Towards Practical Non-interactive Public Key Cryptosystems Using Non-maximal Imaginary Quadratic Orders

We present a new non-interactive public-key distribution system based on the class group of a non-maximal imaginary quadratic order ClðDpÞ. The main advantage of our system over earlier proposals based on ðZ=nZÞ [25,27] is that embedding id information into group elements in a cyclic subgroup of the class group is easy (straight-forward embedding into prime ideals suffices) and secure, since the entire class group is cyclic with very high probability. Computational results demonstrate that a key generation center (KGC) with modest computational resources can set up a key distribution system using reasonably secure public system parameters. In order to compute discrete logarithms in the class group, the KGC needs to know the prime factorization of Dp 1⁄4 D1p. We present an algorithm for computing discrete logarithms in ClðDpÞ by reducing the problem to computing discrete logarithms in ClðD1Þ and either F p or F p2 . Our algorithm is a specific case of the more general algorithm used in the setting of ray class groups [5]. We prove—for arbitrary non-maximal orders—that this reduction to discrete logarithms in the maximal order and a small number of finite fields has polynomial complexity if the factorization of the conductor is known.