A Trapdoor Permutation Equivalent to Factoring
In Eurocrypt’98 , Okamoto et al. exhibited a new trapdoor function based on the use of a special moduli (p2q) allowing easy discrete logarithm computations. The authors proved that the scheme’s resistance to chosen-plaintext attacks is equivalent to factoring n. Unfortunately, the proposed scheme suffers from not being a permutation (the expansion rate is ~ 3), and hence cannot be used for public-key signatures. In this paper, we show how to refine the function into a trapdoor permutation that can be used for signatures. Interestingly, our variant still remains equivalent to factoring and seems to be the second known trap-door permutation (Rabin-Williams’ scheme  being the first) provably as secure as a primitive problem.
Unable to display preview. Download preview PDF.
- 1.T. Okamoto and S. Uchiyama, A New Public-Key Cryptosystem as secure as Factoring, LNCS 1403, Advances in Cryptology, Proceedings of Eurocrypt’98, Springer-Verlag, pp. 308–318, 1998.Google Scholar
- 3.M. Rabin, Digitalized Signatures and Public-Key Functions as Intractable as Factorization, Technical Report No. 212, MIT Laboratory of Computer Science, Cambridge, pp. 1–16, 1979.Google Scholar
- 4.L. Goubin and J. Patarin, Trapdoor One-Way Permutations and Multivariate Polynomials, Proceedings of ICICS’97, LNCS 1334, Springer-Verlag, pp 356–368, 1997.Google Scholar
- 5.E. Okamoto and R. Peralta, Faster Factoring of Integers of a Special Form, IEICE Trans. Fundamentals, Vol. E79-A, No 4, pp 489–493, 1996.Google Scholar