带系数的离散对数知识签名

知识签名就是签名者在非交互的情况下向别人证明其知道某个秘密而不泄露该秘密本身,现在知识签名广泛应用在群签名中.本文主要研究了带系数的离散对数知识签名,并对几种类型的带系数签名函数进行了定义和证明.通过对签名函数增加系数,可以有效地扩大签名函数的选择范围,增加知识签名的适用性.     

基于DLP的自认证多接收者签密方案

在已有研究的基础之上,实现了一种基于有限域上的离散对数问题(DLP)的自认证多接收者签密方案.方案避免了公钥系统中的证书存在问题和密钥托管问题,为具有多名合法接收者的签密问题提供了有效的解决途径,算法简单,安全性高,适合于在实际中应用.     

改进的基于离散对数的代理签名体制

基于离散对数的代理签名方案,一般分为需要可信中心和不需要可信中心两种。但在现实中,许多特定的应用环境下,一个完全可信的第三方认证中心并不存在,而且在第三方认讧中心出现问题时。吞易对信息的安全性造成直接影响。因此,构造一个不需要可信中心的代理签名方案显得非常重要。它通过对代理授权信息的盲化,加强了信息的安全性,使得授权信息可以在公共信道中传输。这样不但保证了方案在授权阶段的信息保密性,还在一定程度上提高了方案的性能。     

基于离散对数问题的盲数字签名

该文首先说明了Harn的分析方法对现有的基于离散对数问题的盲数字签名并没有带来真正的威胁。其次,基于一个登记协议和CarmenisCh等的盲数字签名方案,提出一个新型的公平盲数字签名方案,该方案提供了部分不可联系性。     

基于离散对数有序多重签名

提出了一种基于离散对数型的有序多重签名方案，该方案无需增设第三方信任机构，减少了通信和计算工作量。同时他的安全性基于求解离散对数难题，因此是一种安全有效的有序多重签名方案。     

基于DLP的自认证广义指定验证者密签方案

有机集成广义指定验证者签名和自认证签密的思想,提出了一个基于DLP的自认证广义指定验证者签密方案,方案的困难性基于有限域上的离散对数问题.所提方案不仅能够保护签密持有者的隐私,而且消除了证书存在问题和密钥托管问题.由于新方案具有通信代价低、计算量少和安全性强等优点,在电子商务和电子政务活动中将具有重要应用.     

An Improved Pseudo-Random Generator Based on the Discrete Logarithm Problem

Under the assumption that solving the discrete logarithm problem modulo an n-bit safe prime p is hard even when the exponent is a small c-bit number, we construct a new pseudo-random bit generator. This new generator outputs n – c – 1 bits per exponentiation with a c-bit exponent and is among the fastest generators based on hard number-theoretic problems.     

Elliptic Curve Discrete Logarithm Problem over Small Degree Extension Fields

In 2008 and 2009, Gaudry and Diem proposed an index calculus method for the resolution of the discrete logarithm on the group of points of an elliptic curve defined over a small degree extension field $\mathbb{F}_{q^{n}}$ . In this paper, we study a variation of this index calculus method, improving the overall asymptotic complexity when $n = \varOmega(\sqrt [3]{\log_{2} q})$ . In particular, we are able to successfully obtain relations on $E(\mathbb{F}_{q^{5}})$ , whereas the more expensive computational complexity of Gaudry and Diem’s initial algorithm makes it impractical in this case. An important ingredient of this result is a variation of Faugère’s Gröbner basis algorithm F4, which significantly speeds up the relation computation. We show how this index calculus also applies to oracle-assisted resolutions of the static Diffie–Hellman problem on these elliptic curves.     

The Discrete Logarithm Problem on Elliptic Curves of Trace One

In this short note we describe an elementary technique which leads to a linear algorithm for solving the discrete logarithm problem on elliptic curves of trace one. In practice the method described means that when choosing elliptic curves to use in cryptography one has to eliminate all curves whose group orders are equal to the order of the finite field. Received 9 December 1997 and revised 11 March 1998     

Improved Algorithm for Solving Discrete Logarithm Problem by Expanding Factor

The discrete logarithm problem(DLP)is to find a solution n such that g^n=h in a finite cyclic group G=,where h∈G.The DLP is the security foundation of many cryptosystems,such as RSA.We propose a method to improve Pollard’s kangaroo algorithm,which is the classic algorithm for solving the DLP.In the proposed algorithm,the large integer multiplications are reduced by controlling whether to perform large integer multiplication.To control the process,the tools of expanding factor and jumping distance are introduced.The expanding factor is an indicator used to measure the probability of collision.Large integer multiplication is performed if the value of the expanding factor is greater than the given bound.The improved algorithm requires an average of(1.633+o(1))q(1/2)times of the large integer multiplications.In experiments,the average large integer multiplication times is approximately(1.5+o(1))q(1/2).     

有限域上超椭圆曲线离散对数问题的错误攻击

In this paper, we present two explicit inva-lid-curve attacks on the genus 2 hyperelliptic curve o-ver a finite field. First, we propose two explicit attack models by injecting a one-bit fault in a given divisor. Then, we discuss the construction of an invalid curve based on the faulted divisor. Our attacks are based on the fact that the Hyperelliptic Curve Scalar Multiplica-tion (HECSM) algorithm does not utilize the curve parameters and We consider three hyperelliptic curves as the attack targets. For curve with security level 186 (in bits), our attack method can get the weakest inva-lid curve with security level 42 (in bits); there are 93 invalid curves with security level less than 50. We al-so estimate the theoretical probability of getting a weak hyperelliptic curve whose cardinality is a smooth integer. Finally, we show that the complexity of the fault attack is subexponential if the attacker can freely inject a fault in the input divisor. Cryptosystems based on the genus 2 hyperelliptic curves cannot work against our attack algorithm in practice.     

指定验证人无第三方代理多重签名方案

分析了一些典型的代理多重签名方案,发现已经存在的方案存在漏洞,容易受到内部攻击和外部攻击,针对以上问题提出一个新的代理多重签名方案,改进后的方案克服了原方案的缺陷,通过性能分析,新的方案更加安全可靠.     

基于ECDLP的背包公钥密码体制

基于背包问题的密码体制是NP完全问题,有较快的加／解密速度和能满足广泛应用的密码系统。背包系统问题仍然保持较热的研究方向这是毫无疑问的。给定点对（P,[m]P）,求整数m,是一个非常困难的问题,这问题称为椭圆曲线离散对数问题（简称为ECDLP）。论文提出基于椭圆曲线离散对数问题的一种新颖的背包类型公钥密码体制。     

Using Symmetries in the Index Calculus for Elliptic Curves Discrete Logarithm

In 2004, an algorithm is introduced to solve the DLP for elliptic curves defined over a non-prime finite field \(\mathbb{F}_{q^{n}}\) . One of the main steps of this algorithm requires decomposing points of the curve \(E(\mathbb{F}_{q^{n}})\) with respect to a factor base, this problem is denoted PDP. In this paper, we will apply this algorithm to the case of Edwards curves, the well-known family of elliptic curves that allow faster arithmetic as shown by Bernstein and Lange. More precisely, we show how to take advantage of some symmetries of twisted Edwards and twisted Jacobi intersections curves to gain an exponential factor 2 ^ω(n?1) to solve the corresponding PDP where ω is the exponent in the complexity of multiplying two dense matrices. Practical experiments supporting the theoretical result are also given. For instance, the complexity of solving the ECDLP for twisted Edwards curves defined over \(\mathbb{F}_{q^{5}}\) , with q≈2⁶⁴, is supposed to be ～ 2¹⁶⁰ operations in \(E(\mathbb{F}_{q^{5}})\) using generic algorithms compared to 2¹³⁰ operations (multiplications of two 32-bits words) with our method. For these parameters the PDP is intractable with the original algorithm. The main tool to achieve these results relies on the use of the symmetries and the quasi-homogeneous structure induced by these symmetries during the polynomial system solving step. Also, we use a recent work on a new algorithm for the change of ordering of a Gröbner basis which provides a better heuristic complexity of the total solving process.     

基于离散对数问题的两层分散式组密钥管理方案

该文基于多个解密密钥映射到同一加密密钥的公钥加密算法提出一个组密钥更新协议,结合LKH算法为特定源多播模型设计一个两层分散式组密钥管理方案。证明它具有后向保密性、高概率的前向保密性和抗串谋性。通过上层私钥的长寿性和密钥转换的方法来缓解子组管理者的性能瓶颈及共享组密钥方法中普遍存在的1影响n问题。分析表明,采用混合密码体制的新方案在一定程度上兼备了两类不同组密钥管理方法的优势。     

基于多离散对数问题的公钥密码的分析

本文对一个特定群生成元系中元素的阶数的选取做了讨论,对多离散对数问题和基于它的公钥加密方案做了分析.指出在原文所述情况下,多离散对数问题可转化为离散对数问题,从而,该问题存在亚指数时间解,并导致相关私钥在大多数情况下是亚指数时间不安全的.本文进一步指出,在几乎任何情况下,密文还原问题都可转化为离散对数问题,从而,它也存在亚指数时间解.所以,要把离散对数问题和ElGamal公钥密码改造成抗Shor量子算法攻击的,还需做更深入的、持久的探索.     

An L(1/3) Discrete Logarithm Algorithm for Low Degree Curves

We present an algorithm for solving the discrete logarithm problem in Jacobians of families of plane curves whose degrees in X and Y are low with respect to their genera. The finite base fields \mathbbF_q\mathbb{F}_{q} are arbitrary, but their sizes should not grow too fast compared to the genus. For such families, the group structure and discrete logarithms can be computed in subexponential time of L_q^g(1/3,O(1))L_{q^{g}}(1/3,O(1)). The runtime bounds rely on heuristics similar to the ones used in the number field sieve or the function field sieve.     

Isogenies and the Discrete Logarithm Problem in Jacobians of Genus 3 Hyperelliptic Curves,

We describe the use of explicit isogenies to translate instances of the Discrete Logarithm Problem (DLP) from Jacobians of hyperelliptic genus 3 curves to Jacobians of non-hyperelliptic genus 3 curves, where they are vulnerable to faster index calculus attacks. We provide explicit formulae for isogenies with kernel isomorphic to (ℤ/2ℤ)³ (over an algebraic closure of the base field) for any hyperelliptic genus 3 curve over a field of characteristic not 2 or 3. These isogenies are rational for a positive fraction of all hyperelliptic genus 3 curves defined over a finite field of characteristic p>3. Subject to reasonable assumptions, our constructions give an explicit and efficient reduction of instances of the DLP from hyperelliptic to non-hyperelliptic Jacobians for around 18.57% of all hyperelliptic genus 3 curves over a given finite field. We conclude with a discussion on extending these ideas to isogenies with more general kernels. This paper was solicted by the Editors-in-Chief as one of the best papers from EUROCRYPT 2008, based on the recommendation of the program committee. A condensed version of this work appeared in the proceedings of the EUROCRYPT 2008 conference.     

基于离散对数和二次剩余的门限数字签名体制的安全性分析

在研究参考文献[1]的基础上,对文献[1]的门限签名安全体制进行了分析研究,在研究学习中发现可以有2个满足签名验证的部分签名,一个是正确的签名,一个是可以用于替代这个正确签名的签名。对这种情况提出了一种签名参与者可能采用的欺诈攻击行为,可达到日后否认签名这一目的。此外,针对部分参与者在各自签名中的数学运算,通过分析发现可以出现部分签名计算上的问题,从而使以后的计算机运算验证出现偏差,针对上述这两个问题给出了相对应的修改措施。     

扩展输入的自适应线性神经元

通过加入辅助输入单元，对自适应线性神经元的输入进行扩展，使其在分类和函数逼近止的能力有了很大的改进。