A NICE cryptanalysis

Authors:
Éliane Jaulmes;Antoine Joux
Affiliations:
SCSSI, Issy-les-Moulineaux cedex, France;SCSSI, Issy-les-Moulineaux cedex, France
Venue:
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Year:
2000

Citing 3
Cited 6

A course in computational algebraic number theory

A course in computational algebraic number theory
Reducing Logarithms in Totally Non-maximal Imaginary Quadratic Orders to Logarithms in Finite Fields

ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
NICE - New Ideal Coset Encryption

CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems

Faster Generation of NICE-Schnorr-Type Signatures

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
An IND-CCA2 Public-Key Cryptosystem with Fast Decryption

ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
A New Distributed Primality Test for Shared RSA Keys Using Quadratic Fields

ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
On the Security of Cryptosystems with Quadratic Decryption: The Nicest Cryptanalysis

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Factoring pq2 with Quadratic Forms: Nice Cryptanalyses

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
An adaptation of the NICE cryptosystem to real quadratic orders

AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a chosen-ciphertext attack against both NICE cryptosystems. These two cryptosystems are based on computations in the class group of non-maximal imaginary orders. More precisely, the systems make use of the canonical surjection between the class group of the quadratic order of discriminant √-pq2 and the class group of the quadratic order of discriminant √-p. In this paper, we examine the properties of this canonical surjection and use them to build a chosenciphertext attack that recovers the secret key (p and q) from two ciphertexts/cleartexts pairs.