A New Public-Key Cryptosystem

It is striking to observe that two decades after the discovery of public-key cryptography, the cryptographer’s toolbox contains only a dozen of asymmetric encryption schemes. This rarity and the fact that today’s most popular schemes had so far defied all complexity classification a.ttempts strongly motivates the design of new asymmetric cryptosystems. Interestingly, the crypt,ographic community has been relat,ively more successful in the related field of identification, where a user attempts to convince another entity of his identity by means of an on-line communication. For example, there have been several attempts to build identification protocols based on simple operations (see [19, 21, 22, IS]). Although the devising of new public key cryptosystems appears much more difficult (since it deals with trapdoor functions rather than simple one-way functions) we feel that research in this direction is stsill in order : simple yet efficient constructions may have been overlooked and, in a way, the present, paper is an example of such a sitmuation. As observed by [18], most asymmetric encryption schemes present, the following coninion design morphology : Start with an intractable problem P and find an easy instance P[easy] E P which should be solvable in polynomial space and time. 0 Shuffle or scramble P[easy] until the resulting problem P[shuffle] does not resemble P[easy] any more and becomes indistinguishable from P . 0 Publish P[shuffle] and describe how it should be used for encryption. The information s by the means of which P[shuffle] is reduced t o P[easy] is kept as a secret trapdoor. Construct the cryptosystem in such a way that decryption is essentially different for the cryptanalyst and the legitimate receiver, Whilst the former must solve P[shuffle], the latter may use R and solve only P[easy].