The classical RSA is vulnerable to low private exponent attacks (LPEA) and has homomorphism. KMOV based on elliptic curve En(a,b) over Zn can resist LPEA but still has homomorphism. QV over En(a,b) not only can ...The classical RSA is vulnerable to low private exponent attacks (LPEA) and has homomorphism. KMOV based on elliptic curve En(a,b) over Zn can resist LPEA but still has homomorphism. QV over En(a,b) not only can resist LPEA but also has no homomorphism. However, QV over En(a,b) requires the existence of points whose order is Mn= 1cm{#Ep(a,b), #Eq(a,b)}. This requirement is impractical for all general elliptic curves. Besides, the computation over En(a,b) is quite complicated. In this paper, we further study conic curve Cn(a,b) over Zn and its corresponding properties, and advance several key theorems and corollaries for designing digital signature schemes, and point out that Cn(a,b) always has some points whose order is Mn: 1cm{#Ep(a,b),#Eq(a,b)). Thereby we present an improved QV signature over Cn(a,b), which inherits the property of non-homomorphism and can resist the Wiener attack. Furthermore, under the same security requirements, the improved QV scheme is easier than that over En(a,b), with respect plaintext embedding, inverse elements computation, points computation and points' order calculation. Especially, it is applicable to general conic curves, which is of great significance to the application of QV schemes.展开更多
基金Supported by the National Natural Science Foundation of China (Grant No. 10128103)
文摘The classical RSA is vulnerable to low private exponent attacks (LPEA) and has homomorphism. KMOV based on elliptic curve En(a,b) over Zn can resist LPEA but still has homomorphism. QV over En(a,b) not only can resist LPEA but also has no homomorphism. However, QV over En(a,b) requires the existence of points whose order is Mn= 1cm{#Ep(a,b), #Eq(a,b)}. This requirement is impractical for all general elliptic curves. Besides, the computation over En(a,b) is quite complicated. In this paper, we further study conic curve Cn(a,b) over Zn and its corresponding properties, and advance several key theorems and corollaries for designing digital signature schemes, and point out that Cn(a,b) always has some points whose order is Mn: 1cm{#Ep(a,b),#Eq(a,b)). Thereby we present an improved QV signature over Cn(a,b), which inherits the property of non-homomorphism and can resist the Wiener attack. Furthermore, under the same security requirements, the improved QV scheme is easier than that over En(a,b), with respect plaintext embedding, inverse elements computation, points computation and points' order calculation. Especially, it is applicable to general conic curves, which is of great significance to the application of QV schemes.
