Download Advances in Cryptology — CRYPTO’ 99: 19th Annual by Jean-Sébastien Coron, David Naccache, Julien P. Stern PDF

By Jean-Sébastien Coron, David Naccache, Julien P. Stern (auth.), Michael Wiener (eds.)

ISBN-10: 3540663479

ISBN-13: 9783540663478

Crypto ’99, the 19th Annual Crypto convention, was once subsidized through the foreign organization for Cryptologic examine (IACR), in cooperation with the IEEE computing device Society Technical Committee on protection and privateness and the pc technology division, collage of California, Santa Barbara (UCSB). the overall Chair, Donald Beaver, used to be chargeable for neighborhood association and registration. this system Committee thought of 167 papers and chosen 38 for presentation. This year’s convention software additionally incorporated invited lectures. i used to be happy to incorporate within the software UeliM aurer’s presentation “Information Theoretic Cryptography” and Martin Hellman’s presentation “The Evolution of Public Key Cryptography.” this system additionally integrated the conventional Rump consultation for casual brief shows of latest effects, run via Stuart Haber. those court cases contain the revised models of the 38 papers authorised by means of this system Committee. those papers have been chosen from all of the submissions to the convention in accordance with originality, caliber, and relevance to the sector of cryptology. Revisions weren't checked, and the authors endure complete accountability for the contents in their papers.

Clearly, the vector (β1 , . . , βn ) modulo M satisfies the first m solutions of the system. If m is sufficiently large, it must be the unique solution (α1 , . . , αn ). Hence, in order to solve the system, it suffices to compute a basis of the orthogonal lattice L⊥ , which can be done in polynomial time. 4 Sparse Hidden Subset Sums If the hidden subset sum is sparse, that is κ n/2, the condition (3) gets slightly better. Indeed, when one picks at most κ weights in each subset sum, one can show that E( k 2 ) ≈ mκ2 /16 and E( xj 2 ) ≈ mκ/n.

Vaudenay, The Security of the Birational Permutation Signature Scheme, Journal of Cryptology, 1997, pp. 207-221. FD85. H. Fell and W. Diffie, Analysis of a Public Key Approach Based on Polynomial Substitution, Crypto 85, Springer Verlag, pp. 340-349. KS98. A. Kipnis and A. Shamir, Cryptanalysis of the Oil and Vinegar Signature Scheme, Crypto 98, Springer Verlag, pp. 257-266. K98. N. Koblitz Algebraic Aspects of Cryptography, Springer Verlag, 1998. MI88. T. Matsumoto and H. Imai, Public Quadratic Polynomial Tuples for Efficient Signature Verification and Message Encryption, Eurocrypt 88, Springer Verlag, pp.

Compute a reduced basis (u1 , u2, . . , um−2 ) of the orthogonal lattice (b, c)⊥ . ¯x. 2. Compute a basis of the orthogonal lattice (u1 , . . , um−(n+1))⊥ to obtain L The difference with the hidden subset problem is that, this time, the vector k can be much bigger, due to the presence of s. More precisely, we have s ≈ M/2 and c ≈ M m/3, so that k ≈ M m/12. In the appendix, we discuss how to modify the previous arguments to explain why the condition is still expected to be satisfied. Loosely speaking, when u is short, the vector pu cannot be guaranteed to be short, but all its entries except the last one are short, which suggests it cannot be a non-zero vector of vα⊥ .

