The key transform of the REESSE1+ asymmetrical cryptosystem is Ci = (Ai * W ^ l(i)) ^ d (% M) with l(i) in Omega = {5, 7, ..., 2n + 3} for i = 1, ..., n, where l(i) is called a lever function. In this paper, the authors give a simplified key transform Ci = Ai * W ^ l(i) (% M) with a new lever function l(i) from {1, ..., n} to Omega = {+/-5, +/-6, ..., +/-(n + 4)}, where "+/-" means the selection of the "+" or "-" sign. Discuss the necessity of the new l(i), namely that a simplified private key is insecure if the new l(i) is a constant but not one-to-one function. Further, expound the sufficiency of the new l(i) from four aspects: (1) indeterminacy of the new l(i), (2) insufficient conditions for neutralizing the powers of W and W ^-1 even if Omega = {5, 6, ..., n + 4}, (3) verification by examples, and (4) running times of the continued fraction attack and W-parameter intersection attack which are the two most efficient of the probabilistic polytime attack algorithms so far. Last, the authors elaborate the relation between a lever function and a random oracle.

中文翻译：

---

具有充分不确定性的新杠杆函数

REESSE1+ 非对称密码系统的关键变换是 Ci = (Ai * W ^ l(i)) ^ d (% M) 其中 l(i) in Omega = {5, 7, ..., 2n + 3} for i = 1, ..., n，其中 l(i) 称为杠杆函数。在这篇论文中，作者给出了一个简化的密钥变换 Ci = Ai * W ^ l(i) (% M) 和一个新的杠杆函数 l(i) 从 {1, ..., n} 到 Omega = {+/ -5, +/-6, ..., +/-(n + 4)}，其中“+/-”表示选择“+”或“-”符号。讨论新的 l(i) 的必要性，即如果新的 l(i) 是一个常数而不是一对一的函数，那么简化的私钥是不安全的。进一步从四个方面阐述了新的l(i)的充分性：(1)新的l(i)的不确定性，(2)即使Omega = {5，也没有足够的条件来抵消W和W ^-1的幂, 6, ..., n + 4}, (3) 通过实例验证，(4) 连分数攻击和 W 参数交集攻击的运行时间，这是迄今为止概率多时间攻击算法中最有效的两种。最后，作者详细阐述了杠杆函数和随机预言之间的关系。