The Diffie–Hellman Protocol

The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor one-way function, a public-key cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the so-called Diffie–Hellman protocol, allowing two parties who share no secret information initially, to generate a mutual secret key. This paper summarizes the present knowledge on the security of this protocol.     

Discrete Logarithms: The Past and the Future

The first practical public key cryptosystem to be published, the Diffie–Hellman key exchange algorithm, was based on the assumption that discrete logarithms are hard to compute. This intractability hypothesis is also the foundation for the presumed security of a variety of other public key schemes. While there have been substantial advances in discrete log algorithms in the last two decades, in general the discrete log still appears to be hard, especially for some groups, such as those from elliptic curves. Unfortunately no proofs of hardness are available in this area, so it is necessary to rely on experience and intuition in judging what parameters to use for cryptosystems. This paper presents a brief survey of the current state of the art in discrete logs.     

Cryptography in Quadratic Function Fields

We describe severalcryptographic schemes in quadratic function fields of odd characteristic.In both the real and the imaginary representation of such a field,we present a Diffie-Hellman-like key exchange protocol as wellas a public-key cryptosystem and a signature scheme of ElGamaltype. Several of these schemes are improvements of systems previouslyfound in the literature, while others are new. All systems arebased on an appropriate discrete logarithm problem. In the imaginarysetting, this is the discrete logarithm problem in the idealclass group of the field, or equivalently, in the Jacobian ofthe curve defining the function field. In the real case, theproblem in question is the task of computing distances in theset of reduced principal ideals, which is a monoid under a suitableoperation. Currently, the best general algorithms for solvingboth discrete logarithm problems are exponential (subexponentialonly in fields of high genus), resulting in a possibly higherlevel of security than that of conventional discrete logarithmbased schemes.     

Computing discrete logarithms in real quadratic congruence function fields of large genus

The discrete logarithm problem in various finite abelian groups is the basis for some well known public key cryptosystems. Recently, real quadratic congruence function fields were used to construct a public key distribution system. The security of this public key system is based on the difficulty of a discrete logarithm problem in these fields. In this paper, we present a probabilistic algorithm with subexponential running time that computes such discrete logarithms in real quadratic congruence function fields of sufficiently large genus. This algorithm is a generalization of similar algorithms for real quadratic number fields.

     

The Diffie–Hellman problem and generalization of Verheul’s theorem

Bilinear pairings on elliptic curves have been of much interest in cryptography recently. Most of the protocols involving pairings rely on the hardness of the bilinear Diffie–Hellman problem. In contrast to the discrete log (or Diffie–Hellman) problem in a finite field, the difficulty of this problem has not yet been much studied. In 2001, Verheul (Advances in Cryptology—EUROCRYPT 2001, LNCS 2045, pp. 195–210, 2001) proved that on a certain class of curves, the discrete log and Diffie–Hellman problems are unlikely to be provably equivalent to the same problems in a corresponding finite field unless both Diffie–Hellman problems are easy. In this paper we generalize Verheul’s theorem and discuss the implications on the security of pairing based systems.      

量子计算与公钥密码

首先介绍P.Shor的量子算法,然后运用该算法,对几种公钥密码体制(基于整数分解的困难性的RSA公钥体制;基于离散对数的困难性的公钥体制,如E lG am a l体制、椭圆曲线密码(ECC)体制等)进行了分析.     

Discrete Logarithm Based Cryptosystems in Quadratic Function Fields of Characteristic 2

We present a key exchange scheme similar to that of Diffie and Hellman using the infrastructure of quadratic function fields of even characteristic. This is a modification of the results of Scheidler, Stein and Williams who used quadratic function fields of odd characteristic. We also extend these results to give a digital signature scheme similar to that of ElGamal. These schemes are possible in this structure even though it is not a group. Finally we examine the security of such systems, and give a possible attack based on Pohlig and Hellman's attack on discrete logarithms in finite groups.     

改进的基于ECDLP的无证书部分盲签名机制

对邵国金等人(四川大学学报(工程科学版),2012年第1期)提出的基于椭圆曲线离散对数难题(ECDLP)的无双线性对运算的部分盲签名方案进行安全性分析,发现方案不能抵抗公钥替换攻击.为此,提出了一个改进方案.在随机谕言模型下证明了改进方案对自适应选择消息和身份攻击是存在性不可伪造性的.将所提方案与部分现有的无证书部分盲签名方案的计算性能进行了比较,结果显示改进方案具有较高的运算效率.     

How to Mask the Structure of Codes for a Cryptographic Use

In this paper we show how to strengthen public-key cryptosystems against known attacks, together with the reduction of the public-key. We use properties of subcodes to mask the structure of the codes used by the conceiver of the system. We propose new parameters for the cryptosystems and even a modified Niederreiter cryptosystem in the case of Gabidulin codes, with a public-key size of less than 4000 bits.Communicated by: P. WildAMS Classification: 11T71     

An efficient and secure Diffie–Hellman key agreement protocol based on Chebyshev chaotic map

This paper proposes a new efficient and secure Diffie–Hellman key agreement protocol based on Chebyshev chaotic map. The proposed key agreement protocol uses the semi-group property of Chebyshev polynomials to agree Diffie–Hellman based session key. The proposed protocol provides strong security compared with the previous related protocols. In addition, the proposed protocol does not require any timestamp information and greatly reduces computational costs between communication parties. As a result, the proposed protocol is more practical and provides computational/communicational efficiency compare with several previously proposed key agreement protocols based on Chebyshev chaotic map.