A key-exchange system based on imaginary quadratic fields
Journal of Cryptology
A course in computational algebraic number theory
A course in computational algebraic number theory
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Efficient Identification and Signatures for Smart Cards
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Reducing Logarithms in Totally Non-maximal Imaginary Quadratic Orders to Logarithms in Finite Fields
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
An Efficient NICE-Schnorr-Type Signature Scheme
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
NICE - New Ideal Coset Encryption
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
On the Computation of Discrete Logarithms in Class Groups
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Fast exponentiation with precomputation
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Faster Generation of NICE-Schnorr-Type Signatures
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
SAC '00 Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography
On the Security of Cryptosystems with Quadratic Decryption: The Nicest Cryptanalysis
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
| Hi-index | 0.02 |
In [14] there is proposed an ElGamal-type cryptosystem based on non-maximal imaginary quadratic orders with trapdoor decryption. The trapdoor information is the factorization of the nonfundamental discriminant Δp = Δ1p2. The NICE-cryptosystem (New Ideal Coset En-cryption) [24,12] is an efficient variant thereof, which uses an element gk Ker(ΦCl-1 ⊆ Cl(Δp), where k is random and (ΦCl-1 : Cl(Δp) → Cl(Δ1) is a map between the class groups of the non-maximal and maximal order, to mask the message in the ElGamal cryptosystem. This mask simply "disappears" during decryption, which essentially consists of computing ΦCl-1. Thus NICE features quadratic decryption time and hence is very well suited for applications in which a central server has to decrypt a large number of ciphertexts in a short time. In this work we will introduce an efficient batch decryption method for NICE, which allows to speed up the decryption by about 30% for a batch size of 100 messages. In [17] there is proposed a NICE-Schnorr-type signature scheme. In this scheme one uses the group Ker(ΦCl-1) instead of IFp*. Thus instead of modular arithmetic one would need to apply standard ideal arithmetic (multiply and reduce) using algorithms from [5] for example. Because every group operation needs the application of the Extended Euclidean Algorithm the implementation would be very inefficient. Especially the signing process, which would typically be performed on a smartcard with limited computational power would be too slow to allow practical application. In this work we will introduce an entirely new arithmetic for elements in Ker(ΦCl-1), which uses the generator and ring-equivalence for exponentiation. Thus the signer essentially performs the exponentiation in (OΔ1/pOΔ1)*, which turns out to be about twenty times as fast as conventional ideal arithmetic. Furthermore in [17] it is shown, how one can further speed up this exponentiation by application of the Chinese Remainder Theorem for (OΔ1/pOΔ1)*. With this arithmetic the signature generation is about forty times as fast as with conventional ideal arithmetic and more than twice as fast as in the original Schnorr scheme [26].