The discrete logarithm problem(DLP)is to find a solution n such that g^n=h in a finite cyclic group G=,where h∈G.The DLP is the security foundation of many cryptosystems,such as RSA.We propose a method to improve Pol...The discrete logarithm problem(DLP)is to find a solution n such that g^n=h in a finite cyclic group G=,where h∈G.The DLP is the security foundation of many cryptosystems,such as RSA.We propose a method to improve Pollard’s kangaroo algorithm,which is the classic algorithm for solving the DLP.In the proposed algorithm,the large integer multiplications are reduced by controlling whether to perform large integer multiplication.To control the process,the tools of expanding factor and jumping distance are introduced.The expanding factor is an indicator used to measure the probability of collision.Large integer multiplication is performed if the value of the expanding factor is greater than the given bound.The improved algorithm requires an average of(1.633+o(1))q(1/2)times of the large integer multiplications.In experiments,the average large integer multiplication times is approximately(1.5+o(1))q(1/2).展开更多
In this paper we present a designated verifier-set signature(DVSS),in which the signer allows to designate many verifiers rather than one verifier,and each designated verifier can verify the validity of signature by h...In this paper we present a designated verifier-set signature(DVSS),in which the signer allows to designate many verifiers rather than one verifier,and each designated verifier can verify the validity of signature by himself.Our research starts from identity-based aggregator(IBA)that compresses a designated set of verifier’s identities to a constant-size random string in cryptographic space.The IBA is constructed by mapping the hash of verifier’s identity into zero or pole of a target curve,and extracting one curve’s point as the result of aggregation according to a specific secret.Considering the different types of target curves,these two IBAs are called as zeros-based aggregator and poles-based aggregator,respectively.Based on them,we propose a practical DVSS scheme constructed from the zero-pole cancellation method which can eliminate the same elements between zeros-based aggregator and poles-based aggregator.Due to this design,our DVSS scheme has some distinct advantages:(1)the signature supporting arbitrary dynamic verifiers extracted from a large number of users;and(2)the signature with short and constant length.We rigorously prove that our DVSS scheme satisfies the security properties:correctness,consistency,unforgeability and exclusivity.This is a preview of subscription content,log in to check access.展开更多
基金partially supported by National Key R&D Program of China(no.2017YFB0802500)The 13th Five-Year National Cryptographic Development Foundation(no.MMJJ20180208)+1 种基金Beijing Science and Technology Commission(no.2181100002718001)NSF(no.61272039).
文摘The discrete logarithm problem(DLP)is to find a solution n such that g^n=h in a finite cyclic group G=,where h∈G.The DLP is the security foundation of many cryptosystems,such as RSA.We propose a method to improve Pollard’s kangaroo algorithm,which is the classic algorithm for solving the DLP.In the proposed algorithm,the large integer multiplications are reduced by controlling whether to perform large integer multiplication.To control the process,the tools of expanding factor and jumping distance are introduced.The expanding factor is an indicator used to measure the probability of collision.Large integer multiplication is performed if the value of the expanding factor is greater than the given bound.The improved algorithm requires an average of(1.633+o(1))q(1/2)times of the large integer multiplications.In experiments,the average large integer multiplication times is approximately(1.5+o(1))q(1/2).
基金The work was supported by the National Key Technologies R&D Programs of China(2018YFB1402702 and 2017YFB0802500)the“13th”Five-Year National Cryptographic Development Foundation(MMJJ20180208)+1 种基金NSFC-Genertec Joint Fund For Basic Research(U1636104)the National Natural Science Foundation of China(Grant Nos.61572132,61972032 and U1705264).
文摘In this paper we present a designated verifier-set signature(DVSS),in which the signer allows to designate many verifiers rather than one verifier,and each designated verifier can verify the validity of signature by himself.Our research starts from identity-based aggregator(IBA)that compresses a designated set of verifier’s identities to a constant-size random string in cryptographic space.The IBA is constructed by mapping the hash of verifier’s identity into zero or pole of a target curve,and extracting one curve’s point as the result of aggregation according to a specific secret.Considering the different types of target curves,these two IBAs are called as zeros-based aggregator and poles-based aggregator,respectively.Based on them,we propose a practical DVSS scheme constructed from the zero-pole cancellation method which can eliminate the same elements between zeros-based aggregator and poles-based aggregator.Due to this design,our DVSS scheme has some distinct advantages:(1)the signature supporting arbitrary dynamic verifiers extracted from a large number of users;and(2)the signature with short and constant length.We rigorously prove that our DVSS scheme satisfies the security properties:correctness,consistency,unforgeability and exclusivity.This is a preview of subscription content,log in to check access.
