## An efficient probabilistic public-key cryptosystem over

Citations: | 2 - 0 self |

### BibTeX

@MISC{Castagnos_anefficient,

author = {Guilhem Castagnos},

title = {An efficient probabilistic public-key cryptosystem over},

year = {}

}

### OpenURL

### Abstract

quadratic fields quotients

### Citations

703 | Public-key cryptosystems based on composite degree residuosity classes
- Paillier
- 1999
(Show Context)
Citation Context ...equivalent to the security of the RSA cryptosystem (cf. [4]). This scheme, which works in the ring Z/n 2 Z where n is an RSA integer, is a fast variant of the homomorphic scheme designed by Paillier (=-=[13]-=-) in 1999. The Catalano et al. scheme has then been adapted in the group of points of an elliptic curve by Galindo, Martín et al. in 2003 ([8]) with the help of the KMOV primitive (cf. [10]). However,... |

91 |
Finding a Small Root of a Univariate Modular Equation
- Coppersmith
- 1996
(Show Context)
Citation Context ...the two problems, one has to find a root of a polynomial of the same degree e. A result of Coppersmith gives the roots smaller than n 1/d of a polynomial of degree d over Z/nZ in polynomial time (cf. =-=[5]-=-). This result seems to indicate that the complexity of the problem of finding a root of a polynomial P over Z/nZ is related to the degree of P . From this point of view, it makes sense to believe tha... |

85 | The XTR public key system
- Lenstra, Verheul
- 2000
(Show Context)
Citation Context ... not compute a full exponentiation α ↦→ α e in (O∆/nO∆) ∧ but assign to an x ∈ Z/nZ, the trace of the element α e with α ∈ (O∆/nO∆) ∧ chosen such that x = Tr(α) (this idea is very similar to XTR, cf. =-=[12]-=-). According to Lemma 2, this computation can be done with the single Lucas sequence V . In this section, we recall some properties of the LUC function, discuss its security and compare it to the secu... |

42 |
A public-key cryptosystem and a digital signature system based on the Lucas function analogue to discrete logarithms
- Smith, Skinner
(Show Context)
Citation Context ... [16]). In cryptography, these groups have not been largely used. Only two systems have been proposed by Smith, Lennon and Skinner in 1994: the LUC cryptosystem (see [14]) and a signature scheme (see =-=[15]-=-). All these papers use the mysterious language ofsLucas sequences. In Section 2 we define a group, denoted (O∆/aO∆) ∧ , of norm 1 quadratic integers modulo an integer a. Then, in Section 3, we show h... |

42 |
H.C.: ‘A p + 1 method of factoring
- WILLIAMS
(Show Context)
Citation Context ...roup of norm 1 quadratic integers modulo n 2 . Quotients of quadratic fields have been quite famous in primality proving (Lucas pseudoprimes, see [1]) and factoring (the p + 1 method of Williams, cf. =-=[16]-=-). In cryptography, these groups have not been largely used. Only two systems have been proposed by Smith, Lennon and Skinner in 1994: the LUC cryptosystem (see [14]) and a signature scheme (see [15])... |

31 | A new public key system
- Smith, Lennon
- 1993
(Show Context)
Citation Context ...(the p + 1 method of Williams, cf. [16]). In cryptography, these groups have not been largely used. Only two systems have been proposed by Smith, Lennon and Skinner in 1994: the LUC cryptosystem (see =-=[14]-=-) and a signature scheme (see [15]). All these papers use the mysterious language ofsLucas sequences. In Section 2 we define a group, denoted (O∆/aO∆) ∧ , of norm 1 quadratic integers modulo an intege... |

30 | Paillier’s cryptosystem revisited
- Catalano, Gennaro, et al.
- 2001
(Show Context)
Citation Context ...ryption; Lucas sequences; LUC cryptosystem; Quadratic fields; Catalano et al. cryptosystem. 1 Introduction In 2001, Catalano, Gennaro et al. have proposed an efficient probabilistic cryptosystem (cf. =-=[3]-=-) whose security has been proved equivalent to the security of the RSA cryptosystem (cf. [4]). This scheme, which works in the ring Z/n 2 Z where n is an RSA integer, is a fast variant of the homomorp... |

19 | Elliptic curve paillier schemes
- Galbraith
(Show Context)
Citation Context ... proposed in Section 6 as we have to compute both Lucas sequences Vn and Un. However this cryptosystem is four times faster than the adaptation of the Paillier cryptosystem proposed by Galbraith (see =-=[7]-=-) in the group of points of an elliptic curve over the ring Z/n 2 Z. 11 Conclusion We have shown how to use the LUC function to design a competitive probabilistic scheme. Although this function and it... |

17 |
Some remarks on Lucas-based cryptosystems
- Bleichenbacher, Bosma, et al.
(Show Context)
Citation Context ...as sequences and exponentiation in O∆/aO∆ Lucas sequences have been used to design the LUC cryptosystem (see [14]) and a digital signature scheme (see [15]). These schemes have been well studied (see =-=[2, 11]-=-). Except in [2], all these papers are exclusively formulated in obfuscated terms of relations verified by Lucas sequences. However it is possible to avoid the systematic use of these relations, by ex... |

8 | The hardness of Hensel lifting: The case of RSA and discrete logarithm
- Catalano, Nguyen, et al.
- 2002
(Show Context)
Citation Context ...1 Introduction In 2001, Catalano, Gennaro et al. have proposed an efficient probabilistic cryptosystem (cf. [3]) whose security has been proved equivalent to the security of the RSA cryptosystem (cf. =-=[4]-=-). This scheme, which works in the ring Z/n 2 Z where n is an RSA integer, is a fast variant of the homomorphic scheme designed by Paillier ([13]) in 1999. The Catalano et al. scheme has then been ada... |

5 | An efficient semantically secure elliptic curve cryptosystem based on KMOV
- Galindo, Martín, et al.
- 2003
(Show Context)
Citation Context ... variant of the homomorphic scheme designed by Paillier ([13]) in 1999. The Catalano et al. scheme has then been adapted in the group of points of an elliptic curve by Galindo, Martín et al. in 2003 (=-=[8]-=-) with the help of the KMOV primitive (cf. [10]). However, the points of the elliptic curve considered have coordinates in the ring Z/n 2 Z, where n is an RSA integer and the security of this system i... |

5 |
Ecient Computation of Full Lucas Sequences
- Joye, Quisquater
- 1996
(Show Context)
Citation Context ..., Q) = P Uk(P, Q) − QUk−1(P, Q), U1(P, Q) = 1, U0(P, Q) = 0, Vk+1(P, Q) = P Vk(P, Q) − QVk−1(P, Q), V1(P, Q) = P, V0(P, Q) = 2. There are several algorithms that allow to compute Lucas sequences (see =-=[9]-=-, for example). These algorithms are analogous to the “square and multiply” algorithm for common exponentiation. For our purpose, we will only need to compute terms of the sequence (Vn(P, 1))n∈N. We r... |

2 |
140-2, Federal Information Processing Standards Publication - Security Requirements for Cryptographic Modules
- PUB
- 2001
(Show Context)
Citation Context ...rete logarithm in elliptic curves makes a prime of 192 bits sufficient to achieve a level of security as strong as an 1024 bits RSA modulus (In the FIPS publication which describe signature standards =-=[6]-=-, the recommended size for prime base fields is at least 192 bits for ECDSA, and in the change notice enclosed to this document, the modulus size for RSA is required to be at least 1024 bits). We summ... |

1 |
pseudo primes
- Baillie, Jr, et al.
- 1980
(Show Context)
Citation Context .../n 2 Z. In fact, this kind of group can be view as a group of norm 1 quadratic integers modulo n 2 . Quotients of quadratic fields have been quite famous in primality proving (Lucas pseudoprimes, see =-=[1]-=-) and factoring (the p + 1 method of Williams, cf. [16]). In cryptography, these groups have not been largely used. Only two systems have been proposed by Smith, Lennon and Skinner in 1994: the LUC cr... |

1 |
Fu-Kuan Tu and Wen-Chung Tai, On the security of the Lucas function
- Laih
- 1995
(Show Context)
Citation Context ...as sequences and exponentiation in O∆/aO∆ Lucas sequences have been used to design the LUC cryptosystem (see [14]) and a digital signature scheme (see [15]). These schemes have been well studied (see =-=[2, 11]-=-). Except in [2], all these papers are exclusively formulated in obfuscated terms of relations verified by Lucas sequences. However it is possible to avoid the systematic use of these relations, by ex... |