Asymptotically Optimal Communication for Torus-Based Cryptography

We introduce a compact and efficient representation of elements of the algebraic torus. This allows us to design a new discrete-log based public-key system achieving the optimal communication rate, partially answering the conjecture in [4]. For n the product of distinct primes, we construct efficient ElGamal signature and encryption schemes in a subgroup of \(F_{q^n}^*\) in which the number of bits exchanged is only a φ(n)/n fraction of that required in traditional schemes, while the security offered remains the same. We also present a Diffie-Hellman key exchange protocol averaging only φ(n)log2 q bits of communication per key. For the cryptographically important cases of n=30 and n=210, we transmit a 4/5 and a 24/35 fraction, respectively, of the number of bits required in XTR [14] and recent CEILIDH [24] cryptosystems.

[1]  N. Tschebotareff,et al.  Die Bestimmung der Dichtigkeit einer Menge von Primzahlen, welche zu einer gegebenen Substitutionsklasse gehören , 1926 .

[2]  Seungjoo Kim,et al.  XTR Extended to GF(p6m) , 2001, Selected Areas in Cryptography.

[3]  Alice Silverberg,et al.  Torus-Based Cryptography , 2003, CRYPTO.

[4]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[5]  Leonard M. Adleman,et al.  A Subexponential Algorithm for Discrete Logarithms over All Finite Fields , 1993, CRYPTO.

[6]  A. K. Lenstra,et al.  Supplement to Implementation of a New Primality Test , 1987 .

[7]  Andries E. Brouwer,et al.  Doing More with Fewer Bits , 1999, ASIACRYPT.

[8]  Andrew M. Odlyzko,et al.  Discrete Logarithms: The Past and the Future , 2000, Des. Codes Cryptogr..

[9]  Eric R. Verheul,et al.  Looking beyond XTR , 2002, ASIACRYPT.

[10]  Arjen K. Lenstra,et al.  Using Cyclotomic Polynomials to Construct Efficient Discrete Logarithm Cryptosystems Over Finite Fields , 1997, ACISP.

[11]  Arjen K. Lenstra,et al.  An overview of the XTR public key system , 2001 .

[12]  Valentin Evgenʹevich Voskresenskiĭ,et al.  Algebraic Groups and Their Birational Invariants , 1998 .

[13]  A. K. Lenstra,et al.  Implementation of a New Primality Test , 1985 .

[14]  Oliver Schirokauer Discrete logarithms and local units , 1993, Philosophical Transactions of the Royal Society of London. Series A: Physical and Engineering Sciences.

[15]  Dan Boneh,et al.  Rounding in lattices and its cryptographic applications , 1997, SODA '97.

[16]  Daniel M. Gordon,et al.  Discrete Logarithms in GF(P) Using the Number Field Sieve , 1993, SIAM J. Discret. Math..

[17]  Oliver Schirokauer,et al.  Discrete Logarithms: The Effectiveness of the Index Calculus Method , 1996, ANTS.

[18]  M. Stam,et al.  Speeding up subgroup cryptosystems , 2003 .

[19]  Arjen K. Lenstra,et al.  The XTR Public Key System , 2000, CRYPTO.

[20]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[21]  Christof Paar,et al.  Generalizations of the Karatsuba Algorithm for Efficient Implementations , 2006, IACR Cryptol. ePrint Arch..

[22]  Yuliang Zheng,et al.  Advances in Cryptology — ASIACRYPT 2002 , 2002, Lecture Notes in Computer Science.

[23]  N. C. Alexander,et al.  Algebraic Tori in Cryptography , 2005 .

[24]  Anatolij A. Karatsuba,et al.  Multiplication of Multidigit Numbers on Automata , 1963 .

[25]  G. Hardy,et al.  An Introduction to the Theory of Numbers , 1938 .

[26]  Alice Silverberg,et al.  Using Primitive Subgroups to Do More with Fewer Bits , 2004, ANTS.

[27]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[28]  Don Coppersmith,et al.  Fast evaluation of logarithms in fields of characteristic two , 1984, IEEE Trans. Inf. Theory.

[29]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[30]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .