離散対数問題の統合

離散対数問題(DLP-)に基づく暗号は,有限体や楕円曲線,基点,その位数などのdomain parametersを定義する.domain parametersは,1システム内で共有する場合とユーザ毎に生成する場合がある.DLPに基づく暗号の興味深い点は,異なるdomain parameters間の安全性の関係が明らかでない点である.すなわち,あるdomain parametersに基づく離散対数問題が攻撃されても,別の異なるdomain parametersに基づく離散対数問題が攻撃されるとは限らない.暗号の安全性を強化する方法として,鍵サイズを大きくするという方法がある.しかしながら近年,特に弱いクラスの楕円曲線上の離散対数問題が指摘されていることから考えると,鍵サイズの強化は必ずしも安全性の強化には充分とはいえない.本論文では,安全性を強化する方法として,異なるdomain parametersをもつ離散対数問題の統合を検討する.
Both DLP-cryptosystems and ECDLP-cryptosystems use a set of domain parameters which typically specifies a finite field or an elliptic curve, a basepoint, and the order of the basepoint. Domain parameters may be shared among parties or be generated by every party. As for different domain parameters of DLP or ECDLP, their security relationships are not known at all. In order to enhance the security, we usually make the key size larger. However such a method would not be enough to enhance security since there may exist some weak classes of DLP or ECDLP like anomalous elliptic curves which is broken in time polynomial ([19, 16, 21]). In this paper, we investigate a new idea to enhance the security by integrating two or more types of DLP or ECDLP. Especially we propose the new integrated encryption scheme which is based on both the ElGamal. (EG) encryption ([5]), the new integrated key agreement scheme which is based on the Diffie-Hellman (DH) key agreement ([31]), the new integrated signature scheme which is based on the DSA-signature ([41]), and each elliptic-curve version (ECEG, ECDH, ECDSA).