XTR

Abstract: The new signature scheme presented by the authors in [9] is the first signature scheme based on the discrete logarithm problem that gives message recovery. The purpose of this paper is to show that the message recovery feature is independent of the choice of the signature equation and that all ElGamal type schemes have variants giving message recovery and achieve five new signature schemes giving message recovery. These schemes have different properties as to implementation and security. It turns out that the scheme proposed in [9] is the only inversionless scheme whereas the message recovery variant of the DSA requires computing of inverses in both generation and verification of signatures. In [9] two applications of message recovery were proposed. In the present paper it is shown how to combine ElGamal encryption and the message recovery scheme of [9] and how to securely integrate the DSA into Diffie-Hellman key exchange.

Abstract: This paper introduces the XTR public key system. XTR is based on a new method to represent elements of a subgroup of a multiplicative group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromising security.

Abstract: In 1870 Bouniakowsky [2 J publ ished an algorithm to solve the congruence aX _ bMOD (q). While his algorithm contained several clever ideas useful for small numbers, its asymptotic complexity was O(q). Despite its long history, no fast algorithm has ever emerged for the Discrete Logarithm Problem and the best published method, due to Shanks [lOJ requires O(ql/2) in time and space. The problem has attracted renewed interest in recent years because of its use in cryptography [7 ], [15J,[19J. In particular, the security of the Diffie-Hellman Public Key Distribution Sy s t em [7 J II de pen d s c r ucia 11yon the d iff i c u1t Y 0 f com put i ng log a r i t hms MOD q II • We present a new algorithm for this problem which runs in RTIME better than O(qE) for all E > O.t While no effort is made to present the most efficient incarnation of tActually our algorithm runs in RTIME O(2(O(/10g(q)loglog(q))). RTIME denotes Random Time and refers to algorithms which may use random numbers in their processing. For example, the well known composite testing algorithms of Solovay &Strassen [21J, Miller [11J and Rabin [16J run in RTIME (0(log3(q))). For precise definitions see [1], [llJ and [9J.

Abstract: This paper introduces the XTR public key system. XTR is based on a new method to represent elements of a subgroup of a multiplicative group of a finite field. Application of XTR in cryptographic protocols leads to substantial savings both in communication and computational overhead without compromising security.