A public-key cryptosystem utilizing cyclotomic fields

While it is well-known that the RSA public-key cryptosystem can be broken if its modulusN can be factored, it is not known whether there are other ways of breaking RSA. This paper presents a public-key scheme which necessarily requires knowledge of the factorization of its modulus in order to be broken. Rabin introduced the first system whose security is equivalent to the difficulty of factoring the modulus. His scheme is based on squaring (cubing) for encryption and extracting square (cube) roots for decryption. This introduces a 14 (19) ambiguity in the decryption. Various schemes which overcome this problem have been introduced for both the quadratic and cubic case. We generalize the ideas of Williams' cubic system to larger prime exponents. The cases of higher prime order introduce a number of problems not encountered in the quadratic and cubic cases, namely the existence of fundamental units in the underlying cyclotomic field, the evaluation of higher power residue symbols, and the increased difficulty of Euclidean division in the field.     

Application of homomorphism to secure image sharing

In this paper, we present a new approach for sharing images between l players by exploiting the additive and multiplicative homomorphic properties of two well-known public key cryptosystems, i.e. RSA and Paillier. Contrary to the traditional schemes, the proposed approach employs secret sharing in a way that limits the influence of the dealer over the protocol and allows each player to participate with the help of his key-image. With the proposed approach, during the encryption step, each player encrypts his own key-image using the dealer's public key. The dealer encrypts the secret-to-be-shared image with the same public key and then, the l encrypted key-images plus the encrypted to-be shared image are multiplied homomorphically to get another encrypted image. After this step, the dealer can safely get a scrambled image which corresponds to the addition or multiplication of the l + 1 original images (l key-images plus the secret image) because of the additive homomorphic property of the Paillier algorithm or multiplicative homomorphic property of the RSA algorithm. When the l players want to extract the secret image, they do not need to use keys and the dealer has no role. Indeed, with our approach, to extract the secret image, the l players need only to subtract their own key-image with no specific order from the scrambled image. Thus, the proposed approach provides an opportunity to use operators like multiplication on encrypted images for the development of a secure privacy preserving protocol in the image domain. We show that it is still possible to extract a visible version of the secret image with only l-1 key-images (when one key-image is missing) or when the l key-images used for the extraction are different from the l original key-images due to a lossy compression for example. Experimental results and security analysis verify and prove that the proposed approach is secure from cryptographic viewpoint.     

Low-density attack revisited

The low-density attack proposed by Lagarias and Odlyzko is a powerful algorithm against the subset sum problem. The improvement algorithm due to Coster et al. would solve almost all the problems of density <0.9408... in the asymptotical sense. On the other hand, the subset sum problem itself is known as an NP-hard problem, and a lot of efforts have been paid to establish public-key cryptosystems based on the problem. In these cryptosystems, densities of the subset sum problems should be higher than 0.9408... in order to avoid the low-density attack. For example, the Chor-Rivest cryptosystem adopted subset sum problems with relatively high densities. In this paper, we further improve the low-density attack by incorporating an idea that integral lattice points can be covered with polynomially many spheres of shorter radius and of lower dimension. As a result, the success probability of our attack can be higher than that of Coster et al.’s attack for fixed dimensions. The density bound is also improved for fixed dimensions. Moreover, we numerically show that our improved low-density attack makes the success probability higher in case of low Hamming weight solution, such as the Chor-Rivest cryptosystem, if we assume SVP oracle calls.      

Information Security, Mathematics, and Public-Key Cryptography

Public-key cryptography is today recognized as an important tool in the provision of information security. This article gives an overview of the field on the occasion of its 22nd birthday.     

Minimal degrees of invariants of (super)groups – a connection to cryptology

We investigate questions related to the minimal degree of invariants of finitely generated diagonalizable groups. These questions were raised in connection to security of a public key cryptosystem based on invariants of diagonalizable groups. We derive results for minimal degrees of invariants of finite groups, abelian groups and algebraic groups. For algebraic groups we relate the minimal degree of the group to the minimal degrees of its tori. Finally, we investigate invariants of certain supergroups that are superanalogs of tori. It is interesting to note that a basis of these invariants is not given by monomials.     

Computing genus 2 curves from invariants on the Hilbert moduli space

We give a new method for generating genus 2 curves over a finite field with a given number of points on the Jacobian of the curve. We define two new invariants for genus 2 curves as values of modular functions on the Hilbert moduli space and show how to compute them. We relate them to the usual three Igusa invariants on the Siegel moduli space and give an algorithm to construct curves using these new invariants. Our approach simplifies the complex analytic method for computing genus 2 curves for cryptography and reduces the amount of computation required.     

单模数多变量二次同余方程组的求解及其在信息安全中的应用

根据二次同余理论,利用当P=5mod8,n^（p-1）/4=±1modp时,方程X^2=nmodP的解有具体表达式这一事实,设计了基于多变量二次同余方程组实现的密码体系。数值算例证明,该类密码体系是可行的,体系信息冗余且是一次一密的,要依赖于解密策略的交互确认,所以该类密码体系是安全的。     

A Non-interactive Public-Key Distribution System

An identity-based non-interactive public key distribution system is presented that is based on a novel trapdoor one-way function allowing a trusted authority to compute the discrete logarithms modulo a publicly known composite number m while this is infeasible for an adversary not knowing the factorization of m. Without interaction with a key distribution center or with the recipient of a given message, a user can generate a mutual secure cipher key based solely on the recipient's identity and his own secret key, and subsequently send the message, encrypted with the generated cipher used in a conventional cipher, over an insecure channel to the recipient. In contrast to previously proposed identity-based systems, no public keys, certificates for public keys or other information need to be exchanged and thus the system is suitable for certain applications that do not allow for interaction. The paper solves an open problem proposed by Shamir in 1984.     

Cryptosystems based on semi-distributive algebras

We propose a new cryptographic scheme of ElGamal type. The scheme is based on algebraic systems defined in the paper—semialgebras (Sect. 2). The main examples are semialgebras of polynomial mappings over a finite field K, and their factor-semialgebras. Given such a semialgebra R, one chooses an invertible element a ∈ R ^* of finite order r, and a random integer s. One chooses also a finite dimensional K-submodule V of R. The 4-tuple (R, V, a, b) where b = a ^s forms the public key for the cryptosystem, while r and s form the secret key. A plain text can be viewed as a sequence of elements of the field K. That sequence is divided into blocks of length dim(V) which, in turn, correspond to uniquely determined elements X _i of V. We propose three different methods (A, B, and C, see Definition 1.1) of encoding/decoding the sequence of X _i . The complexity of cracking the proposed cryptosystem is based on the Discrete Logarithm Problem for polynomial mappings (see Sect. 1.1). No methods of cracking the problem, except for the “brute force” (see Sect. 1.1) with Ω(r) time, are known so far.      

关于陷门背包公开钥密码系统的注记

利用不定方程理论及中国剩余定理,我们设计了一类陷门背包公开钥密码系统,它们具有更好的安全性.