Abstract
We present a new non-interactive public-key distribution system based on the class group of a non-maximal imaginary quadratic order Cl( Δ p ). The main advantage of our system over earlier proposals based on (Z/nZ)* [25,27] is that embedding id information into group elements in a cyclic subgroup of the class group is easy (straight-forward embedding into prime ideals suffices) and secure, since the entire class group is cyclic with very high probability. Computational results demonstrate that a key generation center (KGC) with modest computational resources can set up a key distribution system using reasonably secure public system parameters. In order to compute discrete logarithms in the class group, the KGC needs to know the prime factorization of Δ p =Δ1 p 2. We present an algorithm for computing discrete logarithms in Cl(Δ p ) by reducing the problem to computing discrete logarithms in Cl(Δ1) and either F* p or F* p 2. Our algorithm is a specific case of the more general algorithm used in the setting of ray class groups [5]. We prove—for arbitrary non-maximal orders—that this reduction to discrete logarithms in the maximal order and a small number of finite fields has polynomial complexity if the factorization of the conductor is known.
Similar content being viewed by others
References
I. Biehl and J. Buchmann, An analysis of the reduction algorithm for binary quadratic forms, Voronoi's Impact on Modern Science (Kyiv, Ukriaine) (P. Engel and H. Syta, eds.), Vol. 1, Institute of Mathematics of National Academy of Sciences (1999).
D. Boneh and M. Franklin, Identity based encryption from the Weil Pairing, Advances in Cryptology – CRYPTO 2001, Lecture Notes in Computer Science, Vol. 2139 (2001) pp. 213–229.
Z. I. Borevich and I. R. Shafarevich, Number theory, Academic Press, New York (1966).
H. Cohen, A course in computational algebraic number theory, Springer-Verlag, Berlin (1993).
H. Cohen, F. Diaz, Y. Diaz and M. Olivier, Computing ray class groups, conductors, and discriminants, Math. Comp., Vol. 67, No. 222 (1998) pp. 773–795.
H. Cohen and H. W. Lenstra, Jr., Heuristics on class groups of number fields, Number Theory, Lecture Notes in Math., Vol. 1068, Springer-Verlag, New York (1983) pp. 33–62.
D. A. Cox, Primes of the form x 2 + ny 2, John Wiley & Sons, New York (1989).
A. Geist, A. Beguelin, J. Dongarra, W. Jiang, R. Manchek and V. Sunderam, PVM: Parallel Virtual Machine – a user's guide and tutorial for networked parallel computing, MIT Press, Cambridge, Mass. (1994).
D. Gordon, Discrete logarithms using the number field sieve, Siam J. Discrete Math., Vol. 6 (1993) pp. 124–138.
D. Hühnlein, Efficient implementation of cryptosystems based on non-maximal imaginary quadratic orders, Selected Areas in Cryptography – SAC'99, Lecture Notes in Computer Science, Vol. 1758 (1999) pp. 150–167.
D. Hühnlein, Faster generation of NICE-Schnorr signatures, Topics in Cryptology—CT-RSA 2001, The Cryptographer's Track at RSA Conference 2001, Lecture Notes in Computer Science, Vol. 2020 (2001) pp. 1–12.
D. Hühnlein, Quadratic orders for NESSIE – overview and parameter sizes of three public key families, Technical Report No. TI-3/00, TU-Darmstadt, via http://www.informatik.tu-darmstadt.de/TI/ Welcome.html, 2000.
D. Hühnlein, M. J. Jacobson, Jr., S. Paulus and T. Takagi, A cryptosystem based on non-maximal imaginary quadratic orders with fast decryption, Advances in Cryptology—EUROCRYPT '98, Lecture Notes in Computer Science, Vol. 1403 (1998) pp. 294–307.
D. Hühnlein and J. Merkle, An efficient NICE-Schnorr-type signature scheme, Proceedings of PKC 2000, Melbourne, Lecture Notes in Computer Science, Vol. 1751 (2000).
D. Hühnlein and T. Takagi, Reducing logarithms in totally non-maximal imaginary quadratic orders to logarithms in finite fields, Advances in Cryptology – ASIACRYPT '99, Lecture Notes in Computer Science (1999).
M. J. Jacobson, Jr., Subexponential class group computation in quadratic orders, Ph.D. thesis, Technische Universität Darmstadt, Darmstadt, Germany (1999).
M. J. Jacobson, Jr., Computing discrete logarithms in quadratic orders, Journal of Cryptology, Vol. 13 (2000) pp. 473–492.
M. J. Jacobson, Jr. and H. C. Williams, The size of the fundamental solutions of consecutive Pell equations, Exp. Math., Vol. 9, No. 4 (2000) pp. 631–640.
D. Kügler, Eine Aufwandsanalyze für identitätsbasierte Kryptosysteme, Master's thesis, Technische Universität Darmstadt, Darmstadt, Germany, 1998, (in German), via http://www.informatik.tudarmstadt. de/TI/Veroeffentlichung.
S. Lang, Algebraic number theory, Second Edition, Springer, Berlin, 1991, ISBN 3-540-94225-4.
A. K. Lenstra and E. Verheul, Selecting cryptographic key sizes, Proceedings of Public Key Cryptography 2000, Lecture Notes in Computer Science, Vol. 1751 (2000) pp. 446–465.
The LiDIA Group, LiDIA: a C++ library for computational number theory, Software, Technische Universität Darmstadt, Germany, 1997, See http://www.informatik.tu-darmstadt.de/TI/LiDIA.
R. F. Lukes, C. D. Patterson and H. C. Williams, Numerical sieving devices: Their history and some applications, Nieuw Archief voor Wiskunde, Vol. 13, No. 4 (1995) pp. 113–139.
M. Maurer and D. Kügler, A note on the weakness of the Maurer-Yacobi squaring method, Tech. report, Department of Computer Science, Technical University of Darmstadt, Darmstadt, Germany, 1999, To appear.
U. Maurer and Y. Yacobi, Non-interactive public-key cryptography, Advances in Cryptology— EUROCRYPT '91, Lecture Notes in Computer Science, Vol. 547 (1991) pp. 498–507.
U. Maurer and Y. Yacobi, A remark on a non-interactive public-key distribution system, Advances in Cryptology—EUROCRYPT '92, Lecture Notes in Computer Science, Vol. 658 (1993) pp. 458–460.
U. Maurer and Y. Yacobi, A non-interactive public-key distribution system, Design Codes and Cryptography, Vol. 9 (1996) pp. 305–316.
A. Menezes, P. van Oorschot and S. Vanstone, Handbook of applied cryptography, Series on discrete mathematics and its applications, CRC Press, Boca Raton, 1996, ISBN 0-8493-8523-7.
J. Neukirch, Algebraische zahlentheorie, Springer, Berlin (1992).
R. Rivest, The MD5 message-digest algorithm, 1992, RFC1321, Internet Activities Board, Internet Engineering Task Force.
O. Schirokauer, Discrete logarithms and local units, Theory and applications of numbers without large prime factors (R. C. Vaughan, ed.), Philos. Trans. Roy. Soc. London Ser. A, Vol. 345, The Royal Society, London, 1993, pp. 409–423.
O. Schirokauer, Using number fields to compute logarithms in finite fields, Math. Comp., Vol. 69 (2000) pp. 1267–1283.
A. Shamir, Identity based cryptosystems and signature schemes, Advances in Cryptology—CRYPTO '84, Lecture Notes in Computer Science, Vol. 196 (1985) pp. 47–53.
D. Weber, Computing discrete logarithms with the number field sieve, Algorithmic Number Theory— ANTS-II (UniversitéBordeaux I, Talence, France), Lecture Notes in Computer Science, Vol. 1122, Springer–Verlag, Berlin (1996).
D. Weber and T. Denny, The solution of McCurley's discrete log challenge, Advances in Cryptology—CRYPTO '98, Lecture Notes in Computer Science, Vol. 1462 (1998) pp. 56–60.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Hühnlein, D., Jacobson, M.J.J. & Weber, D. Towards Practical Non-Interactive Public-Key Cryptosystems Using Non-Maximal Imaginary Quadratic Orders. Designs, Codes and Cryptography 30, 281–299 (2003). https://doi.org/10.1023/A:1025746127771
Issue Date:
DOI: https://doi.org/10.1023/A:1025746127771