University Alexandru Ioan Cuza of Iaşi Faculty of Computer Science. Threshold RSA Based on the General Chinese Remainder Theorem
|
|
- Dayna Stone
- 5 years ago
- Views:
Transcription
1 University Alexandru Ioan Cuza of Iaşi Faculty of Computer Science T E C H N I C A L R E P O R T Threshold RSA Based on the General Chinese Remainder Theorem Sorin Iftene TR 05-05, August 2005 ISSN Universitatea Alexandru Ioan Cuza Iaşi Facultatea de Informatică Str. Berthelot 16, 6600-Iaşi, Romania Tel , bibl@infoiasi.ro
2 Threshold RSA Based on the General Chinese Remainder Theorem Sorin Iftene Faculty of Computer Science Al. I. Cuza University Iaşi, Romania Abstract. In this paper we combine the threshold secret sharing schemes based on the general Chinese remainder theorem with the RSA cryptosystem in order to get threshold decryption or signature generation, as an alternative to the classical solutions based on the Shamir s threshold secret sharing scheme. AMS Subject Classification: 94A60, 94A62, 11A07 Keywords and phrases: threshold cryptography, secret sharing, Chinese remainder theorem 1 Introduction and Preliminaries In threshold (or group-oriented) cryptography (see, for example, [7]), the capacity of performing cryptographic operations such as decryption or digital signature generation is shared among members of a certain group. This can be achieved by combining multiplicative secret sharing schemes with homomorphic cryptographic operations. In this paper we focus on threshold RSA decryption and threshold RSA digital signature generation. More exactly, we combine the threshold secret sharing schemes based on the Chinese remainder theorem (CRT) with the RSA cryptosystem, as an alternative to the classical solutions based on the Shamir s threshold secret sharing scheme. The paper is organized as follows. The rest of this section is dedicated to some preliminaries on number theory, focusing on the CRT. We survey the threshold secret sharing schemes based on the CRT in Section 2. The RSA cryptosystem and digital signature scheme are presented in Section 3. Moreover, in this section we combine the threshold secret sharing schemes based on the general CRT with the RSA cryptosystem in order to get threshold decryption or signature generation. The last section concludes the paper. We recall a few basic facts on number theory (for more details, the reader is referred to [4]). Let a,b Z such that b 0. The quotient of integer division of a by b will be denoted by a div b and the remainder will be denoted by a mod b. In the case a mod b = 0 we will say that b is a divisor of a and denote this by b a. Let a 1,...,a n Z such that a a2 n 0. The greatest common divisor (gcd) of a 1,...,a n will be denoted by (a 1,...,a n ). It is well-known that there exist α 1,...,α n Z such that α 1 a α n a n = (a 1,...,a n ) (this is the linear form of the gcd).
3 Let a 1,...,a n Z such that a 1 a n 0. The least common multiple (lcm) of a 1,...,a n will be denoted by [a 1,...,a n ]. For a given sequence of integers m 1,...,m n and a set 1 A P({1,...,n}), [A] stands for the lcm of the elements m i, for i A. Z m is the set {0,1,...,m 1}, Z m stands for the set {a Z m (a,m) = 1} and φ(m) denotes the cardinality of the set Z m, for all m 2. Let a,b,m Z. We say that a and b are congruent modulo m, denoted by a b mod m, if m (a b). It is easy to see that a mod b a mod m, for any a,b,m Z such that m b. Let m = p q, where p and q are distinct primes. An important result that will be used in this paper is that x a x b mod m, for any positive integers x, a 0, and b 0 such that a b mod [p 1,q 1]. As a particular case we obtain x a x a mod [p 1,q 1] mod m, for any positive integer a 0, providing that a mod [p 1,q 1] 0. The Chinese remainder theorem (CRT) has many applications in computer science (see, for example, [11]). We only mention its applications to the RSA decryption algorithm as proposed by Quisquater and Couvreur [20], the discrete logarithm algorithm as proposed by Pohlig and Hellman [19], and the algorithm for recovering the secret in the Mignotte s threshold secret sharing scheme [17] or in its generalization [15], or in the Asmuth-Bloom threshold secret sharing scheme [1]. Several versions of the CRT have been proposed. The next one is called the general CRT [18]: Theorem 1. Let k 2, m 1,...,m k 2, and b 1,...,b k Z. The system of equations x b 1 mod m 1. x b k mod m k has solutions in Z if and only if b i b j mod (m i,m j ) for all 1 i,j k. Moreover, if the above system of equations has solutions in Z, then it has an unique solution in Z [m1,...,m k ]. When (m i,m j ) = 1, for all 1 i < j k, one gets the standard version of the CRT. Garner [13] found an efficient algorithm for this case and Fraenkel [12] extended it to the general case. 2 Threshold Secret Sharing Schemes Based on the CRT We first present some basic facts about secret sharing schemes and then briefly discuss the threshold secret sharing schemes based on the CRT. 1 P({1,..., n}) denotes the powerset of {1,..., n}, i.e., the set of all subsets of {1,...,n}
4 2.1 Secret Sharing A secret sharing scheme starts with a secret and then derives from it certain shares (or shadows). The secret may be recovered only in the case of possessing a certain predetermined set of shares. Applications of secret sharing include safeguarding cryptographic keys and shared access to strategical resources. Threshold cryptography (see, for example, [7]) and some e-voting schemes (see, for example, [5]) are more recent applications of the secret sharing schemes. In the first secret sharing schemes only the cardinality of the sets of shares was important for recovering the secret. Such schemes have been referred to as threshold secret sharing schemes. We mention Shamir s threshold secret sharing scheme [23] based on polynomial interpolation, Blakley s geometric threshold secret sharing scheme [3], Mignotte s threshold secret sharing scheme [17], and Asmuth-Bloom threshold secret sharing scheme [1], both based on the CRT. Ito, Saito, and Nishizeki [16], Benaloh and Leichter [2] proposed constructions for more general secret sharing schemes. Definition 1. Let n be an integer, n 2 and A P({1,2,...,n}). An A-secret sharing scheme is a method of generating (S,(I 1,...,I n )) such that for any A A, the problem of finding the element S, given the set {I i i A}, is easy ; for any A P({1,2,...,n}) \ A, the problem of finding the element S, given the set {I i i A}, is intractable. The set A will be referred to as the authorized access structure or simply as the access structure, S will be referred to as the secret, and I 1,...,I n will be referred to as the shares (or the shadows) of S. The elements of the set A will be referred to as the authorized access sets of the scheme. A natural condition is that an access structure A is monotone, i.e., ( B P({1,2,...,n}))(( A A)(A B) B A) In this case, the access structure A is well specified by the set of the minimal authorized access sets, i.e., the set A min = {A A ( B A\{A})( B A)}. Also, the unauthorized access structure A, A = P({1,2,...,n}) \ A, is well specified by the set of the maximal unauthorized access sets, i.e., the set A max = {A A ( B A \ {A})( A B)}. In this paper we shall only use threshold secret sharing schemes. In these schemes, only the cardinality of the sets of shares is important for recovering the secret. More exactly, if the required threshold is k, 2 k n, the authorized access structure is A = {A P({1,2,...,n}) A k} and the corresponding minimal access structure is A min = {A P({1,2,...,n}) A = k}. In this case, an A-secret sharing scheme will be referred to as an (k,n)-threshold secret sharing scheme. The multiplicative threshold secret sharing schemes were introduced in [8]. We present here a slight version of the definition given in [8].
5 Definition 2. Let D secret be the set of possible secrets, D shares be the set of possible shares and let be an associative and commutative binary operation over D secret. We say that an A-secret sharing scheme is multiplicative with respect to if for any set A A there is a family of public functions (f (i,a) i A) from D shares to D secret such that S = i A f (i,a) (I i ) As we shall see in Section 3, this property of secret sharing schemes can be used in designing threshold cryptographic primitives. 2.2 Mignotte s Threshold Secret Sharing scheme Mignotte s threshold secret sharing scheme [17] uses special sequences of integers, referred to as the Mignotte sequences. Definition 3. Let n be an integer, n 2, and 2 k n. An (k,n)-mignotte sequence is a sequence of positive integers m 1 < < m n such that (m i,m j ) = 1, for all 1 i < j n, and m n k+2 m n < m 1 m k. Given an (k,n)-mignotte sequence, the scheme works as follows: The secret S is chosen as a random integer such that β < S < α, where α = m 1 m k and β = m n k+2 m n ; The shares I i are chosen by I i = S mod m i, for all 1 i n; Given k distinct shares I i1,...,i ik, the secret S is recovered using the standard CRT, as the unique solution modulo m i1 m ik of the system x I i1 mod m i1. x I ik mod m ik A generalization of Mignotte s scheme by allowing modules that are not necessarily pairwise coprime was proposed in [15], by introducing generalized Mignotte sequences. Definition 4. Let n be an integer, n 2, and 2 k n. A generalized (k,n)-mignotte sequence is a sequence m 1,...,m n of positive integers such that max 1 i1 < <i k 1 n([{i 1,...,i k 1 }]) < min 1 i1 < <i k n([{i 1,...,i k }]) It is easy to see that every (k, n)-mignotte sequence is a generalized (k, n)-mignotte sequence. Moreover, if we multiply every element of an (k, n)-mignotte sequence by a fixed element δ Z, (δ,m 1 m n ) = 1, we obtain a generalized (k,n)-mignotte sequence. Generalized Mignotte s scheme works like Mignotte s scheme, except for the fact that α = min 1 i1 < <i k n([{i 1,...,i k }]) and β = max 1 i1 < <i k 1 n([{i 1,...,i k 1 }]). Moreover, in this case, the general CRT must be used for recovering the secret.
6 2.3 Asmuth-Bloom Threshold Secret Sharing Scheme This scheme, proposed by Asmuth and Bloom in [1], also uses special sequences of integers. More exactly, a sequence of pairwise coprime positive integers r,m 1 < < m n is chosen such that r m n k+2 m n < m 1 m k Given such a sequence, the scheme works as follows: The secret S is chosen as a random element of the set Z r ; The shares I i are chosen by I i = (S + γ r) mod m i, for all 1 i n, where γ is an arbitrary integer such that S + γ r Z m1 m k ; Given k distinct shares I i1,...,i ik, the secret S can be obtained as S = x 0 mod r, where x 0 is obtained, using the standard CRT, as the unique solution modulo m i1 m ik of the system x I i1 mod m i1. x I ik mod m ik The sequences used in the Asmuth-Bloom scheme can be generalized by allowing modules that are not necessarily pairwise coprime in an obvious manner. We can use any sequence r,m 1,,m n such that r max 1 i1 < <i k 1 n([{i 1,...,i k 1 }]) < min 1 i1 < <i k n([{i 1,...,i k }]) It is easy to see that if we multiply every element of an ordinary Asmuth-Bloom sequence excepting r with a fixed element δ Z, (δ,m 1 m n ) = 1, we obtain a generalized Asmuth-Bloom sequence. The application of the CRT in threshold secret sharing have been also discussed in [14] and an unitary point of view on the security of the threshold secret sharing schemes based on the CRT was presented in [21]. 3 Threshold RSA Based on the General CRT In [22], Rivest, Shamir, and Adleman have proposed the following public-key cryptosystem, known as the RSA cryptosystem: public key: (m,e), where m = p q, p and q are distinct primes, and e Z φ(m) ; private key: (p,q,d), where d is a positive integer such that e d 1 mod φ(m); encryption: a plaintext x Z m is encrypted as y = x e mod m; decryption: a cryptotext y Z m is decrypted as x = y d mod m. The RSA cryptosystem can be used as a digital signature as follows: public key and private key: as above;
7 signature generation: the digital signature corresponding to a message x Z m is y = x d mod m; signature verification: having a pair (x,y) Z m Z m, y is the correct signature with respect to x if and only if x = y e mod m. The correctness of the cryptosystem and of the digital signature scheme is based on the fact that x ed x mod m, for all x Z m and e,d,m as above. The security of the RSA cryptosystem relies on the intractibility of factoring. For the threshold feature, the shares corresponding to the secret exponent d from the RSA cryptosystem are derived using a multiplicative secret sharing scheme by a dealer who must be a mutually trusted party. Afterwards, the dealer securely distributes the shares to the users. If an authorized group of users want to cooperate in computing x d mod m, for some x Z m, they individually compute results of form x f (i,a)(i i ) mod m and send them to a combiner who will compute the final result. In this way, the secret exponent will not be revealed to the members of the group or to the combiner. In [9], Desmedt and Frankel have raised the problem of threshold RSA. They have remarked that Shamir s threshold secret sharing scheme can not be used directly for this purpose because Lagrange interpolation requires a field structure. Desmedt and Frankel have reconsidered this problem in [10], giving a solution in the case that p and q are safe primes, i.e., p = 2p + 1 and q = 2q + 1 with p and q primes. Shoup [24] also presented a solution in the case that p and q are safe primes, and Damgård and Dupont described in [6] an efficient solution for general modules, all these methods being based on Shamir s threshold secret sharing scheme. We will show how to accomplish threshold RSA using the generalized Mignotte threshold secret sharing scheme. This scheme is multiplicative in the sense that the secret can be expressed, according to [18], as: S = i Af (i,a) (I i ) mod [A], where the function f (i,a) : Z Z is given by where f (i,a) (x) = λ (i,a) (µ (i,a) mod [A])x, - λ (i,a) = [A] m i (remark that these numbers are coprime); - the numbers µ (i,a) are arbitrary positive integers that satisfy λ (i,a) µ (i,a) = 1, i A
8 for every authorized set A and for all i A. Let I 1,...,I n be the shadows corresponding to the secret d using a generalized (k,n)- Mignotte scheme based on the sequence m 1,...,m n. The main problem is how to combine x f (i,a)(i i ) mod m for some authorized access set A in order to obtain x d mod m. One elegant solution to this problem is to choose the sequence m 1,...,m n such that [p 1,q 1] [A], for any authorized set A. In this case, using the form of d and the properties presented in the first section, we obtain x d mod m = x i A f (i,a)(i i ) mod [A] mod m = x i A f (i,a)(i i ) mod m = i A xf (i,a)(i i ) mod m = i A(x f (i,a)(i i ) mod m) mod m, for any authorized set A. The sequence m 1,...,m n can be obtained by multiplying every element of an ordinary Mignotte sequence m 1,...,m n with [p 1,q 1], providing that ([p 1,q 1],m 1 m n ) = 1. Example 1. (with artificial small parameters) Let m = 481, p = 13, q = 37, d = 401, x = 39, n = 3 and k = 2. Let consider the numbers m 1 = 180, m 2 = 252 and m 3 = 396. The sequence m 1,m 2,m 3 is indeed a generalized (2,3)-Mignotte sequence that satisfies that [p 1,q 1] divides [m 1,m 2 ], [m 1,m 3 ] and [m 2,m 3 ]. The shares corresponding to the secret d are I 1 = 41, I 2 = 149 and I 3 = 5. Suppose that we want to compute the value y = x d mod m having I 1 and I 3. In this case, because d = ( ) mod 1980, y can be obtained as ( mod 481) ( mod 481) mod 481, which leads to the correct result y = 143. Next, we will show how to accomplish threshold RSA using the generalized Asmuth- Bloom threshold secret sharing scheme. This scheme is also multiplicative in the sense that the secret can be expressed as: S = ( i Af (i,a) (I i ) mod [A]) mod r, where the functions f (i,a) : Z Z are defined as above, for every authorized set A and for all i A. We may choose the sequence r,m 1,...,m n such that [p 1,q 1] r and [p 1,q 1] [A], for any authorized set A. In this case, using the form of d and the properties presented in the first section, we obtain x d mod m = i A(x f (i,a)(i i ) mod m) mod m
9 Example 2. (with artificial small parameters) Let m = 481, p = 13, q = 37, d = 71, x = 39, n = 3 and k = 2. Let consider the numbers r = 72, m 1 = 4068, m 2 = 4572 and m 3 = The sequence r,m 1,m 2,m 3 is indeed a generalized (2, 3)-Asmuth-Bloom sequence that satisfies that [p 1, q 1] divides r, [m 1,m 2 ], [m 1,m 3 ] and [m 2,m 3 ]. If we choose γ = 150, the shares corresponding to the secret d are I 1 = 2735, I 2 = 1727 and I 3 = Suppose that we want to compute the value y = x d mod m having I 2 and I 3. In this case, because y can be obtained as d = (( ) mod ) mod 72, ( mod 481) ( mod 481) mod 481, which leads to the correct result y = 130. It is important to remark that the modules used in the schemes above can not be pairwise prime and, thus, the threshold secret sharing schemes based on the general variant of the CRT must be used. As we have seen in the first section, x a x a mod [p 1,q 1] mod m, for any positive integer a 0 proving that amod [p 1,q 1] 0. Thus, for a more efficient computation of the individual exponentiations, the computation of the corresponding exponents may be performed modulo [p 1, q 1], providing that the resulted reduced exponents are non-zero. This is the case of Example 1 and Example 2, where the final results can be, respectively, obtained as ( mod 36 mod 481) ( mod 36 mod 481) mod 481, ( mod 36 mod 481) ( mod 36 mod 481) mod 481 Unfortunately, in this case, the value [p 1,q 1] must be revealed to the users, thus compromising the security of the scheme. 4 Conclusions We have discussed the possibility of accomplishing threshold RSA using as building blocks the threshold secret sharing schemes based on the CRT, as an alternative to the classical solutions based on the Shamir s threshold secret sharing scheme. We have also remarked that modules used in these schemes can not be pairwise prime and, thus, the threshold secret sharing schemes based on the general CRT must be used.
10 An interesting open problem is the problem to efficiently generate generalized Mignotte or Asmuth-Blom sequences suitable for threshold RSA. We shall consider this problem in our future work. Acknowledgements Research reported here was partially supported by the National University Research Council of Romania under the grant CNCSIS632/2005. References 1. C. A. Asmuth and J. Bloom. A modular approach to key safeguarding. IEEE Transactions on Information Theory, IT-29(2): , J. Benaloh and J. Leichter. Generalized secret sharing and monotone functions. In S. Goldwasser, editor, Advanced in Cryptology-CRYPTO 88, volume 403 of Lecture Notes in Computer Science, pages Springer-Verlag, G. R. Blakley. Safeguarding cryptographic keys. In National Computer Conference, 1979, volume 48 of American Federation of Information Processing Societies Proceedings, pages , H. Cohen. A Course in Computational Algebraic Number Theory. Graduate Texts in Mathematics. Springer-Verlag, 4th edition, R. Cramer, M. K. Franklin, B. Schoenmakers, and M. Yung. Multi-authority secret-ballot elections with linear work. In U. Maurer, editor, Advances in Cryptology - EuroCrypt 96, volume 1070 of Lecture Notes in Computer Science, pages Springer-Verlag, I. Damgård and K. Dupont. Efficient threshold RSA signatures with general moduli and no extra assumptions. In S. Vaudenay, editor, Public Key Cryptography - PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, volume 3386 of Lecture Notes in Computer Science, pages Springer, Y. Desmedt. Some recent research aspects of threshold cryptography. In E. Okamoto, G. I. Davida, and M. Mambo, editors, ISW 97: Proceedings of the First International Workshop on Information Security, volume 1396 of Lecture Notes in Computer Science, pages Springer-Verlag, Y. Desmedt, G. Di Crescenzo, and M. Burmester. Multiplicative non-abelian sharing schemes and their applications to threshold cryptography. In J. Pieprzyk and R. Safavi-Naini, editors, Advances in Cryptology - Asiacrypt 94, volume 917 of Lecture Notes in Computer Science Volume, pages Springer-Verlag, Y. Desmedt and Y. Frankel. Threshold cryptosystems. In G. Brassard, editor, Advances in Cryptology - Crypto 89, volume 435 of Lecture Notes in Computer Science, pages Springer-Verlag, Y. Desmedt and Y. Frankel. Shared generation of authenticators and signatures. In J. Feigenbaum, editor, Advances in Cryptology - Crypto 91, volume 576 of Lecture Notes in Computer Science, pages Springer-Verlag, C. Ding, D. Pei, and A. Salomaa. Chinese remainder theorem: applications in computing, coding, cryptography. World Scientific Publishing Co., Inc., A. S. Fraenkel. New proof of the generalized Chinese remainder theorem. Proceedings of American Mathematical Society, 14: , H. Garner. The residue number system. IRE Transactions on Electronic Computers, EC-8: , O. Goldreich, D. Ron, and M. Sudan. Chinese remaindering with errors. IEEE Transactions on Information Theory, IT-46(4): , S. Iftene. A generalization of Mignotte s secret sharing scheme. In T. Jebelean, V. Negru, D. Petcu, and D. Zaharie, editors, Proceedings of the 6th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, Timisoara, Romania, September, 2004, pages , M. Ito, A. Saito, and T. Nishizeki. Secret sharing scheme realizing general access structure. In Proceedings of the IEEE Global Telecommunications Conference, Globecom 87, pages IEEE Press, 1987.
11 17. M. Mignotte. How to share a secret. In T. Beth, editor, Cryptography-Proceedings of the Workshop on Cryptography, Burg Feuerstein, 1982, volume 149 of Lecture Notes in Computer Science, pages Springer-Verlag, O. Ore. The general Chinese remainder theorem. American Mathematical Monthly, 59: , S. C. Pohlig and M. E. Hellman. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Transactions on Information Theory, 24: , J.-J. Quisquater and C. Couvreur. Fast decipherment algorithm for the RSA public-key cryptosystem. IEE Electronics Letters, 18 (21): , M. Quisquater, B. Preneel, and J. Vandewalle. On the security of the threshold scheme based on the Chinese remainder theorem. In D. Naccache and P. Paillier, editors, Public Key Cryptography, 5th International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2002, volume 2274 of Lecture Notes in Computer Science, pages Springer-Verlag, R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2): , A. Shamir. How to share a secret. Communications of the ACM, 22(11): , V. Shoup. Practical threshold signatures. In B. Preneel, editor, Advances in Cryptology - EURO- CRYPT 2000, volume 1807 of Lecture Notes in Computer Science, pages Springer-Verlag, 2000.
Compartmented Secret Sharing Based on the Chinese Remainder Theorem
Compartmented Secret Sharing Based on the Chinese Remainder Theorem Sorin Iftene Faculty of Computer Science Al. I. Cuza University Iaşi, Romania siftene@infoiasi.ro Abstract A secret sharing scheme starts
More informationWeighted Threshold Secret Sharing Based on the Chinese Remainder Theorem
Weighted Threshold Secret Sharing Based on the Chinese Remainder Theorem Sorin Iftene and Ioana Boureanu Faculty of Computer Science Al. I. Cuza University Iaşi, Romania {siftene,iboureanu}@infoiasi.ro
More informationCompartmented Threshold RSA Based on the Chinese Remainder Theorem
Compartmented Threshold RSA Based on the Chinese Remainder Theorem Sorin Iftene Department of Computer Science, Al. I. Cuza University, 700483 Iasi, Romania siftene@info.uaic.ro Manuela Grindei LSV, ENS
More informationGeneral Secret Sharing Based on the Chinese Remainder Theorem with Applications in E-Voting
Electronic Notes in Theoretical Computer Science 186 (2007) 67 84 www.elsevier.com/locate/entcs General Secret Sharing Based on the Chinese Remainder Theorem with Applications in E-Voting Sorin Iftene
More informationCheating Detection and Cheater Identification in CRT-based Secret Sharing Schemes
Cheating Detection and Cheater Identification in CRT-based Secret Sharing Schemes Daniel Pasailă, Vlad Alexa, Sorin Iftene Department of Computer Science Al I Cuza University Iasi, Romania Email: {danielpasaila,vladalexa,siftene}@infouaicro
More informationSecret Sharing for General Access Structures
SECRET SHARING FOR GENERAL ACCESS STRUCTURES 1 Secret Sharing for General Access Structures İlker Nadi Bozkurt, Kamer Kaya, and Ali Aydın Selçuk Abstract Secret sharing schemes (SSS) are used to distribute
More informationSharing DSS by the Chinese Remainder Theorem
Sharing DSS by the Chinese Remainder Theorem Kamer Kaya,a, Ali Aydın Selçuk b a Ohio State University, Columbus, 43210, OH, USA b Bilkent University, Ankara, 06800, Turkey Abstract In this paper, we propose
More informationSELECTED APPLICATION OF THE CHINESE REMAINDER THEOREM IN MULTIPARTY COMPUTATION
Journal of Applied Mathematics and Computational Mechanics 2016, 15(1), 39-47 www.amcm.pcz.pl p-issn 2299-9965 DOI: 10.17512/jamcm.2016.1.04 e-issn 2353-0588 SELECTED APPLICATION OF THE CHINESE REMAINDER
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationSolving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know?
Solving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know? Alexander May, Maike Ritzenhofen Faculty of Mathematics Ruhr-Universität Bochum, 44780 Bochum,
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationThreshold Cryptography
Threshold Cryptography Cloud Security Mechanisms Björn Groneberg - Summer Term 2013 09.07.2013 Threshold Cryptography 1 ? 09.07.2013 Threshold Cryptography 2 Threshold Cryptography Sharing Secrets Treasure
More informationMultilevel Threshold Secret and Function Sharing based on the Chinese Remainder Theorem
1 Multilevel Threshold Secret and Function Sharing based on the Chinese Remainder Theorem Oğuzhan Ersoy, Kamer Kaya and Kerem Kaşkaloğlu arxiv:1605.07988v1 [cs.cr] 25 May 2016 Abstract A recent work of
More informationAn Efficient Lattice-based Secret Sharing Construction
An Efficient Lattice-based Secret Sharing Construction Rachid El Bansarkhani 1 and Mohammed Meziani 2 1 Technische Universität Darmstadt Fachbereich Informatik Kryptographie und Computeralgebra, Hochschulstraße
More informationICS141: Discrete Mathematics for Computer Science I
ICS141: Discrete Mathematics for Computer Science I Dept. Information & Computer Sci., Jan Stelovsky based on slides by Dr. Baek and Dr. Still Originals by Dr. M. P. Frank and Dr. J.L. Gross Provided by
More informationPKCS #1 v2.0 Amendment 1: Multi-Prime RSA
PKCS #1 v2.0 Amendment 1: Multi-Prime RSA RSA Laboratories DRAFT 1 May 20, 2000 Editor s note: This is the first draft of amendment 1 to PKCS #1 v2.0, which is available for a 30-day public review period.
More informationChapter 4 Asymmetric Cryptography
Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for
More informationAsymmetric Cryptography
Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationSecret sharing schemes
Secret sharing schemes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Introduction Shamir s secret sharing scheme perfect secret
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationNumber Theory. Modular Arithmetic
Number Theory The branch of mathematics that is important in IT security especially in cryptography. Deals only in integer numbers and the process can be done in a very fast manner. Modular Arithmetic
More informationEfficient RSA Cryptosystem with Key Generation using Matrix
E f f i c i e n t R S A C r y p t o s y s t e m w i t h K e y G e n e r a t i o n u s i n g M a t r i x Efficient RSA Cryptosystem with Key Generation using Matrix Prerna Verma 1, Dindayal Mahto 2, Sudhanshu
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationVerifiable Secret Redistribution
Verifiable Secret Redistribution Theodore M. Wong Jeannette M. Wing October 2001 CMU-CS-01-155 School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 Abstract We present a new protocol
More informationThreshold Undeniable RSA Signature Scheme
Threshold Undeniable RSA Signature Scheme Guilin Wang 1, Sihan Qing 1, Mingsheng Wang 1, and Zhanfei Zhou 2 1 Engineering Research Center for Information Security Technology; State Key Laboratory of Information
More informationEfficient Secret Sharing Schemes Achieving Optimal Information Rate
Efficient Secret Sharing Schemes Achieving Optimal Information Rate Yongge Wang KINDI Center for Computing Research, Qatar University, Qatar and Department of SIS, UNC Charlotte, USA Email: yonggewang@unccedu
More informationA New Knapsack Public-Key Cryptosystem Based on Permutation Combination Algorithm
A New Knapsack Public-Key Cryptosystem Based on Permutation Combination Algorithm Min-Shiang Hwang Cheng-Chi Lee Shiang-Feng Tzeng Department of Management Information System National Chung Hsing University
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationFrom Fixed-Length to Arbitrary-Length RSA Encoding Schemes Revisited
From Fixed-Length to Arbitrary-Length RSA Encoding Schemes Revisited Julien Cathalo 1, Jean-Sébastien Coron 2, and David Naccache 2,3 1 UCL Crypto Group Place du Levant 3, Louvain-la-Neuve, B-1348, Belgium
More informationMultipartite Secret Sharing Based on CRT
Wireless Pers Commun DOI 10.1007/s11277-014-1751-x Multipartite Secret Sharing Based on CRT Ching-Fang Hsu Lein Harn Springer Science+Business Media New York 2014 Abstract Secure communication has become
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationINFORMATION-THEORETICALLY SECURE STRONG VERIFIABLE SECRET SHARING
INFORMATION-THEORETICALLY SECURE STRONG VERIFIABLE SECRET SHARING Changlu Lin State Key Lab. of Information Security, Graduate University of Chinese Academy of Sciences, China Key Lab. of Network Security
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationA Knapsack Cryptosystem Based on The Discrete Logarithm Problem
A Knapsack Cryptosystem Based on The Discrete Logarithm Problem By K.H. Rahouma Electrical Technology Department Technical College in Riyadh Riyadh, Kingdom of Saudi Arabia E-mail: kamel_rahouma@yahoo.com
More informationAitken and Neville Inverse Interpolation Methods over Finite Fields
Appl. Num. Anal. Comp. Math. 2, No. 1, 100 107 (2005) / DOI 10.1002/anac.200410027 Aitken and Neville Inverse Interpolation Methods over Finite Fields E.C. Laskari 1,3, G.C. Meletiou 2,3, and M.N. Vrahatis
More informationA New Baby-Step Giant-Step Algorithm and Some Applications to Cryptanalysis
A New Baby-Step Giant-Step Algorithm and Some Applications to Cryptanalysis Jean Sébastien Coron 1, David Lefranc 2 and Guillaume Poupard 3 1 Université du Luxembourg Luxembourg coron@clipper.ens.fr 2
More informationNumber Theory & Modern Cryptography
Number Theory & Modern Cryptography Week 12 Stallings: Ch 4, 8, 9, 10 CNT-4403: 2.April.2015 1 Introduction Increasing importance in cryptography Public Key Crypto and Signatures Concern operations on
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 13 March 3, 2013 CPSC 467b, Lecture 13 1/52 Elliptic Curves Basics Elliptic Curve Cryptography CPSC
More informationRSA. Ramki Thurimella
RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key
More informationOptimal Use of Montgomery Multiplication on Smart Cards
Optimal Use of Montgomery Multiplication on Smart Cards Arnaud Boscher and Robert Naciri Oberthur Card Systems SA, 71-73, rue des Hautes Pâtures, 92726 Nanterre Cedex, France {a.boscher, r.naciri}@oberthurcs.com
More informationMontgomery-Suitable Cryptosystems
Montgomery-Suitable Cryptosystems [Published in G. Cohen, S. Litsyn, A. Lobstein, and G. Zémor, Eds., Algebraic Coding, vol. 781 of Lecture Notes in Computer Science, pp. 75-81, Springer-Verlag, 1994.]
More informationA New Attack on RSA with Two or Three Decryption Exponents
A New Attack on RSA with Two or Three Decryption Exponents Abderrahmane Nitaj Laboratoire de Mathématiques Nicolas Oresme Université de Caen, France nitaj@math.unicaen.fr http://www.math.unicaen.fr/~nitaj
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationAn Overview of Homomorphic Encryption
An Overview of Homomorphic Encryption Alexander Lange Department of Computer Science Rochester Institute of Technology Rochester, NY 14623 May 9, 2011 Alexander Lange (RIT) Homomorphic Encryption May 9,
More informationIntegers and Division
Integers and Division Notations Z: set of integers N : set of natural numbers R: set of real numbers Z + : set of positive integers Some elements of number theory are needed in: Data structures, Random
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer 1 Lecture 13 October 16, 2017 (notes revised 10/23/17) 1 Derived from lecture notes by Ewa Syta. CPSC 467, Lecture 13 1/57 Elliptic Curves
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationOn the Key-collisions in the Signature Schemes
On the Key-collisions in the Signature Schemes Tomáš Rosa ICZ a.s., Prague, CZ Dept. of Computer Science, FEE, CTU in Prague, CZ tomas.rosa@i.cz Motivation to study k-collisions Def. Non-repudiation [9,10].
More informationPublic-Key Encryption: ElGamal, RSA, Rabin
Public-Key Encryption: ElGamal, RSA, Rabin Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Public-Key Encryption Syntax Encryption algorithm: E. Decryption
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationAddition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?
Ch - Algorithms with numbers Addition Basic arithmetic Addition ultiplication Division odular arithmetic factoring is hard Primality testing 53+35=88 Cost? (n number of bits) O(n) ultiplication al-khwārizmī
More informationBlind Signature Protocol Based on Difficulty of. Simultaneous Solving Two Difficult Problems
Applied Mathematical Sciences, Vol. 6, 202, no. 39, 6903-690 Blind Signature Protocol Based on Difficulty of Simultaneous Solving Two Difficult Problems N. H. Minh, D. V. Binh 2, N. T. Giang 3 and N. A.
More informationProtecting RSA Against Fault Attacks: The Embedding Method
Published in L. Breveglieri et al., Eds, Fault Diagnosis and Tolerance in Cryptography (FDTC 2009), IEEE Computer Society, pp. 41 45, 2009. Protecting RSA Against Fault Attacks: The Embedding Method Marc
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationarxiv: v3 [cs.cr] 15 Jun 2017
Use of Signed Permutations in Cryptography arxiv:1612.05605v3 [cs.cr] 15 Jun 2017 Iharantsoa Vero RAHARINIRINA ihvero@yahoo.fr Department of Mathematics and computer science, Faculty of Sciences, BP 906
More informationPublic Key Cryptography
Public Key Cryptography Ali El Kaafarani 1 Mathematical Institute 2 PQShield Ltd. 1 of 44 Outline 1 Public Key Encryption: security notions 2 RSA Encryption Scheme 2 of 44 Course main reference 3 of 44
More informationCourse 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography
Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationCryptanalysis of a Fast Public Key Cryptosystem Presented at SAC 97
Cryptanalysis of a Fast Public Key Cryptosystem Presented at SAC 97 Phong Nguyen and Jacques Stern École Normale Supérieure, Laboratoire d Informatique 45, rue d Ulm, F 75230 Paris Cedex 05 {Phong.Nguyen,Jacques.Stern}@ens.fr
More informationFrom Fixed-Length Messages to Arbitrary-Length Messages Practical RSA Signature Padding Schemes
From Fixed-Length Messages to Arbitrary-Length Messages Practical RSA Signature Padding Schemes [Published in D. Naccache, Ed., Topics in Cryptology CT-RSA 2001, vol. 2020 of Lecture Notes in Computer
More informationA PUBLIC-KEY THRESHOLD CRYPTOSYSTEM BASED ON RESIDUE RINGS
A PUBLIC-KEY THRESHOLD CRYPTOSYSTEM BASED ON RESIDUE RINGS STEPHANIE DEACON, EDUARDO DUEÑEZ, AND JOSÉ IOVINO Abstract. We present a generalization of Pedersen s public-key threshold cryptosystem. Pedersen
More informationCryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA 05
Cryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA 05 Fangguo Zhang 1 and Xiaofeng Chen 2 1 Department of Electronics and Communication Engineering, Sun Yat-sen
More informationFundamentals of Modern Cryptography
Fundamentals of Modern Cryptography BRUCE MOMJIAN This presentation explains the fundamentals of modern cryptographic methods. Creative Commons Attribution License http://momjian.us/presentations Last
More informationCourse MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography
Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups
More informationCryptanalysis of Threshold-Multisignature Schemes
Cryptanalysis of Threshold-Multisignature Schemes Lifeng Guo Institute of Systems Science, Academy of Mathematics and System Sciences, Chinese Academy of Sciences, Beijing 100080, P.R. China E-mail address:
More informationA new attack on RSA with a composed decryption exponent
A new attack on RSA with a composed decryption exponent Abderrahmane Nitaj and Mohamed Ould Douh,2 Laboratoire de Mathématiques Nicolas Oresme Université de Caen, Basse Normandie, France abderrahmane.nitaj@unicaen.fr
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationCryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg
Course 1: Remainder: RSA Université du Luxembourg September 21, 2010 Public-key encryption Public-key encryption: two keys. One key is made public and used to encrypt. The other key is kept private and
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationQuestion: Total Points: Score:
University of California, Irvine COMPSCI 134: Elements of Cryptography and Computer and Network Security Midterm Exam (Fall 2016) Duration: 90 minutes November 2, 2016, 7pm-8:30pm Name (First, Last): Please
More informationDiscrete mathematics I - Number theory
Discrete mathematics I - Number theory Emil Vatai (based on hungarian slides by László Mérai) 1 January 31, 2018 1 Financed from the financial support ELTE won from the Higher Education
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More informationPartial Key Exposure: Generalized Framework to Attack RSA
Partial Key Exposure: Generalized Framework to Attack RSA Cryptology Research Group Indian Statistical Institute, Kolkata 12 December 2011 Outline of the Talk 1 RSA - A brief overview 2 Partial Key Exposure
More informationOn the security of Jhanwar-Barua Identity-Based Encryption Scheme
On the security of Jhanwar-Barua Identity-Based Encryption Scheme Adrian G. Schipor aschipor@info.uaic.ro 1 Department of Computer Science Al. I. Cuza University of Iași Iași 700506, Romania Abstract In
More informationNew attacks on RSA with Moduli N = p r q
New attacks on RSA with Moduli N = p r q Abderrahmane Nitaj 1 and Tajjeeddine Rachidi 2 1 Laboratoire de Mathématiques Nicolas Oresme Université de Caen Basse Normandie, France abderrahmane.nitaj@unicaen.fr
More informationOn Linear Secret Sharing for Connectivity in Directed Graphs
On Linear Secret Sharing for Connectivity in Directed Graphs Amos Beimel 1 and Anat Paskin 2 1 Dept. of computer science, Ben-Gurion University, Beer Sheva, Israel. 2 Dept. of computer science, Technion,
More informationImplementation of the RSA algorithm and its cryptanalysis. Abstract. Introduction
Implementation of the RSA algorithm and its cryptanalysis Chandra M. Kota and Cherif Aissi 1 University of Louisiana at Lafayette, College of Engineering Lafayette, LA 70504, USA Abstract Session IVB4
More informationThe Distributed Decryption Schemes for Somewhat Homomorphic Encryption
Copyright c The Institute of Electronics, Information and Communication Engineers SCIS 2012 The 29th Symposium on Cryptography and Information Security Kanazawa, Japan, Jan. 30 - Feb. 2, 2012 The Institute
More informationCryptoComputing with rationals
CryptoComputing with rationals Pierre-Alain Fouque 1,2, Jacques Stern 2, and Geert-Jan Wackers 3 1 D.C.S.S.I. Crypto Lab 51, bd Latour-Maubourg, F-75007 Paris, France 2 École Normale Supérieure, Département
More informationPolynomial Interpolation in the Elliptic Curve Cryptosystem
Journal of Mathematics and Statistics 7 (4): 326-331, 2011 ISSN 1549-3644 2011 Science Publications Polynomial Interpolation in the Elliptic Curve Cryptosystem Liew Khang Jie and Hailiza Kamarulhaili School
More informationThe security of RSA (part 1) The security of RSA (part 1)
The modulus n and its totient value φ(n) are known φ(n) = p q (p + q) + 1 = n (p + q) + 1 The modulus n and its totient value φ(n) are known φ(n) = p q (p + q) + 1 = n (p + q) + 1 i.e. q = (n φ(n) + 1)
More informationAlgorithmic Number Theory and Public-key Cryptography
Algorithmic Number Theory and Public-key Cryptography Course 3 University of Luxembourg March 22, 2018 The RSA algorithm The RSA algorithm is the most widely-used public-key encryption algorithm Invented
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationCS March 17, 2009
Discrete Mathematics CS 2610 March 17, 2009 Number Theory Elementary number theory, concerned with numbers, usually integers and their properties or rational numbers mainly divisibility among integers
More informationSide Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents
Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents Santanu Sarkar and Subhamoy Maitra Leuven, Belgium 12 September, 2012 Outline of the Talk RSA Cryptosystem
More informationNew Variant of ElGamal Signature Scheme
Int. J. Contemp. Math. Sciences, Vol. 5, 2010, no. 34, 1653-1662 New Variant of ElGamal Signature Scheme Omar Khadir Department of Mathematics Faculty of Science and Technology University of Hassan II-Mohammedia,
More informationIntroduction. will now introduce finite fields of increasing importance in cryptography. AES, Elliptic Curve, IDEA, Public Key
Introduction will now introduce finite fields of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public Key concern operations on numbers where what constitutes a number and the type of
More informationEvidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs
Evidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs Jonah Brown-Cohen 1 Introduction The Diffie-Hellman protocol was one of the first methods discovered for two people, say Alice
More informationA Simple Public-Key Cryptosystem with a Double Trapdoor Decryption Mechanism and its Applications
A Simple Public-Key Cryptosystem with a Double Trapdoor Decryption Mechanism and its Applications Emmanuel Bresson 1, Dario Catalano, and David Pointcheval 1 Cryptology Department, CELAR, 35174 Bruz Cedex,
More informationComputing the RSA Secret Key is Deterministic Polynomial Time Equivalent to Factoring
Computing the RSA Secret Key is Deterministic Polynomial Time Equivalent to Factoring Alexander May Faculty of Computer Science, Electrical Engineering and Mathematics University of Paderborn 33102 Paderborn,
More informationConstructing Verifiable Random Number in Finite Field
Jun Ye 1, Xiaofeng Chen 2, and Jianfeng Ma 2 1 School of Science, Sichuan University of Science and Engineering Zigong, Sichuan, China yejun@suseeducn 2 School of Telecommunication Engineering, Xidian
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand 1 Divisibility, prime numbers By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a k for some integer k. Notation
More informationOWO Lecture: Modular Arithmetic with Algorithmic Applications
OWO Lecture: Modular Arithmetic with Algorithmic Applications Martin Otto Winter Term 2008/09 Contents 1 Basic ingredients 1 2 Modular arithmetic 2 2.1 Going in circles.......................... 2 2.2
More information