Deterministic Algorithm Computing All Generators: Application in Cryptographic Systems Design
|
|
- Richard Flowers
- 5 years ago
- Views:
Transcription
1 Int. J. Communications, Networ and System Sciences, 0, 5, Published Online November 0 ( Deterministic Alorithm Computin All Generators: Application in Cryptoraphic Systems Desin Boris S. Verhovsy Computer Science Department, New Jersey Institute of Technoloy, University Heihts, Newar, USA verb73@mail.com Received September 7, 0; revised November 4, 0; accepted November 8, 0 ABSTRACT Primitive elements play important roles in the Diffie-Hellman protocol for establishment of secret communication eys, in the desin of the ElGamal cryptoraphic system and as enerators of pseudo-random numbers. In eneral, a deterministic alorithm that searches for primitive elements is currently unnown. In information-hidin schemes, where a primitive element is the ey factor, there is the freedom in selection of a modulus. This paper provides a fast deterministic alorithm, which computes every primitive element in modular arithmetic with special moduli. The alorithm reuires at most lo p diital operations for computation of a enerator. In addition, the accelerated-descend alorithm that computes small enerators is described in this paper. Several numeric examples and tables illustrate the alorithms and their properties. Keywords: Diffie-Hellman Key Exchane; ElGamal Cryptosystem; Generator; Generator of Pseudo-Random Numbers; Information Hidin; Primitive Element; Safe Prime. Introduction and Basic Definitions To ensure a hih level of crypto-immunity of some cryptoraphic systems, it is necessary to select a system parameter (called a primitive element) that satisfies certain conditions. The primitive elements are used in the Diffie-Hellman secret ey establishment (DHKE) protocol [] and in the ElGamal alorithm [] for secure exchane of information via open channels. They are also used in the desin of enerators of pseudo-random numbers [3]. In modular arithmetic, a primitive element modulo p is an inteer havin the property that every inteer h coprime with p can be expressed as a power of modulo p. Therefore, powers of enerate all non-zero elements of the multiplicative roup of inteers modulo p. Definition.: If an inteer has a property that for every inteer h p there exists a correspondin inteer x such that x mod p h, (.) then is called a primitive element (enerator, in short) and x is called the discrete loarithm of h to the base modulo p. For every prime p there exist several enerators. For instance, if p = 3, then = 3,,, 3, 7,, and 4 are enerators. Leonhard Euler discovered the primitive elements, and Carl F. Gauss described their properties in [4]. A mathematically-oriented reader can find further results in [5,6]. The elliptic curve cryptoraphy (ECC), initially described in [7,8], is an analoue of the ElGamal protocol. As a result, the ECC also reuires selection of a point G on the elliptic curve, which is an analoue of the enerators in cyclic roups based on real inteers. However, an efficient alorithm that computes G is an open problem.. Verification Procedure In order to verify whether is a enerator for prime p, consider all factors of p. Proposition.: Suppose p f f f e e e m m where every inteer f and every inteer e ; if p f ; (.) mod p ; (.) holds for every,,, m, then is a enerator [9]. Example.: Suppose p = 7; let us find a enerator. Since p 70 57, then is a enerator if and only if 35 mod 7 ; 4 mod 7 ; and 0 mod 7. (.3) Copyriht 0 SciRes.
2 76 B. VERKHOVSKY n Table shows values of mod 7. Since = 7 satisfies every condition in (.3), therefore, after fifteen exponentiations we find that it is the enerator for p = 7. Althouh the conditions (.) are straiht-forward to verify, if m is lare, then (.) reuires factorization of p [0] and m exponentiations for each potential candidate. Also, if at least one of these conditions does not hold, it is necessary to consider the next candidate. In eneral, non-deterministic alorithms are typical for various problems in modular arithmetic. 3. Two Deterministic Alorithms In information-hidin schemes, where a primitive element is necessary, there are alternatives for selectin a prime modulus. Definition 3.: If both p and p are primes, then p is called a safe prime [9]. Example 3.: Inteers 5, 7,, 3, 47, 59, 83, 07, 67, 79, 7, 63, 347, 863, 9839, , and 9567 are examples of safe primes. Althouh the search for safe primes is not the oal of this paper, the followin properties of safe primes eliminate numerous false candidates: p mod 0 = 3 or 7 or 9, otherwise p is not a prime. A non-deterministic alorithm for the selection of safe primes is provided in [9] {see 4.86 Alorithm}. Proposition 3.: If p 7 is a safe prime, then : p p ; (3.) Remar 3.: Althouh (3.) does not always compute the smallest enerator, its value is small in comparison with p: = O p. Indeed, p 3. (3.) Moreover, if p 7, 3, 47,67, then If p 3 3,7,,3. p,83, 7, then for every p Proposition 3.: If. p 7 is a safe prime, then 3p 4; (3.3) Proofs of both propositions are provided in the next section. Table provides fifteen examples of safe primes and three correspondin enerators for each of them. For every safe prime, the procedures (3.), (3.3) as well as (6.4), described in the sixth section, are deterministic and reuire at most one inteer multiplication. As a result, in the ElGamal alorithm, the enerator can be periodically renewed for enhancement of communication security. Notice that in Table for p =, 3, 47, 59, 67, 79 and 347 m; and for the rest of these primes it m is otherwise, i.e.,. 4. Alorithm Computin All Generators Both Propositions 3. and 3. are special cases of more eneral proposition. Proposition 4.: Let p 7 be a safe prime; then for every inteer z that satisfies the ineualities z p ; (4.) pz mod p Proof: Definition 3. implies that for a safe prime p ; (4.3) ; (4.) where is an odd prime. Therefore, is a enerator because by Fermat s Little Theorem [3,4] p mod pz z p p mo d (4.4) 4 and z z p. (4.5) Table. Choice of enerator for p = 7. \n n = 0 n = 4 n = 35 = = = 5 57 = = Table. Safe primes and correspondin enerators. p m Copyriht 0 SciRes.
3 B. VERKHOVSKY 77 Suppose that (4.5) does not hold, i.e., there exists at least one Z, for which Z 4 modp. z Therefore, it implies that Z Z Z Z 4 mod p 0. (4.6) However, none of three factors in (4.6) are conruent with zero modulo p: the first two are excluded by the constraints in (4.); and the case Z mo d p ; (4.7) is also infeasible, since by Euler s criterion of uadratic residuosity [4,9] p mod p ; (4.8) which implies that does not have a suare root modulo p. In other words, z in (4.7) has no real inteer solution. Q.E.D. Proof of Proposition 3.: It is easy to verify that (3.3) is a special case of (4.) for z =. Indeed, consider p p p p 4 3p 3p p 4mod p Since for every safe prime p mod 4 = 3 holds, then In addition, 3 mod40 3 mod p0 p (4.9) p p. (4.0) p p. (4.) Because the last term in (4.9) is an inteer, therefore, (4.9)-(4.) imply (3.3). Q.E.D. Table 3 lists all enerators for p = 47 as functions of parameter z {see (4.)}. Since every safe prime p has ; (4.) distinct enerators, {here x is Euler stotient function [4]}, the function (z) enerates each of them if z is chanin on the interval [, ]; {see (4.) and Table 3}. In addition, (4.) implies that pz z mod p. (4.3) For an illustration of (4.3), compare 3 for z = 3 and 4; or for z = and 5. Proposition 4.: If every 0,,, p 7 z in Table is a safe prime, then for 3 3p 4 p 4 mod p; 5. Alorithm for a Small Generator This alorith m computes a small enerator for every safe prime p 7. Step 5.: Compute Step 5.: Compute p (4.4) 0 : 3 4; (5.) m: 0 ; (5.) Step 5.3: Compute the enerator : 0 mod m m m p (5.3) 6. Validation of Alorithm (5.)-(5.3) Let us consider a seuence of acceleratinly decreasin enerators. Let 0 : 3p 4 (3.3); Consider z p 3 ; (6.) and let : pz 0p9 p 4mod p, (6.) where every term in (6.) is an inteer. Hence (4.0), (4.) and (6.) imply that 0p 9 3p 4 7p 9 4mod p. Proposition 6.: For every safe prime p there exists a subset S of enerators 0,,, m such that for,,, m holds. (6.3) Table 3. p = 47 and correspondin enerators (z). z (z) z (z) Copyriht 0 SciRes.
4 78 B. VERKHOVSKY For instance, if p = 83, then (0) = 6; () = 60; () = 56; (3) = 50; (4) = 4; (5) = 3; (6) = 0; (7) = 6. Therefore, (6.3) implies that for,,, m 0 mod p. (6.4) As a result, we derive a monotone decreasin seuence of enerators 0 m m where an optimal m minimizes the constraints Remar 6.: In the worst case ; (6.5), {see (6.4)}, under and 0. (6.6) 3p m. (6.7) Example 6.: Let p = 47; then (0) = 35 and from (6.6) m = 5. Hence (m) = 5, which is the smallest enerator. Yet, (3.). Example 6.: Let p = 83; then (0) = 6 and m = 7. Therefore, (7) = 6, which is the third smallest one after the enerators and 5. Yet, (3.), is the smallest enerator. Example 6.3: Let now p = 9567; then (0) = 7465; and from (5.) m = 67. Therefore, (67) = 473. Yet, = 494. The procedure described above finds small enerators. In some cases, it even provides the smallest enerators; {as in Example 6.}. However, it does not find the smallest enerator for every safe prime p. In that case select : min, m. (6.8) 7. Results of Computer Experiments Several hundred computer experiments with the safe prime p randomly-selected on interval (0 7, 0 0 ) confirm that for every p there exists a monotone-decreasin subset S of enerators (0), (), (),, (m) that satisfy the ineualities (6.3). For instance, if p = , then the number m of enerators in the subset S is eual The experiments also indicate that m with freuency f m with freuency It 0.38 and f implies that, if only one alorithm is used to compute a small enerator, then m should be computed, because m with probability close to 6%. Remar 6.: Notice that f f, i.e., these freuencies satisfy the olden ratio euality. 8. Acnowledements I express my appreciation to W. Gruver and R. Rubino for their helpful suestions for improvement of the manuscript. I am also rateful to E. Gerda and Y. Polyaov for their assistance in computer experiments. REFERENCES [] W. Diffie and M. E. Hellman, New Directions in Cryptoraphy, IEEE Transactions on Information Theory, Vol., No. 6, 976, pp doi:0.09/tit [] T. ElGamal, A Public Key Crypto-System and a Sinature Scheme Based on Discrete Loarithms, IEEE Transactions on Information Theory, Vol. 3, No. 4, 985, pp doi:0.09/tit [3] D. Knuth, The Art of Computer Prorammin, Vol. : Seminumerical Alorithms, 3rd Edition, Addison-Wesley, Readin, 998, pp. 8-. [4] C. F. Gauss, Disuisitiones Arithmeticae, nd Edition, Spriner, New Yor, 986. [5] P. Ribenboim, The New Boo of Prime Number Records, Spriner, New Yor, 996. doi:0.007/ [6] E. Bach and J. Shallit, Alorithmic Number Theory: Vol. : Efficient Alorithms, MIT Press, Cambride, 996. [7] V. S. Miller, Use of Elliptic Curves in Cryptoraphy, Advances in Cryptoraphy-CRYPTO (LNCS 8), 986, pp [8] N. Koblitz, Elliptic Curve Crypto-Systems, Mathematics of Computation, Vol. 48, No. 0, 987, pp doi:0.090/s [9] A. Menezes, P. van Oorschot and S. Vanstone, Handboo of Applied Cryptoraphy, CRC Press, Boca Raton, 997, pp [0] B. Verhovsy, Inteer Factorization of Semi-Primes Based on Analysis of a Seuence of Modular Elliptic Euations, Int. J. of Communications, Networ and System Sciences, Vol. 4, No. 0, 0, pp Copyriht 0 SciRes.
5 B. VERKHOVSKY 79 Appendix Alternative Search for Small Generators Consider a safe prime p ; and let z: p5 ; : p h p z 4 5 p 4 mod p. (A.) Since every term in (A.) is an inteer, therefore now, p p mod 4 ; (A.) and p p mod p 0. (A.3) Hence h 3p 5 4mod p z p m. In eneral, for : ; (A.4) Thus, h m 4m 5 p m 4 mod p. (A.5) h m h m m 6 mod p. (A.6) Since h 6 0, therefore (A.6) and (6.4) provide the same results. Copyriht 0 SciRes.
Digital Signature Scheme Based on a New Hard Problem
Computer Science Journal of Moldova, vol.16, no.2(47), 2008 Digital Signature Scheme Based on a New Hard Problem Niolay A. Moldovyan Abstract Factorizing composite number n = qr, where q and r are two
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationAccelerated Search for Gaussian Generator Based on Triple Prime Integers
Journal of Computer Science 5 (9): 614-618, 2009 ISSN 1549-3636 2009 Science Publications Accelerated Search for Gaussian Generator Based on Triple Prime Integers 1 Boris S. Verkhovsky and 2 Md Shiblee
More informationAn Introduction to Probabilistic Encryption
Osječki matematički list 6(2006), 37 44 37 An Introduction to Probabilistic Encryption Georg J. Fuchsbauer Abstract. An introduction to probabilistic encryption is given, presenting the first probabilistic
More informationModular Multiplication in GF (p k ) using Lagrange Representation
Modular Multiplication in GF (p k ) using Lagrange Representation Jean-Claude Bajard, Laurent Imbert, and Christophe Nègre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier
More informationModular Reduction without Pre-Computation for Special Moduli
Modular Reduction without Pre-Computation for Special Moduli Tolga Acar and Dan Shumow Extreme Computing Group, Microsoft Research, Microsoft One Microsoft Way, Redmond, WA 98052, USA {tolga,danshu}@microsoft.com
More informationAlgorithms for Integer Factorization Based on Counting Solutions of Various Modular Equations
Int J Communications, Network System Sciences, 0, 4, 675-68 doi:0436/ijcns04083 Published Online November 0 (http://wwwscirporg/journal/ijcns) Algorithms for Integer Factorization Based on Counting Solutions
More informationAspect of Prime Numbers in Public Key Cryptosystem
Aspect of Prime Numbers in Public Key Cryptosystem Md.Mehedi Masud, Huma Galzie, Kazi Arif Hossain and Md.Minhaj Ul Islam Computer Science and Engineering Discipline Khulna University, Khulna-9208, Bangladesh
More informationAN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM
AN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM VORA,VRUSHANK APPRENTICE PROGRAM Abstract. This paper will analyze the strengths and weaknesses of the underlying computational
More informationNew Variant of ElGamal Signature Scheme
Int. J. Contemp. Math. Sciences, Vol. 5, 2010, no. 34, 1653-1662 New Variant of ElGamal Signature Scheme Omar Khadir Department of Mathematics Faculty of Science and Technology University of Hassan II-Mohammedia,
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer 1 Lecture 13 October 16, 2017 (notes revised 10/23/17) 1 Derived from lecture notes by Ewa Syta. CPSC 467, Lecture 13 1/57 Elliptic Curves
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 13 March 3, 2013 CPSC 467b, Lecture 13 1/52 Elliptic Curves Basics Elliptic Curve Cryptography CPSC
More informationCounting Prime Numbers with Short Binary Signed Representation
Counting Prime Numbers with Short Binary Signed Representation José de Jesús Angel Angel and Guillermo Morales-Luna Computer Science Section, CINVESTAV-IPN, Mexico jjangel@computacion.cs.cinvestav.mx,
More informationOptimal Use of Montgomery Multiplication on Smart Cards
Optimal Use of Montgomery Multiplication on Smart Cards Arnaud Boscher and Robert Naciri Oberthur Card Systems SA, 71-73, rue des Hautes Pâtures, 92726 Nanterre Cedex, France {a.boscher, r.naciri}@oberthurcs.com
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationNew Strategy for Doubling-Free Short Addition-Subtraction Chain
Applied Mathematics & Information Sciences 2(2) (2008), 123 133 An International Journal c 2008 Dixie W Publishing Corporation, U. S. A. New Strategy for Doubling-Free Short Addition-Subtraction Chain
More informationPolynomial Interpolation in the Elliptic Curve Cryptosystem
Journal of Mathematics and Statistics 7 (4): 326-331, 2011 ISSN 1549-3644 2011 Science Publications Polynomial Interpolation in the Elliptic Curve Cryptosystem Liew Khang Jie and Hailiza Kamarulhaili School
More informationARYABHATA REMAINDER THEOREM: RELEVANCE TO PUBLIC-KEY CRYPTO-ALGORITHMS*
CIRCUITS SYSTEMS SIGNAL PROCESSING c Birkhäuser Boston (2006) VOL. 25, NO. 1, 2006, PP. 1 15 DOI: 10.1007/s00034-005-1123-6 ARYABHATA REMAINDER THEOREM: RELEVANCE TO PUBLIC-KEY CRYPTO-ALGORITHMS* T. R.
More informationXIUMEI LI AND MIN SHA
GAUSS FACTORIALS OF POLYNOMIALS OVER FINITE FIELDS arxiv:1704.0497v [math.nt] 18 Apr 017 XIUMEI LI AND MIN SHA Abstract. In this paper we initiate a study on Gauss factorials of polynomials over finite
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationThe Elliptic Curve in https
The Elliptic Curve in https Marco Streng Universiteit Leiden 25 November 2014 Marco Streng (Universiteit Leiden) The Elliptic Curve in https 25-11-2014 1 The s in https:// HyperText Transfer Protocol
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationChapter 4 Asymmetric Cryptography
Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for
More informationAsymmetric Cryptography
Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationSafer parameters for the Chor-Rivest cryptosystem
Safer parameters for the Chor-Rivest cryptosystem L. Hernández Encinas, J. Muñoz Masqué and A. Queiruga Dios Applied Physics Institute, CSIC C/ Serrano 144, 28006-Madrid, Spain {luis, jaime, araceli}@iec.csic.es
More informationInformation Protection Based on Extraction of Square Roots of Gaussian Integers
Int. J. Communications, Network System Sciences, 0,, 33-38 doi:0.36/ijcns.0.306 Published Online March 0 (http://www.scirp.org/journal/ijcns) Information Protection Based on Extraction of Square Roots
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationBlind Signature Protocol Based on Difficulty of. Simultaneous Solving Two Difficult Problems
Applied Mathematical Sciences, Vol. 6, 202, no. 39, 6903-690 Blind Signature Protocol Based on Difficulty of Simultaneous Solving Two Difficult Problems N. H. Minh, D. V. Binh 2, N. T. Giang 3 and N. A.
More informationElGamal type signature schemes for n-dimensional vector spaces
ElGamal type signature schemes for n-dimensional vector spaces Iwan M. Duursma and Seung Kook Park Abstract We generalize the ElGamal signature scheme for cyclic groups to a signature scheme for n-dimensional
More informationChapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations
Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 9.1 Chapter 9 Objectives
More informationNumber Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.
CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,
More informationSecurity Level of Cryptography Integer Factoring Problem (Factoring N = p 2 q) December Summary 2
Security Level of Cryptography Integer Factoring Problem (Factoring N = p 2 ) December 2001 Contents Summary 2 Detailed Evaluation 3 1 The Elliptic Curve Method 3 1.1 The ECM applied to N = p d............................
More informationCryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages
Cryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages MEI-NA WANG Institute for Information Industry Networks and Multimedia Institute TAIWAN, R.O.C. myrawang@iii.org.tw SUNG-MING
More informationFast Multiple Point Multiplication on Elliptic Curves over Prime and Binary Fields using the Double-Base Number System
Fast Multiple Point Multiplication on Elliptic Curves over Prime and Binary Fields using the Double-Base Number System Jithra Adikari, Vassil S. Dimitrov, and Pradeep Mishra Department of Electrical and
More informationAryabhata Remainder Theorem: Relevance to public-key crypto algorithms
All rights are reserved and copyright of this manuscript belongs to the authors. This manuscript have been printed and distributed without reviewing and editing as received from the authors: posting the
More informationMATH 158 FINAL EXAM 20 DECEMBER 2016
MATH 158 FINAL EXAM 20 DECEMBER 2016 Name : The exam is double-sided. Make sure to read both sides of each page. The time limit is three hours. No calculators are permitted. You are permitted one page
More informationPerformance of Finite Field Arithmetic in an Elliptic Curve Cryptosystem
1 Performance of Finite Field Arithmetic in an Elliptic Curve Cryptosystem Abstract Zhi Li, John Higgins, Mark Clement 3361 TMCB Brigham Young University Provo, UT 8462 {zli,higgins,clement}@cs.byu.edu
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationSharing a Secret in Plain Sight. Gregory Quenell
Sharing a Secret in Plain Sight Gregory Quenell 1 The Setting: Alice and Bob want to have a private conversation using email or texting. Alice Bob 2 The Setting: Alice and Bob want to have a private conversation
More informationCryptography. Number Theory with AN INTRODUCTION TO. James S. Kraft. Lawrence C. Washington. CRC Press
AN INTRODUCTION TO Number Theory with Cryptography James S Kraft Gilman School Baltimore, Maryland, USA Lawrence C Washington University of Maryland College Park, Maryland, USA CRC Press Taylor & Francis
More informationOn the Big Gap Between p and q in DSA
On the Big Gap Between p and in DSA Zhengjun Cao Department of Mathematics, Shanghai University, Shanghai, China, 200444. caozhj@shu.edu.cn Abstract We introduce a message attack against DSA and show that
More informationCPSC 467b: Cryptography and Computer Security
Outline Quadratic residues Useful tests Digital Signatures CPSC 467b: Cryptography and Computer Security Lecture 14 Michael J. Fischer Department of Computer Science Yale University March 1, 2010 Michael
More informationMath/Mthe 418/818. Review Questions
Math/Mthe 418/818 Review Questions 1. Show that the number N of bit operations required to compute the product mn of two integers m, n > 1 satisfies N = O(log(m) log(n)). 2. Can φ(n) be computed in polynomial
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationPublic Key Cryptography with a Group of Unknown Order
Public Key Cryptography with a Group of Unknown Order Richard P. Brent 1 Oxford University rpb@comlab.ox.ac.uk Programming Research Group Report PRG TR 02 00 5 June 2000 Abstract We present algorithms
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationIntroduction to Cryptography. Lecture 8
Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication
More informationBreaking Plain ElGamal and Plain RSA Encryption
Breaking Plain ElGamal and Plain RSA Encryption (Extended Abstract) Dan Boneh Antoine Joux Phong Nguyen dabo@cs.stanford.edu joux@ens.fr pnguyen@ens.fr Abstract We present a simple attack on both plain
More informationHow does the computer generate observations from various distributions specified after input analysis?
1 How does the computer generate observations from various distributions specified after input analysis? There are two main components to the generation of observations from probability distributions.
More information[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives
[Part 2] Asymmetric-Key Encipherment Mathematics of Cryptography Forouzan, B.A. Cryptography and Network Security (International Edition). United States: McGraw Hill, 2008. Objectives To introduce prime
More informationSELECTED APPLICATION OF THE CHINESE REMAINDER THEOREM IN MULTIPARTY COMPUTATION
Journal of Applied Mathematics and Computational Mechanics 2016, 15(1), 39-47 www.amcm.pcz.pl p-issn 2299-9965 DOI: 10.17512/jamcm.2016.1.04 e-issn 2353-0588 SELECTED APPLICATION OF THE CHINESE REMAINDER
More informationCS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II
CS 5319 Advanced Discrete Structure Lecture 9: Introduction to Number Theory II Divisibility Outline Greatest Common Divisor Fundamental Theorem of Arithmetic Modular Arithmetic Euler Phi Function RSA
More informationA Comparative Study of RSA Based Digital Signature Algorithms
Journal of Mathematics and Statistics 2 (1): 354-359, 2006 ISSN 1549-3644 2006 Science Publications A Comparative Study of RSA Based Digital Signature Algorithms 1 Ramzi A. Haraty, 2 A. N. El-Kassar and
More informationElliptic Curve Cryptography
The State of the Art of Elliptic Curve Cryptography Ernst Kani Department of Mathematics and Statistics Queen s University Kingston, Ontario Elliptic Curve Cryptography 1 Outline 1. ECC: Advantages and
More informationarxiv: v3 [cs.cr] 17 Dec 2011
On the Rabin signature Michele Elia, Davide Schipani November 8, 2018 arxiv:1111.3602v3 [cs.cr] 17 Dec 2011 Abstract Some Rabin signature schemes may be exposed to forgery; several variants are here described
More informationChapter 8. Introduction to Number Theory
Chapter 8 Introduction to Number Theory CRYPTOGRAPHY AND NETWORK SECURITY 1 Index 1. Prime Numbers 2. Fermat`s and Euler`s Theorems 3. Testing for Primality 4. Discrete Logarithms 2 Prime Numbers 3 Prime
More informationCRC Press has granted the following specific permissions for the electronic version of this book:
This is a Chapter from the Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996. For further information, see www.cacr.math.uwaterloo.ca/hac CRC Press has
More informationLecture 6: Cryptanalysis of public-key algorithms.,
T-79.159 Cryptography and Data Security Lecture 6: Cryptanalysis of public-key algorithms. Helsinki University of Technology mjos@tcs.hut.fi 1 Outline Computational complexity Reminder about basic number
More informationElliptic Curve Public-Key Cryptosystems An Introduction
Elliptic Curve Public-Key Cryptosystems An Introduction Erik De Win and Bart Preneel Katholieke Universiteit Leuven, Dept. Electrical Engineering-ESAT K. Mercierlaan 94, 3001 Heverlee, Belgium {erik.dewin,bart.preneel}@esat.kuleuven.ac.be
More informationAitken and Neville Inverse Interpolation Methods over Finite Fields
Appl. Num. Anal. Comp. Math. 2, No. 1, 100 107 (2005) / DOI 10.1002/anac.200410027 Aitken and Neville Inverse Interpolation Methods over Finite Fields E.C. Laskari 1,3, G.C. Meletiou 2,3, and M.N. Vrahatis
More informationSharing DSS by the Chinese Remainder Theorem
Sharing DSS by the Chinese Remainder Theorem Kamer Kaya,a, Ali Aydın Selçuk b a Ohio State University, Columbus, 43210, OH, USA b Bilkent University, Ankara, 06800, Turkey Abstract In this paper, we propose
More informationElliptic Curves and Cryptography
Elliptic Curves and Cryptography Aleksandar Jurišić Alfred J. Menezes March 23, 2005 Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is
More informationOn the number of semi-primitive roots modulo n
Notes on Number Theory and Discrete Mathematics ISSN 1310 5132 Vol. 21, 2015, No., 8 55 On the number of semi-primitive roots modulo n Pinkimani Goswami 1 and Madan Mohan Singh 2 1 Department of Mathematics,
More informationSPA Resistant Scalar Multiplication using Golden Ratio Addition Chain Method
SPA Resistant Scalar Multiplication using Golden Ratio Addition Chain Method Raveen R. Goundar, Ken-ichi Shiota and Masahio Toyonaga Abstract In this paper we propose an efficient and secure (SPA resistant)
More informationComputing Elliptic Curve Discrete Logarithms with the Negation Map
Computing Elliptic Curve Discrete Logarithms with the Negation Map Ping Wang and Fangguo Zhang School of Information Science and Technology, Sun Yat-Sen University, Guangzhou 510275, China isszhfg@mail.sysu.edu.cn
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationJulio López and Ricardo Dahab. Institute of Computing (IC) UNICAMP. April,
Point Compression Algorithms for Binary Curves Julio López and Ricardo Dahab {jlopez,rdahab}@ic.unicamp.br Institute of Computing (IC) UNICAMP April, 14 2005 Outline Introduction to ECC over GF (2 m )
More informationRandom Small Hamming Weight Products with Applications to Cryptography
Random Small Hamming Weight Products with Applications to Cryptography Jeffrey Hoffstein, Joseph H. Silverman NTRU Cryptosystems, Inc., 5 Burlington Woods, Burlington, MA 01803 USA, jhoff@ntru.com, jhs@ntru.com
More informationORDERS OF UNITS IN MODULAR ARITHMETIC
ORDERS OF UNITS IN MODULAR ARITHMETIC KEITH CONRAD. Introduction If a mod m is a unit then a ϕ(m) mod m by Euler s theorem. Depending on a, it might happen that a n mod m for a positive integer n that
More informationAn Efficient Discrete Log Pseudo Random Generator
An Efficient Discrete Log Pseudo Random Generator Sarvar Patel and Ganapathy S. Sundaram Bell Labs 67 Whippany Rd, Whippany, NJ 07981, USA {sarvar,ganeshs}@bell-labs.com Abstract. The exponentiation function
More informationIntroduction to Cryptography. Lecture 6
Introduction to Cryptography Lecture 6 Benny Pinkas page 1 Public Key Encryption page 2 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem:
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 10-1 Overview 1. How to exchange
More informationSuppose F is a field and a1,..., a6 F. Definition 1. An elliptic curve E over a field F is a curve given by an equation:
Elliptic Curve Cryptography Jim Royer CIS 428/628: Introduction to Cryptography November 6, 2018 Suppose F is a field and a 1,..., a 6 F. Definition 1. An elliptic curve E over a field F is a curve given
More informationNumber Theory. Modular Arithmetic
Number Theory The branch of mathematics that is important in IT security especially in cryptography. Deals only in integer numbers and the process can be done in a very fast manner. Modular Arithmetic
More informationBlind Collective Signature Protocol
Computer Science Journal of Moldova, vol.19, no.1(55), 2011 Blind Collective Signature Protocol Nikolay A. Moldovyan Abstract Using the digital signature (DS) scheme specified by Belarusian DS standard
More informationPredicting Subset Sum Pseudorandom Generators
Predicting Subset Sum Pseudorandom Generators Joachim von zur Gathen 1 and Igor E Shparlinsi 2 1 Faultät für Eletrotechni, Informati und Mathemati, Universität Paderborn, 33095 Paderborn, Germany gathen@upbde
More informationFast Fraction-Integer Method for Computing Multiplicative Inverse
Fast Fraction-Integer Method for Computing Multiplicative Inverse Hani M AL-Matari 1 and Sattar J Aboud 2 and Nidal F Shilbayeh 1 1 Middle East University for Graduate Studies, Faculty of IT, Jordan-Amman
More informationClassification of Finite Fields
Classification of Finite Fields In these notes we use the properties of the polynomial x pd x to classify finite fields. The importance of this polynomial is explained by the following basic proposition.
More informationA. Algebra and Number Theory
A. Algebra and Number Theory Public-key cryptosystems are based on modular arithmetic. In this section, we summarize the concepts and results from algebra and number theory which are necessary for an understanding
More informationDefinition of a finite group
Elliptic curves Definition of a finite group (G, * ) is a finite group if: 1. G is a finite set. 2. For each a and b in G, also a * b is in G. 3. There is an e in G such that for all a in G, a * e= e *
More informationHans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009. References. References
Hans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009 Die Unterlagen sind ausschliesslich zum persoenlichen Gebrauch der Vorlesungshoerer bestimmt. Die Herstellung von elektronischen
More informationBiomedical Security. Overview 9/15/2017. Erwin M. Bakker
Biomedical Security Erwin M. Bakker Overview Cryptography: Algorithms Cryptography: Protocols Pretty Good Privacy (PGP) / B. Schneier Workshop Biomedical Security Biomedical Application Security (guest
More informationLeak Resistant Arithmetic
Leak Resistant Arithmetic Jean-Claude Bajard 1, Laurent Imbert 1, Pierre-Yvan Liardet 2, and Yannick Teglia 2 1 LIRMM, CNRS UMR 5506, Université Montpellier II 161 rue Ada, 34392 Montpellier cedex 5, FRANCE
More informationBiomedical Security. Some Security News 9/17/2018. Erwin M. Bakker. Blockchains are not safe for voting (slashdot.org) : From: paragonie.
Biomedical Security Erwin M. Bakker Some Security News From: NYTimes Blockchains are not safe for voting (slashdot.org) : From Motherboard.vice.com ECDAA: Eliptic Curve Direct Anonymous Attestation for
More informationPublic key exchange using semidirect product of (semi)groups
Public key exchange using semidirect product of (semi)groups Maggie Habeeb 1, Delaram Kahrobaei 2, Charalambos Koupparis 3, and Vladimir Shpilrain 4 1 California University of Pennsylvania habeeb@calu.edu
More informationComputing the RSA Secret Key is Deterministic Polynomial Time Equivalent to Factoring
Computing the RSA Secret Key is Deterministic Polynomial Time Equivalent to Factoring Alexander May Faculty of Computer Science, Electrical Engineering and Mathematics University of Paderborn 33102 Paderborn,
More informationLecture 14: Hardness Assumptions
CSE 594 : Modern Cryptography 03/23/2017 Lecture 14: Hardness Assumptions Instructor: Omkant Pandey Scribe: Hyungjoon Koo, Parkavi Sundaresan 1 Modular Arithmetic Let N and R be set of natural and real
More informationAPPLICATION OF ELLIPTIC CURVES IN CRYPTOGRAPHY-A REVIEW
APPLICATION OF ELLIPTIC CURVES IN CRYPTOGRAPHY-A REVIEW Savkirat Kaur Department of Mathematics, Dev Samaj College for Women, Ferozepur (India) ABSTRACT Earlier, the role of cryptography was confined to
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 12: Introduction to Number Theory II Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline This time we ll finish the
More informationFinite fields and cryptology
Computer Science Journal of Moldova, vol.11, no.2(32), 2003 Ennio Cortellini Abstract The problem of a computationally feasible method of finding the discrete logarithm in a (large) finite field is discussed,
More informationTopics in Cryptography. Lecture 5: Basic Number Theory
Topics in Cryptography Lecture 5: Basic Number Theory Benny Pinkas page 1 1 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem: generating
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationCIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography 1 Review of Modular Arithmetic 2 Remainders and Congruency For any integer a and any positive
More information