Discrete Logarithm Research Articles

New Proxy Signature Scheme over Elliptic Curves using Chaotic Maps Applicable during Pandemic COVID-19

Abstract: Digitalization has attracted the world to collect increasing data. Background: Proxy signature is a digital alternative for signing documents in the absence of the original signer. Methods: In this paper, we have used the mathematical methods and concepts of Chaotic maps (CMs) and elliptic curve cryptography. Results: We have proposed a new proxy signature scheme (PSS). Security of our PSS relies on "elliptic curve discrete logarithm (ECDL) and integer factorization (FAC) problems". It requires only low-complexity computation, which increases efficiency. Conclusion: It is the first PSS in such a security setting and can also be assumed to be secure in the post-quantum cryptographic world. It can be highly used digitally during thePandemic conditions like COVID-19.

Elliptic curve cryptography: Theory, security, and applications in modern network security

Abstract. Due to the swift advancement of Internet and computer technology in the 21st century, the demand for network security is increasing. Classic cryptographic algorithms like Rivest-Shamir-Adleman (RSA) and Digital Signature Algorithm (DSA) are insufficient in the face of modern network environments, while elliptic curve cryptography (ECC) has become a research hotspot due to its high security and high efficiency. The purpose of this paper is to discuss the theoretical basis, security analysis, and practical application cases of elliptic curve cryptography, to provide readers with a comprehensive understanding and trigger further research and thinking. This paper analyzes the theoretical basis of ECC, including group theory, domain theory, and the definition and properties of elliptic curves, and analyzes the application of ECC in combination with practical application cases, such as the SM2 algorithm. The article first introduces the concept of groups, the definition of domains, and the basic properties of elliptic curves. Then, the security of ECC is analyzed, especially the complexity of the Elliptic Curve Discrete Logarithm Problem (ECDLP) and the selection of key length. In addition, the security of ECC in practical applications is discussed, including digital signatures, key exchange protocols, and applications in blockchain technology. The results show that ECC provides comparable security to traditional public key algorithms at a short key length, and shows strong security and efficiency in practical applications. As technology progresses and new threats arise, research in ECC will also evolve.

Solving Elliptic Curve Discrete Logarithm Problem on Twisted Edwards Curves Using Quantum Annealing and Index Calculus Method

Abstract This paper presents an approach to solving the elliptic curve discrete logarithm problem on alternative curve models over prime fields using a quantum annealing and index calculus method. Part of the algorithm, relation searching, is transformed into the Quadratic Unconstrained Boolean Optimization (QUBO) problem and then is efficiently solved using the D-Wave computer by quantum annealing. As Faugère et al. showed, twisted Edwards curves, because of their symmetric shape, allow us to obtain solutions of relations searching step using Groebner basis faster than in the case of Weierstrass curves. Because of symmetries, a system of equations of relations searching step for twisted Edwards curves has many symmetric solutions. Using the Groebner basis and having many system solutions makes it easier to find any of them. The same is true using quantum annealing - it is easier to find any solution to the QUBO problem if many are correct. In this paper, we used this observation to find out that a properly constructed QUBO problem for the relations searching step for twisted Edwards curves allows us to find a solution faster for the same size of the base field than in the case of Weierstrass curves. Using the presented approach, we solved the discrete logarithm problem using quantum annealing and index calculus method for elliptic curve discrete logarithm problem defined on twisted Edwards curve over a field 𝔽1021 with order equal to 4 · 241. It is now the biggest field and size of the group, where the elliptic curve discrete logarithm problem was solved using quantum methods.

A Comprehensive Review of MI-HFE and IPHFE Cryptosystems: Advances in Internal Perturbations for Post-Quantum Security

The RSA cryptosystem has been a cornerstone of modern public key infrastructure; however, recent advancements in quantum computing and theoretical mathematics pose significant risks to its security. The advent of fully operational quantum computers could enable the execution of Shor’s algorithm, which efficiently factors large integers and undermines the security of RSA and other cryptographic systems reliant on discrete logarithms. While Grover’s algorithm presents a comparatively lesser threat to symmetric encryption, it still accelerates key search processes, creating potential vulnerabilities. In light of these challenges, there has been an intensified focus on developing quantum-resistant cryptography. Current research is exploring cryptographic techniques based on error-correcting codes, lattice structures, and multivariate public key systems, all of which leverage the complexity of NP-hard problems, such as solving multivariate quadratic equations, to ensure security in a post-quantum landscape. This paper reviews the latest advancements in quantum-resistant encryption methods, with particular attention to the development of robust trapdoor functions. It also provides a detailed analysis of prominent multivariate cryptosystems, including the Matsumoto–Imai, Oil and Vinegar, and Polly Cracker schemes, alongside recent progress in lattice-based systems such as Kyber and Crystals-DILITHIUM, which are currently under evaluation by NIST for potential standardization. As the capabilities of quantum computing continue to expand, the need for innovative cryptographic solutions to secure digital communications becomes increasingly critical.

TrustCNAV: Certificateless aggregate authentication of civil navigation messages in GNSS

The Global Navigation Satellite System (GNSS) is capable of accurate positioning because it can provide high-precision data. These data are transmitted to the receiver in the form of navigation messages, called civil navigation messages (CNAV). As it is transmitted in an open, transparent environment without data integrity protection mechanisms and secure data transmission measures, the CNAV is suspected to spoofing attacks. In 2023, the OPSGROUP has received approximately 50 reports of GPS spoofing activity. A spoofed plane's navigation system will show it as being in a different place - a security risk if a jet is guided to fly into a hostile country's airspace. To prevent the forging of GNSS positioning data by spoofing attacks targeting CNAV, we propose a certificateless aggregation authentication for CNAV by using the elliptic curve discrete logarithm problem and the combination of the GNAV structural characteristics, called TrustCNAV. Security proof and performance analysis indicate that this authentication scheme can resist spoofing attacks and ensure data security of CNAV, also it avoids pairing operations with high computational complexity, thus meeting security requirements without causing too much time and communication consumption.

Tighter bound for generalized multiple discrete logarithm problem via MDS matrix method

Discrete logarithm problem (DLP) is one of the fundamental hard problems used in cryptography. For 1≤k≤n, solving the k-out-of-n DLP instances is an important problem emerging in certain scenarios in public-key cryptography. Ying and Kunihiro (ACNS 2017) pioneered in studying k-out-of-n instance solutions of DLP, which is a generalized version of multiple DLP. By reducing the multiple DLP to the generalized version, they established lower bounds on the computational complexity of k-out-of-n DLP for different parameter values of k.In this paper, we further reduce the reduction complexity presented in Ying and Kunihiro's work and increase the range of k and n for the tight lower bound of k-out-of-n DLP in the generic group model, which has applications in related cryptographic schemes. To achieve the goal, the key technique is to utilize a variant of fast multipoint evaluation. We divide the discussion into two cases. In the special case when n divides p−1, by leveraging Number Theory Transform (NTT) technique, we expand k and n to a larger range. In the general case, by using a variant of fast multipoint evaluation, we increase k and n to a moderately larger range.

Discrete Logarithm Factory

The Number Field Sieve and its variants are the best algorithms to solve the discrete logarithm problem in finite fields (except for the weak small characteristic case). The Factory variant accelerates the computation when several prime fields are targeted. This article adapts the Factory variant to non-prime finite fields of medium and large characteristic. A precomputation, solely dependent on an approximate finite field size and an extension degree, allows to efficiently compute discrete logarithms in a constant proportion of the finite fields of the given approximate size and extension degree. We combine this idea with two other variants of NFS, namely the tower and special variant. This combination improves the asymptotic complexity. We also notice that combining our approach with the MNFS variant would be an unnecessary complication as all the potential gain of MNFS is subsumed by our Factory variant anyway. Furthermore, we demonstrate how Chebotarev's density theorem allows to compute the density of finite fields that can be solved with a given precomputation. Finally, we provide experimental data in order to assess the practical reach of our approach.

Unforgeability of Blind Schnorr in the Limited Concurrency Setting

Blind signature schemes enable a user to obtain a digital signature on a message from a signer without revealing the message itself. Among the most fundamental examples of such a scheme is blind Schnorr, but recent results show that it does not satisfy the standard notion of security against malicious users, One-More Unforgeability (OMUF), as it is vulnerable to the ROS attack. However, blind Schnorr does satisfy the weaker notion of sequential OMUF, in which only one signing session is open at a time, in the Algebraic Group Model (AGM) + Random Oracle Model (ROM), assuming the hardness of the Discrete Logarithm (DL) problem. This paper serves as a first step towards characterizing the security of blind Schnorr in the limited concurrency setting. Specifically, we show that blind Schnorr satisfies OMUF when at most two signing sessions can be concurrently open (in the AGM+ROM, assuming DL). Our argument suggests that it is plausible that blind Schnorr satisfies OMUF for up to polylogarithmically many concurrent signing sessions. Our security proof involves interesting techniques from linear algebra and combinatorics.

A heterogeneous ring signcryption scheme with privacy protection and conditional tracing for smart grid

Smart grid develops rapidly, but there are still security risks such as user privacy leakage, power data tampering and audit data inconsistency. The existing schemes to ensure data security mainly use traceable ring signcryption, which is applied in distributed application scenarios such as smart grid. Traceable ring signcryption can ensure the anonymity, integrity, unforgeability and confidentiality of data, and can trace the real identity of anonymous users. However, the traceability of these schemes is arbitrary, any actor can trace the identity of anonymous users, and they do not resolve disputes caused by tampered or inconsistent data. To remedy these deficiencies, we combine ring signcryption with consortium blockchain technology for the first time to achieve privacy protection and conditional tracing, which can effectively avoid anonymous user identity being revealed at will. Consortium blockchain is a semi-distributed P2P network that can solve data disputes and is suitable for organizations that require certain access control mechanisms such as smart grid. In this paper, we propose a heterogeneous ring signcryption scheme with privacy protection and conditional tracing (CTHRSC) which between certificateless cryptographic system (CLC) and public key infrastructure (PKI). Besides, we prove that our scheme is secure under the discrete logarithm problem (DLP) and decisional Diffie–Hellman problem (DDHP) in random oracle model (ROM). Compared with other signature or signcryption schemes, our advantages are satisfying conditional tracing and known temporary session key security (KTSKS), requiring less computation cost and communication overhead.

A Problem as Much of Economic Theory as of Statistical Technique? The Walsh-Edgeworth Debate on Index Numbers, 1921–25

Abstract Correa Moylan Walsh (1862–1936) was a monetary economist of the early twentieth century, mostly remembered for his contributions to the theory of index numbers. Francis Ysidro Edgeworth (1845–1926) was a renowned mathematical economist, remembered as one of the great masters of the discipline. Walsh was an adamant defender of a deterministic, test approach to the theory of index numbers, whereas Edgeworth favored probabilistic approaches and thought index-number theorists should not close themselves to alternative methods. Holding contrasting views about the making of index numbers, they engaged in a fierce debate in the first half of the 1920s—a period marked by several quarrels on the subject. The main points in dispute between Walsh and Edgeworth were the existence of an ideal formula for index numbers and the use of probability in the measurement of price variations. The goal of this article is to explore this debate and its underpinnings. It is argued that the main points of contention between them relate to their conflicting perspectives on the nature of index numbers.

Blockchain-enhanced efficient and anonymous certificateless signature scheme and its application

Although the Internet of Things (IoT) brings efficiency and convenience to various aspects of people’s lives, security and privacy concerns persist as significant challenges. Certificateless Signatures eliminate digital certificate management and key escrow issues and can be well embedded in resource-constrained IoT devices for secure access control. Recently, Ma et al. designed an efficient and pair-free certificateless signature (CLS) scheme for IoT deployment. Unfortunately, We demonstrate that the scheme proposed by Ma et al. is susceptible to signature forgery attacks by Type-II adversaries. That is, a malicious-and-passive key generation center (KGC) can forge a legitimate signature for any message by modifying the system parameters without the user’s secret value. Therefore, their identity authentication scheme designed based on vehicular ad-hoc networks also cannot guarantee the claimed security. To address the security vulnerabilities, we designed a blockchain-enhanced and anonymous CLS scheme and proved its security under the Elliptic curve discrete logarithm (ECDL) hardness assumption. Compared to similar schemes, our enhanced scheme offers notable advantages in computational efficiency and communication overhead, as well as stronger security. In addition, a mutual authentication scheme that satisfies the cross-domain scenario is proposed to facilitate efficient mutual authentication and negotiated session key generation between smart devices and edge servers in different edge networks. Performance evaluation shows that our protocol achieves an effective trade-off between security and compute performance, with better applicability in IoT scenarios.

Efficient provable dual receiver hybrid and light weight public key schemes based on the discrete logarithm problem without pairings

AbstractDual‐receiver proxy re‐encryption is a cryptographic technique that enables secure data sharing among multiple authorized users or entities. It has gained significant attention for its ability to manage access permissions, data confidentiality, and streamline communication channels. These schemes have been widely used in various applications, including healthcare systems, cloud computing, Internet of Things (IoT) systems, collaborative environments, and secure communication channels. This paper aims to propose two proxy re‐encryption schemes for dual receivers without pairings. The first is dual receiver lightweight proxy re‐encryption without pairings (DR‐LWPRE‐WP), which uses a public key scheme to reduce computational complexity. The second is dual receiver hybrid proxy re‐encryption without pairings (DR‐HPRE‐WP), which incorporates public key and symmetric key schemes. Both schemes offer protection against selected plaintext attacks based on the decisional Diffie‐Hellman principle. The DR‐LWPRE‐WP scheme reduces computation by approximately 53% compared to pairing‐based schemes, making it suitable for lightweight applications like the Internet of Things. The computational efficacy of these schemes offers significant benefits for resource‐constrained environments and practical implementations.

Certificateless integrity auditing scheme for sensitive information protection in cloud storage

Data integrity auditing provides a method for checking the integrity of outsourced data in cloud storage. However, outsourced data often contain sensitive information (such as names), posing risks of exposure during data sharing. To address this issue, Ming et al. proposed a certificateless integrity auditing scheme for sensitive information protection, claiming its security. However, by demonstrating two specific attack scenarios, we pointed out its security vulnerabilities. Subsequently, we proposed a new certificateless integrity auditing scheme for sensitive information protection in cloud storage (CIAS-SIP), which supports sensitive information protection and does not specify the data blocks that need sanitization by the data owner (DO). In addition, it supports dynamic operations by the DO on outsourced data (insertion, deletion, and modification) and provides security proofs based on the discrete logarithm problem. Finally, we compared CIAS-SIP’s performance with three other integrity auditing schemes for sensitive information protection. The results show that CIAS-SIP exhibits superior efficiency.

Elliptic curves in continuous-variable quantum systems

Elliptic curves are planar curves which can be used to define an abelian group. The computation of this group's addition operation, as well as related operations such as the discrete logarithm, could be performed on quantum computing devices, potentially leading to better performance. Currently, however, thousands of logical qubits are required for elliptic curve group addition, putting this application out of reach for near-term quantum hardware. Here we give an algorithm for computing elliptic curve group addition (over the real numbers) using a single continuous-variable mode, based on weak measurements of a system with a cubic potential energy. This result could lead to improvements in the efficiency of elliptic curve operations using a quantum device.

Quantum resource estimation for large scale quantum algorithms

Quantum algorithms are often represented in terms of quantum circuits operating on ideal (logical) qubits. However, the practical implementation of these algorithms poses significant challenges. Many quantum algorithms require a substantial number of logical qubits, and the inherent susceptibility to errors of quantum computers require quantum error correction. The integration of error correction introduces overhead in terms of both space (physical qubits required) and runtime (how long the algorithm needs to be run for). This paper addresses the complexity of comparing classical and quantum algorithms, primarily stemming from the additional quantum error correction overhead. We propose a comprehensive framework that facilitates a direct and meaningful comparison between classical and quantum algorithms. By acknowledging and addressing the challenges introduced by quantum error correction, our framework aims to provide a clearer understanding of the comparative performance of classical and quantum computing approaches. This work contributes to understanding the practical viability and potential advantages of quantum algorithms in real-world applications.We apply our framework to quantum cryptanalysis, since it is well known that quantum algorithms can break factoring and discrete logarithm based cryptography and weaken symmetric cryptography and hash functions. In order to estimate the real-world impact of these attacks, apart from tracking the development of fault-tolerant quantum computers it is important to have an estimate of the resources needed to implement these quantum attacks. This analysis provides state-of-the art snap-shot estimates of the realistic costs of implementing quantum attacks on these important cryptographic algorithms, assuming quantum fault-tolerance is achieved using surface code methods, and spanning a range of potential error rates. These estimates serve as a guide for gauging the realistic impact of these algorithms and for benchmarking the impact of future advances in quantum algorithms, circuit synthesis and optimization, fault-tolerance methods and physical error rates.

EMAKAS: An efficient three-factor mutual authentication and key-agreement scheme for IoT environment

The adoption of IoT in healthcare revolutionizes remote patient monitoring and healthcare efficiency. Yet, it brings notable security and privacy challenges, particularly in resource-constrained environment. We propose a secure and efficient three-factor lightweight mutual authentication and key agreement scheme, designed for IoT-based smart healthcare systems, addressing these critical concerns. The scheme employs a fuzzy extractor, a one-way hash function, Elliptic Curve Discrete Logarithm and XOR operations for efficient cryptographic transformations, creating a robust framework for secure data handling. The scheme's design focuses on security and privacy while minimizing computational demands, making it ideal for resource-constrained IoT devices. We utilized both informal and formal security analyses to validate our scheme, employing the Random Oracle Model (ROM), Scyther tool and Burrows-Abadi-Needham (BAN) logic. The security and performance analysis showed that our scheme offers more security features across 15 defined criteria with minimal communication and computational costs compared to other related schemes. The scheme is not only robust against security threats but also practical for implementation in IoT healthcare environment, offering a solution for secure IoT communication by achieving mutual authentication and key agreement with minimized computational requirements.

Towards zero knowledge argument for double discrete logarithm with constant cost

Given that the Schnorr's protocol for Discrete Logarithm (DLOG) exchanges three messages, it is an interesting problem whether a constant round zero-knowledge protocol exists for the Double Discrete Logarithm problem (DDLOG), i.e., to demonstrate the knowledge of a secret witness x in ghx. In this paper, we show that it exists for a fragment of DDLOG with two restrictions: (1) The outer group of DDLOG supports bilinear pairing, and it needs a trusted set-up for common reference string (CRS). (2) x<t where t is the size of KZG commitment key in CRS. The protocol is zero knowledge and constant round, with O(1) complexity for prover and verifier, regardless of the desired security strength. The contributions of the work are mainly theoretical due to its restrictions and concrete performance.

Performance comparison of quantum-safe multivariate polynomial public key encapsulation algorithm

A novel quantum-safe key encapsulation algorithm, called Multivariate Polynomial Public Key (MPPK), was recently proposed by Kuang, Perepechaenko, and Barbeau. Security of the MPPK key encapsulation mechanism does not rely on the prime factorization or discrete logarithm problems. It builds upon the NP-completeness of the modular Diophantine equation problem, for which there are no known efficient classical or quantum algorithms. Hence, it is resistant to known quantum computing attacks. The private key of MPPK comprises a pair of multivariate polynomials. In a companion paper, we analyzed the performance of MPPK when these polynomials are quadratic. The analysis highlighted the MPPK high decapsulation time. We found that, while maintaining the security strength, the polynomials can be linear. Considerable performance gains are obtained for the decapsulation process. In this article, we benchmark the linear case and compare the results with the previous quadratic case.

Improving efficiency and security of Camenisch–Lysyanskaya signatures for anonymous credential systems

Camenisch–Lysyanskaya signature scheme with randomizability, namely CL signatures, at CRYPTO’04 has been well adopted for many privacy-preserving constructions, especially in the context of anonymous credential systems. Unfortunately, CL signatures suffer from linear size drawbacks. The signature size grows linearly based on the signing messages, which decreases the interest in practice, as each user may have multiple attributes (messages). Its standard EUF-CMA security was first proven under an interactive assumption. While the interactive assumption is not desirable in cryptography, Fuchsbauer et al. revisited its security at CRYPTO’18 by proving the scheme under the discrete logarithm (Dlog) assumption in the algebraic group model (AGM) that idealizes the adversary’s computation to be algebraic, yet the reduction loss is non-tight. In this work, we propose a new variant of CL signatures, namely CL+ signatures, that improves efficiency and security. The proposed CL+ signatures possess randomizability without the linear size drawback, such that signature size is a constant of three group elements. Besides, we prove the security of CL+ signatures can be tightly reduced to the DLog problem in AGM with only a loss factor of 3. Lastly, we show how CL+ signatures can also be instantiated to anonymous credential systems.

An Explicit High-Moment Forking Lemma and its Applications to the Concrete Security of Multi-Signatures

In this work we first present an explicit forking lemma that distills the information-theoretic essence of the high-moment technique introduced by Rotem and Segev (CRYPTO '21), who analyzed the security of identification protocols and Fiat-Shamir signature schemes. Whereas the technique of Rotem and Segev was particularly geared towards two specific cryptographic primitives, we present a stand-alone probabilistic lower bound, which does not involve any underlying primitive or idealized model. The key difference between our lemma and previous ones is that instead of focusing on the tradeoff between the worst-case or expected running time of the resulting forking algorithm and its success probability, we focus on the tradeoff between higher moments of its running time and its success probability. Equipped with our lemma, we then establish concrete security bounds for the BN and BLS multi-signature schemes that are significantly tighter than the concrete security bounds established by Bellare and Neven (CCS '06) and Boneh, Drijvers and Neven (ASIACRYPT '18), respectively. Our analysis does not limit adversaries to any idealized algebraic model, such as the algebraic group model in which all algorithms are assumed to provide an algebraic justification for each group element they produce. Our bounds are derived in the random-oracle model based on the standard-model second-moment hardness of the discrete logarithm problem (for the BN scheme) and the computational co-Diffie-Hellman problem (for the BLS scheme). Such second-moment assumptions, asking that the success probability of any algorithm in solving the underlying computational problems is dominated by the second moment of the algorithm's running time, are particularly plausible in any group where no better-than-generic algorithms are currently known.