An Adaptation of the NICE Cryptosystem to Real Quadratic Orders

Security of electronic data has become indispensable to today’s global information society, and public-key cryptography, a key element to securing internet communication, has gained increasing interest as a vital subject of research. Numerous public-key cryptosystems have been proposed that use allegedly intractable number theoretic problems as a basis of their security. One example is NICE, introduced in 2000 by Takagi and Paulus, a new cryptosystem with trapdoor decryption based on the relationship between maximal and non-maximal orders in imaginary quadratic number fields. Relying on the intractability of factoring, NICE provides the same security features as RSA, the most prominent of all public-key cryptosystems, but has faster decryption that is especially important in the application of cryptography to devices with small computing power. As the NICE cryptosystem is based on imaginary quadratic fields, a natural question that arises is whether the concept of NICE can also be applied to real quadratic fields. Although the relationship between maximal and non-maximal orders in imaginary quadratic orders is well-known, very little research has been dedicated to non-maximal orders in real quadratic fields. Unlike imaginary quadratic fields, elements of real quadratic class groups are endowed with a semi-group like substructure, the infrastructure, providing an efficient operation on the set of reduced ideals that can potentially be exploited to improve the encryption scheme in an adaptation of NICE to real quadratic fields. In this thesis, we show that the mapping between ideals in the non-maximal and the maximal order which is the key to obtaining fast decryption in NICE, can be extended to real quadratic fields. Furthermore, we present REAL-NICE, an adaptation of the NICE cryptosystem to real quadratic fields. Retaining the same level of security as the original scheme, the new cryptosystem requires a smaller public-key. Moreover, REAL-NICE employs a more flexible encryption scheme than NICE that gives rise for further improvement of the performance of encryption. Apart from an analogue to the NICE encryption algorithm, we introduce the IMS encryption algorithm that utilizes the infrastructure operation to speed up the encryption process. So far, there is only a rigorous security proof for the IMS encryption algorithm for very unfavorable parameter setups. Run times generated by a prototype implemented in C++ are therefore not in favor of the new cryptosystem. They show that a first implementation of the NICE adaptation to real quadratic fields is up to 1.61 times slower than the NICE cryptosystem. However, under reasonable assumptions, the REAL-NICE cryptosystem can clearly outperform its original.