Results 1  10
of
27
PolynomialTime Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
 SIAM J. on Computing
, 1997
"... A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time by at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. ..."
Abstract

Cited by 941 (2 self)
 Add to MetaCart
(Show Context)
A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time by at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. This paper considers factoring integers and finding discrete logarithms, two problems which are generally thought to be hard on a classical computer and which have been used as the basis of several proposed cryptosystems. Efficient randomized algorithms are given for these two problems on a hypothetical quantum computer. These algorithms take a number of steps polynomial in the input size, e.g., the number of digits of the integer to be factored.
The NPcompleteness column: an ongoing guide
 Journal of Algorithms
, 1985
"... This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book ‘‘Computers and Intractability: A Guide to the Theory of NPCompleteness,’ ’ W. H. Freeman & ..."
Abstract

Cited by 196 (0 self)
 Add to MetaCart
(Show Context)
This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book ‘‘Computers and Intractability: A Guide to the Theory of NPCompleteness,’ ’ W. H. Freeman & Co., New York, 1979 (hereinafter referred to as ‘‘[G&J]’’; previous columns will be referred to by their dates). A background equivalent to that provided by [G&J] is assumed, and, when appropriate, crossreferences will be given to that book and the list of problems (NPcomplete and harder) presented there. Readers who have results they would like mentioned (NPhardness, PSPACEhardness, polynomialtimesolvability, etc.) or open problems they would like publicized, should
A new publickey cryptosystem as secure as factoring
 In Eurocrypt '98, LNCS 1403
, 1998
"... Abstract. This paper proposes a novel publickey cryptosystem, which is practical, provably secure and has some other interesting properties as follows: 1. Its trapdoor technique is essentially different from any other previous schemes including RSARabin and DiffieHellman. 2. It is a probabilistic ..."
Abstract

Cited by 171 (6 self)
 Add to MetaCart
Abstract. This paper proposes a novel publickey cryptosystem, which is practical, provably secure and has some other interesting properties as follows: 1. Its trapdoor technique is essentially different from any other previous schemes including RSARabin and DiffieHellman. 2. It is a probabilistic encryption scheme. 3. It can be proven to be as secure as the intractability of factoring n = p 2 q (in the sense of the security of the whole plaintext) against passive adversaries. 4. It is semantically secure under the psubgroup assumption, which is comparable to the quadratic residue and higher degree residue assumptions. 5. Under the most practical environment, the encryption and decryption speeds of our scheme are comparable to (around twice slower than) those of elliptic curve cryptosystems. 6. It has a homomorphic property: E(m 0
Equitable key escrow with limited time span (or, How to enforce time expiration cryptographically)
 ADVANCES IN CRYPTOLOGY, ASIACRYPT 98, LNCS 1514
, 1998
"... With equitable key escrow the control of society over the individual and the control of the individual over society are shared fairly. In particular, the control is limited to specified time periods. We consider two applications: time controlled key escrow and time controlled auctions with closed b ..."
Abstract

Cited by 18 (5 self)
 Add to MetaCart
(Show Context)
With equitable key escrow the control of society over the individual and the control of the individual over society are shared fairly. In particular, the control is limited to specified time periods. We consider two applications: time controlled key escrow and time controlled auctions with closed bids. In the rst the individual cannot be targeted outside the period authorized by the court. In the second the individual cannot withhold his closed bid beyond the bidding period. We propose two protocols, one for each application. We do not require the use of temperproof devices.
Efficiency and Security of Cryptosystems Based on Number Theory
, 1996
"... , 44 equivalent, 48 admissible, 19 associated, 48 binary addition chain, 45 binary method, 43, 63 Carmichael function, 4 Carmichael number, 16, 29 Chinese Remainder Theorem, 5 complex extension, 3 conjugate, 3 CRT, 5 Dickson polynomials, 11 doubling step, 63 dual, 48 Fermat test, 15, 16 graph reduce ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
, 44 equivalent, 48 admissible, 19 associated, 48 binary addition chain, 45 binary method, 43, 63 Carmichael function, 4 Carmichael number, 16, 29 Chinese Remainder Theorem, 5 complex extension, 3 conjugate, 3 CRT, 5 Dickson polynomials, 11 doubling step, 63 dual, 48 Fermat test, 15, 16 graph reduced, 48 group of units, 3 indegree, 45 Jacobi symbol, 6 Legendre symbol, 5 Lucas chain, 62 composite, 63 degenerate, 63 simple, 63 Lucas sequence, 8 Mathematica, 23, 41 MillerRabin test, 18 norm, 3 order of a group element, 7 outdegree, 45 Pocklington, 25 probable prime, 15 pseudoprimality, 2 BIBLIOGRAPHY 85 [R'ed48] L. R'edei. Uber eindeutig umkehrbare Polynome in endlichen Korpern. Acta Sci. Math., 11:7176, 194648. [Rie85] H. Riesel. Prime Numbers and Computer Methods for Factorization. Birkhauser, 1985. [RLS + 93] R. A. Rueppel, A. K. Lenstra, M. E. Smid, K. S. McCurley, Y. Desmedt, A. Odlyzko, and P. Landrock. Panel
Mutual authentication and key exchange protocols for roaming services in wireless mobile networks
 IEEE Transactions on Wireless Communications
, 2006
"... Abstract — Two novel mutual authentication and key exchange protocols with anonymity are proposed for different roaming scenarios in the global mobility network. The new features in the proposed protocols include identity anonymity and onetime session key renewal. Identity anonymity protects mobile ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
Abstract — Two novel mutual authentication and key exchange protocols with anonymity are proposed for different roaming scenarios in the global mobility network. The new features in the proposed protocols include identity anonymity and onetime session key renewal. Identity anonymity protects mobile users privacy in the roaming network environment. Onetime session key progression frequently renews the session key for mobile users and reduces the risk of using a compromised session key to communicate with visited networks. It has demonstrated that the computation complexity of the proposed protocols is similar to the existing ones, while the security has been significantly improved. Index Terms — Authentication, key exchange, roaming service, anonymity, secretsplitting, selfcertified. Fixed Internet nodes A’s home network, home agent (H) Internet B’s home network, home agent (H) Mobile terminal (M), B Foreign network2 (V)
A New PublicKey Cryptosystem over Quadratic Orders with Quadratic Decryption Time
, 2000
"... We present a new cryptosystem based on ideal arithmetic in quadratic orders. The method of our trapdoor is different from the DiffieHellman key distribution scheme or the RSA cryptosystem. The plaintext m is encrypted by mp r , where p is a fixed element and r is a random integer, so our proposed ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
We present a new cryptosystem based on ideal arithmetic in quadratic orders. The method of our trapdoor is different from the DiffieHellman key distribution scheme or the RSA cryptosystem. The plaintext m is encrypted by mp r , where p is a fixed element and r is a random integer, so our proposed cryptosystem is a probabilistic encryption scheme and has the homomorphy property. The most prominent property of our cryptosystem is the cost of the decryption, which is of quadratic bit complexity in the length of the public key. Our implementation shows that it is comparably as fast as the encryption time of the RSA cryptosystem with e = 2 16 + 1. The security of our cryptosystem is closely related to factoring the discriminant of a quadratic order. When we choose appropriate sizes of the parameters, the currently known fast algorithms, for examples, the elliptic curve method, the number field sieve, the HafnerMcCurley algorithm, are not applicable. We also discuss that the chosen cip...
Improved Incremental Prime Number Sieves
 Cornell University
, 1994
"... . An algorithm due to Bengalloun that continuously enumerates the primes is adapted to give the first prime number sieve that is simultaneously sublinear, additive, and smoothly incremental:  it employs only \Theta(n= log log n) additions of numbers of size O(n) to enumerate the primes up to n, ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
. An algorithm due to Bengalloun that continuously enumerates the primes is adapted to give the first prime number sieve that is simultaneously sublinear, additive, and smoothly incremental:  it employs only \Theta(n= log log n) additions of numbers of size O(n) to enumerate the primes up to n, equalling the performance of the fastest known algorithms for fixed n;  the transition from n to n + 1 takes only O(1) additions of numbers of size O(n). (On average, of course, O(1) such additions increase the limit up to which all primes are known from n to n + \Theta(log log n)). 1 Introduction A socalled "formula" for the i'th prime has been a longlived concern, if not quite the Holy Grail, of Elementary Number Theory. This concern seems poorly motivated, as evidenced by the extraordinary freakshow of solutions proffered over the ages. The natural setting is Algorithmic Number Theory, and what is desired is much better cast as an algorithm to compute the i'th prime. Given that app...
Evaluation of security level of cryptography: ESIGN signature scheme
 CRYPTREC Project
, 2001
"... related to the ESIGN signature scheme. It has been proven to be a secure identification scheme assuming that the approximate eth root (AER) problem is hard and that the employed hash function is a random function. While the AER problem has been studied by some researchers, it has not received as mu ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
related to the ESIGN signature scheme. It has been proven to be a secure identification scheme assuming that the approximate eth root (AER) problem is hard and that the employed hash function is a random function. While the AER problem has been studied by some researchers, it has not received as much attention as the integer factorization problem or the discrete logarithm problem. One way to solve the AER problem is to factor the integer n, where n p2q and p and q are primes of the same bitlength. The parameters recommended ensure that ESIGN resists all known attacks for factoring integers of this form. 2 Protocol specification 2.1 ESIGN key pairs For the security parameter k pLen, each entity does the following: 1. Randomly select two distinct primes, p, q, each of bitsize k and compute n p2q. 2. Select an integer e 4. 3. A’s public key is n e k ; A’s private key is p q . In addition, one needs to specify a hash function H whose output length is k bits. 2.2 ESIGN identification In the ESIGN identification scheme, the verifier sends a random message to the prover who signs the message using her ESIGN private key. The process whereby an entity A verifies herself to entity B is the following: 1. (random challenge) Verifier B generates a random string m 0 1 k 1 and sends it to A. 2. (response) A generates an ESIGN signature s of the challenge m as follows: 2.1. Pick r uniformly at random from r Zpq: gcd r p 1 . 2.2. Set z 0 H m 02k and α I z
re mod n, where the function I converts a binary string into an integer in the usual way. 3 Security level of cryptographic techniques Page 2 2.3. Set w0 w1 such that w0