A NICE Cryptanalysis

  • Éliane Jaulmes
  • Antoine Joux
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1807)


We present a chosen-ciphertext attack against both NICE cryptosystems. These two cryptosystems are based on computations in the class group of non-maximal imaginary orders. More precisely, the systems make use of the canonical surjection between the class group of the quadratic order of discriminant \( \sqrt { - pq^2 } \) and the class group of the quadratic order of discriminant \( \sqrt { - p} \). In this paper, we examine the properties of this canonical surjection and use them to build a chosen-ciphertext attack that recovers the secret key (p and q) from two ciphertexts/cleartexts pairs.


Class Group Maximal Order Discrete Logarithm Principal Ideal Quadratic Order 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Mihir Bellare and Phillip Rogaway. Optimal asymmetric encryption — how to encrypt with RSA. In A. De Santis, editor, Advances in Cryptology — EUROCRYPT’94, volume 950 of Lecture Notes in Computer Science. Springer-Verlag, 1994.Google Scholar
  2. 2.
    Dan Boneh, Glenn Durfee, and Nick Howgrave-Graham. Factoring n = pq r for large r. In M. Wiener, editor, Advances in Cryptology — CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 326–337. Springer, 1999.CrossRefGoogle Scholar
  3. 3.
    Henri Cohen. A Course in Computational Algebraic Number Theory. Graduate Texts in Mathematics. Springer, 1995.Google Scholar
  4. 4.
    T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31:469–472, 1985.zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    M. Hartmann, S. Paulus, and T. Takagi. Nice-new ideal coset encryption. In Çetin K. Koç and Christof Paar, editors, Cryptographic Hardware and Embedded Systems — CHES’99, pages 341–352. Springer Verlag, 1999. Pre-proceedings, final proceedings to appear in LNCS.Google Scholar
  6. 6.
    Hühnlein and Takagi. Reducing logarithms in totally non-maximal orders to logarithms in finite fields. In ASIACRYPT’99, 1999.Google Scholar
  7. 7.
    D. Hühnlein, M. J. Jacobson, S. Paulus Jr., and T. Takagi. A cryptosystem based on non-maximal imaginary quadratic orders with fast decryption. In Avances in Cryptology — EUROCRYPT’98, volume 1403 of Lecture Notes in Computer Science, pages 294–307, 1998.CrossRefGoogle Scholar
  8. 8.
    Sachar Paulus and Tsuyoshi Takagi. A new public-key cryptosystem over quadratic orders with quadratic decryption time. to appear in Journal of Cryptology.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Éliane Jaulmes
    • 1
  • Antoine Joux
    • 1
  1. 1.SCSSIIssy-les-Moulineaux cedexFrance

Personalised recommendations