Hardening the ElGamal Cryptosystem in the Setting of the Second Group of Units

Size: px

Start display at page:

Download "Hardening the ElGamal Cryptosystem in the Setting of the Second Group of Units"

Arleen Roberts
6 years ago
Views:

1 54 The Internatonal Arab Journal of Informaton Technology, Vol., o. 5, September 204 Hardenng the ElGamal Cryptosystem n the Settng of the Second Group of Unts Ramz Haraty, Abdulasser ElKassar, and Suzan Fanous Department of Computer Scence and Mathematcs, Lebanese Amercan Unversty, Lebanon Abstract: The Elgamal encrypton scheme s best descrbed n the settng of any fnte cyclc group. Its classc case s typcally * presented n the multplcatve group Z of the rng of ntegers modulo a prme p and the multplcatve groups F of fnte * p felds of characterstc two. The Elgamal cryptosystem was modfed to deal wth Gaussan ntegers, and extended to work wth group of unts of Z p [x]/<x 2 >. In ths paper, we consder yet another extenson to the Elgamal cryptosystem employng the second group of unts of Z n and the second group of unts of Z 2 [x]/<h(x)>, where h(x) s an rreducble polynomal. We descrbe the arthmetc needed n the new settng, and present examples, proofs and algorthms to llustrate the applcablty of the proposed scheme. We mplement our algorthms and conduct testng to evaluate the accuracy, effcency and securty of the modfed cryptographc scheme. Keywords: Second group of unts of z n and z n [x]/<h(x)>, elgamal cryptosystem, and baby step gant step attack algorthm. Receved Aprl 24, 202; accepted October 25, 202; publshed onlne February 26, m. Introducton The Classcal Elgamal Publc Key encrypton scheme s perhaps one of the most popular and wdely used cryptosystems. It s descrbed n the settng of the multplcatve group Z. The multplcatve group of * p * Z p = {, 2,..., p-} s a cyclc group generated by a generator from the group [9]. The followng algorthms show how the Elgamal cryptosystem functons: Algorthm : Key Generaton A should do the followng:. Generate a large random prme p and fnd the generator * α of Z p. 2. Select a random nteger a, a p 2 and compute α a mod p. 3. A's publc key s (p, α, α a ) and A's prvate key s a. Algorthm 2: Encrypton B should do the followng:. Obtan A's authentc publc key (p, α, α a ). 2. Represent the message as an nteger m n the range {0,, 2,, p }. 3. Select a random nteger k, where 2 k p 2. k a k 4. Compute γ α mod p and δ m.(α ) mod p. 5. Send the cphertext c = (γ, δ) to A. Algorthm 3: Decrypton A should do the followng:. Use the prvate key a to compute γ p a mod p. a 2. Compute c. mod p to recover the message m. γ δ However, the Elgamal cryptosystem can be generalzed to work n any fnte cyclc group G. The securty of the scheme s based on the ntractablty of the Dscrete Logarthm Problem [2] n the group G. G should be carefully chosen so that the group operatons n G would be relatvely easy to apply for effcency. Moreover, the Dscrete Logarthm Problem n G should be computatonally nfeasble. Cross [3] gave a classfcaton of all Gaussan ntegers β such that the group of unts of the quotent rng Z[]/<β> s cyclc. So, one may consder Elgamal publc-key cryptosystem usng the cyclc group of unts of Z[]/<β>, where β = +, (+)², (+)³, p, (+) p, πⁿ, (+) πⁿ, p s a prme nteger of the form 4k+3, and π s a Gaussan prme wth π 2 s a prme nteger of the form 4k+. In [6], the authors descrbed the second group of unts of Z n, denoted by U 2 (Z n ), and characterzed the cases for n that make U 2 (Z n ) cyclc. They appled the Elgamal scheme n U 2 (Z n ) (n the cases where t s cyclc). The authors n [0] determned the structure of the group of unts of the quotent rng F q [x]/<f(x)>, where f(x) s a polynomal over a fnte feld F q of order q. Usng ths decomposton, a characterzaton of the quotent rng of polynomals over fnte felds wth cyclc group of unts was gven. In [8], ths classfcaton was appled to extend Elgamal scheme to the settngs of the group of unts of Z p [x]/<x 2 > and Z 2 [x]/<h(x)>, where h(x) s a

2 Hardenng the ElGamal Cryptosystem n the Settng of the Second Group of Unts 55 product of rreducble polynomals whose degrees are parwse relatvely prme. The purpose of ths paper s to use the characterzaton of the quotent rng of polynomals over fnte felds and the characterzaton of the second group of unts n order to apply the Elgamal scheme n the second group of unts of Z 2 [x]/<h(x)>, where h(x) s an rreducble polynomal of degree n. The rest of the paper s organzed follows: Secton 2 summarzes the second group of unts of Z n and descrbes the constructon of U 2 (Z n ). In secton 3, the constructon of the second group of unts of Z 2 [x]/<h(x)>, where h(x) s an rreducble polynomal, s llustrated. Secton 4 nvestgates the Elgamal scheme n ths settng. Secton 5 tests and evaluates the modfed algorthms. Fnally, secton 6 concludes the paper. 2. The Elgamal Cryptosystem over the Second Group of Unts of Z n Before dscussng the extended Elgamal cryptosystem, we present the followng theorems and defntons that are necessary for our work. Theorem : Fundamental Theorem of Abelan Groups, every fnte Abelan group s a drect product of cyclc groups of prme power order []. Let R be a fnte commutatve rng wth dentty. By the fundamental theorem of fnte Abelan groups, the group of unts, U(R), s somorphc to the drect product of cyclc groups, say U(R) Z n Z n2 Z n. Hence, the multplcatve group U(R) supports a rng structure by defnng the operatons and that make (U(R),, ) a rng somorphc to the drect sum Z n Z n2 Z n. The rng Z n Z n2 Z n s denoted as R 2. Defnton : The second group of unts of R s defned as the group of unts of the rng U(R) [6]: U 2 (R) = U(U(R)) U (R 2 ). The authors consdered the problem of determnng the values of n that make U 2 (Z n ) cyclc. The result was as follows: Theorem 2: Let p and q be odd prme ntegers and α be a postve nteger. Then, U 2 (Z n ) s cyclc ff one of the followng s true:. n = 2 α.3.p, where α =, 2 or n = n = 3.p, where p = 4k+3 and 2k+ = q α. 4. n = 2.3 α, α, α or n = 2, 4, 8, or n = 5 or 2p α +, where 2p α + s a prme nteger. 7. n = 3 α. The results can be classfed nto two cases: Case : Both U(Z n ) and U 2 (Z n ) are cyclc, as known U(Z n ) s cyclc when n = 2, 4, p α or 2p α, where α and p s an odd prme nteger. So out of the prevous seven cases for n, only the followng belong to case :. n = 2.3 α, snce n s n the form of 2p α. 2. n = 2 or n = 5 or 2p α +, where 2p α + s a prme nteger. 4. n = 3 α, snce n s a power of an odd prme. Case 2: U 2 (Z n ) s cyclc, whereas U(Z n ) s not cyclc,. n = 2 α.3.p, where α =, 2 or n = n = 3.p, where p = 4k+3 and 2k+ = q α. 4. n = α, α or n = 8, or 6. To construct the second group of unts U 2 (Z n ), we follow these steps:. Form the group of unts U(Z n ) = {a Z n : gcd(a,n) = }. The order of U(Z n ) s ϕ(n). 2. Fnd a generator r of U(Z n ). 3. Wrte U(Z n ) n the form {r 0, r,, r ϕ(n) }. 4. Fnd U 2 (Z n ) = {r mod n: gcd(, ϕ(n)) = }. ote that the order of U 2 (Z n ) s ϕ(ϕ(n)). For example, let n = 23. Then U(Z 23 ) = {, 2, 3,, 22} and ϕ(23) = 22. A generator of U(Z 23 ) s r = 5 as shown n Table. Table. Elements of U(Z 23 ). U(Z 23) U(Z 23) U 2 (Z 23 ) = {5 : gcd(, 22) = } = {5, 5 9, 5 3, 5 9, 5 2, 5 7, 5 7, 5 5, 5 5, 5 3 }. Reducng the powers modulo 23, we have: U 2 (Z 23 ) = {5, 0, 20, 7,, 2, 9, 5, 7,4}. The order of U 2 (Z 23 ) s ϕ(ϕ(23)) = 0. The operatons of the rng (U(Z n ),., ) are defned as follows [4]:. Addton operaton: x.y = xy mod n. log 2. Multplcaton operaton: x y= x r y (modn), where r s the generator of U(Z n ). 3. The power operaton: Let θ be an element of U 2 (Z n ) such that θ = r k and r s a generator of U(Z n ). Then k θ = (r).

3 56 The Internatonal Arab Journal of Informaton Technology, Vol., o. 5, September 204 The dentty of the second group of unts of Z n s r, where r s the generator of U(Z n ). For the constructon of U 2 (Z n ) n case 2, consder: Lemma : Let n and m be any two postve ntegers, then Z mn Z m Z n ff gcd(m,n) =. Hence, for n = n. n 2 n, Z n Z n Z n 2 Zn ff n, n 2,, n are parwse relatvely prme. Lemma 2:. U(Z 2 ) {0}. 2. U(Z 4 ) Z U ( Z k Z Z k 2, for k 3. 2 ) 2 2 ( Z n ) Z n Z p p p 4. U, where p s an odd prme. Theorem 3: If R = R R 2 R, then U(R) U(R ) U(R 2 ) U(R ). For the case where n = 3p, U(Z n ) U(Z 3 ) U(Z p ) Z 2 Z p. Hence, R 2 = Z 2 Z p and U 2 (R) U(R 2 ) = U(Z 2 Z p ) U(Z 2 ) U(Z p ) U(Z p ). Defnton 2: (Isomorphsm Functons). The functon f: U(Z mn ) U(Z m ) U(Z n ) defned by f(a) = (a mod m, a mod n), for all a U(Z mn ), s an somorphsm whenever (m,n) =. 2. The functon f : U(Z n ) Z ϕ(n) defned by f (a) = log r a mod n, for all a Z ϕ(n), s an somorphsm whenever U(Z n ) s a cyclc and r s a generator of U(Z n ). The group U 2 (Z n ) can be constructed as follows:. Construct U(Z n ), U(Z 3 ) and U(Z p ). 2. Fnd G = { (a (mod 3), a (mod p)) : a U(Z n ). 3. Fnd a generator r of U(Z 3 ) and a generator r of U(Z p ). 4. Wrte G n the form: {( r t (mod 3 ), r t ) } (mod p ) : 0 t and 0 t p Form the set Z 2 Z p = {(t, t )} and fnd G, the set of ts nvertble elements. ote that (a, b) s nvertble n Z 2 Z p ff a = (nvertble n Z 2 ) and b s nvertble n Z p. 6. U 2 (Z n ) s the set of elements n U 2 (Z n ) correspondng to elements n G. For example, let p =. Then, U(Z 33 ) U(Z 3 ) U(Z ) Z 2 Z p, where U(Z 33 ) = {, 2, 4, 5, 7, 8, 0, 3, 4, 6, 7, 9, 20, 23, 25, 26, 28, 29, 3, 32}. ow, U(Z ) = {, 2, 3, 4, 5, 6, 7, 8, 9, 0} has 2 as a generator. Smlarly, 2 s a generator for U(Z 3 ) = {, 2}. The somorphsm between U(Z 33 ), U(Z 3 ) U(Z ) and Z 2 Z 0 s depcted n Table 2. The nvertble elements n Z 2 Z 0 are: {(,), (,3), (,9), (,7)}. Then, U 2 (Z 33 ) ={2, 8, 7, 29}. Defne the operatons on U 2 (Z n ) as follows. Multplcaton n (U 2 (Z n ), ) s defned by a b = f (f(a) f(b)), where f s the somorphsm f: U(Z n ) U(Z 3 ) U(Z p ) n Defnton 2, and f(a) f(b) = (a mod 3, a mod p) (b mod 3, b mod p) = ((a mod 3) 3 (b mod 3), (a mod p) p (b mod p)), x 3 y = x log r y and x p y = x log r y. Let a U 2 (Z n ) and let be postve nteger. Then, a t t = f ( r, r ). The dentty of U 2 (Z n ) s the element a = f (r, r ). U(Z 33) Table 2. Isomorphsm between U(Z 33 ) and U(Z 3 ) U(Z ). U(Z 3) U(Z ( ) Z U(Z 2 Z 0 U(Z 3) 33) ) U(Z ) Z 2 Z 0 (,) (2 0,2 0 ) (0,0) 7 (2,6) (,9) 2 (2,2) (2,2 ) (,) 9 (,8) (0,3) 4 (,4) (2 0,2 2 ) (0,2) 20 (2,9) (,6) 5 (2,5) (2,2 4 ) (,4) 23 (2,) (,0) 7 (,7) (2 0,2 7 ) (0,7) 25 (,3) (0,8) 8 (2,8) (2,2 3 ) (,3) 26 (2,4) (,2) 0 (,0) (2 0,2 5 ) (0,5) 28 (,6) (0,9) 3 (,2) (2 0,2 ) (0,) 29 (2,7) (,7) 4 (2,3) (2,2 8 ) (,8) 3 (,9) (0,6) 6 (,5) (2 0,2 4 ) (0,4) 32 (2,0) (,5) 2.. Elgamal Cryptosystem over U 2 (Z n ) for Case. Algorthm 4: Generator of U 2 (Z n ). Fnd a generator θ of U(Z n ). 2. Wrte the order of U 2 α (Z n ) as α. 2 α p p Select a random nteger s, 0 s ϕ(n), (s, ϕ(n)) =. 4. For j = to, do: p j 4.. Compute θ mod n. s( p j ) 4.2. If θ modn=θ, then go to step Return s. For key generaton, entty A does the followng: Algorthm 5: Key Generaton. Fnd a generator θ of U(Z n ). 2. Fnd s usng Algorthm. 3. Compute the order of U 2 (Z n ) usng ϕ(ϕ(n)). 4. Select a random nteger a, 2 a ϕ(ϕ(n)), and compute f = s a (mod ϕ(n)). 5. A s publc key s (n, θ, s, f) and A s prvate key s a. B encrypts a message m for A usng the algorthm below: Algorthm 6: Encrypton. B obtans A s authentc publc key (n, θ, s, f). 2. Represent the message as an nteger n U 2 (Z n ). 3. Select a random nteger k, 2 k ϕ(ϕ(n)). 4. Compute q = s k (mod ϕ(n)), r = f k (mod ϕ(n)), γ = θ k = θ q (mod n) and δ m r (mod n). 5. Send the cphertext c = (q, δ) to A. To recover the plantext m from c, A should do the followng: 2 p

4 Hardenng the ElGamal Cryptosystem n the Settng of the Second Group of Unts 57 Algorthm 7: Decrypton. Use the prvate key a to compute b = ϕ(ϕ(n)) a. 2. Recover the message by computng t = q b (mod ϕ(n)) and δ t (mod n). Theorem 4 proves that the formula γ a.δ (mod n) allows the recovery of the message m. The proof s for case. Theorem 4: Gven a generator θ of U 2 (Z n ) such that θ =θ s, where θ s a generator of U(Z n ). Let γ θ r (mod n) and δ m.(θ a ) k (mod n). If s U 2 (Z n ) such that: s γ a. δ (mod n), then s = m. For example, consder the case where n = 3 3. Select the generators θ = 5 and θ = 2 so that s =. Entty A selects a = 3 and calculates s a = 2 3 (5 ) 3 (mod 27) and f= 3 7 (mod ϕ(27)). A s publc key s (n=27, θ=5, s=, f=7). To encrypt m = 5, B selects an nteger k = 4 and fnds q = s k = 4 7 (mod ϕ(27)), r = f k = 7 4 (mod ϕ(27)), and δ 5 r = 5 (mod 27). B sends (s k = 7, δ = 5) to A. Fnally, A computes b = ϕ(ϕ(n)) a = 2 and t = q b (mod ϕ(n)) =. Then A fnds δ t = 5 (mod 27) = 5 = m Elgamal Cryptosystem over U 2 (Z n )) for Case 2 Algorthm 8: Generator of U 2 (Z 3p ). Fnd a generator θ of U(Z n ). 2. Wrte the order of U 2 α (Z n ) as ϕ(ϕ(n)) = α. 2 α p p Select a random nteger s, 0 s ϕ(p), (s, ϕ(p)) =. 4. For j = to, do: p j 4. Compute θ mod p. s( p j ) 4.2 If θ mod p=θ, then go to step Use the Chnese Remander Theorem to fnd θ, and s by solvng the system of congruences: x 2 (mod 3) and x θ s (mod p). 6. Return s. To generate the key when n =3.p, A uses the followng: Algorthm 9: Key Generaton. Fnd a generator θ of U(Z n ). 2. Fnd s usng Algorthm. 3. Compute the order of U 2 (Z n ) usng ϕ(ϕ(p)). 4. Select a random nteger a, 2 a ϕ(ϕ(p)), and compute f = s a (mod ϕ(n)). 5. A s publc key s (n, θ, s, f) and A s prvate key s a. B encrypts a message m for A usng the algorthm below: Algorthm 0: Encrypton. B obtans A s authentc publc key (n, θ, s, f). 2. Represent the message as an nteger n U 2 (Z p ). 3. Select a random nteger k, 2 k ϕ(ϕ(p)). 4. Compute q = s k (mod ϕ(n)), r = f k (mod ϕ(p)), γ = θ k = θ q (mod n) and δ m r (mod n). 2 p 5. Send the cphertext c = (q, δ) to A. To recover the plantext m from c, A should do the followng: Algorthm (Decrypton). Use the prvate key a to compute b = ϕ(ϕ(p)) a. 2. Recover the message by computng t = q b (mod ϕ(p)) and δ t (mod p). Theorem 5: Let n =3.p and let θ be a generator of U 2 (Z n ) such that θ = (2, θ s ), where θ s a the generator of U(Z p ). Let m U(Z p ). Let γ θ r (mod n) and δ m.(θ a ) k (mod n). If s U(Z p ) such that s γ a.δ (mod n), then s = m. For example, let p =. Then, ϕ(n) = 20, θ = 29 s a generator of U 2 (Z 33 ), θ = 2 s a generator of U (Z ) wth s = 7. If A uses a = 3, then f = s a = (mod ϕ()). A s publc key s (p=, θ=2, s=7, f=3). To encrypt the message m = 5, B selects a random nteger k = 2 and fnds s k = (mod ϕ()), γ (2, s k θ mod ) = (2,6), and δ 5.(2,6). Fnally, A computes b = and γ.δ (2,6).5.(2,6) 5.(2, ) 5.(2,2) Elgamal Cryptosystem over U 2 (Z 2 [x]/<h(x)>) Let h(x) be an rreducble polynomal of degree n. Then, Z 2 [x]/<h(x)> = {a 0 +a x+ +a n x n : a 0,, a n Z 2 } s a feld. The order of Z 2 [x]/<h(x)> s 2 n and ts non-zero elements form a cyclc group U(Z 2 [x]/<h(x)>) of order ϕ(h(x)) = 2 n, see [7] for more detals. Theorem 6: U 2 (Z 2 [x]/<h(x)>) s cyclc ff one of the followng condtons s satsfed:. 2 n = q α + where q s an odd prme and α > n = q+, where q s a Mersenne prme [2]. To construct U 2 (Z 2 [x]/<h(x)>):. Fnd a generator r of the group of unts U(Z 2 [x]/<h(x)>) 2. Wrte U (Z 2 [x]/<h(x)>) ={r 0, r, r ϕ(h(x)) }. 3. Fnd U 2 (Z 2 [x]/<h(x)>) = {r : gcd(, 2 n ) = }. 4. Wrte U 2 (Z 2 [x]/<h(x)>) = {x : x r mod h(x)}. For example, let h(x) = + x + x 3. Then, Z 2 [x]/<+ x + x 3 >= {0,, x, + x, x 2, + x 2, x+ x 2, +x+x 2 }, and U(Z 2 [x]/<h(x)>) = {, x, + x, x 2, + x 2, x+x 2, +x+x 2 }. Usng the fact that +x+x 3 = 0 n Z 2 [x]/<+x+x 3 >, we have = (+x) 0, +x = (+x), +x 2 = (+x) 2, x 2 = (+x) 3, +x+x 2 = (+x) 4, x = (+x) 5, x+x 2 = (+x) 6, and r = + x s a generator. Hence, U 2 (Z 2 [x]/<h(x)>) = {x, + x, x 2, + x 2, x+x 2, +x+x 2 }. ext, the Elgamal scheme s extended to the settng of the second group of unts of U 2 (Z 2 [x]/<h(x)>).

5 58 The Internatonal Arab Journal of Informaton Technology, Vol., o. 5, September 204 Algorthm 2: Generator of U 2 (Z 2 [x]/<h(x)>). Fnd a generator θ(x) of U(Z 2 [x]/<h(x)>). 2. Wrte the order of U 2 (Z 2 [x]/<h(x)>) as ϕ(h(x)) = α α. 2 α p p2... p. 3. Select a random nteger s, 0 s ϕ(h(x)), such that (s, ϕ(h(x)) =. 4. For j = to, do: 4. Compute θ(x) /Pj mod h(x). ( / p j ) 4.2 If s θ( x) mod h(x) = θ(x), then go to step Return s. In order to generate the correspondng publc and prvate keys, entty A follows the steps below: Algorthm 3: Key Generaton. Select an rreducble polynomal h(x) of degree n. 2. Fnd a generator θ(x) of U(Z 2 [x]/<h(x)>). 3. Fnd s usng Algorthm Compute ϕ(ϕ(h(x))), the order of U 2 (Z 2 [x]/<h(x)>). 5. Select a random nteger a, 0 a ϕ(ϕ(h(x))), and compute f = s a (mod ϕ(h(x))). 6. A s publc key s (n, h(x), θ(x), s, f) and A s prvate key s a. B encrypts a message m(x) for A usng the algorthm below: Algorthm 4: Encrypton. B obtans A s authentc publc key (n, h(x), θ(x), s, f). 2. Represent a message m(x) n U 2 (Z 2 [x]/<h(x)>). 3. Select a random nteger k, where 0 k ϕ(ϕ(h(x))). 4. Compute q = s k (mod ϕ(h(x))), r = s k (mod ϕ(h(x))), γ(x) = θ(x) k = θ(x) q (mod h(x)), and δ(x) = m(x) r (mod h(x)). 5. Send the cphertext c = (q, δ(x)) to A. To recover m(x) from c, A should do the followng: Algorthm 5: Decrypton. Use the prvate key a to compute b = ϕ(ϕ(h(x))) a. 2. Recover the message by computng t = q b (mod ϕ(h(x))) and δ(x) k (mod h(x)). Theorem 7: Let θ(x) = θ(x) s be a generator of U 2 (Z 2 [x]/<h(x)>), where θ(x) s the generator of U(Z 2 [x]/<h(x)>), and let γ(x) θ(x) k (mod h(x)), and δ(x) = m(x).(θ(x) a ) k (mod h(x)). If s(x) U 2 (Z 2 [x]/<h(x)>) such that s(x) γ(x) a.δ(x) (mod h(x)), then s(x) = m(x). For example, consder h(x) = +x+x 3. A selects the generator θ(x) = x, θ(x) = +x, s = 5 and a = 3. Then A computes f = s a = (mod ϕ(7)). Then A's publc key s (n = 3, h(x) = +x+x 3, θ(x) = +x, s = 5, f = 5). To encrypt the message m(x) = x 2, B selects a random nteger k=3 and computes, r=s k =5 3 5 (mod ϕ(7)), q=f k (mod 6) 5, and δ(x)= m(x) q (mod +x+x 3 ) +x. B sends (r,δ(x)). To decrypt the message A computes b = 6 3 = 3 and t = r b = 5 3 mod 6 = 5. Fnally, A computes δ(x) t = (+x) 3 (mod +x+x 3 ) x Testng and Evaluaton The modfed Elgamal cryptosystem was tested and evaluated by mplementng the modfed algorthms. We used Mathematca 7.0 as a programmng language and an HP computer wth.73 GHZ CPU and 04 MB RAM. Usng Mathematca 7.0, we have wrtten programs for the followng algorthms:. Elgamal wth n n the form 2.3 α. 2. Elgamal wth n n the form 4.3 α. 3. Elgamal wth n n the form 3 α. 4. Elgamal wth n n the form 3.p. 5. Elgamal wth n n the form 3.2 α.p. 6. Elgamal wth n n the form 2.p α Elgamal over the polynomal case. After runnng the programs, t was clear that all the programs have generated a publc and prvate key. A message s encrypted and s sent to a decrypton scheme whch recovered the message. Table 3 and Fgure 3 show the results obtaned after runnng the Mathematca programs for 00 tmes. For more nformaton on these programs, readers are referred to [5]. Algorthm Table 4. Elgamal evaluaton. Key Generaton Encrypton Decrypton n=3^a n=2.3^a n=2p^a n=4.3^a n=3.p *0^(-5) 6.842*0^(-5) n=3.4.p *0^(-5) Poly case Elgamal Crypotosystems Fgure. Testng the modfed Elgamal cryptosystems. Comparng these algorthms wth one another, one can conclude the followng:. All programs are relable. They can encrypt and decrypt any message. 2. For the rreducble polynomal case, t took consderable tme to fnd an rreducble polynomal of hgh degree. Moreover, t takes more tme to generate the publc and prvate key than to decrypt or encrypt a message. Fnally, t takes a consderable tme to fnd some of the elements of U(Z 2 [x]/<h(x)>) when the degree of h(x) s hgh.

6 Hardenng the ElGamal Cryptosystem n the Settng of the Second Group of Unts For cases 2, 3 and 4, the tme needed for encrypton s more than that needed for generatng publc and prvate keys and for decrypton. But t works well even for a= Cases 5, 6 and 7 are more effcent than others snce they work for every prme number, even for prmes consstng of 3 dgts and they requre less tme for encrypton, decrypton and key generaton. 5. The case where n = 3p s the most effcent snce t takes the least tme for encrypton, key generaton and decrypton. 6. In case 7, the tme needed for decrypton was much more than that needed for key generaton and encrypton. 4.. The Dscrete Logarthm Problem The securty of the El-gamal cryptosystem depends on the ntractablty of the Dscrete Logarthm Problem: Let G be a fnte cyclc group of order n. Let a be a generator of G, and β G. The Dscrete Logarthm of β to the base a, denoted by log α β, s the unque x nteger x, 0 x n, such that β = a. To attack the modfed Elgamal cryptosystem, we have to solve the Dscrete Logarthm Problem. The most popular attack algorthm s the Baby-Step Gant- Step algorthm []: Let m = n, where n s the order of a. If x β = a, then one can wrte x = m + j, where x m j 0, j < m. Hence, a = a a, whch mples m j β( a ) = a. Algorthm 6: Baby-Step Gant-Step algorthm Input: a generator of a cyclc group G of order n, and an element β G Output: the dscrete logarthm x = log α β.. Set m = n. 2. Construct a table wth entres (j, a ) for 0 j < m. Sort ths table by the second component. m 3. Compute a and set γ β. 4. For from 0 to m- do the followng: 4. Check f s the second component of some entry n the table, 4.2 If a j γ = then return x = m + j, m 4.3 Set γ.a. Below s a lst of the mplemented attack algorthms:. Baby gant wth n = 2.3 α. 2. Baby gant wth n = 4.3 α. 3. Baby gant wth n = 3 α. 4. Baby gant wth n = 3.p. 5. Baby gant wth n = 3.2 α.p. 6. Baby gant wth n = 2.p α Irreducble polynomal baby gant. In order to attack any protocol that uses Elgamal publc key encrypton scheme we have to solve the dscrete logarthm problem. We enhanced the baby step gant step algorthm to work wth the modfed algorthms. Table 5 and Fgure. 2 show the results of runnng the programs 00 tmes n each case. Table 5. Baby step gant step attack. Algorthm Tme needed n atto sec n=3^a 3.049) n=2.3^a n=2p^a n=4.3^a n=3.p n=3.4.p ) Poly case.3508 Fgure 2. The baby step gant step algorthm evaluaton. After runnng these attack algorthms, we observed the followng:. All the attack programs are relable so that they can hack an encrypted message by fndng the prvate key. 2. In all the cases, the tme needed to attack the modfed cryptosystem s approxmately the same. 3. The most dffcult to attack s the rreducble polynomal case. Ths s due to the fact that mathematcally t s complex and needs consderable computng tme to fnd the modulus of a gven polynomal wth respect to a certan rreducble polynomal. 4. We were not able to run the programs on large values of p and large powers snce t would take a consderable tme to generate some of the elements of the second group of unts n each case. 5. Conclusons Baby Step Gant Step Attack Algorthm Evaluaton In ths paper, we extended the Elgamal cryptosystem usng the second group of unts. We presented algorthms for the extended cryptosystem n the settng of U 2 (Z n ) and provded numercal examples to llustrate the proposed scheme. We provded algorthms for the case of the second group of unts of Z 2 [x]/<h(x)> where h(x) s an rreducble polynomal. We also provded proofs that the proposed scheme does really recover the plantext from the cphertext. We also conducted testng and evaluaton of the proposed scheme.

520 The Internatonal Arab Journal of Informaton Technology, Vol., o. 5, September 204 As for future work, we are currently nvestgatng the case of n = 8.3 α and 6.

7 520 The Internatonal Arab Journal of Informaton Technology, Vol., o. 5, September 204 As for future work, we are currently nvestgatng the case of n = 8.3 α and 6.3 α where dfferent algorthms would be used. Ths due to the fact that 4 s relatvely prme wth nether 2.3 α nor 4.3 α. We can also consderng the cases where h(x) = x 2 and when h(x) s a product of rreducble polynomals whose degrees are parwse relatvely prme and usng tme stamps [3]. References [] Beachy J. and Blar W., Abstract Algebra, Waveland Press, USA, 996. [2] Caldwell C. and Honaker J., Prme Curous! The Dctonary of Prme umber Trva, Caldwell and Honaker, [3] Cross J., The Euler's φ-functon n the Gaussan Integers, Amercan Mathematcal Monthly, vol. 90, no.8, pp , 983. [4] El-Kassar A., Chhad H., and Zentout D., Quotent Rngs of Polynomals over Fnte Felds wth Cyclc Group of Unts, n Proceedngs of the Internatonal Conference on Research Trends n Scence and Technology, Berut, Lebanon, pp [5] El-Kassar A. and Haraty R., Elgamal Publc- Key Cryptosystem Usng Reducble Polynomals over a Fnte Feld, n Proceedngs of the 3 th Internatonal Conference on Intellgent & Adaptve Systems and Software Engneerng, ce, France, pp , [6] El-Kassar A., Haraty R., Awad Y., and Debnath., Modfed RSA n the Domans of Gaussan Integers and Polynomals Over Fnte Felds, n Proceedngs of the ISCA 8 th Internatonal Conference on Computer Applcatons n Industry and Engneerng, Hawa, USA, [7] Gallan J., Contemporary Abstract Algebra, Houghton Mffln Company, Boston, 998. [8] Haraty R., El-Kassar A., and Shbaro B., A Comparatve Study of RSA Based Dgtal Sgnature Algorthms, Journal of Mathematcs and Statstcs, vol. 2, no., pp , [9] Menezes A., Van-Oorshot J., and Vanstone P., Handbook of Appled Cryptography, Boca Raton, CRC Press, 997. [0] Smth J. and Gallan J., Factorng Fnte Factor Rngs, Mathematcs Magazne, vol. 58, no. 2, pp , 985. [] Sten A. and Teske E., Optmzed Baby Step- Gant Step Methods, Journal of the Ramanujan Mathematcal Socety, vol. 20, no., pp. - 32, [2] Stnson D., Cryptography: Theory and Practce, London, CRC Press, [3] VKrshna A., TmStamp Based ECC Encrypton and Decrypton, the Internatonal Arab Journal of Informaton Technology, vol., pp , no. 3, 204. Ramz Haraty s an assocate professor of Computer Scence n the Department of Computer Scence and Mathematcs at the Lebanese Amercan Unversty n Berut, Lebanon. He s also the academc and nternshp coordnator for Mddle East Program Intatve s Tomorrow Leader s program. He receved hs B.S. and M.S. degrees n Computer Scence from Mnnesota State Unversty - Mankato, Mnnesota, and hs Ph.D. n Computer Scence from orth Dakota State Unversty - Fargo, orth Dakota. Hs research nterests nclude database management systems, artfcal ntellgence, and multlevel secure systems engneerng. He has well over 0books, book chapters, journal and conference paper publcatons. He supervsed over 0 dssertatons, theses and capstone projects. He s a member of the Assocaton of Computng Machnery, Insttute of Electroncs, Informaton and Communcaton Engneers, and the Internatonal Socety for Computers and Ther Applcatons. Abdul-asser El-Kassar s the Charperson of the Informaton Technology and Operaton Management Department, School of Busness, Lebanese Amercan Unversty, Berut, Lebanon. He was awarded a PhD n Mathematcs from Unversty of Lousana - Lafayette. Hs research areas nclude securty and cryptography, producton plannng and nventory control, abstract algebra, and number theory. He has over forty publcatons n refereed journals and a smlar number n refereed conference proceedng. Suzan Fanous receved her Master of Scence degree n Computer Scence from the Lebanese Amercan Unversty Berut, Lebanon. Her research nterests nclude cryptography and computer securty.

Attacks on RSA The Rabin Cryptosystem Semantic Security of RSA Cryptology, Tuesday, February 27th, 2007 Nils Andersen. Complexity Theoretic Reduction

Attacks on RSA The Rabin Cryptosystem Semantic Security of RSA Cryptology, Tuesday, February 27th, 2007 Nils Andersen. Complexity Theoretic Reduction Attacks on RSA The Rabn Cryptosystem Semantc Securty of RSA Cryptology, Tuesday, February 27th, 2007 Nls Andersen Square Roots modulo n Complexty Theoretc Reducton Factorng Algorthms Pollard s p 1 Pollard