Buchmann, J., Williams, H.C.: A Key Exchange System Based on Real-quadratic Fields. Proc. of CRYPTO'89 (LNCS 435) (1989), Springer-Verlag, pp. 335-343  Home/Search   Document Not in Database   Summary   Related Articles   Check

....The best known algorithm [Kan87] for this requires exponential time in the degree of the number field. Buchmann and Paulus stated that inverting the function is at least as hard as factoring integers. Further analysis is needed to evaluate the security of their proposal. Buchmann and Williams [BW89] presented a new Di#e Hellman key exchange system based on real quadratic fields. Sean Hallgren [Hal01] claims that his quantum algorithm for the principal ideal problem breaks this system. Conclusion In the evaluation of cryptographic schemes, we are concerned with both the computational ....

Johannes Buchmann and Hugh C. Williams. A key exchange system based on real quadratic fields. In Advances in Cryptology: CRYPTO '89: Proceedings [Int89], pages 335--343.

.... example, the best algorithms for Pell s equation without assumptions is O(d 1 4 polylog d) and assuming (only) the GRH it comes down to O(d 1 5 polylog d) There are reductions from factoring to solving Pell s equation, and from solving Pell s equation to solving the principal ideal problem [BW89]. However, Pell s equation and the principal ideal problem appear to be harder than factoring, and there are no reductions known in the other direction (this is reflected in the gap between the running times of the best algorithms for factoring and Pell s equation) Indeed, a cryptosystem based on ....

.... ideal problem appear to be harder than factoring, and there are no reductions known in the other direction (this is reflected in the gap between the running times of the best algorithms for factoring and Pell s equation) Indeed, a cryptosystem based on the principal ideal problem is proposed in [BW89], and one of the motivations is that even if there turns out to be a polynomial time algorithm for factoring, their system might still be unbreakable. Our quantum algorithm for the principal ideal problem breaks this cryptosystem. The quantum step in our algorithm for Pell s equation is a new ....

[Article contains additional citation context not shown here]

Johannes A. Buchmann and Hugh C. Williams. A key exchange system based on real quadratic fields (extended abstract). In G. Brassard, editor, Advances in Cryptology--- 9 CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 335--343. Springer-Verlag,

....this week. 1 Introduction Many protocols of public key cryptography can be implemented in a finite abelian group such as the multiplicative group of a finite field [Odl85] the group of points over an elliptic curve over a finite field [Kob87] or the class group of algebraic number fields [BW88, BW89, BPar]. From a theoretical point of view, the latter are very interesting as the computation of discrete logarithms in class groups of imaginary number fields is at least as difficult as factoring the corresponding discriminant [BW88, Sch82] Furthermore, the best known algorithms for solving discrete ....

J. Buchmann and H.C. Williams. A key-exchange system based on real quadratic fields. In Proc. of CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 335--343. Springer, 1989.

....of a non group underlying a discrete logarithm based system was the set R of reduced principal ideals of a real quadratic number field, which admits a structure first explored by Shanks [35] and termed infrastructure by him. A key exchange protocol using elements of R as keys was introduced in [11] and Research supported by NSF grant DMS 9631647 implemented in [33] A signature scheme using the same set was briefly mentioned in [8] These ideas were subsequently adapted to real quadratic function fields over finite fields, where the set of reduced principal ideals exhibits an analogous ....

....in quadratic number fields (both real and imaginary) where the relevant DLPs can also be solved in subexponential time [22, 1] Thus, our systems might well be more secure. Our real key exchange protocol is also significantly faster than the corresponding scheme in real quadratic number fields [11, 33] (see our computations in [34] although we have no data available as to how our systems would perform relative to elliptic curve systems such as [5] Unfortunately, in some instances, more information needs to be transmitted than in the original DiffieHellman and ElGamal systems. Let l be the ....

J. A. Buchmann & H. C. Williams, A key-exchange system based on real quadratic fields. CRYPTO '89 Proceedings, Lecture Notes in Computer Science 435. Springer, Berlin 1989, 335--343.

No context found.

Buchmann, J., Williams, H.C.: A Key Exchange System Based on Real-quadratic Fields. Proc. of CRYPTO'89 (LNCS 435) (1989), Springer-Verlag, pp. 335-343

No context found.

J. Buchmann, H.C. Williams, A key exchange system based on real quadratic fields, Proceedings CRYPTO 89, to appear.

No context found.

J. Buchmann and H. C. Williams, A key-exchange system based on real quadratic fields, Advances in Cryptology -- CRYPTO '89 (G. Brassard, ed.), Lecture Notes in Computer Science, vol. 435, Springer-Verlag, 1989, pp. 335--343.

.... Delta should be larger than 2 504 . So if (1) holds, then (2) is satisfied. Choosing Delta to be the product of two primes has additional appeal when these primes are not disclosed. Being able to solve PIP for arbitrary reduced principal ideals implies being able to factor the discriminant ([8], 25] Thus in this case PIP is provably at least as hard as breaking RSA and other crypto systems based on factoring integers. CRYPTOGRAPHY BASED ON NUMBER FIELDS WITH LARGE REGULATOR 5 So let us explain why it suffices to choose Delta according to (3) Since Delta is squarefree, O is a ....

J. Buchmann and H. C. Williams, A key-exchange system based on real quadratic fields, Advances in Cryptology -- CRYPTO '89 (G. Brassard, ed.), Lecture Notes in Computer Science, vol. 435, Springer-Verlag, 1989, pp. 335--343.

....digits each. As an example for implementing a security primitive by means of number theoretic methods we discuss in this paper the implementation of the DiffieHellman key exchange protocol using algebraic number fields. For quadratic fields this has already been done in [3] 4] 6] 7] and [8]. We sketch a gen1 eralization of the methods described there and we give an idea how to attack the implementation by solving the discrete logarithm problem in number fields. 2 The general Diffie Hellman protocol Let I ae Z be an infinite countable index set, and fS i g i2I be a family of finite ....

....time, but recently computing discrete logarithms on super singular curves has beeen reduced to the problem of computing discrete logarithms in finite fields (see [15] and this may very well be possible for arbitrary elliptic curves. Generalizing previous results for quadratic fields (see [7] [8]) we explain in the next section how to use algebraic number fields to implement the Diffie Hellman key exchange. 3 Implementing the Diffie Hellman key exchange using algebraic number fields We fix a degree n and a signature (s; t) i.e. a pair of non negative integers s; t such that s 2t = n. ....

[Article contains additional citation context not shown here]

J. Buchmann, H.C. Williams, A key exchange system based on real quadratic fields, Lecture Notes in Computer Science 435 (1989), 335 -343.

....of F . This running time is exponential in the length of the input data since this length is polynomially bounded in log D. Computationally hard problems in number theory are a very good source for secure cryptosystems as is well known for the factoring problem. Therefore, in [7] 4] [8] and [9] the use of quadratic fields in cryptology was suggested and discussed. Stimulated by this new application, Hafner and McCurley [11] invented a new probabilistic class group algorithm for imaginary quadratic fields and they proved under the assumption of the GRH that the expected running ....

J. Buchmann, H.C. Williams, A key exchange system based on real quadratic fields, Proceedings CRYPTO 89, to appear.

....Protocols Based on Discrete Logarithms in Real quadratic Orders Ingrid Biehl Johannes Buchmann Christoph Thiel Fachbereich Informatik Universitat des Saarlandes Postfach 151150, 66041 Saarbrucken, Germany Abstract. We generalize and improve the schemes of [4]. We introduce analogues of exponentiation and discrete logarithms in the principle cycle of real quadratic orders. This enables us to implement many cryptographic protocols based on discrete logarithms, e.g. a variant of the signature scheme of ElGamal [8] 1 Introduction 1.1 Motivation The ....

.... shows that the NFS can be expected to be practical (see [5] 1] It is therefore by no means clear that the discrete logarithm problem remains difficult in the future and one must search for other problems that can serve as basis for one way and trapdoor one way functions (see for example [4], 10] 11] It would be useful to have some sort of hierarchy of difficult problems. If one of the problems turns out to be easy one can use the next difficult one that remains intractable. A first step in this direction is to employ algebraic number fields (see [3] as a source for ....

[Article contains additional citation context not shown here]

Buchmann, J., Williams, H.C.: A Key Exchange System Based on Real-quadratic Fields. Proc. of CRYPTO'89 (LNCS 435) (1989), Springer-Verlag, pp. 335-343

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC