Infosys <Name of the document>

Infosys

A Probabilistic Public-key encryption model based on

the randomness of rolling multiple dice
December, 2010

INFOSYS TECHNOLOGIES LIMITED

Bangalore

Document No. 501684 Ver. Rev. : 1.0

Document No. 501684 Ver. Rev. : 1.1

Authorized by: Signature/: 5 January 2011

Date:

COPYRIGHT NOTICE

© 2010 Infosys Technologies Limited, Bangalore, India. All rights reserved. Infosys believes
the information in this document is accurate as of its publication date; such information is
subject to change without notice. Infosys acknowledges the proprietary rights of other
companies to the trademarks, product names and such other intellectual property rights
mentioned in this document. Except as expressly permitted, neither this document nor any
part of it may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, printing, photocopying, recording or otherwise, without
the prior permission of Infosys Technologies Limited and/or any named intellectual property
rights holders under this document.

Infosys Technologies Limited

Hosur Road
Electronic City, 3rd Cross
Bangalore 560 100
India.
Telephone: (91) (80)28520 261-270
Fax: (91) (80) 8520 362
Website: http://www.infosys.com

© 2010 Infosys Technologies Limited, India

Infosys <Name of the document>

Author(s):
Amit Radha Krishna Nigam
Date written (MM/DD/YY):
02/12/2010
Target readers:
Anyone interested in knowing the applications and scope of Information Security and
Cryptography.
Keywords:
Public key cryptosystems, Trapdoor functions, Probabilistic schemes, Unaproximmable trapdoor
predicates, Qubits
Purpose of the document
To invent and study a different way to secure our existing information systems as well to gain
insight into how probabilistic algorithms can achieve it.

Paper Area
Cryptography and Network Security.
Abstract
In this paper, I first enumerate some of the major security concerns with
deterministic public key cryptographic algorithms and then I draw a
© 2010 Infosys Technologies Limited, India
Infosys <Name of the document>

quantitative comparison among various classical schemes showing their

admittable breakdown in face of Quantum brute force techniques (QBFT).
The paper then present my idea of a new probabilistic encryption model,
that borrows ideas from Goldwasser and Micali 1bit-wise probabilistic
encryption, and is based on the rolling of two fair dice, subsequently
followed by rolling of ‘n’ fair dice.
I have proposed here two models:
[1] ‘Rolling ‘n’ unsolvable dice’ model: as a key generator algorithm for
building a pair of public and private pair key (p, q), where p and q are
solvable problems either from complexity classes or from number theoretic
algorithms such that the product p*q is unsolvable, even by a quantum
computer.
[2] A ‘Random Line generator’: to be used over the dice roll result, to
choose a value to be declared as a parameter of the public key.
Background
1) Public key cryptosystem (PKC)
There exist several techniques for the distribution of public keys such as
2
public announcements, public key authority, public key certificates etc.
Once public key becomes available to all, eavesdropping, tampering or both
is possible besides the drawback of achieving slow data rates. Thus, Public
key encryption is more viewed as a mechanism to securely ‘exchange
private keys’ rather than for conventional encryption.
1.1) Encryption and Decryption using PKC follow a simpler way.
Public key crypto systems begin from deterministic algorithms based on trap
door functions that are defined later.
Let I have two parties A and B who want to securely connect to each other.
M= finite message space m Є M denote a message.
Let EA (known to public): A’s Encryption function (ideally bijective).
DA (private to A only) be A’s Decryption function such that
DA ( EA (m) ) = m ¥ m Є M.
To send a message m to user A, B takes E A, computes EA (m) and send it to A
who can easily calculate DA ( EA (m ) ) to get m.
1.2) Key distribution follows the method
A generates a public/private key pair [ PA , NA] and transmit to B : PA and an
identifier of A, IDA .
1) B generates a secret key K , encrypts it with PA and transmits it to A
i.e.
sends E PA [K] to A.
2) Now the secret key of B from E PA [K] can be found only with
A private key i.e. NA. K= DNA { E PA [K] }
So only A and B know the secret key K. hence they have exchanged a key.

© 2010 Infosys Technologies Limited, India

Infosys <Name of the document>

1
It means that messages are Algorithm Input Output
encrypted bit by bit as opposed to Key nЄN pair =
block cipher encryption schemes generator { (p,q) :
2
because of the growing popularity of K p= public
PGP (Pretty good privacy), which key and q
makes use of RSA, many public users = private
have adopted the practice of key}
appending their public keys to Encryption Public key Encrypted
messages that they sent public forums algorithm e, message
example USENET newsgroups. E *plaintext (cipher
bit b Є text)
2) Probabilistic algorithm {0,1} and using
A probabilistic algorithm is an a random Ee(b,r).
algorithm with an additional command string r of
RANDOM that returns “0” or “1”, each length
with probability 1/2. In cryptography p(n) for
literature, these random choices are some
often referred to as 3coin flips. More polynomial
formally, probabilistic algorithms can p
be defined by Turing machines having Decryption Private Original
an additional infinite read-only tape algorithm key d and message
containing random bits. D Cipher using .
The concept of probabilistic encryption text Dd (Ee
schemes replaces the idea of (b,r) ) )
deterministic trapdoor functions with = b.
indeterminist or unapproximable *for quantum systems, this would
4
trapdoor predicates (UTP). be Є {0,1,X}, where X is the
A trapdoor function f is such that it’s superposition of two qubits
easy to evaluate f but it’s very difficult

© 2010 Infosys Technologies Limited, India

Infosys <Name of the document>

to compute x from f(x) unless some extra information is known. To encrypt

a message m, one simply evaluates f (m).
The two implementations of a public key cryptosystem most relevant and
that inspired for this paper are Goldwasser and Micali [1] and Blum and
Micali [2]. The key idea in both the schemes is the selection of an
approximate UTP that makes it very difficult for the adversary to find the
key, even if he has a quantum computer at his disposal.
3) Probabilistic public-key bit wise encryption scheme.
An encryption scheme consists of three algorithms. Encryption algorithm E,
decryption algorithm D and a Key generation algorithm K. with a security
parameter n, it can be defined as

3
I propose here a model to change these coin flips by dice rolls. This
assumption of coin flipping into the well is due to Blum and Micali [1].
4
Message spaces usually has an associated probability distribution and A
predicate p has probability p to be true wrt this distribution. A Predicate can
be any function or anything like Ex-OR or ‘all bits in message =1 etc. A
predicate B is trapdoor and unapproximable if anyone can select an x such
that B(x) = 0 or y such that B(y) = 1, but only those who know the trapdoor
information can, given z, compute the value of B(z).
Note:The definition of public key cryptosystem defined in section 1 is due
Diffie Hellman[7] in 1970.

Motivation: Breakdown of all deterministic cryptosystems in face of

Quantum Brute force techniques.
Even, given the computational power of today’s most advanced and parallel
processing systems, the factorization of integers is still computationally
infeasible for integers that are product of only a few prime numbers (e.g.,
integers that are a product of two 300-digit primes).By contrast, a quantum
computer, if we develop one in near future, could efficiently solve this
problem of integer factorization using the Shor's algorithm.
That is to say, the quantum computer would be successful to "break" many
of the cryptographic systems in use today including the RSA. Break here
means that there would be a polynomial time (in the number of bits of the
integer) algorithm for solving the problem.
Usually, as I said, most of the famous public key algorithms are based on
the computational difficulty of factoring large integers or prime numbers, or
difficult of solving other trapdoor functions like the Quadratic residuo modulii
of composite numbers.
www.en.wikipedia.org/wiki/Quantum_computer
1. Objections to cryptosystems based on trapdoor functions
I believe that carrying a flag in one hand does not guarantee that you carry
nothing danger in the other.

© 2010 Infosys Technologies Limited, India

Infosys <Name of the document>

The trapdoor used by RSA = c:=me mod n, where m is the message. The
prime factor n (=p*q) can be considered as a trapdoor.
Other disadvantages of encryption schemes based on trapdoor functions are:
1. Inverting may be easy for plain texts of some special form
2. It could be easy to compute at least partial information about the plain
text.
3. It’s easy to detect if the message is sent more than once.
All these features make trapdoor based cryptosystems, 5Semetically or
polynomially unsecure systems. This led to the development of probabilistic
algorithms where the notion of trapdoor functions is replaced by the concept
of unapproximable trapdoor predicates (UTP).
Goldwasser and Micali, was gave this concept and developed first
probabilistic scheme used the predicate function as “is quadratic residue
moduli composite n”. It’s just a concept from so many available in number
theoretic algorithms. But one has to go deep into it.
2. Quantitative comparison of different schemes as against
Quantum computers.

Calculation Assumptions : The following results of *calculation done here

assume the following, Calculations are not shown due to constraint on the
number of pages.
1.
QBF
Table 1: Quantitative comparison of different
schemes as against Quantum computers

T : it stands for Quantum brute force techniques

2. The key size taken is for binary keys only.
3. In substitution codes, all permutations of 26 character serves as key.
4. And all calculations are done on a system of 500 qubits

All these algorithms, mentioned above are widely used to achieve web
security in a highly vulnerable internet world, to encrypt mail
communications, and many other types of data.
It is obvious that the Breaking of all or any of these infact would bring
serious immediate concern for electronic commerce as well as for mobile
commerce industry.
Definitely, A way out of this dilemma would be to use some kind of quantum
cryptography only.
Besides factorization and discrete logarithms, quantum algorithms offering a
more than polynomial speedup over the best known classical algorithm have
been found for several problems. Due to [11], it is a genuine optimism to
draw mechanism that could secure us for the future quantum computers era.
Uniqueness in my approach

© 2010 Infosys Technologies Limited, India

Infosys <Name of the document>

The novelty of this work lies in the fact that I have replaced all concepts of
numbers by problems themselves. Because a product of two numbers,
however exponential in time, can be reduced to polynomial time using
quantum systems, but a product of two problems that generate a third kind
of problem, which is unsolvable, can’t be broken unless both the constituting
set of problems of problems are known.
This paper however, does not elaborately define any Unapproximable
trapdoor Predicate (UTP) as such due to limited research done on number
theoretic implementations of a public key cryptosystem, up to this point.
1) Idea
To encrypt a message, I usually make use of a flip of a fair coin. The
encryption of each message then depends on two things. First, the message
itself, and Second, the result of the sequence of coin flips.
1. I propose here that this randomness due to coin flips can be increased
if instead of flipping a coin, I roll two fair dice simultaneously and then
encrypt the message using the results of the product of the numbers
occurring on each faces.
A dice roll can be logically realized using two random number generators
with sample space limited to the set S={1,2,3,4,5,6}. Consequently, there
are many possibilities of message encryption. But, they will always be
uniquely decodable.
2. While stating that probability makes it much difficult for a message to
be decoded, I do not impose any restrictions on the message space like in
Rabin Scheme, it is said that decoding of message is hard for an adversary if
the set of possible messages has some property.

2) Inspiration from Quadratic Residuosity Problem: UTP of

Goldwasser and Micali probabilistic scheme.
Let p1, p2 are distinct primes and N = p1 * p2.

ZN* = { x | 1 ≤ x ≤ N-1 and gcd( x, N) =1 }

Let q Є ZN* and Let Pr (x) = probability of event x or----

Then let us ask whether there is any answer to q= x2 mod N?

If the answer exists:
 Then its Solvable iff q ≡ x 2 mod p1 and q ≡ x 2 mod p2. In this case q
is called Quadratic residuo mod N.
Also if 6(q / N) = 1
Than either q= quad residuo mod N or q is quad residuo for both p1 and
p2.
 Else it’s unsolvable and q is called quadratic non-residue mod N.
Also if (q / N) = -1, then q = quad non residuo mod N i.e.
q = quad non residuo mod p1 ‘or’ q = quad non residuo mod p2.

© 2010 Infosys Technologies Limited, India

Infosys <Name of the document>

This problem, of whether q is a quadratic residuo or not is called quadratic

residuosity problem.
Even if the factorization of N is not known (q / N) is computable in
polynomial time
And (q / N) =1, than there’s no procedure for deciding where q is a quad
residue mod N. This decision problem is well known to be hard in number
theory.

6
(q / n) is called Jacobi symbol and (q / N) = (q / p1) (q /p2)

3) Background for Two Dice Rolling.

Consider two user parties A and B separated by a distance and there is a
well in between.
Consider two dice D1 and D2, such as
 On the faces of D1 = { pi , 1 ≤ i ≤ 6 | pi is solvable in polynomial
time but there exists qi Є D2 : qi *pi is 6UNSOLVABLE }
 On the faces of D2 = { qi , 1 ≤ i ≤ 6 | qi is solvable in polynomial
time but there exists pi Є D1 : pi * qi is UNSOLVABLE }
Y Є (D1 * D2)* and A has N and Y.
Now A rolls these dice on the well, but cannot see what combination C has
occurred.
A has with him N = pi * qi, such that, pi Є D1 and is solvable, qi Є D2 and is
solvable but combindingly pi * qi is not solvable.
B looks into the well and tell to A what combination has occurred that A can
later verify by looking into the well whether C = . This is how A will decide
whether B has won or lost.
An adversary, however powerful, has to know N to find out Y to find out
whether C = Y or not, but since problems in Y can’t be solved, so it’s
impossible for him to predict. This is what this probabilistic model is.
Now, picking a Y from the set can also be a random process. For this, I
propose a ‘Random Line generator’ model to calculate product of numbers
occurring as a result of rolling n (n Є Z +) dice simultaneously. That product
will decide the combination of problems.
The probability of choosing a problem is 1 / 6 n as there would be 6n possible
combinations. So if n is large, the probability reduces and the security of the
model increases.
To roll a dice, however, any random number generator such as pseudo
random number generator [9], the quadratic generator, or my proposed RLG
can also be used.
The Dice Rolling Model (UDRM)
Let there be two dice.
On first dice, the face 1 is printed with problem P and all other faces printed
with instances of this same problem p1, p2, p3, p4, p5 all subset of P

© 2010 Infosys Technologies Limited, India

Infosys <Name of the document>

On second dice, the face 1 is printed with problem Q and all other faces
printed with instances of this same problem q1, q2, q3, q4, q5 all subset of
Q.
P and Q which may belong to any of the complexity classes, are solvable
problems but their product, Letit be the 7Product N=P*Q is unsolvable.
Since rolling of n dice can’t be shown in the paper, so I take the case of
rolling 2 dice, then generalize it to the result to rolling n dice.

1. Unique possible combinations. When two dice are rolled. Note that
both the dice are equivalent so 1 on dice 1 and 1 on dice 2 means the same.
Number of possible combinations D = {(1,1), (1,2)…., (2,2), (2,3), (), (),
…},,,
Number of possible roles is | D | = 62
Rolling two dice

Number of unique combinations when rolling two dice.6+5+4+3+2+1.=

∑i=16 ni, n Є Z+-----------1
Rolling four dice
By looking at the symmetry I found that, rolling of every additional dice adds
a matrix sum of product to the earlier sum. This fact can be build into a
formula like…
Taking a matrix R of order 6 X 1, the other matrix can be calculated as
Pi = R X Ri-1 : for 1< i < n

And the sum can be calculated using equation 1 as…….

∑i=1 Pi, Pi = R X Ri-1 , for 1< i < n
Unsolvable Dice Rolling Model formula.
The number of unique combinations is the number of unique problems I
should find in order to implement this model. So that no matter what
combination occurs, I have a unique set of problems, the product
combination of those is impossible / 7unsolvable to find.

The Random Line generator model (RLGM)

This model is rather an informal approach to select a particular number that
will be a parameter to decide the public key.

© 2010 Infosys Technologies Limited, India

Infosys <Name of the document>

For rolling n dice, possible combinations, | D | = 6n

Based on this model, a random line will be selected and all the numbers that

RLG Model
lie on this line will be multiplied to get the number.
This would ensure that public key itself is chosen from undeterministic way,
so that one who calculates the right product will be an intended user. This
would surely augment the above model too.

7
insolvability, as this combination or product would generate, means no
solution exists or I don’t know whether a solution exists or not, not even in
exponential time. Because in quantum systems, time will not be a resource
constraint.Unsolvability concept can be burrowed from any sets of problems
in complexity theory where combination of two problems is unsolvable,
although single problems themselves can be solvable. The product can mean
anything, not only mathematical product. It can be using ones problem
space in other etc.

Previous methods
Most public key system are based on the 8provably hardness of one or the
other problems from number theoretic algebra or complexity theories such
as, RSA cryptanalysis is difficult due to infeasibility of factoring the given
product of a large prime numbers. The trapdoor function used for RSA is

© 2010 Infosys Technologies Limited, India

Infosys <Name of the document>

exponentiation to the power of the public key in Zn, where n = pq is the

product of two large primes. That is, the encryption of a plaintext m is c :=
me mod n. The prime factors of n can be considered as the trapdoor.
Blum and Micali was based on the fact that index finding is hard. Blum has
found another method that factorization is hard. Shafi Goldwaser and Silvio
Micali [1] have given a third way which is based on the difficulty of
distinguishing quadratic residues from non residues with respect to
composite moduli.
Limitations of trapdoor functions:
1. When the message is of a special structural form, then the trapdoor
function fails to rule out complete possibility of extraction x from f(x).
The inversion may become feasible.
2. It also does not rule out the possibility of easily knowing x from f(x).

A comparison is shown in the figure below.

8
A

problem is infeasible or hard or provably hard implies that it is

computationally infeasible to find any polynomial time solution to it even
with the most powerful supercomputer today. However, strictly, this
definition does not extend to Quantum techniques.
Note again: These are functions that are easy to compute but hard to
invert—unless some information called the trapdoor is known. So, while
everybody can use the function to encrypt messages, only the legal receiver
knows the trapdoor, which serves as a decryption key.

Implementation: Sending single qubits in public key systems.

Two ideas are present in [1] that are for classical bit systems. I give here its
quantum counterpart based on idea 1 and use the models UDRM and RLGM
for encryption and key generation.
1.) Algorithm 1 (Key generation K)
Use the dice roll model to select p1 and q1 problems that are separately
solvable.
Set N= p1 * q1, which is an unsolvable problem.

© 2010 Infosys Technologies Limited, India

Infosys <Name of the document>

Select a product from the possible combinations of problems as Y i.e. Y Є

(D1 * D2)*.

The public key is (N, Y) and the private key is (p, q)

2.) Encryption algorithm (E)

The message to be encrypted is a binary string or a string of qubits m =
m1m2m3m4m5…mk….and (N, Y) is the public key.
1. For i = 1 to k
{a} Select x random using the ‘random line generation model’ I proposed
out of the same rolling of dice. X can be any value from the sets of 6 n.
and the product range from {1,2,3,4,5………6n }
{b} Use Goldwasser scheme to encrypt the message where ci bit of the
cipher text is encoded as
ci x2 mod n.: for m = 0
ci tx2 mod n: for m=1 or X. :: t I define t for integers only.

2. The cipher text c = (c1c2c3c4……ck)

3.) Decryption Algorithm (D)

Use C and private key (p, q) , that is not to be known by an adversary, to
decrypt the message.

Treasure Hunt Game Analogy

1) The concept of the pobabilism is a perfect analogy of the game
of treasure hunt:
In this game, there’s an area such as college or home or a park etc where
some keys are hidden. The candidate is asked to find the keys and they are
provided with some clues. The one who finds first is the winner.
Now, there arise two cases generally.

Let M = set of all possible messages i.e. sample space that can be
countable, uncountable, set of points such as pair of points in Elliptic curve
cryptosystems or can be a probability distribution function.
Let f be a function defined such that
fm = Vm:
For all, m Є M, let pm be the probability that m is sent and
pm (max ) = Pm, maximum probability that m is sent i.e. probability of
finding Vm
Game Analogy is as follows:
M = area to search in for the key.
F = clue to find the key
fm = Vm: is the key

© 2010 Infosys Technologies Limited, India

Infosys <Name of the document>

Case 1 : Show him the area (message sample space) M and ask for the key,
fm without giving him the clue.
To Win :He can use a quantum mechanism like an exhaustive search for the
whole day and night and get the key.
The best he can do is always guessing Vm with probability Pm.

Case 2: Give him the clue but don’t give him the sample space i.e. keep M
infinite and them ask for the key.
The best he can do is always guessing Vm with probability Pm.

Case 3: Give him the WRONG clue and don’t give him the sample space M
i.e. keep M infinite and them ask for the key.
To Win: with the wrong clue, it’s infeasible to find the key.
The probability reduces by factor of multiplication if you give him wrong
clues again and again. THIS IS WHAT THE MODEL TRIES TO PROPOSE / DO.

Suppose that user A want to end a single qubit to user B with complete
security. The qubit is equally likely to be – 1, 0, or X(a superposition of
both).
A want that no adversary to guess even 1% of the message. For that I make
use of the model where it’s impossible to find N (=p*q).
No other classical scheme, such as difficulty arising due to factorization or
due to quadratic residuo problem, would work here as I am dealing with
much powerful systems now.

CONCLUSION
Public key cryptosystems such as RSA and the ones that are used for secret
key exchange in a pubic channel are not semantically and or polynomially
secure. Limitations they posses are of two types. Limitations due to the
underlying trapdoor functions and their inability to service any cryptanalysis
on Quantum systems. However using
(.) Probabilistic models (I have proposed here two models : ‘n dice roll’
model for building a private key and a ‘Random Line generator’ to be used

© 2010 Infosys Technologies Limited, India

Infosys <Name of the document>

over the dice roll result to choose a value to be declared as a parameter of

the public key) and
(.) UTP, both these limitations are remote and systems attain semantic
security even in the face o Quantum treatment.
‘Rolling ‘n’ unsolvable dice’ and a ‘Random Line number generator’ that I
used are ways to exchange keys , a primer requirement for public key
cryptosystems and using this same model to select a particular unsolvable
combination as a parameter for public key.
Probabilism in both key generation and encryption would be a final step in
our quest to build systems that are not only provably semantically secure
but can easily survive any QBFT. Such systems can possible halt the
developments of cryptology altogether, for they aim to reach the final goal.-
building systems that are truly impossible to attack or hack.
Related works
Works of Gold wasser and Micali have already been discussed. There are also
some digital signature schemes that are believed to be secure against
quantum computers for instance Lamport signatures.
Proof of correctness
The idea is borrowed from Gold Wasser and Micali scheme for encryption
algorithm. For the proof, the reader is referred to [1]..
Future works
1] While the key generation algorithm is incomplete in the sense that I
haven’t specified what set of problems I can use for dice faces. But it’s not
too difficult, once all the details of complexity classes and some hand full of
proofs are known. This is what I will focus on the next print of this paper
2] Another future focus would be select UTP, ( by now I have burrowed this
from Goldwasser and Micali schemes) to implement this model so that my
work becomes a complete proprietary of mine and making it completely
impossible for an adversary to find any information from the cipher text.
Issues and Remarks
Semantic security means infeasible to learn anything from the plain text
given the cipher text. For that, the decryption key should be impossible to
find. Goldwasser-Micali systems were first to be semantically secure on
classical systems. The paper’s main focus was thus to build a system that is
semantically secure for quantum systems too.
Another property of semantic security is even if the adversary knows the
probability of messages being sent, it must be infeasible for him to extract
any information from these encrypted messages.
Acknowledgements
I am thankful to my parents to have given me the insight and interest for
undertaking such studies.
References

© 2010 Infosys Technologies Limited, India

Infosys <Name of the document>

[1] Probabilistic Encryption & How To Play Mental Poker Keeping Secret,
Shaft Goldwasser and Silvio Micali, Computer Science Department,
University of California – Berkeley.
[2] An Introduction to Probabilistic Encryption, Georg J. Fuchsbauer.
[3] A new probabilistic encryption scheme, Hi Jingmin and Lu Kaicheng,
Dept. of Computer Science , Tsinghua University, China.
[4] Efficient Protocols based on Probabilistic Encryption using Composite
Degree Residue Classes, Ivan B. Damgard and Mads J. Jurik, BRICS Report
Series, March 2000.
[5] A probabilistic symmetric encryption scheme for very fast secure
communication on chaotic systems of different equations. Stergios
Papadimitrou, Tassos Bountis, Seferina Mavraoudi and Anastassios
Bezeianos, University of Patras, Grecee.
[6] Probabilistic Encryption, Journal of Computer & System Sciences 28, pp.
270–299.
[7] Diffie and Hellman public key cryptosystems.
[8] SECOQC White Paper on Quantum Key Distribution and Cryptography.
[9] Blum, Blum and Shub “ A simple unpredictable pseudo random number
generator”, SIAM. J Computing.
[10] Security of Signed ElGamal Encryption, Claus Peter Schnorr1 and
Markus Jakobsson.
[11] Experimental Demonstration of Free-Space Decoy-State Quantum Key
Distribution over 144 km,T. Schmitt-Manderbach,1,2,HenningWeier,2 Martin
Fu¨rst,2 Rupert Ursin,3 Felix Tiefenbacher,4,3 Thomas Scheidl,4,3 Josep
Perdigues,5 Zoran Sodnik,5 Christian Kurtsiefer,6 John G. Rarity,7 Anton
Zeilinger,4,3 and Harald Weinfurter1,2.
[12] EPOC3: E_cient Probabilistic Public-Key Encryption V3, Tatsuaki
Okamoto1 and David Pointcheval.
Bibliography
1. An Introduction to Probabilistic Encryption, Georg J. Fuchsbauer.
2. Probabilistic and Statistical Methods in Cryptology, Daniel
Neuenschwander.
3. Primality and Cryptography, E. Kranakis.
4. New Directions in Cryptography, Whitfield Diffie and Martin E. Hellman.
5. Cryptography and Network security, William Stalliongs, edition 2003.
6. Martin Pelikan, Kumara Sastry, Erick Cantú-Paz (Eds.)Scalable
Optimization via Probabilistic Modeling.

© 2010 Infosys Technologies Limited, India