In this paper, we present two explicit invalid-curve attacks on the genus 2 hyperelliptic curve over a finite field. First, we propose two explicit attack models by injecting a one-bit fault in a given divisor. Then, ...In this paper, we present two explicit invalid-curve attacks on the genus 2 hyperelliptic curve over a finite field. First, we propose two explicit attack models by injecting a one-bit fault in a given divisor. Then, we discuss the construction of an invalid curve based on the faulted divisor. Our attacks are based on the fact that the Hyperelliptic Curve Scalar Multiplication (HECSM) algorithm does not utilize the curve parameters and We consider three hyperelliptic curves as the attack targets. For curve with security level 186 (in bits), our attack method can get the weakest invalid curve with security level 42 (in bits); there are 93 invalid curves with security level less than 50. We also estimate the theoretical probability of getting a weak hyperelliptic curve whose cardinality is a smooth integer. Finally, we show that the complexity of the fault attack is subexponential if the attacker can freely inject a fault in the input divisor. Cryptosystems based on the genus 2 hyperelliptic curves cannot work against our attack algorithm in practice.展开更多
Discrete logarithm based cryptosysterns have subtle problems that make the schemes vulnerable. This paper gives a comprehensive listing of security issues in the systems and analyzes three classes of attacks which are...Discrete logarithm based cryptosysterns have subtle problems that make the schemes vulnerable. This paper gives a comprehensive listing of security issues in the systems and analyzes three classes of attacks which are based on mathematical structure of the group which is used in the schemes, the disclosed information of the subgroup and implementation details respectively. The analysis will, in turn, allow us to motivate protocol design and implementation decisions.展开更多
Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir sec...Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir secret sharing scheme. It can realize group-oriented digital signature, and its security is based on the difficulty in computing discrete logarithm and quadratic residue on some special conditions. In this scheme, effective digital signature can not be generated by anyk?1 or fewer legal users, or only by signature executive. In addition, this scheme can identify any legal user who presents incorrect partial digital signature to disrupt correct signature, or any illegal user who forges digital signature. A method of extending this scheme to an Abelian group such as elliptical curve group is also discussed. The extended scheme can provide rapider computing speed and stronger security in the case of using shorter key. Key words threshold scheme - digital signature - discrete logarithm - quadratic residuc - threshold digital signature CLC number TP 309. 7 Foundation item: Supported the National Nature Science Foundation of China, Hubei Province (90104005, 2002 AB0039)Biography: FEI Ru-chun (1964-), male, Ph. D candidate, Associated professor, research direction: information security and cryptography.展开更多
The discrete logarithm method is the foundation of many public key algorithms. However, one type of key, defined as a weak-key, reduces the security of public key cryptosystems based on the discrete logarithm method. ...The discrete logarithm method is the foundation of many public key algorithms. However, one type of key, defined as a weak-key, reduces the security of public key cryptosystems based on the discrete logarithm method. The weak-key occurs if the public key is a factor or multiple of the primitive element, in which case the user's private key is not needed but can be obtained based on the character of the public key. An algorithm is presented that can easily test whether there is a weak-key in the cryptosystem. An example is given to show that an attack can be completed for the Elgamal digital signature if a weak-key exists, therefore validating the danger of weak-keys. Methods are given to prevent the generation of these weak-keys.展开更多
In this paper, we discuss the expected number of steps in solving multi-discrete logarithm problems over a group of elliptic curves with prime order by using Pollard's rho method and parallel collision search algorit...In this paper, we discuss the expected number of steps in solving multi-discrete logarithm problems over a group of elliptic curves with prime order by using Pollard's rho method and parallel collision search algorithm. We prove that when using these algorithms to compute discrete logarithms, the knowledge gained through computing many logarithms does not make it easier for finding other logarithms. Hence in an elliptic cryptosystem, it is safe for many users to share the same curve, with different private keys.展开更多
The discrete logarithm problem is analyzed from the perspective of Tate local duality. Local duality in the multiplicative case and the case of Jacobians of curves over p-adic local fields are considered. When the loc...The discrete logarithm problem is analyzed from the perspective of Tate local duality. Local duality in the multiplicative case and the case of Jacobians of curves over p-adic local fields are considered. When the local field contains the necessary roots of unity, the case of curves over local fields is polynomial time reducible to the multiplicative case, and the multiplicative case is polynomial time equivalent to computing discrete logarithm in finite fields. When the local field does not contains the necessary roots of unity, similar results can be obtained at the cost of going to an extension that contains these roots of unity. There was evidence in the analysis that suggests that the minimal extension where the local duality can be rationally and algorithmically defined must contain the roots of unity. Therefore, the discrete logarithm problem appears to be well protected against an attack using local duality. These results are also of independent interest for algorithmic study of arithmetic duality as they explicitly relate local duality in the case of curves over local fields to the multiplicative case and Tate-Lichtenbaum pairing (over finite fields).展开更多
To enhance the security of signature schemes, Wang proposed two signature schemes based on the difficulties of simultaneously solving the factoring and discrete logarithm' problems with almost the same sizes of arith...To enhance the security of signature schemes, Wang proposed two signature schemes based on the difficulties of simultaneously solving the factoring and discrete logarithm' problems with almost the same sizes of arithmetic modulus. This paper, firstly, shows that Wang's signature scheme 1 do not satisfy the claimed properties. Moreover, we will point out that the all variants of Wang's scheme 2 are not secure if attackers can solve discrete logarithm problems.展开更多
In order to improve the security of the signature scheme, a digital signature based on two hard-solved problems is proposed. The discrete logarithm problem and the factoring problem are two well known hard- solved mat...In order to improve the security of the signature scheme, a digital signature based on two hard-solved problems is proposed. The discrete logarithm problem and the factoring problem are two well known hard- solved mathematical problems. Combining the E1Gamal scheme based on the discrete logarithm problem and the OSS scheme based on the factoring problem, a digital signature scheme based on these two cryptographic assumptions is proposed. The security of the proposed scheme is based on the difficulties of simultaneously solving the factoring problem and the discrete logarithm problem. So the signature scheme will be still secure under the situation that any one of the two hard-problems is solved. Compared with previous schemes, the proposed scheme is more efficient in terms of space storage, signature length and computation complexities.展开更多
Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi...Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi- cient way. Certificateless signcryption and pro- xy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pai- rings. In this paper, we present a certificateless proxy identity-based signcryption scheme with- out bilinear pairings, which is efficient and secure.展开更多
Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete l...Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete logarithm to detect and locate the malicious nodes. We also prove the security property of the scheme theoretically. Its effectiveness is demonstrated, and overhead is analyzed through extensive experiments.展开更多
Multi-proxy signature schemes allow the original signer to delegate his/her signing power to n proxy signers such that all proxy signers must corporately generate a valid proxy signature on behalf of the original sign...Multi-proxy signature schemes allow the original signer to delegate his/her signing power to n proxy signers such that all proxy signers must corporately generate a valid proxy signature on behalf of the original signer. We first propose a multi-proxy signature scheme based on discrete logarithms and then adapt it to the elliptic curve cryptosystem. With the integration of self-certified public-key systems and the message recovery signature schemes,our proposed schemes have the following advan-tages:(1) They do not require the signing message to be transmitted,since the verifier can recover it from the signature;(2) The authentication of the public keys,verification of the signature,and recovery of the message can be simultaneously carried out in a single logical step;(3) No certificate is needed for validating the public keys. Further,the elliptic curve variant with short key lengths especially suits the cryptographic applications with limited computing power and storage space,e.g.,smart cards. As compared with the previous work that was implemented with the certificate-based public-key systems,the proposed schemes give better performance in terms of communication bandwidth and computation efforts.展开更多
A proxy signature scheme allows an original signer to delegate his signing capability to a proxy signer who can sign on behalf of the original signer. A blind signature is the concept with a salient feature that the s...A proxy signature scheme allows an original signer to delegate his signing capability to a proxy signer who can sign on behalf of the original signer. A blind signature is the concept with a salient feature that the signer can not make a linkage between the blind signature and the identity of the requester. Proxy signature and blind signature are used widely in electronic commerce. With satisfying the security properties of both two signatures, a new proxy blind signature scheme based on discrete logarithm problem is proposed.展开更多
Investigated the properties of LUCas sequence(LUC), the paper proposed a new variant of (probabilistic) public-key encryption scheme. Security analysis of the proposed encryption schemes shows that its one-wayness is ...Investigated the properties of LUCas sequence(LUC), the paper proposed a new variant of (probabilistic) public-key encryption scheme. Security analysis of the proposed encryption schemes shows that its one-wayness is equivalent to partial LUC discrete logarithm problem in ZN, and for the proposed probabilistic encryption scheme, its semantic security is equivalent to decisional LUC Diffie-Hellman problem in ZN. At last, the efficiency of the proposed schemes is briefly analyzed.展开更多
A Certificateless Aggregate Signature(CLAS) scheme was proposed by Qu and Mu recently, which was published in "Int J. Electronic Security and Digital Forensics, 2018, 10(2)". They used discrete logarithm to ...A Certificateless Aggregate Signature(CLAS) scheme was proposed by Qu and Mu recently, which was published in "Int J. Electronic Security and Digital Forensics, 2018, 10(2)". They used discrete logarithm to ensure the scheme's security. However,we show by formulating an attack that their CLAS scheme cannot defend against Type I adversary. Furthermore, we point out an error that exists in the signature simulation of their security proof.After that we give a correct signature simulation for the security proof. Finally, to resist the Type I attack, we present two methods for improving Qu et al's CLAS scheme. Moreover, the second improving method can elevate the trust level of Qu et al's CLAS scheme to the highest trust level: Level 3.展开更多
Although the He Kiesler signature is said to be proposed based on the discrete logarithm problem and the factorization problem, it has been proved that the signature is not as secure as it was stated to be. A new sig...Although the He Kiesler signature is said to be proposed based on the discrete logarithm problem and the factorization problem, it has been proved that the signature is not as secure as it was stated to be. A new signature scheme is here proposed based on the discrete logarithm problem and the factorization problem to enhance the security of the He Kiesler signature.展开更多
Quadratic-field cryptosystem is a cryptosystem built from discrete logarithm problem in ideal class groups of quadratic fields(CL-DLP). The problem on digital signature scheme based on ideal class groups of quadratic ...Quadratic-field cryptosystem is a cryptosystem built from discrete logarithm problem in ideal class groups of quadratic fields(CL-DLP). The problem on digital signature scheme based on ideal class groups of quadratic fields remained open, because of the difficulty of computing class numbers of quadratic fields. In this paper, according to our researches on quadratic fields, we construct the first digital signature scheme in ideal class groups of quadratic fields, using q as modulus, which denotes the prime divisors of ideal class numbers of quadratic fields. Security of the new signature scheme is based fully on CL-DLP. This paper also investigates realization of the scheme, and proposes the concrete technique. In addition, the technique introduced in the paper can be utilized to realize signature schemes of other kinds.展开更多
The design and implementation of fast algorithms related to Elliptic Curve Cryptography (ECC) over the field GF(p), such as modular addition, modular subtraction, point addition, point production, choice of embedding ...The design and implementation of fast algorithms related to Elliptic Curve Cryptography (ECC) over the field GF(p), such as modular addition, modular subtraction, point addition, point production, choice of embedding plaintext to a point, etc. are given. A practical software library has been produced which supports variable length implementation of the ECCbased ElGamal cryptosystem. More importantly, this scalable architecture of the design enables the ECC being used in restricted platforms as well as high-end servers based on Intel Pentium CPU. Applications such as electronic commerce security, data encryption communication, etc.are thus made possible for real time and effective ECC.展开更多
Based on Shamir’s threshold secret sharing scheme and the discrete logarithm problem, a new (t, n) threshold secret sharing scheme is proposed in this paper. In this scheme, each participant’s secret shadow is selec...Based on Shamir’s threshold secret sharing scheme and the discrete logarithm problem, a new (t, n) threshold secret sharing scheme is proposed in this paper. In this scheme, each participant’s secret shadow is selected by the participant himself, and even the secret dealer cannot gain anything about his secret shadow. All the shadows are as short as the shared secret. Each participant can share many secrets with other partici- pants by holding only one shadow. Without extra equations and information designed for verification, each participant is able to check whether another participant provides the true information or not in the recovery phase. Unlike most of the existing schemes, it is unnecessary to maintain a secure channel between each par- ticipant and the dealer. Therefore, this scheme is very attractive, especially under the circumstances that there is no secure channel between the dealer and each participant at all. The security of this scheme is based on that of Shamir’s threshold scheme and the difficulty in solving the discrete logarithm problem. Analyses show that this scheme is a computationally secure and efficient scheme.展开更多
A new group signature with one time secret key is proposed. The main merits are that it only needs the trusted center issuing the partial secret key one time for each group member; and that the group member can genera...A new group signature with one time secret key is proposed. The main merits are that it only needs the trusted center issuing the partial secret key one time for each group member; and that the group member can generate his different secret key each time when he wants to sign a message. The group public key is constant and the size of the signature is independent of the number of group members. The total computation cost of signature and verification requires only 8 modular exponentiations.展开更多
Based on the difficulty in computing discrete logarilhm and square 1001 onsome special conditions,we propose a basic threshold seeret sharing scheme for multiple secretswith multiple policies,which allows a group of u...Based on the difficulty in computing discrete logarilhm and square 1001 onsome special conditions,we propose a basic threshold seeret sharing scheme for multiple secretswith multiple policies,which allows a group of users to share multiple secrttkeys and only onesecret shadow to be ktpt by each user.An efficient threshold decryption scheme with multiplepolicies is designed on the basis of the basic threshold scheme.This decryption scheme allowsmultiple secret keys to he shared among a groupof users,and each user to ketp only one secretshadow.Different public keys can be used to encrypt documents.If and only if the number ofcooperated users who koop the secret shadows is greater than or c-qual to the threshold value of thecorresponding secret key,they can cooperate to decrypt the documents.It is proved that theproposed scheme has very strong security,unless the attackers can solve the discrete logarithmproblem and the square root problem.展开更多
基金supported by the National Basic Research Program (973 Program)under Grant No.2013CB834205 the National Natural Science Foundation of China under Grant No.61272035 the Independent Innovation Foundation of Shandong University under Grant No.2012JC020
文摘In this paper, we present two explicit invalid-curve attacks on the genus 2 hyperelliptic curve over a finite field. First, we propose two explicit attack models by injecting a one-bit fault in a given divisor. Then, we discuss the construction of an invalid curve based on the faulted divisor. Our attacks are based on the fact that the Hyperelliptic Curve Scalar Multiplication (HECSM) algorithm does not utilize the curve parameters and We consider three hyperelliptic curves as the attack targets. For curve with security level 186 (in bits), our attack method can get the weakest invalid curve with security level 42 (in bits); there are 93 invalid curves with security level less than 50. We also estimate the theoretical probability of getting a weak hyperelliptic curve whose cardinality is a smooth integer. Finally, we show that the complexity of the fault attack is subexponential if the attacker can freely inject a fault in the input divisor. Cryptosystems based on the genus 2 hyperelliptic curves cannot work against our attack algorithm in practice.
基金Supported by the National Natural Science Foun-dation of China (60573047)
文摘Discrete logarithm based cryptosysterns have subtle problems that make the schemes vulnerable. This paper gives a comprehensive listing of security issues in the systems and analyzes three classes of attacks which are based on mathematical structure of the group which is used in the schemes, the disclosed information of the subgroup and implementation details respectively. The analysis will, in turn, allow us to motivate protocol design and implementation decisions.
文摘Digital signature scheme is a very important research field in computer security and modern cryptography. A (k, n) threshold digital signature scheme is proposed by integrating digital signature scheme with Shamir secret sharing scheme. It can realize group-oriented digital signature, and its security is based on the difficulty in computing discrete logarithm and quadratic residue on some special conditions. In this scheme, effective digital signature can not be generated by anyk?1 or fewer legal users, or only by signature executive. In addition, this scheme can identify any legal user who presents incorrect partial digital signature to disrupt correct signature, or any illegal user who forges digital signature. A method of extending this scheme to an Abelian group such as elliptical curve group is also discussed. The extended scheme can provide rapider computing speed and stronger security in the case of using shorter key. Key words threshold scheme - digital signature - discrete logarithm - quadratic residuc - threshold digital signature CLC number TP 309. 7 Foundation item: Supported the National Nature Science Foundation of China, Hubei Province (90104005, 2002 AB0039)Biography: FEI Ru-chun (1964-), male, Ph. D candidate, Associated professor, research direction: information security and cryptography.
基金Supported by the National Key Basic Research and Development (973) Program (No. 2003CB314805) and the National Natural Science Foundation of China (No. 90304014)
文摘The discrete logarithm method is the foundation of many public key algorithms. However, one type of key, defined as a weak-key, reduces the security of public key cryptosystems based on the discrete logarithm method. The weak-key occurs if the public key is a factor or multiple of the primitive element, in which case the user's private key is not needed but can be obtained based on the character of the public key. An algorithm is presented that can easily test whether there is a weak-key in the cryptosystem. An example is given to show that an attack can be completed for the Elgamal digital signature if a weak-key exists, therefore validating the danger of weak-keys. Methods are given to prevent the generation of these weak-keys.
基金NNSF of China.No.90304012973 Project,No.2004CB318000
文摘In this paper, we discuss the expected number of steps in solving multi-discrete logarithm problems over a group of elliptic curves with prime order by using Pollard's rho method and parallel collision search algorithm. We prove that when using these algorithms to compute discrete logarithms, the knowledge gained through computing many logarithms does not make it easier for finding other logarithms. Hence in an elliptic cryptosystem, it is safe for many users to share the same curve, with different private keys.
文摘The discrete logarithm problem is analyzed from the perspective of Tate local duality. Local duality in the multiplicative case and the case of Jacobians of curves over p-adic local fields are considered. When the local field contains the necessary roots of unity, the case of curves over local fields is polynomial time reducible to the multiplicative case, and the multiplicative case is polynomial time equivalent to computing discrete logarithm in finite fields. When the local field does not contains the necessary roots of unity, similar results can be obtained at the cost of going to an extension that contains these roots of unity. There was evidence in the analysis that suggests that the minimal extension where the local duality can be rationally and algorithmically defined must contain the roots of unity. Therefore, the discrete logarithm problem appears to be well protected against an attack using local duality. These results are also of independent interest for algorithmic study of arithmetic duality as they explicitly relate local duality in the case of curves over local fields to the multiplicative case and Tate-Lichtenbaum pairing (over finite fields).
基金This project is supported by National Natural Science Foundation of China(60673053)
文摘To enhance the security of signature schemes, Wang proposed two signature schemes based on the difficulties of simultaneously solving the factoring and discrete logarithm' problems with almost the same sizes of arithmetic modulus. This paper, firstly, shows that Wang's signature scheme 1 do not satisfy the claimed properties. Moreover, we will point out that the all variants of Wang's scheme 2 are not secure if attackers can solve discrete logarithm problems.
基金The National Natural Science Foundation of China(No60402019)the Science Research Program of Education Bureau of Hubei Province (NoQ200629001)
文摘In order to improve the security of the signature scheme, a digital signature based on two hard-solved problems is proposed. The discrete logarithm problem and the factoring problem are two well known hard- solved mathematical problems. Combining the E1Gamal scheme based on the discrete logarithm problem and the OSS scheme based on the factoring problem, a digital signature scheme based on these two cryptographic assumptions is proposed. The security of the proposed scheme is based on the difficulties of simultaneously solving the factoring problem and the discrete logarithm problem. So the signature scheme will be still secure under the situation that any one of the two hard-problems is solved. Compared with previous schemes, the proposed scheme is more efficient in terms of space storage, signature length and computation complexities.
基金supported by the National Natural Science Foundation of China under Grants No.61272499,No.10990011
文摘Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi- cient way. Certificateless signcryption and pro- xy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pai- rings. In this paper, we present a certificateless proxy identity-based signcryption scheme with- out bilinear pairings, which is efficient and secure.
基金Supported by the General Program of Science and Technology Development Project of Beijing Municipal Education Commission(KM201311232014)the Opening Project of Beijing Key Laboratory of Internet Culture and Digital Dissemination Research (ICDD201206, ICDD201207)
文摘Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete logarithm to detect and locate the malicious nodes. We also prove the security property of the scheme theoretically. Its effectiveness is demonstrated, and overhead is analyzed through extensive experiments.
基金Project (No. 94-2213-E-182-019) supported by the National Science Council, Taiwan, China
文摘Multi-proxy signature schemes allow the original signer to delegate his/her signing power to n proxy signers such that all proxy signers must corporately generate a valid proxy signature on behalf of the original signer. We first propose a multi-proxy signature scheme based on discrete logarithms and then adapt it to the elliptic curve cryptosystem. With the integration of self-certified public-key systems and the message recovery signature schemes,our proposed schemes have the following advan-tages:(1) They do not require the signing message to be transmitted,since the verifier can recover it from the signature;(2) The authentication of the public keys,verification of the signature,and recovery of the message can be simultaneously carried out in a single logical step;(3) No certificate is needed for validating the public keys. Further,the elliptic curve variant with short key lengths especially suits the cryptographic applications with limited computing power and storage space,e.g.,smart cards. As compared with the previous work that was implemented with the certificate-based public-key systems,the proposed schemes give better performance in terms of communication bandwidth and computation efforts.
基金Supported by the National High Technology Research and Development Program of China (2004AA001021), the Anhui Province Educa-tion Department Project (G2006jq1011) and Hefei University of Technology Project (G061105F)
文摘A proxy signature scheme allows an original signer to delegate his signing capability to a proxy signer who can sign on behalf of the original signer. A blind signature is the concept with a salient feature that the signer can not make a linkage between the blind signature and the identity of the requester. Proxy signature and blind signature are used widely in electronic commerce. With satisfying the security properties of both two signatures, a new proxy blind signature scheme based on discrete logarithm problem is proposed.
基金Supported by the 973 State Key Project of China (No.G1999035803)the National Natural Science Foundation of China (No.69931010).
文摘Investigated the properties of LUCas sequence(LUC), the paper proposed a new variant of (probabilistic) public-key encryption scheme. Security analysis of the proposed encryption schemes shows that its one-wayness is equivalent to partial LUC discrete logarithm problem in ZN, and for the proposed probabilistic encryption scheme, its semantic security is equivalent to decisional LUC Diffie-Hellman problem in ZN. At last, the efficiency of the proposed schemes is briefly analyzed.
基金Supported by the National Natural Science Foundation of China(61373140,61170246)the Program for Innovative Research Team in Science and Technology in Fujian Province University and 2018 Scientific Research and Innovation Special Project of Putian University(2018ZP11,2018ZP12)+1 种基金the Opening Project of Key Laboratory of Financial Mathematics of Fujian Province University(Putian University)(JR201806)Educational Research Projects of Young and Middle-aged Teachers in Fujian Education Department(JT180487)。
文摘A Certificateless Aggregate Signature(CLAS) scheme was proposed by Qu and Mu recently, which was published in "Int J. Electronic Security and Digital Forensics, 2018, 10(2)". They used discrete logarithm to ensure the scheme's security. However,we show by formulating an attack that their CLAS scheme cannot defend against Type I adversary. Furthermore, we point out an error that exists in the signature simulation of their security proof.After that we give a correct signature simulation for the security proof. Finally, to resist the Type I attack, we present two methods for improving Qu et al's CLAS scheme. Moreover, the second improving method can elevate the trust level of Qu et al's CLAS scheme to the highest trust level: Level 3.
文摘Although the He Kiesler signature is said to be proposed based on the discrete logarithm problem and the factorization problem, it has been proved that the signature is not as secure as it was stated to be. A new signature scheme is here proposed based on the discrete logarithm problem and the factorization problem to enhance the security of the He Kiesler signature.
文摘Quadratic-field cryptosystem is a cryptosystem built from discrete logarithm problem in ideal class groups of quadratic fields(CL-DLP). The problem on digital signature scheme based on ideal class groups of quadratic fields remained open, because of the difficulty of computing class numbers of quadratic fields. In this paper, according to our researches on quadratic fields, we construct the first digital signature scheme in ideal class groups of quadratic fields, using q as modulus, which denotes the prime divisors of ideal class numbers of quadratic fields. Security of the new signature scheme is based fully on CL-DLP. This paper also investigates realization of the scheme, and proposes the concrete technique. In addition, the technique introduced in the paper can be utilized to realize signature schemes of other kinds.
基金the National Natural Science Foundation of China(No.60271025)
文摘The design and implementation of fast algorithms related to Elliptic Curve Cryptography (ECC) over the field GF(p), such as modular addition, modular subtraction, point addition, point production, choice of embedding plaintext to a point, etc. are given. A practical software library has been produced which supports variable length implementation of the ECCbased ElGamal cryptosystem. More importantly, this scalable architecture of the design enables the ECC being used in restricted platforms as well as high-end servers based on Intel Pentium CPU. Applications such as electronic commerce security, data encryption communication, etc.are thus made possible for real time and effective ECC.
基金Supported by the 973 Project of China(G19990358?04)
文摘Based on Shamir’s threshold secret sharing scheme and the discrete logarithm problem, a new (t, n) threshold secret sharing scheme is proposed in this paper. In this scheme, each participant’s secret shadow is selected by the participant himself, and even the secret dealer cannot gain anything about his secret shadow. All the shadows are as short as the shared secret. Each participant can share many secrets with other partici- pants by holding only one shadow. Without extra equations and information designed for verification, each participant is able to check whether another participant provides the true information or not in the recovery phase. Unlike most of the existing schemes, it is unnecessary to maintain a secure channel between each par- ticipant and the dealer. Therefore, this scheme is very attractive, especially under the circumstances that there is no secure channel between the dealer and each participant at all. The security of this scheme is based on that of Shamir’s threshold scheme and the difficulty in solving the discrete logarithm problem. Analyses show that this scheme is a computationally secure and efficient scheme.
基金Project (No. 10271037) supported by the National Natural Sci-ence Foundation of China
文摘A new group signature with one time secret key is proposed. The main merits are that it only needs the trusted center issuing the partial secret key one time for each group member; and that the group member can generate his different secret key each time when he wants to sign a message. The group public key is constant and the size of the signature is independent of the number of group members. The total computation cost of signature and verification requires only 8 modular exponentiations.
基金the National Natural Sciencc F0un datiell Of China(90101005.90204011)the Natural Science Found dation of Hubei Province(2002AB0039).
文摘Based on the difficulty in computing discrete logarilhm and square 1001 onsome special conditions,we propose a basic threshold seeret sharing scheme for multiple secretswith multiple policies,which allows a group of users to share multiple secrttkeys and only onesecret shadow to be ktpt by each user.An efficient threshold decryption scheme with multiplepolicies is designed on the basis of the basic threshold scheme.This decryption scheme allowsmultiple secret keys to he shared among a groupof users,and each user to ketp only one secretshadow.Different public keys can be used to encrypt documents.If and only if the number ofcooperated users who koop the secret shadows is greater than or c-qual to the threshold value of thecorresponding secret key,they can cooperate to decrypt the documents.It is proved that theproposed scheme has very strong security,unless the attackers can solve the discrete logarithmproblem and the square root problem.
