Welcome to the resource topic for 2001/014
Title:
Timed-Release Cryptography
Authors: Wenbo Mao
Abstract:Let n be a large composite number. Without factoring n, the
validation of a^{2^t} (\bmod \, n) given a, t with gcd(a, n) =
1 and t < n can be done in t squarings modulo n. For t \ll n
(e.g., n > 2^{1024} and t < 2^{100}), no lower complexity than t
squarings is known to fulfill this task (even considering massive
parallelisation). Rivest et al suggested to use such constructions as
good candidates for realising timed-release crypto problems.
We argue the necessity for zero-knowledge proof of the correctness of
such constructions and propose the first practically efficient
protocol for a realisation. Our protocol proves, in \log_2 t
standard crypto operations, the correctness of (a^e)^{2^t}
(\bmod\,n) with respect to a^e where e is an RSA encryption
exponent. With such a proof, a {\em Timed-release RSA Encryption} of a
message M can be given as a^{2^t} M (\bmod \,n) with the
assertion that the correct decryption of the RSA ciphertext M^e
(\bmod \, n) can be obtained by performing t squarings modulo n
starting from a. {\em Timed-release RSA signatures} can be
constructed analogously.
ePrint: https://eprint.iacr.org/2001/014
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .