ii iii Acknowledgements First of all, I would like to thank Prof. Johannes Buchmann for giving me the opportunity to join his research group, organizing the joint research between TUD and NTT, and promoting this doctor thesis as my supervisor. His suggestions and helpful support improve this work significantly. I would also like to thank Prof. Kouichi Sakurai for accepting the task of the secon...

The paper cryptanalyses a public-key cryptosystem recently proposed by Grigoriev and Ponomarenko, which encrypts an element from a fixed finite group defined in terms of generators and relations to produce a ciphertext from SL(2, Z). The paper presents a heuristic method for recovering the secret key from the public key, and so this cryptosystem should not be used in practice.

In choosing between different public-key encryption schemes, the two most important issues to consider are (1) security and (2) cost (practicality). The latter issue is readily quantified and most experts can agree on which systems are likely to offer performance advantages. Our purpose in this note is to clarify the primary considerations involved in analyzing security, as assessing the securi...

Pencil-and-paper exercises in public-key cryptography are important in learning the subject. It is desirable that a student doing such an exercise does not get the right answer by a wrong method. We therefore seek exercises that are sound in the sense that a student who makes one of several common errors will get a wrong answer. Such exercises are difficult to construct by hand. This paper cons...

We use interactive hashing to achieve the most efficient OT protocol to date based solely on the assumption that trapdoor permutations (TDP) exist. Our protocol can be seen as the following (simple) modification of either of the two famous OT constructions: 1) In the one by Even et al (1985), a receiver must send a random domain element to a sender through IH; 2) In the one by Ostrovsky et al (...

In this paper we use the nonrepresentable ring E (m) p to introduce public key cryptosystems in noncommutative settings and based on the Semigroup Action Problem and the Decomposition Problem respectively.