Most existing cryptosystem designs incorporate just one cryptographic assumption, such as factoring or discrete logarithms. These assumptions appear secure today; but, it is possible that efficient algorithms will be developed in the future to break one or more of these assumptions. It is very unlikely that multiple cryptographic assumptions would simultaneously become easy to solve. Enhancing security is the major objective for cryptosystems based on multiple assumptions. K.S. McCurley (1990) proposed the first key distribution system based on two dissimilar assumptions, both of which appear to be hard. In his design, the sizes of the security parameters for these two assumptions are quite different. The modulus to satisfy the proper security requirement for one assumption is too large for the other assumption. The side effects are (1) the public key size is larger than the original Diffie-Hellman key distribution scheme; and (2) more computation time is required. The authors propose a cryptographic system design based on the two popular assumptions: factoring and discrete logarithms. Breaking this system is computationally infeasible because it requires (1) solving the Diffie-Hellman discrete logarithm problem in a subgroup of Z/sub p/*, where p=2p'*q'+1 and p', q' are two large primes, and (2) factoring (p-1)/2 into two large primes, p' and q'. Thus, in the proposed system it is possible to choose the same size of security parameter for these two assumptions and, therefore, to maintain the efficiency of the implementation.
展开▼
机译:大多数现有的密码系统设计仅包含一种密码假设,例如因式分解或离散对数。这些假设在今天看来是可靠的。但是,将来可能会开发出有效的算法来打破这些假设中的一个或多个假设。多个密码假设同时变得容易解决的可能性很小。基于多种假设,提高安全性是密码系统的主要目标。 K.S. McCurley(1990)基于两个不同的假设,提出了第一个密钥分配系统,这两个假设似乎都很困难。在他的设计中,这两个假设的安全参数的大小完全不同。满足一个假设的适当安全性要求的模数对于另一假设来说太大。副作用是:(1)公钥大小大于原始的Diffie-Hellman密钥分配方案; (2)需要更多的计算时间。作者基于两个普遍的假设提出了密码系统设计:因式分解和离散对数。破坏该系统在计算上是不可行的,因为它需要(1)解决Z / sub p / *子集中的Diffie-Hellman离散对数问题,其中p = 2p'* q'+ 1和p',q'是两个大素数和(2)将(p-1)/ 2分解为两个大素数p'和q'。因此,在所提出的系统中,可以为这两个假设选择相同大小的安全性参数,因此,可以保持实现的效率。
展开▼
