Security of Cryptosystems Based on Class Groups of Imaginary Quadratic Orders

In this work we investigate the difficulty of the discrete logarithm problem in class groups of imaginary quadratic orders. In particular, we discuss several strategies to compute discrete logarithms in those class groups. Based on heuristic reasoning, we give advice for selecting the cryptographic parameter, i.e. the discriminant, such that cryptosystems based on class groups of imaginary quadratic orders would offer a similar security as commonly used cryptosystems.

[1]  Tsuyoshi Takagi,et al.  Reducing Logarithms in Totally Non-maximal Imaginary Quadratic Orders to Logarithms in Finite Fields , 1999, ASIACRYPT.

[2]  Lowell Schoenfeld,et al.  Sharper bounds for the Chebyshev functions () and (). II , 1976 .

[3]  J. E. Littlewood,et al.  On the Class-Number of the Corpus P(√−k) , 1928 .

[4]  Jacques Stern,et al.  Security Analysis of a Practical "on the fly" Authentication and Signature Generation , 1998, EUROCRYPT.

[5]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[6]  Henri Cohen,et al.  Heuristics on class groups of number fields , 1984 .

[7]  J. Barkley Rosser,et al.  Sharper Bounds for the Chebyshev Functions θ(x) and ψ(x). II , 1975 .

[8]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[9]  Stephan Düllmann,et al.  Ein Algorithmus zur Bestimmung der Klassengruppe positiv definierter binärer quadratischer Formen , 1991 .

[10]  Detlef Hühnlein,et al.  Quadratic orders for {NESSIE} - Overview and parameter sizes of three public key families , 2000 .

[11]  Johannes Buchmann,et al.  Cryptographic Protocols Based on Intractability of Extracting Roots and Computing Discrete Logarithms , 1999 .

[12]  Henri Cohen,et al.  Heuristics on class groups , 1984 .

[13]  Harvey E. Rose A course in number theory (2. ed.) , 1996 .

[14]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[15]  C. Schnorr,et al.  A Monte Carlo factoring algorithm with linear storage , 1984 .

[16]  Jonathan P. Sorenson,et al.  Approximating the number of integers free of large prime factors , 1997, Math. Comput..

[17]  Walter M. Lioen,et al.  Factorization of RSA-140 Using the Number Field Sieve , 1999, CRYPTO 1999.

[18]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[19]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[20]  Sachar Paulus,et al.  A One Way Function Based on Ideal Arithmetic in Number Fields , 1997, CRYPTO.

[21]  K. Brown,et al.  Graduate Texts in Mathematics , 1982 .

[22]  Johannes Buchmann,et al.  Quadratic fields and cryptography , 1991 .

[23]  Ulrich Vollmer,et al.  Asymptotically Fast Discrete Logarithms in Quadratic Number Fields , 2000, ANTS.

[24]  J. Barkley Rosser,et al.  Sharper bounds for the Chebyshev functions $\theta (x)$ and $\psi (x)$ , 1975 .

[25]  K. McCurley,et al.  A rigorous subexponential algorithm for computation of class groups , 1989 .

[26]  Johannes Buchmann,et al.  LiDIA : a library for computational number theory , 1995 .

[27]  Duncan A. Buell The expectation of success using a Monte Carlo factoring method—some statistics on quadratic class numbers , 1984 .

[28]  Michael J. Jacobson,et al.  Subexponential class group computation in quadratic orders , 1999 .

[29]  Lowell Schoenfeld,et al.  Corrigendum: “Sharper bounds for the Chebyshev functions () and (). II” (Math. Comput. 30 (1976), no. 134, 337–360) , 1976 .

[30]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Public Key Cryptography.

[31]  Loo Keng Hua,et al.  Introduction to number theory , 1982 .

[32]  Niklaus Wirth,et al.  Advances in Cryptology — EUROCRYPT ’88 , 2000, Lecture Notes in Computer Science.

[33]  Pierre Kaplan,et al.  Sur le 2-groupe des classes d'idéaux des corps quadratiques. , 1976 .

[34]  Robert D. Silverman Exposing the Mythical MIPS Year , 1999, Computer.