No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Fast public-key encryption scheme based on Chinese remainder theorem
Abstract
Traditional public-key cryptosystems suffer from a relatively low encryption/decryption speed, which hampers their applications
in resource-constrained environments. A fast public-key cryptosystem is proposed to remedy this drawback. The new algorithm
uses Chinese remainder theorem to hide the trapdoor information. The encryption of the system only carries out several modular
multiplication operations, and the decryption only needs a modular multiplication and a low-dimensional matrixvector multiplication,
which makes the speed of the encryption and the decryption of the scheme very high. The security of the system is based on
two difficult number-theoretic problems. The attacker has to solve the integer factorization problem and the simultaneous
Diophantine approximation problem simultaneously to recover the secret key from the public key. The proposed cryptosystem
is also shown to be secure against lattice attack. The analysis shows that the encryption algorithm is a secure, fast and
efficient public-key cryptosystem.
... These factors could be carefully designed to get less impact on the efficiency of our method. In general, computing the Chines Reminder Theorem solution is efficient compared to other cryptography methods used in cryptography access control as it uses simple modulus operations without exponential operation (Wang, Wei and Hu 2009). ...
The solution value Xr is the shared value for the resource r, Cr is the secret value for that resource and Ks is the symmetric key for encrypting this resource r, and is the ciphertext resulting from encryption with the public key Kpub i of the user i. Each user is assigned their own ni where all ni for are relatively prime. Clearly, if the secret parameters Cr or Ks related to the resource r get compromised, other resources remain secure. Additionally, the data owner can manage each resource independently of other resources. The processes explained in this section are illustrated in Figure 2.
The cloud server stores the encrypted data and the relevant metadata prepared by the data owner. The provider has access to the metadata, but not the contents of the file, integrity proof and access control parameters. The provider can also read the secret parameter Cr for each file, but the number or identities of users that can access the file remain hidden to the provider. Moreover, this information remains hidden even when a user is accessing the file. When a user requests to access a file, the server will provide the requester with the shared value Xr, as a challenge. If the user is authorized to access this file, he or she is able to calculate the secret parameter Cr based on the challenge Xr and to return the secret parameter, Cr, to the server. The server compares the value of the Cr received with the one attached to the file. If they are the same, the server will send the file for this user.
The cubic version of the Lucas cryptosystem is set up based on the cubic recurrence relation of the Lucas function by Said and Loxton [‘A cubic analogue of the RSA cryptosystem’, Bull. Aust. Math. Soc.
68 (2003), 21–38]. To implement this type of cryptosystem in a limited environment, it is necessary to accelerate encryption and decryption procedures. Therefore, this paper concentrates on improving the computation time of encryption and decryption in cubic Lucas cryptosystems. The new algorithm is designed based on new properties of the cubic Lucas function and mathematical techniques. To illustrate the efficiency of our algorithm, an analysis was carried out with different size parameters and the performance of the proposed and previously existing algorithms was evaluated with experimental data and mathematical analysis.
Two public key cryptosystems based on the two intractable number-theoretic problems, integer factorisation and simultaneous Diophantine approximation, were proposed in 2005 and 2009, respectively. In this study, the authors break these two cryptosystems for the recommended minimum parameters by solving the corresponding modular linear equations with small unknowns. For the first scheme, the public modulus is factorised and the secret key is recovered with the Gauss algorithm. By using the LLL basis reduction algorithm for a seven-dimensional lattice, the public modulus in the second scheme is also factorised and the plaintext is recovered from a ciphertext. The author's attacks are efficient and verified by experiments which were done within 5s.
Digital watermarking is a technique of embedding special information into media data. It is often used in the copyright protection and integrity verification of digital images, audio, video, and other media data. Based on the Chinese remainder theorem, we propose an image watermarking algorithm that embedding secret information into an image. We have implemented the algorithm in Matlab. Our experiment results show that the algorithm has high robustness against common modifications or attacks, such as JPEG compression, adding noise, median filtering, and cutting.
Key recovery is a mechanism for retrieving cryptographic keys to be used for the decryption of stored or communicated ciphertext when the decryption keys are not otherwise available. Under certain circumstances, the ability to recover the encryption key may be desirable. Key recovery
can be used in response to the accidental loss of key, for monitoring and auditing activities, and by authorized authorities. To support such capability, the recovery key is stored with a trusted third party. However, to prevent the trusted party from misbehaving, the recovery key should be
constructed by multiple agents. In this paper, the data recovery key generation algorithms based on the Chinese Remainder Theorem are presented. The security of the algorithms is also analyzed.
In this paper we present a polynomial-time algorithm to solve the following problem: given a non-zero polynomial fe Q(X) in one variable with rational coefficients, find the decomposition of f into irreducible factors in Q(X). It is well known that this is equivalent to factoring primitive polynomials feZ(X) into irreducible factors in Z(X). Here we call f~ Z(X) primitive if the greatest common divisor of its coefficients (the content of f) is 1. Our algorithm performs well in practice, cf. (8). Its running time, measured in bit operations, is O(nl2+n9(log(fD3).
A new fast public key cryptosystem is proposed, which is based on two dissimilar number-theoretic hard problems, namely the simultaneous Diophantine approximation problem and integer factorisation problem. The adversary has to solve the two hard problems simultaneously to recover the plaintext according to their knowledge about the public keys and the cipher-text. Therefore, the scheme is expected to gain a high level of security. The newly-designed public key cryptosystem is efficient with respect to encryption and decryption. The encryption of this system is about three times faster than that of RSA, and the decryption is six times faster than that of RSA. The cipher-text expansion of the system is about 8:3.
This paper introduces the XTR public key system. XTR is based on a new method to represent elements of a subgroup of a multiplicative
group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication
and computational overhead without compromising security.
The braid groups are infinite non-commutative groups nat- urally arising from geometric braids. The aim of this article is twofold. One is to show that the braid groups can serve as a good source to en- rich cryptography. The feature that makes the braid groups useful to cryptography includes the followings: (i) The word problem is solved via a fast algorithm which computes the canonical form which can be ef- ficiently manipulated by computers. (ii) The group operations can be performed efficiently. (iii) The braid groups have many mathematically hard problems that can be utilized to design cryptographic primitives. The other is to propose and implement a new key agreement scheme and public key cryptosystem based on these primitives in the braid groups. The efficiency of our systems is demonstrated by their speed and infor- mation rate. The security of our systems is based on topological, combi- natorial and group-theoretical problems that are intractible according to our current mathematical knowledge. The foundation of our systems is quite different from widely used cryptosystems based on number theory, but there are some similarities in design.
At ACISP 2000, H. Yoo etc. proposed a public key cryptosystem using matrices over a ring, which was analyzed using lattice
basis reduction algorithms by Youssef etc. at ACISP 2001. In this paper, another attack, namely Diophantine approximation
attack, is presented. It is shown that the decryption of the cryptosystem can be transformed into solving the simultaneous
Diophantine approximation problem, which can be approximated by lattice basis reduction algorithms. So we heuristically explain
that the scheme is insecure. Furthermore, our new attack is more general than lattice attack.
The Number Field Sieve, due to Lenstra et al. [LLMP] and Buhler et al. [BLP], is a new routine for factoring integers. We present here a modification of that sieve. We use the fact that certain smoothness computations can be reused, and thereby reduce the asymptotic running time of the Number Field Sieve. We also give a way to precompute tables which will be useful for factoring any integers in a large range.
An encryption method is presented with the novel property that publicly re- vealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: 1. Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intended recipient. Only he can decipher the message, since only he knows the corresponding decryption key. 2. A message can be \signed" using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed en- cryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in \electronic mail" and \electronic funds transfer" systems. A message is encrypted by representing it as a number M, raising M to a publicly specied
Knapsack-based cryptosystems had been viewed as the most attractive and the most promising asymmetric cryptographic algorithms for a long time due to their NP-completeness nature and high speed in encryption/decryption. Unfortunately, most of them are broken for the low-density feature of the underlying knapsack problems. In this paper, we investigate a new easy compact knapsack problem and propose a novel knapsack-based probabilistic public-key cryptosystem in which the cipher-text is non-linear with the plaintext. For properly chosen parameters, the underlying knapsack problem enjoys a high density larger than 1.06 in the worst case. Hence, it is secure against the low-density subset-sum attacks. Our scheme can also defeat other potential attacks such as the brute force attacks and the simultaneous Diophantine approximation attack. Compared with previous knapsack-based cryptosystems, our scheme is efficient and practical.
Wang et al. [B. Wang, Q. Wu, Y. Hu, A knapsack-based probabilistic encryption scheme, Information Sciences 177(19) (2007) 3981–3994] proposed a high density knapsack-based probabilistic encryption scheme with non-binary coefficients. In this paper, we present a heuristic attack that can be used to recover the private key parameters from the known public key parameters. In particular, we show that the restrictions imposed on the system parameters allow the attacker to recover a short list of candidates for the first half of the public key. The second half of the public key can then be recovered using an attack based on lattice basis reduction. Finally, by encrypting an arbitrary plaintext using the known public key then decrypting the resulting ciphertext using these estimated candidate solutions, the right private key can be uniquely determined.
The cryptographic security of the Merkle-Hellman cryptosystem has been a major open problem since 1976. In this paper we show that the basic variant of this cryptosystem, in which the elements of the public key are modular multiples of a superincreasing sequence, is breakable in polynomial time.
Baocang and Yupu proposed a relatively fast public key cryptosystem. The authors claim that the security of their system is based on two number-theoretic hard problems, namely the simultaneous Diophantine approximation problem and the integer factorisation problem. In this article we present a polynomial time heuristic attack that enables us to recover the private key from the public key. In particular, we show that breaking the system can be reduced to finding a short vector in a lattice which can be achieved using the L3-lattice reduction algorithm.
A simple method is given for finding strong primes for use in conjunction with the RSA Public Key Cryptosystem. A strong prime p is a large prime satisfying the following: (a) p = 1 mod r; (b) p = s¿1 mod s; (c) r = 1 mod t; where r, s and t are all large, random primes. It is shown that the problem of finding strong, random, large primes is only 19% harder than finding random, large primes.
A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
The cryptographic security of the Merkle-Hellman system (which is one of the two public-key cryptosystems proposed so far) has been a major open problem since 1976. In this paper we show that when the elements of the public key al,...,an are modular multiples of a superincreasing sequence (as proposed by Merkle and Hellman), almost all the equations of the form can be solved in polynomia time, and thus the cleartexts xl...xn that correspond to given ciphertexts b can be easily found.
The knapsack problem is an NP-complete combinatorial problem that is strongly believed to be computationally difficult to solve in general. Specific instances of this problem that appear very difficult to solve unless one possesses "trapdoor information" used in the design of the problem are demonstrated. Because only the designer can easily solve problems, others can send him information hidden in the solution to the problems without fear that an eavesdropper will be able to extract the information. This approach differs from usual cryptographic systems in that a secret key is not needed. Conversely, only the designer can generate signatures for messages, but anyone can easily check their authenticity.
Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
this paper is to submit the NTRU public key cryptosystem for consideration for inclusion into the P1363A standard. NTRU was originally presented by Jeffrey Hoffstein in the rump session at CRYPTO '96, and was published in [HPS] in 1998. Since that time, NTRU Cryptosystems, Inc. has issued a number of technical reports. In some cases, these reports have described amplifications on the techniques in [HPS] in order to deal with new attacks (e.g., to deal with issues of plaintext awareness). In other cases, these reports have described fast algorithms for carrying out some of the computations required by NTRU. In this document, we have freely copied from [HPS] and other NTRU Cryptosystems, Inc. publications whenever appropriate. Although we have attempted to make this present document self-contained, at times we defer to the original documents and other references for detailed explanations and discussions. NTRU Cryptosystems, Inc. has also prepared documentation for NTRU in the P1363 format; this present paper does not include that documentation, since it is not structured in a manner appropriate for the P1363A call for submissions. In keeping with the format specified for P1363A submissions, we defer until Section 2 a discussion of the advantages of NTRU.
this paper is to present, in greater detail, this algorithm for factoring polynomials over Q. It is based on the original paper of Lenstra, Lenstra, and Lov'asz [4] of the same title and on courses in algebraic number theory and the geometry of numbers, taught by Cameron Stewart at the University of Waterloo. 2 Motivation For notational purposes, for any f ffl Z[x], let (f mod m) denote the polynomial in Z=mZ[x]whose coefficients are the respective coefficients of f reduced modulo m. In order for the algorithm to run correctly, we must choose choose our values of p and k very carefully so that both Berlekamp's algorithm and the application of Hensel's lemma will output a polynomial which will be of use to the L 3 - algorithm and the factorization techniques we will use. The choice of a prime p is explained in section 3 while our choice of k is explained in section 6. This section will demonstrate the criteria given by Lenstra, Lenstra, and Lov'asz [4] for setting up the L 3 -algorithm. 1 Let f ffl Z[x] be a primitive polynomial of degree n ? 0. In using Berlekamp's algorithm and Hensel's lemma, we would like to produce a polynomial h ffl Z[x] with the following properties: h has leading coefficient 1 (1) (h mod p k ) divides (f mod p k ) in Z=p k Z[x] (2) (h mod p) is irreducible in F p [x] (3) (h mod p) 2 does not divide(f mod p) in F p [x] (4) Let l = deg(h). Hence 0 ! l n. The reason for finding such an h is shown in the following proposition. Proposition 1 f has an irreducible factor h 0 in Z[x], unique up to sign, for which (h mod p) divides (h 0 mod p). Further, if g ffl Z[x] divides f, then the following are equivalent: i) (h mod p) divides (g mod p) in F p [x] ii) (h mod p k ) divides (g mod p k ) in Z=p k Z[x] iii) h 0 divides g i...
. We describe NTRU, a new public key cryptosystem. NTRU features reasonably short, easily created keys, high speed, and low memory requirements. NTRU encryption and decryption use a mixing system suggested by polynomial algebra combined with a clustering principle based on elementary probability theory. The security of the NTRU cryptosystem comes from the interaction of the polynomial mixing system with the independence of reduction modulo two relatively prime integers p and q. Contents 0. Introduction 1. Description of the NTRU algorithm 1.1. Notation 1.2. Key Creation 1.3. Encryption 1.4. Decryption 1.5. Why Decryption Works 2. Parameter Selection 2.1. Notation and a norm estimate 2.2. Sample spaces 2.3. A Decryption Criterion 3. Security Analysis 3.1. Brute force attacks 3.2. Meet-in-the-middle attacks 3.3. Multiple transmission attacks 3.4. Lattice based attacks 4. Practical Implementations of NTRU 4.1. Specific Parameter Choices 4.2. Lattice Attacks --- E...
The XTR public key system Advances in Cryptology-Crypto'
- A K Lenstra
Lenstra A K, Verheul E R. The XTR public key system. In: Bellare M, ed. Advances in Cryptology-Crypto'2000. Lecture Notes in Computer Science, Vol 1880. Berlin: Springer-Verlag, 2000, 1–19
NTRU: a new high speed public key cryptosystem
- J Hoffstein
- J Pipher
- J Silverman
- J. Hoffstein