Shigenori Uchiyama

Security of an identity-based cryptosystem and the related reductions

Recently an efficient solution to the discrete logarithm problem on elliptic curves over Fp with p points (p: prime), so-called anomalous curves, was independently discovered by Semaev [14], Smart [17], and Satoh and Araki [12]. Since the solution is very efficient, i.e., O(¦p¦3), the Semaev-Smart-Satoh-Araki (SSSA) algorithm implies the possibility of realizing a trapdoor for the discrete logarithm problem, and we have tried to utilize the SSSA algorithm for constructing a cryptographic scheme. One of our trials was to realize an identity-based cryptosystem (key-distribution) which has been proven to be as secure as a primitive problem, called the Diffie-Hellman problem on an elliptic curve over Z/nZ (n = pq, p and q are primes) where Ep and Eq are anomalous curves (anomalous En-Diffie-Hellman problem). Unfortunately we have found that the anomalous En-Diffie-Hellman problem is not secure (namely, our scheme is not secure). First, this paper introduces our trial of realizing an identity-based cryptosystem based on the SSSA algorithm, and then shows why the anomalous En-Diffie-Hellman problem is not secure. In addition, we generalize the observation of our breaking algorithm and present reductions of factoring n to computing the order2 of an elliptic curve over Z/nZ. (These reductions roughly imply the equivalence of intractability between factoring and computing elliptic curves order.) The algorithm of breaking our identity-based cryptosystem is considered to be a special case of these reductions, and the essential reason why our system was broken can be clarified through these reductions: En in our system is a very specific curve such that the order of En (i.e., n) is trivially known.

An improvement of key generation algorithm for Gentry's homomorphic encryption scheme

One way of improving efficiency of Gentrys fully homomorphic encryption is controlling the number of operations, but our recollection is that any scheme which controls the bound has not proposed. In this paper, we propose a key generation algorithm for Gentrys homomorphic encryption scheme that controls the bound of the circuit depth by using the relation between the circuit depth and the eigenvalues of a basis of a lattice. We present experimental results that show that the proposed algorithm is practical. We discuss security of the basis of the lattices generated by the algorithm for practical use.

Candidate One-Way Functions on Non-Supersingular Elliptic Curves*A preliminary version was presented at ISEC2003 [22].

This paper proposes new candidate one-way functions constructed with a certain type of endomorphisms on non-supersingular elliptic curves. We can show that the one-wayness of our proposed functions is equivalent to some special cases of the co-Diffie-Hellman assumption. Also a digital signature scheme is explicitly described using our proposed functions.

Cryptographic pairings based on elliptic nets

In 2007, Stange proposed a novel method for computing the Tate pairing on an elliptic curve over a finite field. This method is based on elliptic nets, which are maps from Zn to a ring and satisfy a certain recurrence relation. In the present paper, we explicitly give formulae based on elliptic nets for computing the following variants of the Tate pairing: the Ate, Atei, R-Ate, and optimal pairings. We also discuss their efficiency by using some experimental results.

Remarks on the Attack of Fouque et al. against the l IC Scheme

In 2007, l -Invertible Cycles (l IC) wasproposed by Ding et al. This is one of the most efficient trapdoorsfor encryption/signature schemes, and of the mixed field type formultivariate quadratic public-key cryptosystems. Such schemes fiton the implementation over low cost smart cards or PDAs. In 2008,Fouque et al. proposed an efficient attack against the l ICsignature scheme by using Grobner basis algorithms. However,they only explicitly dealt with the odd case, i.e. l isodd, but the even case; they only implemented their proposed attackin the odd case. In this paper, we propose an another practicalattack against the l IC encryption/signature scheme. Ourproposed attack does not employ Grobner basis algorithms, andcan be applied to the both even and odd cases. We show theefficiency of the attack by using some experimental results.Furthermore, the attack can be also applied to the l IC-scheme. To the best of our knowledge, we for the first time showsome experimental results of a practical attack against thel IC- scheme for the even case.

Efficient, non-optimistic secure circuit evaluation based on the elgamal encryption

We propose a protocol for implementing secure function evaluation based on the homomorphic threshold ElGamal encryption scheme. To the best of our knowledge, our solution is more efficient in terms of computational complexity than previous solutions existent in the literature.

Faster Explicit Formulae for Computing Pairings via Elliptic Nets and Their Parallel Computation

In this paper, we discuss computations of optimal pairings over some pairing-friendly curves and a symmetric pairing over supersingular curves via elliptic nets. We show that optimal pairings can be computed more efficiently if we use twists of elliptic curves and give formulae for computing optimal pairings via elliptic nets of these twist curves. Furthermore, we propose parallel algorithms for these pairings and estimate the costs of these algorithms in certain reasonable assumptions.

NZMATH 1.0

This is an announcement of the first official release (version 1.0) of the system NZMATH for number theory by Python [18]. We review all functions in NZMATH 1.0, show its main properties added after the report [11] about NZMATH 0.5.0, and describe new features for stable development. The most important point of the release is that we can now treat number fields. The second major change is that new types of polynomial programs are provided. Elliptic curve primality proving and its related programs are also available, where we partly use a library outside NZMATH as an advantage of writing the system only by Python. A new feature is that NZMATH is registered on SourceForge [19] as an open source project in order to ensure continuous development of the project. This is a unique among existing systems for number theory.