Question regarding common modulus on elliptic curve cryptosystems
I looking for a public-key cryptosystem that allows commutation of the operations of encription/decryption for different users keys ( Ek(Es(m)) = Es(Ek(m)) ). I haven't found a simple cryptosystem in Zp or Z/nZ. I think the solution may be something like the RSA analogs in elliptic curves. Maybe a scheme that allows the use of a common modulus for all users (RSA does not). I've read on some factoring-based cryptosystem (like Meyer-Muller or Koyama-Maurer-Okamoto-Vantone) but the cryptosystem authors say nothing about the possibility of using a common modulus, neither for good nor for bad. Anyone has a deeper knowledge on this crypto to help me? Best regards, Sergio Lerner. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Question regarding common modulus on elliptic curve cryptosystems
[Moderator's Note: please don't top post... --Perry] Sounds like a bad idea -- at a minimum, your encryption will be deterministic. What are you actually trying to achieve? Usually once you understand that, you can find a protocol solving your problem already in the crypto literature. On Sun, 21 Mar 2010, Sergio Lerner wrote: I looking for a public-key cryptosystem that allows commutation of the operations of encription/decryption for different users keys ( Ek(Es(m)) = Es(Ek(m)) ). I haven't found a simple cryptosystem in Zp or Z/nZ. I think the solution may be something like the RSA analogs in elliptic curves. Maybe a scheme that allows the use of a common modulus for all users (RSA does not). I've read on some factoring-based cryptosystem (like Meyer-Muller or Koyama-Maurer-Okamoto-Vantone) but the cryptosystem authors say nothing about the possibility of using a common modulus, neither for good nor for bad. Anyone has a deeper knowledge on this crypto to help me? Best regards, Sergio Lerner. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Question regarding common modulus on elliptic curve cryptosystems
Hi, Elliptic Curve Pohlig-Hellman is comutative. It's quite simple. I've implemented it. Regards, Zacheusz Siedlecki 2010/3/21 Sergio Lerner sergioler...@pentatek.com: I looking for a public-key cryptosystem that allows commutation of the operations of encription/decryption for different users keys ( Ek(Es(m)) = Es(Ek(m)) ). I haven't found a simple cryptosystem in Zp or Z/nZ. I think the solution may be something like the RSA analogs in elliptic curves. Maybe a scheme that allows the use of a common modulus for all users (RSA does not). I've read on some factoring-based cryptosystem (like Meyer-Muller or Koyama-Maurer-Okamoto-Vantone) but the cryptosystem authors say nothing about the possibility of using a common modulus, neither for good nor for bad. Anyone has a deeper knowledge on this crypto to help me? Best regards, Sergio Lerner. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Question regarding common modulus on elliptic curve cryptosystems
[Moderator's Note: please don't top post --Perry] Commutativity is a beautiful and powerful property. See On the power of Commutativity in Cryptography by Adi Shamir. Semantic security is great and has given a new provable sense of security, but commutative building blocks can be combined to build the strangest protocols without going into deep mathematics, are better suited for teaching crypto and for high-level protocol design. They are like the Lego blocks of cryptography! Now I'm working on an new untraceable e-cash protocol which has some additional properties. And I'm searching for a secure commutable signing primitive. Best regards, Sergio Lerner. On 22/03/2010 09:56 a.m., Jonathan Katz wrote: Sounds like a bad idea -- at a minimum, your encryption will be deterministic. What are you actually trying to achieve? Usually once you understand that, you can find a protocol solving your problem already in the crypto literature. On Sun, 21 Mar 2010, Sergio Lerner wrote: I looking for a public-key cryptosystem that allows commutation of the operations of encription/decryption for different users keys ( Ek(Es(m)) = Es(Ek(m)) ). I haven't found a simple cryptosystem in Zp or Z/nZ. I think the solution may be something like the RSA analogs in elliptic curves. Maybe a scheme that allows the use of a common modulus for all users (RSA does not). I've read on some factoring-based cryptosystem (like Meyer-Muller or Koyama-Maurer-Okamoto-Vantone) but the cryptosystem authors say nothing about the possibility of using a common modulus, neither for good nor for bad. Anyone has a deeper knowledge on this crypto to help me? Best regards, Sergio Lerner. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Question regarding common modulus on elliptic curve cryptosystems
As far as I understand, Elliptic Curve Pohlig-Hellman is not public-key. It's a private key cipher. Regards, Sergio. On 22/03/2010 09:56 a.m., Zacheusz Siedlecki wrote: Hi, Elliptic Curve Pohlig-Hellman is comutative. It's quite simple. I've implemented it. Regards, Zacheusz Siedlecki On Sun, Mar 21, 2010 at 10:13 PM, Sergio Lerner sergioler...@pentatek.com wrote: I looking for a public-key cryptosystem that allows commutation of the operations of encription/decryption for different users keys ( Ek(Es(m)) = Es(Ek(m)) ). I haven't found a simple cryptosystem in Zp or Z/nZ. I think the solution may be something like the RSA analogs in elliptic curves. Maybe a scheme that allows the use of a common modulus for all users (RSA does not). I've read on some factoring-based cryptosystem (like Meyer-Muller or Koyama-Maurer-Okamoto-Vantone) but the cryptosystem authors say nothing about the possibility of using a common modulus, neither for good nor for bad. Anyone has a deeper knowledge on this crypto to help me? Best regards, Sergio Lerner. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Question regarding common modulus on elliptic curve cryptosystems
[Moderator's Note: Please please don't top post. --Perry] That paper was from 1980. A few things have changed since then. =) In any case, my point still stands: what you actually want is some e-cash system with some special properties. Commutative encryption is neither necessary nor (probably) sufficient for what you want. Have you at least looked at the literature (which must be well over 100 papers) on e-cash? On Mon, 22 Mar 2010, Sergio Lerner wrote: Commutativity is a beautiful and powerful property. See On the power of Commutativity in Cryptography by Adi Shamir. Semantic security is great and has given a new provable sense of security, but commutative building blocks can be combined to build the strangest protocols without going into deep mathematics, are better suited for teaching crypto and for high-level protocol design. They are like the Lego blocks of cryptography! Now I'm working on an new untraceable e-cash protocol which has some additional properties. And I'm searching for a secure commutable signing primitive. Best regards, Sergio Lerner. On 22/03/2010 09:56 a.m., Jonathan Katz wrote: Sounds like a bad idea -- at a minimum, your encryption will be deterministic. What are you actually trying to achieve? Usually once you understand that, you can find a protocol solving your problem already in the crypto literature. On Sun, 21 Mar 2010, Sergio Lerner wrote: I looking for a public-key cryptosystem that allows commutation of the operations of encription/decryption for different users keys ( Ek(Es(m)) = Es(Ek(m)) ). I haven't found a simple cryptosystem in Zp or Z/nZ. I think the solution may be something like the RSA analogs in elliptic curves. Maybe a scheme that allows the use of a common modulus for all users (RSA does not). I've read on some factoring-based cryptosystem (like Meyer-Muller or Koyama-Maurer-Okamoto-Vantone) but the cryptosystem authors say nothing about the possibility of using a common modulus, neither for good nor for bad. Anyone has a deeper knowledge on this crypto to help me? Best regards, Sergio Lerner. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Question regarding common modulus on elliptic curve cryptosystems AND E-CASH
I've read some papers, not that much. But I don't mind reinventing the wheel, as long as the new protocol is simpler to explain. Reading the literature, I couldn't find a e-cash protocol which : - Hides the destination / source of payments. - Hides the amount of money transferred. - Hides the account balance of each person from the bank. - Allows off-line payments. - Avoids giving the same bill to two different people by design. This means that the protocol does not need to detect the use of cloned bills. - Gives each person a cryptographic proof of owning the money they have in case of dispute. I someone points me out a protocol that manages to fulfill this requirements, I'd be delighted. I think I can do it with a commutative signing primitive, and a special zero-proof of knowledge. Regards, Sergio Lerner. On 22/03/2010 10:25 a.m., Jonathan Katz wrote: That paper was from 1980. A few things have changed since then. =) In any case, my point still stands: what you actually want is some e-cash system with some special properties. Commutative encryption is neither necessary nor (probably) sufficient for what you want. Have you at least looked at the literature (which must be well over 100 papers) on e-cash? On Mon, 22 Mar 2010, Sergio Lerner wrote: Commutativity is a beautiful and powerful property. See On the power of Commutativity in Cryptography by Adi Shamir. Semantic security is great and has given a new provable sense of security, but commutative building blocks can be combined to build the strangest protocols without going into deep mathematics, are better suited for teaching crypto and for high-level protocol design. They are like the Lego blocks of cryptography! Now I'm working on an new untraceable e-cash protocol which has some additional properties. And I'm searching for a secure commutable signing primitive. Best regards, Sergio Lerner. On 22/03/2010 09:56 a.m., Jonathan Katz wrote: Sounds like a bad idea -- at a minimum, your encryption will be deterministic. What are you actually trying to achieve? Usually once you understand that, you can find a protocol solving your problem already in the crypto literature. On Sun, 21 Mar 2010, Sergio Lerner wrote: I looking for a public-key cryptosystem that allows commutation of the operations of encription/decryption for different users keys ( Ek(Es(m)) = Es(Ek(m)) ). I haven't found a simple cryptosystem in Zp or Z/nZ. I think the solution may be something like the RSA analogs in elliptic curves. Maybe a scheme that allows the use of a common modulus for all users (RSA does not). I've read on some factoring-based cryptosystem (like Meyer-Muller or Koyama-Maurer-Okamoto-Vantone) but the cryptosystem authors say nothing about the possibility of using a common modulus, neither for good nor for bad. Anyone has a deeper knowledge on this crypto to help me? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Question regarding common modulus on elliptic curve cryptosystems
[Moderator's note. Please please please don't top post. --Perry] I think you should look for multisignature schemes. There are lots of it. And BTW - right EC Pohlih-Hellman is not public key cryptosystem. I missed your requirement. Regards, Zacheusz 2010/3/22, Jonathan Katz jk...@cs.umd.edu: [Moderator's Note: Please please don't top post. --Perry] That paper was from 1980. A few things have changed since then. =) In any case, my point still stands: what you actually want is some e-cash system with some special properties. Commutative encryption is neither necessary nor (probably) sufficient for what you want. Have you at least looked at the literature (which must be well over 100 papers) on e-cash? On Mon, 22 Mar 2010, Sergio Lerner wrote: Commutativity is a beautiful and powerful property. See On the power of Commutativity in Cryptography by Adi Shamir. Semantic security is great and has given a new provable sense of security, but commutative building blocks can be combined to build the strangest protocols without going into deep mathematics, are better suited for teaching crypto and for high-level protocol design. They are like the Lego blocks of cryptography! Now I'm working on an new untraceable e-cash protocol which has some additional properties. And I'm searching for a secure commutable signing primitive. Best regards, Sergio Lerner. On 22/03/2010 09:56 a.m., Jonathan Katz wrote: Sounds like a bad idea -- at a minimum, your encryption will be deterministic. What are you actually trying to achieve? Usually once you understand that, you can find a protocol solving your problem already in the crypto literature. On Sun, 21 Mar 2010, Sergio Lerner wrote: I looking for a public-key cryptosystem that allows commutation of the operations of encription/decryption for different users keys ( Ek(Es(m)) = Es(Ek(m)) ). I haven't found a simple cryptosystem in Zp or Z/nZ. I think the solution may be something like the RSA analogs in elliptic curves. Maybe a scheme that allows the use of a common modulus for all users (RSA does not). I've read on some factoring-based cryptosystem (like Meyer-Muller or Koyama-Maurer-Okamoto-Vantone) but the cryptosystem authors say nothing about the possibility of using a common modulus, neither for good nor for bad. Anyone has a deeper knowledge on this crypto to help me? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
