J. H. Loxton, David S. Khoo, Gregory J. Bird, and Jennifer Seberry. A cubic RSA code equivalent to factorization. Journal of Cryptology, 5(2):139--150, 1992.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....using larger (even) public exponents are equally susceptible to the presented forgery. We also show that our technique is very general and applies to any Rabin type systems designed in a unique factorization domain, including the Williams M scheme [27] the cubic schemes of Loxton et al. [16] and of Scheidler [20] and the cyclotomic schemes [21] As an application, we analyze the implications of our forgery against the PKCS#1 standard [4] Finally, and of independent interest, we propose a generic technique (i.e. applicable to any encoding message method) that reduces the overall ....

....3 using arithmetic in a quadratic number field. This scheme was later extended to cyclotomic fields by Scheidler and Williams in [21] where they also give a scheme with a public exponent 5. In [20] Scheidler modifies Williams M scheme so that it works with a larger class of primes. Finally, in [16], Loxton et al. give another cubic scheme; the main di#erence with [27] being its easy geometrical interpretation. In this paragraph, we will stick on this latter scheme because it most resembles the Rabin Williams scheme presented in Section 2. The scheme of Loxton et al. uses the ring of ....

J. H. Loxton, David S. Khoo, Gregory J. Bird, and Jennifer Seberry. A cubic RSA code equivalent to factorization. Journal of Cryptology, 5(2):139--150, 1992.

....Diffie Hellman ElGamal, which is the combination of the commutative property of the logarithm in a finite Abelian group and the intractability of the discrete logarithm problem. The RSA Rabin class includes RSA [39] Rabin [38] Williams [42, 43] LUC [41] Kurosawa Itoh Takeuchi [23] Cubic RSA [24] and the elliptic curve versions of RSA [22, 13] The Diffie Hellman ElGamal class includes the DiffieHellman [14] ElGamal [15] and the elliptic hyperelliptic curve versions of the Diffie Hellman and ElGamal [28, 21, 8] Several other techniques have been proposed such as the GoldwasserMicali ....

Loxton, J.H., Khoo, D.S.P., Bird, G.J. and Seberry, J.: A Cubic RSA Code Equivalent to Factorization, Journal of Cryptology, 5, 2, pp.139-150 (1992).

....cryptographic schemes whose security is equivalent in the diculty to factoring the modulus, i.e. for which it is necessary to factor n in order to retrieve plaintext from ciphertext without using the secret key. A variety of factorization equivalent RSA modi cations have been proposed (cf. [18, 20, 22, 30, 31, 35, 36, 37]) which are essentially based on the same underlying idea. By constructing speci c en and decryption functions, the decrypter will not simply obtain the original message, but rather a variety of possible solutions. As a result, the encrypter needs to provide a clue indicating which of these ....

J. H. Loxton, D. D. Khoo, G. J. Bird, J. Seberry, A Cubic RSA Code Equivalent to Factorization, Journal of Cryptology 5 (1992) pp. 139-150.

....Williams (cf [28] extended this idea to e = 3 and Z[ for the message space instead of Z (where is a primitive cube root of unity) In this public key scheme, computing cleartexts from random ciphertexts is also provably as intractable as factoring n. In 1992, Loxton, Khoo, Bird and Seberry ([10]) gave another variant, with another choice for the complete set of residues used in de ning the message space. 2.3 The Kurosawa Itoh Takeuchi cryptosystem In [9] Kurosawa, Itoh and Takeuchi proposed the following trapdoor one way permutation. Let n = pq stands for the product of two large ....

John H. Loxton, David S.P. Khoo, Gregory J. Bird, Jennifer Seberry, A Cubic RSA Code Equivalent to Factorization, Journal of Cryptology, v.5, n.2, 1992, pp. 139-150.

....cycles. This leads to inherited weaknesses such as the lack of concealment of messages (i.e. there is a substantial fraction of elements for which M e = M (mod N) see [3] or vulnerability to the iteration attack [61] The RSA exponentiation may use a very short exponent (see for example [32]) This can be very useful when the computing power of a party who applies the exponentiation is very limited (for example in smart cards) The knapsack problem belongs to the NP complete class. So its difficulty is higher than the difficulty of the discrete logarithm problem. Despite of this, ....

J.H. Loxton, D.S. Khoo, G.J. Bird, and J. Seberry. A cubic RSA code equivalent to factorization. Journal of Cryptology, 5:139--150, 1992.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC