Abstract. This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to public-key cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes: a trapdoor permutation and two homomorphic probabilistic encryption schemes computationally comparable to RSA. Our cryptosystems, based on usual modular arithmetics, are provably secure under appropriate assumptions in the standard model. 1

This paper presents the first efficient statistical zero-knowledge protocols to prove statements such as: A committed number is a pseudo-prime.

. We present some observations on public-key cryptosystems that use the Chinese remaindering algorithm. Our results imply that careless implementations of such systems could be vulnerable. Only one faulty signature, in some explained context, is enough to recover the secret key. Keywords. Public-key cryptosystems, Faulty computations, Chinese remaindering. 1 Introduction In public-key cryptosystems two distinct computations can be distinguished: the computation that makes use of the secret, public key pair, and the one that only makes use of the public key. The former usually corresponds to the secret decryption or to the signature generation operation, the latter to the public encryption or to the signature verification operation. In this paper we restrict our attention to public key cryptosystems in which the former computation can be sped up using the Chinese remaindering algorithm. Examples of such cryptosystems are: RSA [16], LUC [19], KMOV [11], and Demytko's cryptosystem [6]. ...

This paper introduces three new probabilistic encryption schemes using elliptic curves over rings. The cryptosystems are based on three specific trapdoor mechanisms allowing the recipient to recover discrete logarithms on di#erent types of curves. The first scheme is an embodiment of Naccache and Stern's cryptosystem and realizes a discrete log encryption as originally wanted in [23] by Vanstone and Zuccherato.

In this paper homomorphic cryptosystems are designed for the first time over any finite group. Applying Barrington's construction we produce for any boolean circuit of the logarithmic depth its encrypted simulation of a polynomial size over an appropriate finitely generated group.

. In this paper, we show that the presence of transient faults can leak some secret information. We prove that only one faulty RSAsignature is needed to recover one bit of the secret key. Thereafter, we extend this result to Lucas-based and elliptic curve systems. Keywords. RSA, Lucas sequences, elliptic curves, transient faults. 1 Introduction At the last Workshop on Security Protocols, Bao, Deng, Han, Jeng, Narasimhalu and Ngair from the Institute of Systems Science (Singapore) exhibited new attacks against several cryptosystems [2]. These attacks exploit the presence of transient faults. By exposing a device to external constraints, one can induce some faults with a non-negligible probability [1]. In this paper, we show that these attacks are of very general nature and remain valid for cryptosystems based on other algebraic structures. We will illustrate this topic on the Lucas-based and elliptic curve cryptosystems. Moreover, we will focus on the signatures generation, reducing t...

In this paper, we address the following problem: " Is it possible to weaken/attack a scheme when a (provably) secure cryptosystem is used? ". The answer is yes. We exploit weak error-handling methods. Our attack relies on the cryptanalyst being able to modify some ciphertext and then getting access to the decryption of this modified ciphertext. Moreover, it applies on many cryptosystems, including RSA, Rabin, LUC, KMOV, Demytko, ElGamal and its analogues, 3-pass system, knapsack scheme, etc. . .

. Elliptic curves over the ring ZZ=nZZ where n is the product of two large primes have first been proposed for public key cryptosystems in [4]. The security of this system is based on the integer factorization problem, but it is unknown whether breaking the system is equivalent to factoring. In this paper, we present a variant of this cryptosystem for which breaking the system is equivalent to factoring the modulus n. Moreover, we extend the ideas to get a signature scheme based on elliptic curves over ZZ=nZZ. 1 Introduction In recent years, elliptic curves over finite fields have gained a lot of attention. The use of elliptic curves over finite fields in public key cryptography was suggested by Koblitz [3] and Miller [7]. The security of these cryptosystems is based on the difficulty of the discrete logarithm problem in the group of points on an elliptic curve. Later Vanstone et. al. proposed to use elliptic curves over the ring ZZ=nZZ, where n is the product of two large prime num...

Abstract. This paper proposes a new approach to provide reliable data transmission in MANET with strong adversaries. We combine Elliptic Curve Cryptography and Threshold Cryptosystem to securely deliver messages in n shares. As long as the destination receives at least k shares, it can recover the original message. We explore seven ECC mechanisms, El-Gamal, Massey-Omura, Diffie-Hellman, Menezes-Vanstone, Koyama-Maurer-Okamoto-Vanstone, Ertaul, and Demytko. For secure data forwarding, we consider both splitting plaintext before encryption, and splitting ciphertext after encryption. Also we suggest to exchange keys between a pair of mobile nodes using Elliptic Curve Cryptography Diffie-Hellman. We did performance comparison of ECC and RSA to show ECC is more efficient than RSA. 1

Chosen-message attack on RSA is usually considered as an inherent property of its homomorphic structure. In this paper, we show that non-homomorphic RSA-type cryptosystems are also susceptible to a chosen-message attack. In particular, we prove that only one message is needed to mount a successful chosen-message attack against the Lucasbased systems and Demytko's elliptic curve system.