摘要: | In this thesis, two main research directions, efficiency improvement and security enhancement, of public key cryptography are discussed. Firstly, three efficiency improving algorithms for XTR-based cryptographic applications are proposed; then two padding schemes, with CCA2 security, for probabilistic trapdoor one-way functions are presented. XTR public key system uses a particular way to represent subgroup elements and thus it carries lighter load than systems with tradition element representation in both computational and communicational aspects. In practice, when generating private keys with a specific rule, the communicational overhead can be further reduced. Precisely, only part of the corresponding public key needs to be transmitted and the un-transmitted part can be unambiguously recovered. Along with the same specific rule, a new algorithm which can efficiently deciding suitable private key is proposed as well as an algorithm for fast public key recovery. In computational aspect, a new exponentiation algorithm with some extra outputs is proposed. With those extra outputs, the exponentiated result can be directly exploited in applications, which is not possible in previous methods. Furthermore, the proposed exponentiation algorithm brings considerable computational saving in some applications. As the adaptive chosen ciphertext (CCA2) security is now the most widely adopted security notion for public key encryption systems, padding schemes for trapdoor one-way permutations are extensively discussed in the decade. However, optimal asymmetric encryption padding (OAEP), the ancestor of this research line, is proved to be not sufficient for CCA2 security. Hence many alternatives are proposed and a particularly important one of them is OAEP 3-round as no redundancy is introduced in the ciphertext. OAEP 3-round is also proved to be secure for using with any probabilistic trapdoor one-way function, but in the sense of relaxed CCA which is a notion weaker than CCA2 security. In this thesis, two new padding schemes for probabilistic trapdoor one-way functions, both keep the advantages of OAEP 3-round, provably to be CCA2-secure in the random oracle model are proposed. In particular, the first scheme retains the ability of pre-computation while the second maintains the randomness space of the underlying probabilistic trapdoor one-way function. |