Band 6, Heft 1

Abstract. We consider finding discrete logarithms in a group of prime order p when the help of an algorithm D that distinguishes certain subsets of from each other is available. If the complexity of D is a polynomial, say , then we can find discrete logarithms faster than square-root algorithms. We consider two variations on this idea and give algorithms solving the discrete logarithm problem in with complexity and when has factors of suitable size. When multiple distinguishers are available and is sufficiently smooth, logarithms can be found in polynomial time. We discuss natural classes of algorithms D that distinguish the required subsets, and prove that for some of these classes no algorithm for distinguishing can be efficient. The subsets distinguished are also relevant in the study of error correcting codes, and we give an application of our work to bounds for error-correcting codes.

Abstract. In this paper we propose a method to construct logarithmic signatures which are not amalgamated transversal and further do not even have a periodic block. The latter property was crucial for the successful attack on the system MST 3 by Blackburn, Cid and Mullan (2009). The idea for our construction is based on the theory in Szabó's book “Topics in Factorization of Abelian Groups”.

Abstract. In this paper, we present a fast and secure mental poker protocol. The basic structure is the same as Barnett & Smart's and Castellà-Roca's protocols but our encryption scheme is different. With this alternative encryption scheme, our shuffle is not only twice as fast, but it also has different security properties. As such, Barnett & Smart's and Castellà-Roca's security proof cannot be applied to our protocol directly. Nevertheless, our protocol is still provably secure under the DDH assumption. The only weak point of our protocol is that reshuffling a small subset of cards might take longer than Barnett & Smart's and Castellà-Roca's protocols. Therefore, our protocol is more suitable for card games such as bridge, most poker games, mahjong, hearts, or black jack, which do not require much partial reshuffling.

Abstract. This article presents an analysis of the secure key broadcasting scheme proposed by Wu, Ruan, Lai and Tseng [Proceedings of the 25th Annual IEEE Conference on Local Computer Networks (2000), 208–212]. The study of the parameters of the system is based on a connection with a special type of symmetric equations over finite fields. We present two different attacks against the system, whose efficiency depends on the choice of the parameters. In particular, a time-memory tradeoff attack is described, effective when a parameter of the scheme is chosen without care. In such a situation, more than one third of the cases can be broken with a time and space complexity in the range of the square root of the complexity of the best attack suggested by Wu et al. against their system. This leads to a feasible attack in a realistic scenario.