for decryption as well. However, Shoup’s protocol assumes a trusted dealer to generate and distribute the keys. This comes from the fact that the scheme needs a special assumption on the RSA modulus and this kind of RSA moduli cannot be easily generated in an efficient way with many players. Of course, it is still possible to call theoretical results on multiparty computation, but we cannot hope to design efficient protocols. The only practical result to generate RSA moduli in a distributive manner is Boneh and Franklin’s protocol but it seems difficult to modify it in order to generate the kind of RSA moduli that Shoup’s protocol requires. The present work takes a different path by proposing a method to enhance the key generation with some additional properties and revisits Shoup’s protocol to work with the resulting RSA moduli. Both of these enhancements decrease the performance of the basic protocols. However, we think that in the applications we target, these enhancements provide practical solutions. Indeed, the key generation protocol is usually run only once and the number of players used to sign or decrypt is not very large. Moreover, these players have time to perform their task so that the communication or time complexity are not overly important.
The Carmichael Numbers up to 10^15
, 1992
"... There are 105212 Carmichael numbers up to 10 : we describe the calculations. ..."
Abstract

Cited by 24 (7 self)
 Add to MetaCart
There are 105212 Carmichael numbers up to 10 : we describe the calculations.
Two contradictory conjectures concerning Carmichael numbers
"... Erdös [8] conjectured that there are x 1;o(1) Carmichael numbers up to x, whereas Shanks [24] was skeptical as to whether one might even nd an x up to which there are more than p x Carmichael numbers. Alford, Granville and Pomerance [2] showed that there are more than x 2=7 Carmichael numbers up to ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
(Show Context)
Erdös [8] conjectured that there are x 1;o(1) Carmichael numbers up to x, whereas Shanks [24] was skeptical as to whether one might even nd an x up to which there are more than p x Carmichael numbers. Alford, Granville and Pomerance [2] showed that there are more than x 2=7 Carmichael numbers up to x, and gave arguments which even convinced Shanks (in persontoperson discussions) that Erdös must be correct. Nonetheless, Shanks's skepticism stemmed from an appropriate analysis of the data available to him (and his reasoning is still borne out by Pinch's extended new data [14,15]), and so we herein derive conjectures that are consistent with Shanks's observations, while tting in with the viewpoint of Erdös [8] and the results of [2,3].
The distribution of Lucas and elliptic pseudoprimes
, 2001
"... Let L(x) denote the counting function for Lucas pseudoprimes, and E(x) denote the elliptic pseudoprime counting function. We prove that, for large x, L(x) ≤ x L(x) −1/2 and E(x) ≤ x L(x) −1/3, where L(x) = exp(log xlog log log x / log log x). ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
Let L(x) denote the counting function for Lucas pseudoprimes, and E(x) denote the elliptic pseudoprime counting function. We prove that, for large x, L(x) ≤ x L(x) −1/2 and E(x) ≤ x L(x) −1/3, where L(x) = exp(log xlog log log x / log log x).
Implementation Of The AtkinGoldwasserKilian Primality Testing Algorithm
 RAPPORT DE RECHERCHE 911, INRIA, OCTOBRE
, 1988
"... We describe a primality testing algorithm, due essentially to Atkin, that uses elliptic curves over finite fields and the theory of complex multiplication. In particular, we explain how the use of class fields and genus fields can speed up certain phases of the algorithm. We sketch the actual implem ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
We describe a primality testing algorithm, due essentially to Atkin, that uses elliptic curves over finite fields and the theory of complex multiplication. In particular, we explain how the use of class fields and genus fields can speed up certain phases of the algorithm. We sketch the actual implementation of this test and its use on testing large primes, the records being two numbers of more than 550 decimal digits. Finally, we give a precise answer to the question of the reliability of our computations, providing a certificate of primality for a prime number.
Primecoin: Cryptocurrency with prime number proofofwork. http://primecoin.io/bin/primecoinpaper.pdf
, 2013
"... A new type of proofofwork based on searching for prime numbers is introduced in peertopeer cryptocurrency designs. Three types of prime chains known as Cunningham chain of first kind, Cunningham chain of second kind and bitwin chain are qualified as proofofwork. Prime chain is linked to block ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
A new type of proofofwork based on searching for prime numbers is introduced in peertopeer cryptocurrency designs. Three types of prime chains known as Cunningham chain of first kind, Cunningham chain of second kind and bitwin chain are qualified as proofofwork. Prime chain is linked to block hash to preserve the security property of Nakamoto’s Bitcoin, while a continuous difficulty evaluation scheme is designed to allow prime chain to act as adjustabledifficulty proofofwork in a Bitcoin like cryptocurrency.
Finding Four Million Large Random Primes
 In Crypto '90, LNCS 537
, 1991
"... ..."
(Show Context)