Cryptography Based on Number Fields with Largeregulatorjohannes Buchmann

We explain a variant of the Fiat-Shamir identiication and signature protocol which is based on the intractability of computing generators of principal ideals in algebraic number elds. We also show how to use the Cohen-Lenstra-Martinet heuristics for class groups to construct number elds in which computing generators of principal ideals is intractable. 1. Introduction The security of public key cryptosystems is based on the intractability of computational problems in mathematics and in particular in number theory. Examples are the problems of factoring integers or computing discrete logarithms in certain nite abelian groups (see 23]). However, there is currently no such problem whose computational diiculty can be proved. On the contrary: Experience with the factoring problem shows that unexpected breakthroughs are always possible. To guarantee that public key cryptography is possible even if the currently used systems are broken , it is necessary to identify alternative computational problems which can be used as the basis of public key schemes. In this paper, we consider the principal ideal problem (PIP): Let O be an order of an algebraic number eld F. Given a principal O-ideal I, nd a generator