A Public-Key Cryptosystem Based on Lucas Sequences
|
|
- Annabel Lucas
- 5 years ago
- Views:
Transcription
1 Palestine Journal of Mathematics Vol. 1(2) (2012), Palestine Polytechnic University-PPU 2012 A Public-Key Crytosystem Based on Lucas Sequences Lhoussain El Fadil Communicated by Ayman Badawi MSC2010 Classification: 11T71. Keywords : Lucas sequences, Public-Key Cryto-system, Semantic security. Suorted by the Sanish ministry (Ref : SB ) at CRM of Barcelona Abstract. Based on Lucas functions, an imroved version of Diffie-hellman key distribution, El Gamal ublic key cryto-system scheme and El Gamal signature scheme are roosed, together with an imlementation and comutational cost. The security relies on the difficulty of factoring an RSA integer and on the difficulty of comuting the discrete logarithm. Introduction In [1], Diffie and Hellman introduced a ractical solution to the key distribution roblem, allowing two arties, Alice and Bob never met, to share a secret key by exchanging information over an oen channel. In [2], El Gamal used Diffie-Hellman ideas to design a cryto-system whose security is based on the difficulty of solving the discrete logarithm roblem. In [3], It was suggested that linear sequences could be used instead of the standard RSA. In this aer, based on Lucas sequences, an imroved of Diffie-hellman key distribution,el Gamal ublic key cryto-system and El Gamal digital signature were roosed. This considerably reduces the comutation cost of these methods. The security relies on the difficulty of factoring an RSA integer. In section 1, an investigation of crytograhic roerties of Lucas sequences, and a comutational method to evaluate the k th term of a Lucas sequence are given. In section 2, two crytograhic alications are given, their security and comutational cost were analyzed. 1 Lucas sequences In this section, the main crytograhic roerties of Lucas sequences are studied. A comutational method to evaluate the k th term are given, together with an analysis of its comutational cost. Throughout this section, is a rime integer, a Z, f(x) = X 2 ax + 1 [] a olynomial in IF [X], α a root of f(x) in a slitting field of f(x) and s(a) the characteristic sequence generated by a modulo, where IF := Z/ Z is the finite field of element. Denote the reduction modulo, A = IF [X]/(f(X)) and α = X the class of X modulo the rincial ideal of IF [X] generated by f(x). For every x A, let l x be the linear ma of A defined by l x (y) = xy, T (x) = T r(l x ) and N(x) = det(l x ) the trace and norm of x, where det(l x ) is the determinant of the linear ma l x, and T r(l x ) is its trace. Define a sequence s(a) as follows : s k (a) = T (α k ). Since f(α) = 0 and the ma trace is linear, it follows that s k+2 (a) = as k+1 (a) s k (a) modulo. So, s(a) is a second order linear sequence (Lucas sequence), called the characteristic sequence generated by a. Remark. Let l k be( the endomorhism ) ( of A defined ) by l k (x) = α k x, and M k its matrix with resect to the basis (1, α). Then M 0 =, M 1 =, and then s 0 (a) = 2 and s 1 (a) = ā ā 1.1 Crytograhic roerties The crytograhic alications of Lucas sequences are listed in [3]. For the commodity of the reader, we resent some of these results in a more accessible form and with simlified roofs. Lemma For every integer k, s k (a) = α k + α k and s k (a) = s k (a). Proof. Let K be a slitting field of f(x). Since f(x), the characteristic olynomial of M( 1, slits in) K, there exists an invertible matrix P in M 2 (K) and x K such that M 1 = P T P 1 α x, where T = 0 α 1. Let k ( ) be an integer. As M k = M k 1, we have M k = P T k P 1, where T k = α k x k 0 α k and x k K. Therefore,
2 A Public-Key Crytosystem Based on Lucas Sequences 149 s k (a) = T r(m k ) = α k + α k. Corollary For every integer k, let f k (X) = X 2 s k (a)x + 1. Then f k (X) = (X α k )(X α k ). Indeed, s k (a) = α k + α k and α k α k = 1. Lemma For every integers k and e, s e (s k (a)) = s ke (a). Proof. From Corollary 1.2, the roots of the olynomial f k (X) are α k and α k. So, s e (s k (a)) = (α k ) e + (α k ) e = T (α ke ) = s ke (a). Lemma π = 2 1 is a eriod of s(a). Esecially, if does not divide a 2 4, then ɛ is the eriod, where ɛ = ( a2 4 ) is the Legendre symbol. Proof. Since α is an element of A of norm 1, α is an invertible element of A. Let = a 2 4 be the disciminant of f(x). (i) divides (a 2 4). Then a = 2 modulo. If a = 2 modulo, then s k (a) = 2. If a = 2 modulo, then s 2k (a) = 2 and s 2k+1 (a) = 2. (ii) If ( a2 4 ) = 1, then f(x) slits in IF, and A IF IF. Hence the exonent of the multilicative grou A is 1. Thus, α 1 = 1. (iii) If ( a2 4 ) = 1, then A IF 2 and N(α) = α+1 = 1. Let x IN be the eriod of s(a). Then α x = 1. Since( a2 4 ) = 1, α IF, and then x + 1. Corollary For every integer e such that gcd(e, π) = 1, the ma Luc e : IF IF is a one-one corresondence. a s e (a) Indeed, since gcd(e, 2 1) = 1, let d be the inverse of e modulo π. Then there exists an integer k such that de = 1 + kπ. Hence s d (s e (a)) = s de (a) = s 1+kπ (a) = s 1 (a) = a []. Lemma Let a Z such that does not divide a 2 4. Let ɛ = ( a2 4 ), e IN such that Gcd(e, π) = 1 and b = s e (a), where π = ɛ. Then does not divide b 2 4 ( a2 4 ) = ( b2 4 ) Proof. Since a = s d (b) [], where d is the inverse of e modulo 2 1, it suffices to show that if ( a2 4 ) = 1, then ( b2 4 ) = 1 too. Assume that ( a2 4 ) = 1, then α IF, and then α e IF. Thus, f b (X) = X 2 bx + 1 slits in IF (α e + α e = b []), i.e., ( b2 4 ) = Comutational Method and Cost i) s 2n (a) = s n (a) 2 2, Lemma ii) s 2n+1 (a) = s n (a)s n+1 (a) a Proof. Let n and m be two integers. s n (a)s m (a) = (α n + α n )(α m + α m ) = (α n+m + α n m ) + (α n m + α n+m 2 ) = s n+m (a) + s n m (a). Therefore, s n+m (a) = s n (a)s m (a) s n m (a) In articular, we have i) and ii). Let k = 2 r m, where m is an odd integer. To comute s k (a), first we comute s m (a), then s 2m (a) = (s m (a)) 2 2, then s 4m (a) = (s 2m (a)) 2 2,...,s k (a) = s 2 m(a) 2 r 1 2. Then to comute s k (a), we need r multilications modulo and we need s m (a). Let m = l 1 i=0 k i2 l 1 i. For every 0 i < l 1, let f i+1 = 2f i + k i+1 and f 0 = k 0. Then f l 1 = k. For 0 i < l 1 and assume that, s fi 1 (a) and s fi 1 +1(a) are comuted. Then if k i = 0, then if k i = 1, then s fi (a) = s 2fi 1 (a) = (s fi 1 (a)) 2 2 s fi+1(a) = s 2fi 1 +1(a) = s fi 1 (a)s fi 1 +1(a) a s fi (a) = s 2fi 1 +1(a) = s fi 1 (a)s fi 1 +1(a) a s fi+1(a) = s 2(fi 1 +1)(a) = (s fi 1 +1(a)) 2 2 Comutational Algorithm. In ut k = 2 r l 1 i=0 k i2 i and a, where k 0 0 and k l 1 0. Out ut s k.
3 150 Lhoussain El Fadil Algorithm s 0 = 2, s 1 = a, for i from 0 to l 1 do if k i = 0 then s 1 = s 1 s 0 a, s 0 = s else then s 0 = s 1 s 0 a, s 1 = s End return (s 0 ). s = s 0, for i from 1 to r do s = s 2 2. End return (s). This method ensures that s k can be comuted in about the same length of time as the k th ower is comuted in the RSA method. But in the comutation of s m (a), having to comute two numbers at each stage does slow the comutation down a little, but there are otimizations in the calculation which mean that the total amount of comutation is only about half less than the amount needed for the RSA system. Therefore, to comute s k (a), the total number of multilications modulo is log 2 (k). 2 Main results In this section we describe some alications of Lucas sequences, in more details : Lucas Diffie-Hellman, Lucas El Gamal encrytion scheme and Lucas El Gamal signature scheme. Let n = q be an RSA integer, a IN such that ( a ) = ( a q ) = 1 and s(a) the Lucas sequence generated by a defined by : s 0 (a) = 2 [n], s 1 (a) = a [n] and s k+2 (a) = as k+1 (a) s k (a) [n]. Let and f(x) = X 2 ax + 1 modulo n, A = Z n [X]/(f(X)) and α = X the class of X modulo the rincial ideal (f(x)) (we have s k (a) = α k + α k = T (α k )). 2.1 Lucas Diffie-Hellman Let a be an integer. Suose that Alice and Bob, who both have access to the Lucas sequences ublic key data (n, a), want to agree on a shared secret key K AB. (i) User Alice selects 0 < x A < n as her rivate key. She then comutes y A = s xa (a) as her ublic key from the system ublic arameters (n, a). (ii) User Bob selects 0 < x B < n as his rivate key. He then comutes y B = s xb (a) as his ublic key from the system ublic arameters (n, a). (iii) Key-Distribution Phase : K AB = s xa (y B ) = s xb (y A ) is their common secret key. Remarks (i) In [3], it was given a Diffie-Hellman scheme based on lucas functions defined in IF q. Here, it is the same version but with Lucas sequences modulo an RSA integer. (ii) K AB = s xa x B (a). (iii) In each exchange session, the comutational cost of each user is 2log 2 (n). (iv) From [5], the security of Lucas sequences is olynomial-time equivalent to the generalized discrete logarithm roblem over IF. Thus, the security level of this scheme is at least the security level of the standard Diffie- Hellman scheme. 2.2 Lucas El Gamal Now, we exlain our version of the ublic key system. It is based on El Gamal system, which is defined by Lucas sequences. Suose that Bob is the owner of the Lucas ublic key data (, q, a). Bob selects a small integer e such that Gcd(d, ( 2 1)(q 2 1)) = 1 and a secret integer 0 < x n. He comutes d the inverse of e modulo ( 2 1)(q 2 1), y = s x (a) and makes ublic (e, y). Given Bob s ublic data (n, a, e, y), Alice can encryt a message m, where 0 m < n, intended for Bob using the following Lucas version of the El Gamal encrytion scheme :
4 A Public-Key Crytosystem Based on Lucas Sequences 151 Algorithm (i) Public key : (n, a, y, e) (ii) Private key : (, q, d, x). (iii) Encrytion : For a message 0 m < n, Alice chooses a (secret) random number 0 < k < n, and sends Bob the ciher c = (c 1, c 2 ), where c 1 = s k (a), c 2 = K + s e (m) and K = s k (y). (iv) Decrytion : For a ciher c = (c 1, c 2 ), Bob comutes K = s x (c 1 ), and then m = s d (c 2 K), where (, q, d, x) is its rivate key. Note that (1) All comutations are erformed in Z n. (2) Let ɛ = ( m2 4 ), ɛ q = ( m2 4 q ) and π = Lcm( ɛ, q ɛ q ). Then s x (c 1 ) = s x (s k (a)) = s xk (a) = s k (s x (a)) = s k (y) = K, and then c 2 K = s e (m). Since ed = 1 modulo π, there exists an integer l such that ed = 1 + lπ.thus, s d (c 2 K) = s d (s e (m)) = s ed (m) = s 1+l( 2 1)(q 2 1)(m) = s 1 (m) = m modulo. Security analysis Definition Given a ciher C = K + s e (m) (m m 0, m 1 }), where K is randomly chosen modulo n, the roblem of deciding whether m equals m 0 or m 1 is called decision roblem based on Lucas sequences. If any analyzer can not decide which one of m 0 or m 1 is corresonding to the ciher c in olynomial time, then the encrytion scheme is semantical secure. First, since k is randomly chosen, K is considered random too. On the other hand, since n = q is an RSA integer, it is very hard to factorise the eriod T = ( ɛ )(q ɛ q ). It follows that, the decision roblem based on Lucas sequences is intractable: Given c = s e (m) it is very hard to calculate neither e nor m (this roblem is equivalent to the discrete logarithm roblem (see [5])). Consequently, the roosed Lucas El Gamal scheme is semantical secure. Comutational cost As in the standard RSA ublic key system, Bob chooses a small integer e and Alice chooses a relatively small integer k such that the comutational cost for evaluating s k (a) and s e (m) are low. For examle e = 5, we need 3 multilications modulo n for comuting s 3 (m), log 2 (k) multilications modulo n for comuting s k (a), i.e., totally, we need 3 + log 2 (k) multilications modulo n for encihering. For decihering, once d and y are comuted, we need log 2 (x) multilications modulo n for comuting K = s x (c 1 ), and log 2 (d) multilications modulo n for comuting s d (c 2 K). As d < n 2, we need log 2 (n) multilications modulo n for decihering. Totally, we need 4log 2 (n) on average. 2.3 Lucas El Gamal signature We now exlain our version of El Gamal signature scheme, defined by Lucas sequences. First,we need the following lemma : Lemma Let s(a) be a Lucas sequence generated by a, m, n and k three integers such that m + n = k. Then s 2 k (a) + s 2m(a) + s 2n (a) = s m (a)s n (a)s k (a). Proof. In the roof of Lemma 1.6, we have shown that s m+n (a) = s m (a)s n (a) s m n (a). Thus, s k (a) = s m (a)s n (a) s m n (a), and then s 2 k (a) = s m(a)s n (a)s k (a) s m+n (a)s m n (a) = s m (a)s n (a)s k (a) (s 2n (a) + s 2m (a)). Therefore, s 2 k (a) + (s 2n(a) + s 2m (a)) = s m (a)s n (a)s k (a). Suose Alice is the owner of the Lucas ublic key data (, q, a). She comutes the secrets ɛ = ( a2 4 ) and ). She selects an integer x, 1 x < ( 1)(q 1), comutes y = s x (a) and makes ublic (n, a, y). ɛ q = ( a2 4 q Given Alice s ublic data (n, a, y), Alice can sign a message m, where 0 m < n, intended for Bob using the following Lucas version of El Gamal signature scheme : (i) Alice selects at random an integer k such that gcd(k, ( ɛ )(q ɛ q )) = 1 and she comutes r = s k (a).
5 152 Lhoussain El Fadil (ii) She comutes s = k 1 (m xr) modulo ( ɛ )(q ɛ q ), where k 1 is the inverse of k modulo ( ɛ )(q ɛ q ). (iii) (r, S) is the signature for the message m, where S = s s (r). To verify the authenticity of the signature, any verifier can check if (E) : s 2 m(a) + s 2 r(y) + S 2 4 = Ss r (y)s m (a). Indeed, since m = xr + ks, it follows that s 2 m(a) + s 2rx (a) + s 2sk (a) = s rx (a)s sk (a)s m (a) = s r (y)s s (r)s m (a). Security analysis. This scheme hides the linear equation ks+xr = m modulo T. Thus even if the owner uses twice the same random k, the analyzer can not calculate the secret x. On the other hand, the security of Lucas sequences is olynomial-time equivalent to the generalized discrete logarithm roblem over IF. It follows that the security level of this scheme is at least the security level of El Gamal digital signature. Comutational Cost. To sign the message m, we will comute : s k (a), k 1 modulo ( ɛ )(q ɛ q ) and k 1 (m xr). Thus we need, ln 2 (n) + 3, 5 multilications to sign the message m such that 0 m < n. To verify, we will comute : s r (y), s s (r), s m (a), s 2r (y), s 2s (r) and s 2 m(a). As s 2r (y) = s 2 r(y) 2 and s 2s (r) = s 2 s(r) 2, to verify the authenticity of the signature, we need 2ln 2 (n) + 3 multilications. References [1] W. Diffie and M. E. Hellman, New directions in crytograhy, IEEE Trans. Inform. Theory, vol. IT-22, (1976). [2] T. ElGamal, "A ublic key crytosystem and a signature scheme based on discrete logarithms," IEEE Trans. Inform. Theory, vol. IT- 31, (1985). [3] P. Smith et M. J. J. Lennon, LUC : A new ublic key system. In Proc. of the Ninth IFIP Int. Sym. on Comuter Security, (1993). [4] A.K. Lenstra, E.R. Verheul, The XTR ublic key system, Proceedings of Cryto 2000, LNCS 1880, 1-19(2000). [5] Chi-Sung Laih, Fu-Kuan Tu, Wen-Chun Tai, On the security of the Lucas function, Information Processing Letters 53, (1995). [6] Douglas R. Stinson, Crytograhy Theory and Practice, Third edition 2006, Chaman, Hall/CRC, Taylor and Francis Grou. Author information Lhoussain El Fadil, De. of Math., College of Sciences, King Khalid University, Abha, Saudi Arabia. lhouelfadil@hotmail.com Received: March 12, 2012 Acceted: June 4, 2012
Elliptic Curves and Cryptography
Ellitic Curves and Crytograhy Background in Ellitic Curves We'll now turn to the fascinating theory of ellitic curves. For simlicity, we'll restrict our discussion to ellitic curves over Z, where is a
More informationCryptography Assignment 3
Crytograhy Assignment Michael Orlov orlovm@cs.bgu.ac.il) Yanik Gleyzer yanik@cs.bgu.ac.il) Aril 9, 00 Abstract Solution for Assignment. The terms in this assignment are used as defined in [1]. In some
More informationCDH/DDH-Based Encryption. K&L Sections , 11.4.
CDH/DDH-Based Encrytion K&L Sections 8.3.1-8.3.3, 11.4. 1 Cyclic grous A finite grou G of order q is cyclic if it has an element g of q. { 0 1 2 q 1} In this case, G = g = g, g, g,, g ; G is said to be
More informationTanja Lange Technische Universiteit Eindhoven
Crytanalysis Course Part I Tanja Lange Technische Universiteit Eindhoven 28 Nov 2016 with some slides by Daniel J. Bernstein Main goal of this course: We are the attackers. We want to break ECC and RSA.
More informationON THE LEAST SIGNIFICANT p ADIC DIGITS OF CERTAIN LUCAS NUMBERS
#A13 INTEGERS 14 (014) ON THE LEAST SIGNIFICANT ADIC DIGITS OF CERTAIN LUCAS NUMBERS Tamás Lengyel Deartment of Mathematics, Occidental College, Los Angeles, California lengyel@oxy.edu Received: 6/13/13,
More information1. Introduction. 2. Background of elliptic curve group. Identity-based Digital Signature Scheme Without Bilinear Pairings
Identity-based Digital Signature Scheme Without Bilinear Pairings He Debiao, Chen Jianhua, Hu Jin School of Mathematics Statistics, Wuhan niversity, Wuhan, Hubei, China, 43007 Abstract: Many identity-based
More informationCryptography. Lecture 8. Arpita Patra
Crytograhy Lecture 8 Arita Patra Quick Recall and Today s Roadma >> Hash Functions- stands in between ublic and rivate key world >> Key Agreement >> Assumtions in Finite Cyclic grous - DL, CDH, DDH Grous
More informationA Modified Menezes-Vanstone Elliptic Curve Multi-Keys Cryptosystem
A Modified Menezes-Vanstone Ellitic Curve Multi-Keys Crytosystem By K.H. Rahouma Electrical Technology Deartment Technical College in Riyadh Riyadh, Kingdom of Saudi Arabia E-mail: kamel_rahouma@yahoo.com
More informationx 2 a mod m. has a solution. Theorem 13.2 (Euler s Criterion). Let p be an odd prime. The congruence x 2 1 mod p,
13. Quadratic Residues We now turn to the question of when a quadratic equation has a solution modulo m. The general quadratic equation looks like ax + bx + c 0 mod m. Assuming that m is odd or that b
More informationNotes for Lecture 17
U.C. Berkeley CS276: Cryptography Handout N17 Luca Trevisan March 17, 2009 Notes for Lecture 17 Scribed by Matt Finifter, posted April 8, 2009 Summary Today we begin to talk about public-key cryptography,
More informationAN IMPROVED BABY-STEP-GIANT-STEP METHOD FOR CERTAIN ELLIPTIC CURVES. 1. Introduction
J. Al. Math. & Comuting Vol. 20(2006), No. 1-2,. 485-489 AN IMPROVED BABY-STEP-GIANT-STEP METHOD FOR CERTAIN ELLIPTIC CURVES BYEONG-KWEON OH, KIL-CHAN HA AND JANGHEON OH Abstract. In this aer, we slightly
More informationPractice Final Solutions
Practice Final Solutions 1. Find integers x and y such that 13x + 1y 1 SOLUTION: By the Euclidean algorithm: One can work backwards to obtain 1 1 13 + 2 13 6 2 + 1 1 13 6 2 13 6 (1 1 13) 7 13 6 1 Hence
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationLattice Attacks on the DGHV Homomorphic Encryption Scheme
Lattice Attacks on the DGHV Homomorhic Encrytion Scheme Abderrahmane Nitaj 1 and Tajjeeddine Rachidi 2 1 Laboratoire de Mathématiques Nicolas Oresme Université de Caen Basse Normandie, France abderrahmanenitaj@unicaenfr
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationWhen do Fibonacci invertible classes modulo M form a subgroup?
Calhoun: The NPS Institutional Archive DSace Reository Faculty and Researchers Faculty and Researchers Collection 2013 When do Fibonacci invertible classes modulo M form a subgrou? Luca, Florian Annales
More informationWhen do the Fibonacci invertible classes modulo M form a subgroup?
Annales Mathematicae et Informaticae 41 (2013). 265 270 Proceedings of the 15 th International Conference on Fibonacci Numbers and Their Alications Institute of Mathematics and Informatics, Eszterházy
More informationAdvanced Cryptography Midterm Exam
Advanced Crytograhy Midterm Exam Solution Serge Vaudenay 17.4.2012 duration: 3h00 any document is allowed a ocket calculator is allowed communication devices are not allowed the exam invigilators will
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More informationPublic Key Cryptosystems RSA
Public Key Crytosystems RSA 57 17 Receiver Sender 41 19 and rime 53 Attacker 47 Public Key Crytosystems RSA Comute numbers n = * 2337 323 57 17 Receiver Sender 41 19 and rime 53 Attacker 2491 47 Public
More informationA New and Optimal Chosen-message Attack on RSA-type Cryptosystems
Published in Y. Han, T. Okamoto, and S. Qing, eds, Information and Communications Security (ICICS 97), vol. 1334 of Lecture Notes in Comer Science,. 30-313, Sringer-Verlag, 1997. A New and Otimal Chosen-message
More informationSQUARES IN Z/NZ. q = ( 1) (p 1)(q 1)
SQUARES I Z/Z We study squares in the ring Z/Z from a theoretical and comutational oint of view. We resent two related crytograhic schemes. 1. SQUARES I Z/Z Consider for eamle the rime = 13. Write the
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationDiophantine Equations and Congruences
International Journal of Algebra, Vol. 1, 2007, no. 6, 293-302 Diohantine Equations and Congruences R. A. Mollin Deartment of Mathematics and Statistics University of Calgary, Calgary, Alberta, Canada,
More informationApplicable Analysis and Discrete Mathematics available online at HENSEL CODES OF SQUARE ROOTS OF P-ADIC NUMBERS
Alicable Analysis and Discrete Mathematics available online at htt://efmath.etf.rs Al. Anal. Discrete Math. 4 (010), 3 44. doi:10.98/aadm1000009m HENSEL CODES OF SQUARE ROOTS OF P-ADIC NUMBERS Zerzaihi
More information#A64 INTEGERS 18 (2018) APPLYING MODULAR ARITHMETIC TO DIOPHANTINE EQUATIONS
#A64 INTEGERS 18 (2018) APPLYING MODULAR ARITHMETIC TO DIOPHANTINE EQUATIONS Ramy F. Taki ElDin Physics and Engineering Mathematics Deartment, Faculty of Engineering, Ain Shams University, Cairo, Egyt
More informationRandomness Extraction in finite fields F p
Randomness Extraction in finite fields F n Abdoul Aziz Ciss École doctorale de Mathématiques et d Informatique, Université Cheikh Anta Dio de Dakar, Sénégal BP: 5005, Dakar Fann abdoul.ciss@ucad.edu.sn,
More informationA CONCRETE EXAMPLE OF PRIME BEHAVIOR IN QUADRATIC FIELDS. 1. Abstract
A CONCRETE EXAMPLE OF PRIME BEHAVIOR IN QUADRATIC FIELDS CASEY BRUCK 1. Abstract The goal of this aer is to rovide a concise way for undergraduate mathematics students to learn about how rime numbers behave
More informationQUANTUM INFORMATION DELAY SCHEME USING ORTHOGONAL PRODUCT STATES
0 th March 0. Vol. No. 00-0 JATIT & LLS. All rights reserved. ISSN: -86 www.jatit.org E-ISSN: 87- QUANTUM INFORMATION DELAY SCHEME USING ORTHOGONAL PRODUCT STATES XIAOYU LI, LIJU CHEN School of Information
More informationImproved Hidden Vector Encryption with Short Ciphertexts and Tokens
Imroved Hidden Vector Encrytion with Short Cihertexts and Tokens Kwangsu Lee Dong Hoon Lee Abstract Hidden vector encrytion HVE) is a articular kind of redicate encrytion that is an imortant crytograhic
More informationSolvability and Number of Roots of Bi-Quadratic Equations over p adic Fields
Malaysian Journal of Mathematical Sciences 10(S February: 15-35 (016 Secial Issue: The 3 rd International Conference on Mathematical Alications in Engineering 014 (ICMAE 14 MALAYSIAN JOURNAL OF MATHEMATICAL
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More information#A45 INTEGERS 12 (2012) SUPERCONGRUENCES FOR A TRUNCATED HYPERGEOMETRIC SERIES
#A45 INTEGERS 2 (202) SUPERCONGRUENCES FOR A TRUNCATED HYPERGEOMETRIC SERIES Roberto Tauraso Diartimento di Matematica, Università di Roma Tor Vergata, Italy tauraso@mat.uniroma2.it Received: /7/, Acceted:
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More informationMultiplicative group law on the folium of Descartes
Multilicative grou law on the folium of Descartes Steluţa Pricoie and Constantin Udrişte Abstract. The folium of Descartes is still studied and understood today. Not only did it rovide for the roof of
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationPolynomial Interpolation in the Elliptic Curve Cryptosystem
Journal of Mathematics and Statistics 7 (4): 326-331, 2011 ISSN 1549-3644 2011 Science Publications Polynomial Interpolation in the Elliptic Curve Cryptosystem Liew Khang Jie and Hailiza Kamarulhaili School
More informationA secure approach for embedding message text on an elliptic curve defined over prime fields, and building 'EC-RSA-ELGamal' Cryptographic System
International Journal of Comuter Science an Information Security (IJCSIS), Vol. 5, No. 6, June 7 A secure aroach for embeing message tet on an ellitic curve efine over rime fiels, an builing 'EC-RSA-ELGamal'
More informationMATH342 Practice Exam
MATH342 Practice Exam This exam is intended to be in a similar style to the examination in May/June 2012. It is not imlied that all questions on the real examination will follow the content of the ractice
More informationEfficient Cryptosystems From 2 k -th Power Residue Symbols
Efficient Crytosystems From k -th Power Residue Symbols Fabrice Benhamouda, Javier Herranz, Marc Joye 3, and Benoît Libert 4, ENS Paris, CNRS, INRIA, and PSL 45 rue d Ulm, 7530 Paris Cedex 06, France fabrice.benhamouda@ens.fr
More informationOn Nonlinear Polynomial Selection and Geometric Progression (mod N) for Number Field Sieve
On onlinear Polynomial Selection and Geometric Progression (mod ) for umber Field Sieve amhun Koo, Gooc Hwa Jo, and Soonhak Kwon Email: komaton@skku.edu, achimheasal@nate.com, shkwon@skku.edu Det. of Mathematics,
More informationMA3H1 TOPICS IN NUMBER THEORY PART III
MA3H1 TOPICS IN NUMBER THEORY PART III SAMIR SIKSEK 1. Congruences Modulo m In quadratic recirocity we studied congruences of the form x 2 a (mod ). We now turn our attention to situations where is relaced
More informationElementary Analysis in Q p
Elementary Analysis in Q Hannah Hutter, May Szedlák, Phili Wirth November 17, 2011 This reort follows very closely the book of Svetlana Katok 1. 1 Sequences and Series In this section we will see some
More informationSome sophisticated congruences involving Fibonacci numbers
A tal given at the National Center for Theoretical Sciences (Hsinchu, Taiwan; July 20, 2011 and Shanghai Jiaotong University (Nov. 4, 2011 Some sohisticated congruences involving Fibonacci numbers Zhi-Wei
More informationAn Estimate For Heilbronn s Exponential Sum
An Estimate For Heilbronn s Exonential Sum D.R. Heath-Brown Magdalen College, Oxford For Heini Halberstam, on his retirement Let be a rime, and set e(x) = ex(2πix). Heilbronn s exonential sum is defined
More informationA CRITERION FOR POLYNOMIALS TO BE CONGRUENT TO THE PRODUCT OF LINEAR POLYNOMIALS (mod p) ZHI-HONG SUN
A CRITERION FOR POLYNOMIALS TO BE CONGRUENT TO THE PRODUCT OF LINEAR POLYNOMIALS (mod ) ZHI-HONG SUN Deartment of Mathematics, Huaiyin Teachers College, Huaian 223001, Jiangsu, P. R. China e-mail: hyzhsun@ublic.hy.js.cn
More informationBent Functions of maximal degree
IEEE TRANSACTIONS ON INFORMATION THEORY 1 Bent Functions of maximal degree Ayça Çeşmelioğlu and Wilfried Meidl Abstract In this article a technique for constructing -ary bent functions from lateaued functions
More informationElliptic Curve Cryptography
AIMS-VOLKSWAGEN STIFTUNG WORKSHOP ON INTRODUCTION TO COMPUTER ALGEBRA AND APPLICATIONS Douala, Cameroon, October 12, 2017 Elliptic Curve Cryptography presented by : BANSIMBA Gilda Rech BANSIMBA Gilda Rech
More informationMath 261 Exam 2. November 7, The use of notes and books is NOT allowed.
Math 261 Eam 2 ovember 7, 2018 The use of notes and books is OT allowed Eercise 1: Polynomials mod 691 (30 ts In this eercise, you may freely use the fact that 691 is rime Consider the olynomials f( 4
More informationLecture 28: Public-key Cryptography. Public-key Cryptography
Lecture 28: Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies on the fact that the adversary does not have access
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationThe Hasse Minkowski Theorem Lee Dicker University of Minnesota, REU Summer 2001
The Hasse Minkowski Theorem Lee Dicker University of Minnesota, REU Summer 2001 The Hasse-Minkowski Theorem rovides a characterization of the rational quadratic forms. What follows is a roof of the Hasse-Minkowski
More informationEfficient Cryptosystems From 2 k -th Power Residue Symbols
Published in Journal of Crytology, 30(2:519 549, 2017. Efficient Crytosystems From 2 k -th Power Residue Symbols Fabrice Benhamouda 1, Javier Herranz 2, Marc Joye 3, and Benoît Libert 4, 1 ES Paris, CRS,
More informationNetwork Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30
Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) LIU Zhen Due Date: March 30 Questions: 1. RSA (20 Points) Assume that we use RSA with the prime numbers p = 17 and q = 23. (a) Calculate
More informationResearch Article New Mixed Exponential Sums and Their Application
Hindawi Publishing Cororation Alied Mathematics, Article ID 51053, ages htt://dx.doi.org/10.1155/01/51053 Research Article New Mixed Exonential Sums and Their Alication Yu Zhan 1 and Xiaoxue Li 1 DeartmentofScience,HetaoCollege,Bayannur015000,China
More informationOutline. EECS150 - Digital Design Lecture 26 Error Correction Codes, Linear Feedback Shift Registers (LFSRs) Simple Error Detection Coding
Outline EECS150 - Digital Design Lecture 26 Error Correction Codes, Linear Feedback Shift Registers (LFSRs) Error detection using arity Hamming code for error detection/correction Linear Feedback Shift
More informationQUADRATIC RECIPROCITY
QUADRATIC RECIPROCITY JORDAN SCHETTLER Abstract. The goals of this roject are to have the reader(s) gain an areciation for the usefulness of Legendre symbols and ultimately recreate Eisenstein s slick
More informationNew Variant of ElGamal Signature Scheme
Int. J. Contemp. Math. Sciences, Vol. 5, 2010, no. 34, 1653-1662 New Variant of ElGamal Signature Scheme Omar Khadir Department of Mathematics Faculty of Science and Technology University of Hassan II-Mohammedia,
More informationCONGRUENCES CONCERNING LUCAS SEQUENCES ZHI-HONG SUN
Int. J. Number Theory 004, no., 79-85. CONGRUENCES CONCERNING LUCAS SEQUENCES ZHI-HONG SUN School of Mathematical Sciences Huaiyin Normal University Huaian, Jiangsu 00, P.R. China zhihongsun@yahoo.com
More informationMath 4400/6400 Homework #8 solutions. 1. Let P be an odd integer (not necessarily prime). Show that modulo 2,
MATH 4400 roblems. Math 4400/6400 Homework # solutions 1. Let P be an odd integer not necessarily rime. Show that modulo, { P 1 0 if P 1, 7 mod, 1 if P 3, mod. Proof. Suose that P 1 mod. Then we can write
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationPractice Final Solutions
Practice Final Solutions 1. True or false: (a) If a is a sum of three squares, and b is a sum of three squares, then so is ab. False: Consider a 14, b 2. (b) No number of the form 4 m (8n + 7) can be written
More informationMATH 158 FINAL EXAM 20 DECEMBER 2016
MATH 158 FINAL EXAM 20 DECEMBER 2016 Name : The exam is double-sided. Make sure to read both sides of each page. The time limit is three hours. No calculators are permitted. You are permitted one page
More informationIntroduction to Cryptography. Lecture 8
Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication
More informationMulti-Operation Multi-Machine Scheduling
Multi-Oeration Multi-Machine Scheduling Weizhen Mao he College of William and Mary, Williamsburg VA 3185, USA Abstract. In the multi-oeration scheduling that arises in industrial engineering, each job
More informationVerifying Two Conjectures on Generalized Elite Primes
1 2 3 47 6 23 11 Journal of Integer Sequences, Vol. 12 (2009), Article 09.4.7 Verifying Two Conjectures on Generalized Elite Primes Xiaoqin Li 1 Mathematics Deartment Anhui Normal University Wuhu 241000,
More informationIntroduction to Arithmetic Geometry Fall 2013 Lecture #10 10/8/2013
18.782 Introduction to Arithmetic Geometry Fall 2013 Lecture #10 10/8/2013 In this lecture we lay the groundwork needed to rove the Hasse-Minkowski theorem for Q, which states that a quadratic form over
More informationp-adic Measures and Bernoulli Numbers
-Adic Measures and Bernoulli Numbers Adam Bowers Introduction The constants B k in the Taylor series exansion t e t = t k B k k! k=0 are known as the Bernoulli numbers. The first few are,, 6, 0, 30, 0,
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationAn Attack on a Fully Homomorphic Encryption Scheme
An Attack on a Fully Homomorhic Encrytion Scheme Yuu Hu 1 and Fenghe Wang 2 1 Telecommunication School, Xidian University, 710071 Xi an, China 2 Deartment of Mathematics and Physics Shandong Jianzhu University,
More informationGalois Fields, Linear Feedback Shift Registers and their Applications
Galois Fields, Linear Feedback Shift Registers and their Alications With 85 illustrations as well as numerous tables, diagrams and examles by Ulrich Jetzek ISBN (Book): 978-3-446-45140-7 ISBN (E-Book):
More informationBy Evan Chen OTIS, Internal Use
Solutions Notes for DNY-NTCONSTRUCT Evan Chen January 17, 018 1 Solution Notes to TSTST 015/5 Let ϕ(n) denote the number of ositive integers less than n that are relatively rime to n. Prove that there
More informationDigital Signatures. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay
Digital Signatures Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay July 24, 2018 1 / 29 Group Theory Recap Groups Definition A set
More informationCourse 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography
Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups
More informationPrime Reciprocal Digit Frequencies and the Euler Zeta Function
Prime Recirocal Digit Frequencies and the Euler Zeta Function Subhash Kak. The digit frequencies for rimes are not all equal. The least significant digit for rimes greater than 5 can only be, 3, 7, or
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationHASSE INVARIANTS FOR THE CLAUSEN ELLIPTIC CURVES
HASSE INVARIANTS FOR THE CLAUSEN ELLIPTIC CURVES AHMAD EL-GUINDY AND KEN ONO Astract. Gauss s F x hyergeometric function gives eriods of ellitic curves in Legendre normal form. Certain truncations of this
More informationMATH 3240Q Introduction to Number Theory Homework 7
As long as algebra and geometry have been searated, their rogress have been slow and their uses limited; but when these two sciences have been united, they have lent each mutual forces, and have marched
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationEfficient Cryptosystems From 2 k -th Power Residue Symbols
Efficient Crytosystems From 2 k -th Power Residue Symbols Marc Joye and Benoît Libert Technicolor 975 avenue des Chams Blancs, 35576 Cesson-Sévigné Cedex, France {marc.joye,benoit.libert}@technicolor.com
More informationCrypto math II. Alin Tomescu May 27, Abstract A quick overview on group theory from Ron Rivest s course in Spring 2015.
Crypto math II Alin Tomescu alinush@mit.edu May 7, 015 Abstract A quick overview on group theory from Ron Rivest s 6.857 course in Spring 015. 1 Overview Group theory review Diffie-Hellman (DH) key exchange
More informationCryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages
Cryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages MEI-NA WANG Institute for Information Industry Networks and Multimedia Institute TAIWAN, R.O.C. myrawang@iii.org.tw SUNG-MING
More information(Workshop on Harmonic Analysis on symmetric spaces I.S.I. Bangalore : 9th July 2004) B.Sury
Is e π 163 odd or even? (Worksho on Harmonic Analysis on symmetric saces I.S.I. Bangalore : 9th July 004) B.Sury e π 163 = 653741640768743.999999999999.... The object of this talk is to exlain this amazing
More informationHENSEL S LEMMA KEITH CONRAD
HENSEL S LEMMA KEITH CONRAD 1. Introduction In the -adic integers, congruences are aroximations: for a and b in Z, a b mod n is the same as a b 1/ n. Turning information modulo one ower of into similar
More informationEfficient Hardware Architecture of SEED S-box for Smart Cards
JOURNL OF SEMICONDUCTOR TECHNOLOY ND SCIENCE VOL.4 NO.4 DECEMBER 4 37 Efficient Hardware rchitecture of SEED S-bo for Smart Cards Joon-Ho Hwang bstract This aer resents an efficient architecture that otimizes
More informationb = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.
INTRODUCTION TO CRYPTOGRAPHY 5. Discrete Logarithms Recall the classical logarithm for real numbers: If we write b = 10 a, then a = log 10 b is the logarithm of b to the base 10. Changing the base to e
More informationBilinear Entropy Expansion from the Decisional Linear Assumption
Bilinear Entroy Exansion from the Decisional Linear Assumtion Lucas Kowalczyk Columbia University luke@cs.columbia.edu Allison Bisho Lewko Columbia University alewko@cs.columbia.edu Abstract We develo
More informationDiscrete Logarithm Problem
Discrete Logarithm Problem Finite Fields The finite field GF(q) exists iff q = p e for some prime p. Example: GF(9) GF(9) = {a + bi a, b Z 3, i 2 = i + 1} = {0, 1, 2, i, 1+i, 2+i, 2i, 1+2i, 2+2i} Addition:
More informationLecture 7: ElGamal and Discrete Logarithms
Lecture 7: ElGamal and Discrete Logarithms Johan Håstad, transcribed by Johan Linde 2006-02-07 1 The discrete logarithm problem Recall that a generator g of a group G is an element of order n such that
More informationAlgebraic number theory LTCC Solutions to Problem Sheet 2
Algebraic number theory LTCC 008 Solutions to Problem Sheet ) Let m be a square-free integer and K = Q m). The embeddings K C are given by σ a + b m) = a + b m and σ a + b m) = a b m. If m mod 4) then
More informationEnumeration of Balanced Symmetric Functions over GF (p)
Enumeration of Balanced Symmetric Functions over GF () Shaojing Fu 1, Chao Li 1 and Longjiang Qu 1 Ping Li 1 Deartment of Mathematics and System Science, Science College of ational University of Defence
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationLECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS
LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several
More informationCourse MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography
Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups
More informationTHE DIOPHANTINE EQUATION x 4 +1=Dy 2
MATHEMATICS OF COMPUTATION Volume 66, Number 9, July 997, Pages 347 35 S 005-57897)0085-X THE DIOPHANTINE EQUATION x 4 +=Dy J. H. E. COHN Abstract. An effective method is derived for solving the equation
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 13 March 3, 2013 CPSC 467b, Lecture 13 1/52 Elliptic Curves Basics Elliptic Curve Cryptography CPSC
More informationA Note on the Positive Nonoscillatory Solutions of the Difference Equation
Int. Journal of Math. Analysis, Vol. 4, 1, no. 36, 1787-1798 A Note on the Positive Nonoscillatory Solutions of the Difference Equation x n+1 = α c ix n i + x n k c ix n i ) Vu Van Khuong 1 and Mai Nam
More information