Oblivious transfer and polynomial evaluation
STOC '99 Proceedings of the thirty-first annual ACM symposium on Theory of computing
Learning Polynomials with Queries: The Highly Noisy Case
SIAM Journal on Discrete Mathematics
Cryptographic Hardness Based on the Decoding of Reed-Solomon Codes
ICALP '02 Proceedings of the 29th International Colloquium on Automata, Languages and Programming
Short Signatures in the Random Oracle Model
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
IEEE Transactions on Information Theory
Improved decoding of Reed-Solomon and algebraic-geometry codes
IEEE Transactions on Information Theory
Cryptanalyzing the polynomial-reconstruction based public-key system under optimal parameter choice
Designs, Codes and Cryptography
A new public-key cryptosystem based on the problem of reconstructing p-polynomials
WCC'05 Proceedings of the 2005 international conference on Coding and Cryptography
Hi-index | 0.00 |
The Polynomial Reconstruction problem (PR) has been introduced in 1999 as a new hard problem. Several cryptographic primitives established on this problem have been constructed, for instance Naor and Pinkas have proposed a protocol for oblivious polynomial evaluation. Then it has been studied from the point of view of robustness, and several important properties have been discovered and proved by Kiayias and Yung. Furthermore the same authors constructed a symmetric cipher based on the PR problem. In the present paper, we use the published security results and construct a new public key encryption scheme based on the hardness of the problem of Polynomial Reconstruction. The scheme presented is the first public key encryption scheme based on this Polynomial Reconstruction problem. We also present some attacks, discuss their performances and state the size of the parameters required to reach the desired security level. In conclusion, this leads to a cryptosystem where the cost of encryption and decryption per bit is low, and where the public key is kept relatively small.