Public-key cryptosystem design based on factoring and discrete logarithms

Most existing cryptosystem designs incorporate just one cryptographic assumption, such as factoring or discrete logarithms. These assumptions appear secure today; but, it is possible that efficient algorithms will be developed in the future to break one or more of these assumptions. It is very unlikely that multiple cryptographic assumptions would simultaneously become easy to solve. Enhancing security is the major objective for cryptosystems based on multiple assumptions. K.S. McCurley (1990) proposed the first key distribution system based on two dissimilar assumptions, both of which appear to be hard. In his design, the sizes of the security parameters for these two assumptions are quite different. The modulus to satisfy the proper security requirement for one assumption is too large for the other assumption. The side effects are (1) the public key size is larger than the original Diffie-Hellman key distribution scheme; and (2) more computation time is required. The authors propose a cryptographic system design based on the two popular assumptions: factoring and discrete logarithms. Breaking this system is computationally infeasible because it requires (1) solving the Diffie-Hellman discrete logarithm problem in a subgroup of Z_p*, where p=2p´×q´+1 and p´, q´ are two large primes, and (2) factoring (p-1)/2 into two large primes, p´ and q´. Thus, in the proposed system it is possible to choose the same size of security parameter for these two assumptions and, therefore, to maintain the efficiency of the implementation