Wei-dong QIU,Ke-fei CHEN,Ying-cai BAI

DOI: https://doi.org/10.13328/j.cnki.jos.2000.10.010

2000-01-01

Journal of Software

Abstract:A modified Rabin signature scheme is presented based on quadratic residue problem. The main advantage of the modified scheme is simpler to describe and more efficient to implement. There is no limitation for plain test space, especially only one modular multiplication is required for verification, and it is secure against chosen-ciphertext attack.

R. L. Rivest,A. Shamir,L. Adleman

DOI: https://doi.org/10.1145/359340.359342

IF: 22.7

1978-02-01

Communications of the ACM

Abstract:An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n , of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n .

computer science, theory & methods, software engineering, hardware & architecture

George S. Rizos,Konstantinos A. Draziotis

DOI: https://doi.org/10.1016/j.jisa.2024.103781

IF: 4.96

2024-05-02

Journal of Information Security and Applications

Abstract:The present paper builds upon prior research on an id scheme that utilizes a compact knapsack problem defined by a single equation. We introduce a three-move id scheme founded on a compact knapsack problem defined by an integer matrix. Through our analysis, we investigate the possible lattice-based attacks on this problem. Additionally, we present the corresponding digital signature gained through the Fiat–Shamir transform and demonstrate its security under ROM. These cryptographic primitives are potentially post quantum resistant.

computer science, information systems

Masahiro Kaminaga,Toshinori Suzuki,Masaharu Fukase

DOI: https://doi.org/10.48550/arXiv.1807.05782

2019-03-17

Abstract:Rabin encryption and a secure ownership transfer protocol based on the difficulty of factorization of a public key use a small public exponent. Such encryption requires random number padding. The Coppersmith's shortpad attack works effectively on short padding, thereby allowing an adversary to extract the secret message. However, the criteria for determining the appropriate padding size remains unclear. In this paper, we derived the processing-time formula for the shortpad attack and determined the optimal random-padding size in order to achieve the desired security.

Cryptography and Security

Ritu Thombre,Babita Jajodia

DOI: https://doi.org/10.21467/proceedings.114.74

2021-01-01

Abstract:In this world of massive communication networks, data security and confidentiality are of crucial importance for maintaining secured private communication and protecting information against eavesdropping attacks. Existing cryptosystems provide data security and confidentiality by the use of encryption and signature algorithms for secured communication. Classical computers use cryptographic algorithms that use the product of two large prime numbers for generating public and private keys. These classical algorithms are based on the fact that integer factorization is a non-deterministic polynomial-time (NP) problem and requires super-polynomial time making it impossible for large enough integers. Shor’s algorithm is a well-known algorithm for factoring large integers in polynomial time and takes only O(b3) time and O(b) space on b-bit number inputs. Shor’s algorithm poses a potential threat to the current security system with the ongoing advancements of Quantum computers. This paper discusses how Shor’s algorithm will be able to break integer factorization-based cryptographic algorithms, for example, Rivest–Shamir–Adleman (RSA) and Rabin Algorithms. As a proof of concept, experimental analysis of Quantum Shor’s algorithm on existing public-key cryptosystems using IBM Quantum Experience is performed for factorizing integers of moderate length (seven bits) due to limitations of thirty-two qubits in present IBM quantum computers. In a nutshell, this work will demonstrate how Shor’s algorithm poses threat to confidentiality and authentication services.

L. Sreenivasulu Reddy

DOI: https://doi.org/10.1080/09720529.2020.1734292

2020-05-07

Journal of Discrete Mathematical Sciences and Cryptography

Abstract:The RSA public key cryptographic strength (either security of encryption and decryption schemes or efficiency of algorithms) depends upon the complexity in factorizing the largest integer into odd primes. For every chosen integer, the RSA's strength varies. RSA key generation space is the group of non-negative integers relatively prime to ϕ(n) and encryption, decryption spaces are both equal to the group of integers relatively prime to n. Operational time and data storage are two of its efficiency aspects. To reduce the operational time along with reduction data storage is a difficult task in RSA public key cryptography. In addition that the Security of RSA public key cryptography for an adversary with polynomial bounds computations is another biggest task. In this paper, we are going to propose a new kind of public key cryptographic system, nearly four times more efficient in data storage and operational time to that of RSA and probably one fourth of security complexity of RSA. This new crypto system is possible only based on one of the strong pseudo prime test :Rabin-Miller test. So, name it as RM-RSA. In this way,we are going to compare the efficiency of that RM-RSA and previously our proposed S-RSA in "Solovay-Strassen test in a RSA Pubic key Cryptosystem".

Laila El Aimani

DOI: https://doi.org/10.48550/arXiv.1610.09503

2016-10-29

Abstract:We study the Sign_then_Encrypt, Commit_then_Encrypt_and_Sign, and Encrypt_then_Sign paradigms in the context of two cryptographic primitives, namely designated confirmer signatures and signcryption. Our study identifies weaknesses in those paradigms which impose the use of expensive encryption (as a building block) in order to meet a reasonable security level. Next, we propose some optimizations which annihilate the found weaknesses and allow consequently cheap encryption without compromising the overall security. Our optimizations further enjoy verifiability, a property profoundly needed in many real-life applications of the studied primitives.

Cryptography and Security

Lior Rotem,Gil Segev

DOI: https://doi.org/10.1007/s00145-024-09506-5

2024-06-08

Journal of Cryptology

Abstract:The Schnorr identification and signature schemes have been among the most influential cryptographic protocols of the past 3 decades. Unfortunately, although the best-known attacks on these two schemes are via discrete logarithm computation, the known approaches for basing their security on the hardness of the discrete logarithm problem encounter the "square-root barrier." In particular, in any group of order p where Shoup's generic hardness result for the discrete logarithm problem is believed to hold (and is thus used for setting concrete security parameters), the best-known t -time attacks on the Schnorr identification and signature schemes have success probability , whereas existing proofs of security only rule out attacks with success probabilities and , respectively, where denotes the number of random oracle queries issued by the attacker. We establish tighter security guarantees for identification and signature schemes which result from -protocols with special soundness based on the hardness of their underlying relation, and in particular for Schnorr's schemes based on the hardness of the discrete logarithm problem. We circumvent the square-root barrier by introducing a high-moment generalization of the classic forking lemma, relying on the assumption that the underlying relation is " d -moment hard": The success probability of any algorithm in the task of producing a witness for a random instance is dominated by the d th moment of the algorithm's running time. In the concrete context of the discrete logarithm problem, already Shoup's original proof shows that the discrete logarithm problem is 2-moment hard in the generic group model, and thus, our assumption can be viewed as a highly plausible strengthening of the discrete logarithm assumption in any group where no better-than-generic algorithms are currently known. Applying our high-moment forking lemma in this context shows that, assuming the 2-moment hardness of the discrete logarithm problem, any t -time attacker breaks the security of the Schnorr identification and signature schemes with probabilities at most and , respectively.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Subhash Kak

DOI: https://doi.org/10.48550/arXiv.cs/0602097

2006-06-10

Abstract:We propose the use of the cubic transformation for public-key applications and digital signatures. Transformations modulo a prime p or a composite n=pq, where p and q are primes, are used in such a fashion that each transformed value has only 3 roots that makes it a more efficient transformation than the squaring transformation of Rabin, which has 4 roots. Such a transformation, together with additional tag information, makes it possible to uniquely invert each transformed value. The method may be used for other exponents as well.

Cryptography and Security

Jintai Ding,Albrecht Petzoldt,Dieter S. Schmidt

DOI: https://doi.org/10.1007/978-1-0716-0987-3_3

2020-01-01

Abstract:This chapter describes the Matsumoto-Imai cryptosystem, which is one of the oldest multivariate public key cryptosystems. After introducing the plain scheme, we discuss its cryptanalysis by the linearization equations attack of Patarin. We then consider variants of the basic scheme which are immune against this attack. In the area of encryption schemes, these are the PMI and PMI+ schemes, which are obtained by a concept named internal perturbation and the plus modifier. In the area of signature schemes based on MI, we present the MI-Minus or SFlash scheme and its extension PFlash.

Soeren Kleine,Andreas Nickel,Torben Ritter,Krishnan Shankar

2024-03-25

Abstract:We introduce a new probabilistic public-key cryptosystem which combines the main ingredients of the well-known RSA and Rabin cryptosystems. We investigate the security and performance of our new scheme in comparison to the other two.

Cryptography and Security,Number Theory

Jintai Ding,Daniel Smith-Tone

DOI: https://doi.org/10.1090/noti1546

2017-01-01

Notices of the American Mathematical Society

Abstract:Over the past three decades, the family of public-key cryptosystems, a fundamental breakthrough in modern cryptography in the late 1970s, has become an increasingly integral part of our communication networks. The Internet, as well as other communication systems, relies principally on the Diffie-Hellman key exchange, RSA encryption, and digital signatures using DSA, ECDSA, or related algorithms. The security of these cryptosystems depends on the difficulty of certain number-theoretic problems, such as integer factorization or the discrete log problem. In 1994 Peter Shor showed that quantum computers can solve each of these problems in polynomial time, thus rendering the security of all cryptosystems based on such assumptions impotent. A large international community has emerged to address this issue in the hope that our public-key infrastructure may remain intact by utilizing new quantum-resistant primitives. In the academic world, this new science bears the moniker Post-Quantum Cryptography (PQC).

PQCrypto,Johannes Buchmann,Jintai Ding

2008-01-01

Abstract:A New Efficient Threshold Ring Signature Scheme Based on Coding Theory.- Square-Vinegar Signature Scheme.- Attacking and Defending the McEliece Cryptosystem.- McEliece Cryptosystem Implementation: Theory and Practice.- Merkle Tree Traversal Revisited.- Explicit Hard Instances of the Shortest Vector Problem.- Practical-Sized Instances of Multivariate PKCs: Rainbow, TTS, and ?IC-Derivatives.- Digital Signatures Out of Second-Preimage Resistant Hash Functions.- Cryptanalysis of Rational Multivariate Public Key Cryptosystems.- Syndrome Based Collision Resistant Hashing.- Nonlinear Piece In Hand Perturbation Vector Method for Enhancing Security of Multivariate Public Key Cryptosystems.- On the Power of Quantum Encryption Keys.- Secure PRNGs from Specialized Polynomial Maps over Any .- MXL2: Solving Polynomial Equations over GF(2) Using an Improved Mutant Strategy.- Side Channels in the McEliece PKC.

Shengli Liu,Fangguo Zhang

2007-01-01

Abstract:A new public key cryptosystem, called REESSE1+, was proposed. REESSE1 consists of two primitive algorithms, a public key encryptio/decryption algorithm and a digital signature algorithm. We give some analysis to REESSE1+, and show that the system is totally unsecure. We show how to derive the private key from the public key. As the same time, we also show how to forge signatures for any messages, given two valid signatures. The new version has even longer key size than the old REESSEE1. The analysis of the impracti- cal length of the private/public key, and the complexity of the encryption/decrytpion algorithm of the REESSE1 was given in (4, 3). In this paper, we show how that the REESSEE1+ encryption/decryption algorithm can be reduced to the REESSEE1. We present algorithms to derive the private key from the public key. We also show how to forge valid signatures for any message with the help of two valid signatures. We will follow the original symbols used in (2).

Lorenzo Grassi,Irati Manterola Ayala,Martha Norberg Hovd,Morten Oygarden,Havard Raddum,Qingju Wang

DOI: https://doi.org/10.1007/978-3-031-38548-3_11

2023-01-01

Abstract:Symmetric primitives are a cornerstone of cryptography, and have traditionally been defined over fields, where cryptanalysis is now well understood. However, a few symmetric primitives defined over rings Z q for a composite number q have recently been proposed, a setting where security is much less studied. In this paper we focus on studying established algebraic attacks typically defined over fields and the extent of their applicability to symmetric primitives defined over the ring of integers modulo a composite q . Based on our analysis, we present an attack on full Rubato, a family of symmetric ciphers proposed by Ha et al. at Eurocrypt 2022 designed to be used in a transciphering framework for approximate fully homomorphic encryption. We show that at least 25 % of the possible choices for q satisfy certain conditions that lead to a successful key recovery attack with complexity significantly lower than the claimed security level for five of the six ciphers in the Rubato family.

Lein Harn,Shoubao Yang

DOI: https://doi.org/10.1007/3-540-57220-1_85

1992-01-01

Abstract:In 1985, T. ElGamal proposed a public-key cryptosystem and a signature scheme, in which the difficulty of breaking the system is based on the difficulty of computing a discrete logarithm in a finite group. For the same security level, the size of the ciphertext and the computational time of ElGamal's encryption are double those of the wellknown RSA scheme. In this paper, we propose a public-key cryptosystem based on the discrete logarithm, in which the size of the ciphertext and the computational time are the same as those of the RSA scheme, and the security level is the same as the ElGamal cryptosystem.

Weng-Long Chang,Kawuu Weicheng Lin,Ju-Chin Chen,Chih-Chiang Wang,Lai Chin Lu,Minyi Guo,Michael (Shan-Hui) Ho

DOI: https://doi.org/10.1007/s11227-011-0627-z

2011-01-01

Abstract:The RSA public-key cryptosystem is an algorithm that converts a plain-text to its corresponding cipher-text, and then converts the cipher-text back into its corresponding plain-text. In this article, we propose five DNA-based algorithms-parallel adder, parallel subtractor, parallel multiplier, parallel comparator, and parallel modular arithmetic-that construct molecular solutions for any (plain-text, cipher-text) pair for the RSA public-key cryptosystem. Furthermore, we demonstrate that an eavesdropper can decode an encrypted message overheard with the linear steps in the size of the encrypted message overheard.

M. R. K. Ariffin,M. A. Asbullah,N. A. Abu

DOI: https://doi.org/10.48550/arXiv.1207.1157

2012-11-14

Abstract:The square root modulo problem is a known primitive in designing an asymmetric cryptosystem. It was first attempted by Rabin. Decryption failure of the Rabin cryptosystem caused by the 4-to-1 decryption output is overcome efficiently in this work. The proposed scheme (known as the AA_\beta- cryptosystem) has its encryption speed having a complexity order faster than the Diffie-Hellman Key Exchange, El-Gammal, RSA and ECC. It can also transmit a larger data set securely when compared to existing asymmetric schemes. It has a simple mathematical structure. Thus, it would have low computational requirements and would enable communication devices with low computing power to deploy secure communication procedures efficiently.

Information Theory,Cryptography and Security

Ann Dooms,Carlo Emerencia

DOI: https://doi.org/10.1016/j.jisa.2024.103923

IF: 4.96

2024-11-29

Journal of Information Security and Applications

Abstract:The security of widely-used public-key cryptographic protocols like RSA, Diffie–Hellman key exchange and the Digital Signature Algorithm (DSA) is under threat due to the emergence of quantum computers. Shor's groundbreaking quantum algorithm poses a significant risk by efficiently factoring large integers into their prime factors, compromising RSA security. Additionally, it solves the Discrete Logarithm Problem, impacting certain Diffie–Hellman-based cryptosystems and digital signatures. Given this, it is imperative to enhance our current cryptographic tools for the post-quantum era, aiming to make it impractical, even with quantum algorithms, to breach the security of new cryptosystems. Prominent alternatives include elliptic curve and lattice-based cryptography, with exploration into other algebraic systems featuring difficult problems to ensure security. This paper establishes that systems based on the difficulty of inverting group ring elements are not quantum-resistant.

computer science, information systems

Yao Lu,Rui Zhang,Liqiang Peng,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-662-48797-6_9

2015-01-01

Abstract:We revisit the problem of finding small solutions to a collection of linear equations modulo an unknown divisor p for a known composite integer N. In CaLC 2001, Howgrave-Graham introduced an efficient algorithm for solving univariate linear equations; since then, two forms of multivariate generalizations have been considered in the context of cryptanalysis: modular multivariate linear equations by Herrmann and May (Asiacrypt' 08) and simultaneous modular univariate linear equations by Cohn and Heninger (ANTS' 12). Their algorithms have many important applications in cryptanalysis, such as factoring with known bits problem, fault attacks on RSA signatures, analysis of approximate GCD problem, etc.In this paper, by introducing multiple parameters, we propose several generalizations of the above equations. The motivation behind these extensions is that some attacks on RSA variants can be reduced to solving these generalized equations, and previous algorithms do not apply. We present new approaches to solve them, and compared with previous methods, our new algorithms are more flexible and especially suitable for some cases. Applying our algorithms, we obtain the best analytical/experimental results for some attacks on RSA and its variants, specifically,- We improve May's results (PKC' 04) on small secret exponent attack on RSA variant with moduli N = p(r) q (r >= 2).-We experimentally improve Boneh et al.'s algorithm (Crypto' 98) on factoring N = p(r) q (r >= 2) with known bits problem.-We significantly improve Jochemsz-May' attack (Asiacrypt' 06) on Common Prime RSA.-We extend Nitaj's result (Africacrypt' 12) on weak encryption exponents of RSA and CRT-RSA.