A NICE Cryptanalysis
نویسندگان
چکیده
We present a chosen-ciphertext attack against both NICE cryptosystems. These two cryptosystems are based on computations in the class group of non-maximal imaginary orders. More precisely, the systems make use of the canonical surjection between the class group of the quadratic order of discriminant p −pq2 and the class group of the quadratic order of discriminant √−p. In this paper, we examine the properties of this canonical surjection and use them to build a chosenciphertext attack that recovers the secret key (p and q) from two ciphertexts/cleartexts pairs.
منابع مشابه
Impossible Differential Cryptanalysis on Deoxys-BC-256
Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round...
متن کاملA new method for accelerating impossible differential cryptanalysis and its application on LBlock
Impossible differential cryptanalysis, the extension of differential cryptanalysis, is one of the most efficient attacks against block ciphers. This cryptanalysis method has been applied to most of the block ciphers and has shown significant results. Using structures, key schedule considerations, early abort, and pre-computation are some common methods to reduce complexities of this attack. In ...
متن کاملSecurity Against Generalized Linear Cryptanalysis and Partitioning Cryptanalysis
In this work we give some bounds which can be used to determine if a block cipher is secure against generalized linear cryptanalysis and partitioning cryptanalysis. For this purpose, we give a new de nition of imbalance which has some nice properties, and we show that an equivalent of Matsui's piling-up lemma holds for this de nition. The bounds are illustrated with examples. We prove that it s...
متن کاملTime and Space Complexity Reduction of a Cryptanalysis Algorithm
Binary Decision Diagram (in short BDD) is an efficient data structure which has been used widely in computer science and engineering. BDD-based attack in key stream cryptanalysis is one of the best forms of attack in its category. In this paper, we propose a new key stream attack which is based on ZDD(Zero-suppressed BDD). We show how a ZDD-based key stream attack is more efficient in time and ...
متن کاملFactoring pq with Quadratic Forms: Nice Cryptanalyses
We present a new algorithm based on binary quadratic forms to factor integers of the form N = pq. Its heuristic running time is exponential in the general case, but becomes polynomial when special (arithmetic) hints are available, which is exactly the case for the so-called NICE family of public-key cryptosystems based on quadratic fields introduced in the late 90s. Such cryptosystems come in t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2000