Bivariate Polynomials Modulo Composites and their Applications

  title={Bivariate Polynomials Modulo Composites and their Applications},
  author={Dan Boneh and Henry Corrigan-Gibbs},
  journal={IACR Cryptol. ePrint Arch.},
We investigate the hardness of finding solutions to bivariate polynomial congruences modulo RSA composites. We establish necessary conditions for a bivariate polynomial to be one-way, second preimage resistant, and collision resistant based on arithmetic properties of the polynomial. From these conditions we deduce a new computational assumption that implies an efficient algebraic collision-resistant hash function. We explore the assumption and relate it to known computational problems. The… 
Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures Without Trapdoors
This paper provides an efficient method of proving statements using involved extensions of Stern's protocol to efficiently prove the membership of some element in a zero-knowledge manner, and describes new lattice-based group and ring signatures in the random oracle model.
Bivariate polynomial injections and elliptic curves
For every number field k , we construct an affine algebraic surface X over k with a Zariski dense set of k -rational points, and a regular function f on X inducing an injective map $$X(k)\rightarrow
Partial Bits Exposure Attacks on a New Commitment Scheme Based on the Zagier Polynomial
Several types of partial bits exposure attacks on a new statistically hiding and computationally binding commitment scheme based on the collision-resistant property of the Zagier polynomial are described.
Structure-Preserving Signatures on Equivalence Classes and Constant-Size Anonymous Credentials
The ABC system is the first credential system whose bandwidth required for credential showing is independent of the number of its attributes, i.e., constant-size, and strengthened game-based security definitions for ABC are proposed and proved.
Functional Commitment Schemes: From Polynomial Commitments to Pairing-Based Accumulators from Simple Assumptions
A construction of functional commitment for linear functions based on constantsize assumptions in composite order groups endowed with a bilinear map is proposed, which leads to the first pairing-based polynomial commitments and accumulators for large universes known to achieve security under simple assumptions.
Revisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives
This paper presents a unifying model capturing all existing features of cryptographic accumulators and shows how this model can turn out to be valuable as it allows to use accumulators in a black-box fashion.
Commitment Schemes and Diophantine Equations
This work looks for diophantine equations that are hard to solve but for which determining the number of solutions is easy.
Cryptanalysis of Au et al. Dynamic Universal Accumulator
This paper cryptanalyse the two accumulator variants proposed by Au et al. and shows that if nonmembership witnesses are issued according to the α-based construction, colluding users can efficiently discover the secret accumulator parameter α and takeover the Accumulator Manager.
Chameleon accumulator and its applications
Dynamic Universal Accumulator with Batch Update over Bilinear Groups
The proposed scheme is suitable as an efficient and scalable Anonymous Credential System, accessible even by low-resource users, and shows security of the proposed protocol in the Generic Group Model under a (new) generalized version of the t-SDH assumption.


The Application of Claw Free Functions in Cryptography: - Unconditional Protection in Cryptographic Protocols
This thesis shows how to solve the famous multiparty computation problem, while achieving un conditional privacy protection for one participant, which is the optimal result in the model of communication.
Public Key Encryption and Signature Schemes Based on Polynomials over Zn
A public key encryption scheme where the message blocks are encrypted as roots of a polynomial over Zn and a signature scheme where a short signature can be generated for a long message without using a hash function.
Secure Hash-and-Sign Signatures Without the Random Oracle
A new signature scheme is presented which is existentially unforgeable under chosen message attacks, assuming some variant of the RSA conjecture, and is unique in that the assumptions made on the cryptographic hash function in use are well defined and reasonable.
Secure Accumulators from Euclidean Rings without Trusted Setup
  • H. Lipmaa
  • Mathematics, Computer Science
  • 2012
A new instantiation of the root accumulator is proposed, based on class groups of imaginary quadratic order, that has short (non)membership proofs like the RSA accumulator, and at the same time it is secure against a malicious certificate authority.
On Cryptographic Assumptions and Challenges
  • M. Naor
  • Computer Science, Mathematics
  • 2003
This work proposes several open problems regarding cryptographic tasks that currently do not have a good challenge of that sort by creating a challenge to their validity by classifying computational assumptions based on the complexity of falsifying them.
An efficient solution of the congruence x2+ky2=mpmod{n}
A solution can easily be found if k and m are relatively prime to n and under the assumption of the generalized Riemann hypothesis, a solution can be found by a probabilistic algorithm in O(\log n)^{2}|\log\log|k||) arithmetical steps on O(\ log n) -bit integers.
Short Pairing-Based Non-interactive Zero-Knowledge Arguments
  • Jens Groth
  • Mathematics, Computer Science
  • 2010
This work constructs non-interactive zero-knowledge arguments for circuit satisfiability with perfect completeness, perfect zero- knowledge and computational soundness and security is based on two new cryptographic assumptions.
Hash Functions from Sigma Protocols and Improvements to VSH
This work obtains, via a modified version of the Fiat-Shamir protocol, the fastest known hash function that is provably collision-resistant based on the standard factoring assumption and provides a modified VSH* of VSH which is faster when hashingshort messages.
A Design Principle for Hash Functions
Apart from suggesting a generally sound design principle for hash functions, the results give a unified view of several apparently unrelated constructions of hash functions proposed earlier, and suggests changes to other proposed constructions to make a proof of security potentially easier.
Some remarks on the abc -conjecture
Let r(x) be the product of all distinct primes dividing a nonzero integer x . The abc-conjecture says that if a, b, c are nonzero relatively prime integers such that a + b + c = 0, then the biggest