Haibin Shen,Yier Jin,Rongquan You

DOI: https://doi.org/10.1109/ICICIC.2006.180

2006-01-01

Abstract:Modular reduction is the basic operation of cryptographic systems. The Barrett's algorithm and Montgomery's algorithm are widely used nowadays and they are both based on pre-computation. In the field of elliptic curve cryptosystem (ECC) over GF(2m), the reduction polynomials recommended by SEC have few items and the degree of second item is much less than that of the first one. Making use of this characteristic, the paper presents a new method to accelerate modular reduction without pre-computation which speeds up modular reduction by 10-30 times over GF(2m) and speeds up ECC point multiplication by 40%-50%. This algorithm has been implemented in a high-speed public-key cipher accelerator

Mengce Zheng,Zhigang Chen,Yaohui Wu

DOI: https://doi.org/10.1109/access.2023.3264590

IF: 3.9

2023-04-14

IEEE Access

Abstract:In this paper, we propose two improved theorems for addressing generalized bivariate integer equations using the lattice-based method. We examine the application of these theorems to the problem of factoring general RSA (Rivest–Shamir–Adleman) moduli of the form where and are prime numbers. These moduli, which are commonly used in the RSA cryptosystem and its variants, have previously been subjected to attacks primarily through the solution of univariate modular equations. In contrast, we investigate the possibility of factoring using leaked most significant bits (MSBs) or least significant bits (LSBs) of the prime numbers by solving generalized bivariate integer equations. We determine the minimum amount of known bits required for implementing the proposed factoring attacks and establish a unifying attack strategy. Furthermore, our results are verified through numerical computer experiments.

computer science, information systems,telecommunications,engineering, electrical & electronic

Andrew Chi-chih Yao

DOI: https://doi.org/10.1109/sfcs.1986.25

1986-01-01

Abstract:In this paper we introduce a new tool for controlling the knowl­ edge transfer process in cryptographic protocol design. It is applied to solve a general class of problems which include most of the two-party cryptographic problems in the literature. -- -_.- Specifically, we show how two parties A and B can interactively generate a random integer N =p' q such that its secret, i.e., the prime factors (p, q), is hidden from either party individually but is recoverab~~ jointly if desired. This can be utilized to give a protocol for two parties with private values i and j to compute any polynomially computable functions f(i,j) and g(i,j) with minimal knowledge transfer and a strong fairness property. As a special case, A and B can exchange a pair of secrets SA, SB, e.g. the factorizatio~ of an integer and a Hamiltonian circuit in a graph, in such a way that SA becomes computable by Bwhen and only when SB becomes computable by A. All these results are proved assuming only that the problem of factoring large intergers is computationally intractable. Abstract

Xia Liu,Huan Yang,Li Yang

DOI: https://doi.org/10.1186/s42400-023-00181-w

2023-01-01

Abstract:The elliptic curve discrete logarithm problem (ECDLP) is a popular choice for cryptosystems due to its high level of security. However, with the advent of the extended Shor's algorithm, there is concern that ECDLP may soon be vulnerable. While the algorithm does offer hope in solving ECDLP, it is still uncertain whether it can pose a real threat in practice. From the perspective of the quantum circuits of the algorithm, this paper analyzes the feasibility of cracking ECDLP using an ion trap quantum computer with improved quantum circuits for the extended Shor's algorithm. We give precise quantum circuits for extended Shor's algorithm to calculate discrete logarithms on elliptic curves over prime fields, including modular subtraction, three different modular multiplication, and modular inverse. Additionally, we incorporate and improve upon windowed arithmetic in the circuits to reduce the CNOT-counts. Whereas previous studies mostly focused on minimizing the number of qubits or the depth of the circuit, we focus on minimizing the number of CNOT gates in the circuit, which greatly affects the running time of the algorithm on an ion trap quantum computer. Specifically, we begin by presenting implementations of basic arithmetic operations with the lowest known CNOT-counts, along with improved constructions for modular inverse, point addition, and windowed arithmetic. Next, we precisely estimate that, to execute the extended Shor's algorithm with the improved circuits to factor an n-bit integer, the CNOT-count required is 1237n(3)/ log n + 2n(2) + n. Finally, we analyze the running time and feasibility of the extended Shor's algorithm on an ion trap quantum computer.

Guoqiang Bai,Rui Ma,Guang Xiao

IF: 1.019

2001-01-01

Chinese Journal of Electronics

Abstract:Guang Gong and Lein Harn proposed a new Diffie-Hellman public-key distribution scheme that is based on third-order linear feedback shift register sequences over GF(p) and its security is based on the difficulty of solving the discrete logarithm in GF(p(3)). However, a method for attacking the scheme is presented in this paper. Despite that the method could not break up it fully, it indicates that the security of the scheme is likely to be not being based on the difficulty of solving the discrete logarithm in GF(p(3)). With this method, we have also obtained the weak private keys of the scheme.

Li Shundong,Dai Yiqi,Wang Daoshun,Luo Ping

DOI: https://doi.org/10.1109/ICDIM.2007.369247

2006-01-01

Abstract:Millionaire's problem is the base of secure multiparty computation, and its solutions have become basic blocks of many secure multiparty computation solutions. Unfortunately, most,solutions to millionaire's problem are based on public key cryptography, and thus are inefficient. Furthermore, all solutions are designed to solve millionaire's problem for natural number case to privately determine which natural number is larger. If the numbers are real, these solutions do not directly work. In this paper, we first propose a symmetric key cryptographic solution to millionaire's problem for natural numbers case, and then generalize it to the case of real numbers, that is to privately determine which real number is larger. We further prove, by simulation paradigm, that these solutions are private. These solutions are really efficient.

Tianxin Cai,Zhongyan Shen,Peng Yang

DOI: https://doi.org/10.2298/fil2402621c

2024-01-01

Filomat

Abstract:Let p be an odd prime. In this paper, analogs of Wilson?s and Wolstenholme?s theorems on the solution sets S+ = {n ? Z* p | n ? a + b ? ab (mod p)} and S? = {n ? Z* p | n ? a ? b ? ab (mod p)} are given, where Z* p denote a reduced residue system modulo p. We also establish congruences about sum and product of the quadratic residues in S+ or in S? modulo p. Finally, we raise a problem on how to solve Hadamard?s conjecture in the last section.

Elahe Mehraban,T. Aaron Gulliver,Salah Mahmoud Boulaaras,Kamyar Hosseini,Evren Hincal

DOI: https://doi.org/10.3934/math.2024660

2024-01-01

AIMS Mathematics

Abstract:This paper presents the generalized Pell $ p- $numbers and provides some related results. A new sequence is defined using the characteristic polynomial of the Pell $ p- $numbers and generalized Mersenne numbers. Two algorithms for Diffie-Hellman key exchange are given as an application of these sequences. They are illustrated via numerical examples and shown to be secure against attacks. Thus, these new sequences are practical for encryption and constructing private keys.

mathematics, applied

Martin Ekerå

2023-09-05

Abstract:Ekerå and Håstad have introduced a variation of Shor's algorithm for the discrete logarithm problem (DLP). Unlike Shor's original algorithm, Ekerå-Håstad's algorithm solves the short DLP in groups of unknown order. In this work, we prove a lower bound on the probability of Ekerå-Håstad's algorithm recovering the short logarithm $d$ in a single run. By our bound, the success probability can easily be pushed as high as $1 - 10^{-10}$ for any short $d$. A key to achieving such a high success probability is to efficiently perform a limited search in the classical post-processing by leveraging meet-in-the-middle techniques. Asymptotically, in the limit as the bit length $m$ of $d$ tends to infinity, the success probability tends to one if the limits on the search space are parameterized in $m$. Our results are directly applicable to Diffie-Hellman in safe-prime groups with short exponents, and to RSA via a reduction from the RSA integer factoring problem (IFP) to the short DLP.

Cryptography and Security,Quantum Physics

Abigail Mann

DOI: https://doi.org/10.48550/arXiv.1608.05882

2016-08-21

Abstract:As society becomes more reliant on computers, cryptographic security becomes increasingly important. Current encryption schemes include the ElGamal signature scheme, which depends on the complexity of the discrete logarithm problem. It is thought that the functions that such schemes use have inverses that are computationally intractable. In relation to this, we are interested in counting the solutions to a generalization of the discrete logarithm problem modulo a prime power. This is achieved by interpolating to p-adic functions, and using Hensel's lemma, or other methods in the case of singular lifting, and the Chinese Remainder Theorem.

Number Theory,Cryptography and Security

Alan Szepieniec,Jintai Ding,Bart Preneel

DOI: https://doi.org/10.1007/978-3-319-29360-8_12

2016-01-01

Abstract:This paper introduces a new central trapdoor for multivariate quadratic (MQ) public-key cryptosystems that allows for encryption, in contrast to time-tested MQ primitives such as Unbalanced Oil and Vinegar or Hidden Field Equations which only allow for signatures. Our construction is a mixed-field scheme that exploits the commutativity of the extension field to dramatically reduce the complexity of the extension field polynomial implicitly present in the public key. However, this reduction can only be performed by the user who knows concise descriptions of two simple polynomials, which constitute the private key. After applying this transformation, the plaintext can be recovered by solving a linear system. We use the minus and projection modifiers to inoculate our scheme against known attacks. A straightforward C++ implementation confirms the efficient operation of the public key algorithms.

BAI Guo-qiang,CAI Mian,XIAO Guo-zhen

DOI: https://doi.org/10.3969/j.issn.1001-2400.2000.06.015

2000-01-01

Abstract:Very recently, Guang Gong and Lein harn have proposed a new Diffie Hellman public key exchange scheme based on the 3 rd order linear feedback shift register sequences over GF(q). A method for attacking the scheme is investigated in this paper. For some special private keys, with the method we can easily obtain them from their public keys and the system open parameters.

ShunDong Li,DaoShun Wang,YiQi Dai

DOI: https://doi.org/10.1007/s11432-009-0109-6

2009-01-01

Abstract:Yao’s millionaires’ problem is a fundamental problem in secure multiparty computation, and its solutions have become building blocks of many secure multiparty computation solutions. Unfortunately, most protocols for millionaires’ problem are constructed based on public cryptography, and thus are inefficient. Furthermore, all protocols are designed to solve the basic millionaires’ problem, that is, to privately determine which of two natural numbers is greater. If the numbers are real, existing solutions do not directly work. These features limit the extensive application of the existing protocols. This study introduces and refines the first symmetric cryptographic protocol for the basic millionaires’ problem, and then extends the symmetric cryptographic protocol to privately determining which of two real numbers is greater, which are called the extended millionaires’ problem, and proposes corresponding protocols. We further prove, by a well accepted simulation paradigm, that these protocols are private. Constructed based on symmetric cryptography, these protocols are very efficient.

Andrew Chi-Chih Yao

DOI: https://doi.org/10.1109/sfcs.1986.25

1986-01-01

Abstract:In this paper we introduce a new tool for controlling the knowledge transfer process in cryptographic protocol design. It is applied to solve a general class of problems which include most of the two-party cryptographic problems in the literature. Specifically, we show how two parties A and B can interactively generate a random integer N = pċq such that its secret, i.e., the prime factors (p, q), is hidden from either party individually but is recoverable jointly if desired. This can be utilized to give a protocol for two parties with private values i and j to compute any polynomially computable functions f(i,j) and g(i,j) with minimal knowledge transfer and a strong fairness property. As a special case, A and B can exchange a pair of secrets sA, sB, e.g. the factorization of an integer and a Hamiltonian circuit in a graph, in such a way that sA becomes computable by B when and only when sB becomes computable by A. All these results are proved assuming only that the problem of factoring large intergers is computationally intractable.

Zhefeng Xu,Jiankang Wang,Lirong Zhu

DOI: https://doi.org/10.3934/era.2024085

2024-01-01

Electronic Research Archive

Abstract:For an odd prime $ p $ and a positive integer $ \alpha $, let $ g $ be of multiplicative order $ \tau $ modulo $ q $ and $ q = p^{\alpha} $. Denote by $ N(h, g, q) $ the number of $ a $ such that $ h\nmid (a+(g^{a})_{q}) $ for any $ 1\leq a\leq \tau $ and a fixed integer $ h\geq 2 $ with $ (h, q) = 1 $. The main purpose of this paper is to give a sharp asymptotic formula for \begin{document}$ N(k, h, g, q) = \mathop{\sum\limits_{\begin{smallmatrix} a = 1\\ h\nmid (a+(g^{a})_{q}) \end{smallmatrix}}^{\tau}}\left|a-(g^{a})_{q}\right| ^{2k} $\end{document} where $ k $ is any nonnegative integer and $ (a)_{q} $ denotes the smallest positive residue of $ a $ modulo $ q $. In addition, we know that $ N(h, g, q) = N(0, h, g, q) $.

mathematics

Mu-En Wu,Raylin Tso,Hung-Min Sun

DOI: https://doi.org/10.1007/978-3-642-34601-9_28

2012-01-01

Abstract:In RSA equation: ed=k·φ(N)+1, we may guess on partial bits of d or p+q by doing an exhaustive search to further extend the security boundary of d. In this paper, we discuss the following question: Does guessing on p+q bring more benefit than guessing on d? We provide the detailed analysis on this problem by using the lattice reduction technique. Our analysis shows that leaking partial most significant bits (MSBs) of p+q in RSA risks more than leaking partial MSBs of d. This result inspires us to further extend the boundary of the Boneh-Durfee attack to N0.284+Δ, where Δ is contributed by the capability of exhaustive search. Assume that doing an exhaustive search for 64 bits is feasible in the current computational environment, the boundary of the Boneh-Durfee attack should be raised to d<N0.328 for an 1024-bit RSA modulus. This is a 37 bits improvement over Boneh and Durfee's boundary.

HaiJian Zhou,Ping Luo,DaoShun Wang,YiQi Dai

DOI: https://doi.org/10.1007/s11432-009-0159-9

2009-01-01

Science in China Series F Information Sciences

Abstract:Finding the solution to a general multivariate modular linear equation plays an important role in cryptanalysis field. Earlier results show that obtaining a relatively short solution is possible in polynomial time. However, one problem arises here that if the equation has a short solution in given bounded range, the results outputted by earlier algorithms are often not the ones we are interested in. In this paper, we present a probability method based on lattice basis reduction to solve the problem. For a general multivariate modular linear equation with short solution in the given bounded range, the new method outputs this short solution in polynomial time, with a high probability. When the number of unknowns is not too large (smaller than 68), the probability is approximating 1. Experimental results show that Knapsack systems and Lu-Lee type systems are easily broken in polynomial time with this new method.

Ilia Toli

DOI: https://doi.org/10.48550/arXiv.cs/0304013

2003-04-09

Cryptography and Security

Abstract:We propose public-key cryptosystems with public key a system of polynomial equations, algebraic or differential, and private key a single polynomial or a small-size ideal. We set up probabilistic encryption, signature, and signcryption protocols.

Hung-Min Sun,Mu-En Wu,Ron Steinfeld,Jian Guo,Huaxiong Wang

DOI: https://doi.org/10.1007/978-3-540-89641-8_4

2008-01-01

Abstract:LSBS-RSA denotes an RSA system with modulus primes, p and q , sharing a large number of least significant bits. In ISC 2007 , Zhao and Qi analyzed the security of short exponent LSBS-RSA. They claimed that short exponent LSBS-RSA is much more vulnerable to the lattice attack than the standard RSA. In this paper, we further raise the security boundary of the Zhao-Qi attack by considering another polynomial. Our improvemet supports the result of analogue Fermat factoring on LSBS-RSA, which claims that p and q cannot share more than $\frac{n}{4}$ least significant bits, where n is the bit-length of pq . In conclusion, it is a trade-off between the number of sharing bits and the security level in LSBS-RSA. One should be more careful when using LSBS-RSA with short exponents.

P. A. CrowdMath,P.A. CrowdMath

DOI: https://doi.org/10.48550/arXiv.2005.07321

2020-05-15

Number Theory

Abstract:The abc conjecture is one of the most famous unsolved problems in number theory. The conjecture claims for each real $\epsilon > 0$ that there are only a finite number of coprime positive integer solutions to the equation $a+b = c$ with $c > (rad(a b c))^{1+\epsilon}$. If true, the abc conjecture would imply many other famous theorems and conjectures as corollaries. In this paper, we discuss the abc conjecture and find new applications to powerful numbers, which are integers $n$ for which $p^2 | n$ for every prime $p$ such that $p | n$. We answer several questions from an earlier paper on this topic, assuming the truth of the abc conjecture.