Contributions to provable security and efficient cryptography

This thesis deals with two main matters of modern public key cryptography: provable security and efficient implementation. Indubitably, security is the most important property of any cryptographic scheme. Nevertheless, cryptographic algorithms have often been designed on a trial-and-error basis, i. e., a system has been regarded as secure as long as it withstood cryptanalytic attacks. In contrast, the provable security approach provides rigorous mathematical proofs within well-defined models. Nowadays, provable security is a key requirement for many applications. The main contribution of the first part of this thesis is the development and analysis of new provably secure trapdoor one-way permutations. (Trapdoor) one-way functions are the cardinal primitives in public key cryptography, as they are utilized as building blocks for numerous kinds of cryptographic protocols. For this reason, and because of the small number of promising candidates known today, the invention of new trapdoor one-way functions is of interest on its own. However, to prove the practical relevance of our proposal, we additionally invent several provably secure applications in the range of homomorphic encryption, fail-stop signature schemes, hybrid encryption, and trapdoor commitments. In the second part of this work, we will turn our attention to the efficient implementation of public key algorithms. Besides security, efficiency is the main criterion when evaluating cryptographic schemes because inefficient cryptosystems are of little practical value. In widely-used hand-held devices with scarce resources, cryptosystems based on elliptic curve point groups are the first choice today. Consequently, it is an active area of research to enhance the efficiency of elliptic curve scalar multiplication, which is the most common operation in these cryptosystems. Our contribution here is located in the field of multiplication methods with low memory requirements. We will introduce an algorithm which is as efficient as the state-of-the-art solution, but which significantly reduces the consumption of working memory. Moreover, we will develop a highly flexible variant which can be adapted to the exact amount of available storage. Therefore, the algorithms presented here are especially useful in connection with limited-constraint devices such as smart-cards.