Do you want to publish a course? Click here

The Pailliers Cryptosystem and Some Variants Revisited

84   0   0.0 ( 0 )
 Added by Zhengjun Cao
 Publication date 2015
and research's language is English




Ask ChatGPT about the research

At Eurocrypt99, Paillier presented a public-key cryptosystem based on a novel computational problem. It has interested many researchers because it was additively homomorphic. In this paper, we show that there is a big difference between the original Pailliers encryption and some variants. The Pailliers encryption can be naturally transformed into a signature scheme but these variants miss the feature. In particular, we simplify the alternative decryption procedure of Bresson-Catalano-Pointcheval encryption scheme proposed at Asiacrypt03. The new version is more applicable to cloud computing because of its double trapdoor decryption mechanism and its flexibility to be integrated into other cryptographic schemes. It captures a new feature that its two groups of secret keys can be distributed to different users so as to enhance the robustness of key management.



rate research

Read More

175 - Shenghui Su , , Shuwang Lu 2010
We illustrate through example 1 and 2 that the condition at theorem 1 in [8] dissatisfies necessity, and the converse proposition of fact 1.1 in [8] does not hold, namely the condition Z/M - L/Ak < 1/(2 Ak^2) is not sufficient for f(i) + f(j) = f(k). Illuminate through an analysis and ex.3 that there is a logic error during deduction of fact 1.2, which causes each of fact 1.2, 1.3, 4 to be invalid. Demonstrate through ex.4 and 5 that each or the combination of qu+1 > qu * D at fact 4 and table 1 at fact 2.2 is not sufficient for f(i) + f(j) = f(k), property 1, 2, 3, 4, 5 each are invalid, and alg.1 based on fact 4 and alg.2 based on table 1 are disordered and wrong logically. Further, manifest through a repeated experiment and ex.5 that the data at table 2 is falsified, and the example in [8] is woven elaborately. We explain why Cx = Ax * W^f(x) (% M) is changed to Cx = (Ax * W^f(x))^d (% M) in REESSE1+ v2.1. To the signature fraud, we point out that [8] misunderstands the existence of T^-1 and Q^-1 % (M-1), and forging of Q can be easily avoided through moving H. Therefore, the conclusion of [8] that REESSE1+ is not secure at all (which connotes that [8] can extract a related private key from any public key in REESSE1+) is fully incorrect, and as long as the parameter Omega is fitly selected, REESSE1+ with Cx = Ax * W^f(x) (% M) is secure.
163 - Shenghui Su , Shuwang Lv 2007
In this paper, the authors give the definitions of a coprime sequence and a lever function, and describe the five algorithms and six characteristics of a prototypal public key cryptosystem which is used for encryption and signature, and based on three new problems and one existent problem: the multivariate permutation problem (MPP), the anomalous subset product problem (ASPP), the transcendental logarithm problem (TLP), and the polynomial root finding problem (PRFP). Prove by reduction that MPP, ASPP, and TLP are computationally at least equivalent to the discrete logarithm problem (DLP) in the same prime field, and meanwhile find some evidence which inclines people to believe that the new problems are harder than DLP each, namely unsolvable in DLP subexponential time. Demonstrate the correctness of the decryption and the verification, deduce the probability of a plaintext solution being nonunique is nearly zero, and analyze the exact securities of the cryptosystem against recovering a plaintext from a ciphertext, extracting a private key from a public key or a signature, and forging a signature through known signatures, public keys, and messages on the assumption that IFP, DLP, and LSSP can be solved. Studies manifest that the running times of effectual attack tasks are greater than or equal to O(2^n) so far when n = 80, 96, 112, or 128 with lgM = 696, 864, 1030, or 1216. As viewed from utility, it should be researched further how to decrease the length of a modulus and to increase the speed of the decryption.
Recently, it has been shown how McEliece public-key cryptosystems based on moderate-density parity-check (MDPC) codes allow for very compact keys compared to variants based on other code families. In this paper, classical (iterative) decoding schemes for MPDC codes are considered. The algorithms are analyzed with respect to their error-correction capability as well as their resilience against a recently proposed reaction-based key-recovery attack on a variant of the MDPC-McEliece cryptosystem by Guo, Johansson and Stankovski (GJS). New message-passing decoding algorithms are presented and analyzed. Two proposed decoding algorithms have an improved error-correction performance compared to existing hard-decision decoding schemes and are resilient against the GJS reaction-based attack for an appropriate choice of the algorithms parameters. Finally, a modified belief propagation decoding algorithm that is resilient against the GJS reaction-based attack is presented.
Brauer and Fowler noted restrictions on the structure of a finite group G in terms of the order of the centralizer of an involution t in G. We consider variants of these themes. We first note that for an arbitrary finite group G of even order, we have |G| is less than the number of conjugacy classes of the Fitting subgroup times the order of the centralizer to the fourth power of any involution in G. This result does require the classification of the finite simple groups. The groups SL(2,q) with q even shows that the exponent 4 cannot be replaced by any exponent less than 3. We do not know at present whether the exponent 4 can be improved in general, though we note that the exponent 3 suffices for almost simple groups G. We are however able to prove that every finite group $G$ of even order contains an involution u such that [G:F(G)] is less than the cube of the order of the centralizer of u. There is a dichotomy in the proof of this fact, as it reduces to proving two residual cases: one in which G is almost simple (where the classification of the finite simple groups is needed) and one when G has a Sylow 2-subgroup of order 2. For the latter result, the classification of finite simple groups is not needed (though the Feit-Thompson odd order theorem is). We also prove a very general result on fixed point spaces of involutions in finite irreducible linear groups which does not make use of the classification of the finite simple groups, and some other results on the existence of non-central elements (not necessarily involutions) with large centralizers in general finite groups. We also show (without the classification of finite simple groups) that if t is an involution in G and p is a prime divisor of [G:F(G)], then p is at most 1 plus the order of the centralizer of t (and this is best possible).
This paper gives the definitions of an extra superincreasing sequence and an anomalous subset sum, and proposes a fast quantum-safe asymmetric cryptosystem called JUOAN2. The new cryptosystem is based on an additive multivariate permutation problem (AMPP) and an anomalous subset sum problem (ASSP) which parallel a multivariate polynomial problem and a shortest vector problem respectively, and composed of a key generator, an encryption algorithm, and a decryption algorithm. The authors analyze the security of the new cryptosystem against the Shamir minima accumulation point attack and the LLL lattice basis reduction attack, and prove it to be semantically secure (namely IND-CPA) on the assumption that AMPP and ASSP have no subexponential time solutions. Particularly, the analysis shows that the new cryptosystem has the potential to be resistant to quantum computing attack, and is especially suitable to the secret communication between two mobile terminals in maneuvering field operations under any weather. At last, an example explaining the correctness of the new cryptosystem is given.
comments
Fetching comments Fetching comments
Sign in to be able to follow your search criteria
mircosoft-partner

هل ترغب بارسال اشعارات عن اخر التحديثات في شمرا-اكاديميا