How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
An identity-based identification scheme based on discrete logarithms modulo a composite number
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Parallel collision search with application to hash functions and discrete logarithms
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
A course in computational algebraic number theory
A course in computational algebraic number theory
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Digital signature and public key cryptosystems in a prime order subgroup of Zn*
ICICS '97 Proceedings of the First International Conference on Information and Communication Security
ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
On diffie-hellman key agreement with short exponents
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Verifiable Partial Sharing of Integer Fractions
SAC '98 Proceedings of the Selected Areas in Cryptography
Cryptanalysis of Two Group Signature Schemes
ISW '99 Proceedings of the Second International Workshop on Information Security
RSA Key Generation with Verifiable Randomness
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
Group signature where group manager, members and open authority are identity-based
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
An efficient public key cryptosystem with a privacy enhanced double decryption mechanism
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
| Hi-index | 0.00 |
Many cryptographic protocols and cryptosystems have been proposed to make use of prime order subgroups of Zn* where n is the product of two large distinct primes. In this paper we analyze a number of such schemes. While these schemes were proposed to utilize the difficulty of factoring large integers or that of finding related hidden information (e.g., the order of the group Zn*), our analyzes reveal much easier problems as their real security bases. We itemize three classes of security failures and formulate a simple algorithm for factoring n with a disclosed non-trivial factor of Φ(n) where the disclosure is for making use of a prime order subgroup in Zn* . The time complexity of our algorithm is O(n1/4/f) where f is a disclosed subgroup order. To factor such n of length up to 800 bits with the subgroup having a secure size against computing discrete logarithm, the new algorithm will have a feasible running time on use of a trivial size of storage.