A course in computational algebraic number theory
A course in computational algebraic number theory
Reducing Logarithms in Totally Non-maximal Imaginary Quadratic Orders to Logarithms in Finite Fields
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
NICE - New Ideal Coset Encryption
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Faster Generation of NICE-Schnorr-Type Signatures
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
An IND-CCA2 Public-Key Cryptosystem with Fast Decryption
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
A New Distributed Primality Test for Shared RSA Keys Using Quadratic Fields
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
On the Security of Cryptosystems with Quadratic Decryption: The Nicest Cryptanalysis
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Factoring pq2 with Quadratic Forms: Nice Cryptanalyses
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
An adaptation of the NICE cryptosystem to real quadratic orders
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Hi-index | 0.00 |
We present a chosen-ciphertext attack against both NICE cryptosystems. These two cryptosystems are based on computations in the class group of non-maximal imaginary orders. More precisely, the systems make use of the canonical surjection between the class group of the quadratic order of discriminant √-pq2 and the class group of the quadratic order of discriminant √-p. In this paper, we examine the properties of this canonical surjection and use them to build a chosenciphertext attack that recovers the secret key (p and q) from two ciphertexts/cleartexts pairs.