A NEW SIGNATURE PROTOCOL BASED ON RSA AND ELGAMAL SCHEME ABSTRACT J Ettanfoui and O Kadir Laboratory of Matmatics, Cryptograpy and Mcanics, Fstm, Univrsity Hassan II of Casablanca, Morocco In tis papr, w prsnt a nw signatur scm basd on factoring and discrt logaritm problms Drivd from a variant of ElGamal signatur protocol and t RSA algoritm, tis mtod can b sn as an altrnativ protocol if nown systms ar bron KEYWORDS Factoring, DLP, PKC, ElGamal signatur scm, RSA MSC: 94A 60 1 INTRODUCTION In 1977, Rivst, Samir, and Adlman[ 6 ] dscribd t famous RSA algoritm wic is basd on t prsumd difficulty of factoring larg intgrs In 1985, ElGamal [2] proposd a signatur digital protocol tat uss t ardnss of t discrt logaritm problm[ 5 p116, 7 p 213, 8 p 228 ] Sinc tn, many similar scms wr laboratd and publisd[1,3 ] Among tm, a nw variant was concivd in 2010 by t scond autor[ 4 ]In tis wor, w apply a combination of t nw variant of Elgamal and RSA algoritm to build a scur digital signatur T fficincy of t mtod is discussd and its scurity analyzd T papr is organisd as follows: In sction 2, w dscrib t basic ElGamal digital signatur algoritm and its variant Sction 3 is dvotd to our nw digital signatur mtod W nd wit t conclusion in sction 4 In t papr, w will rspct ElGamal wor notations [3] N, Z ar rspctivly t sts of intgrs and non-ngativ intgrs For vry positiv intgr n, w dnot by Z/ nz t finit ring of modular intgrs and by ( Z/ n Z) t iplicativ group of its invrtibl lmnts Lt a, b, c b tr intgrs T GCD of a and b is writtn as gcd ( a, b) W writ a b 01cm[ c] if c divids a b, and a = b mod c if a is t rst in t division of b by c T bit lngt of n is t numbr of bits in its binary modl, wit n an intgr W start by prsnting t basic ElGamal digital signatur algoritm and its variant: DOI: 105121/ijitmc20164302 11
2 ELGAMAL SIGNATURE SCHEME In tis sction w rcall ElGamal signatur scm[2] and its variant[4] 1 Alic cooss tr numbrs: - p, a larg prim intgr - α, a primitiv root of t finit iplicativ group - x, a random lmnt of {1,2,, p 1} ( Z/ p Z) 2 S computs y α x = mod p Alic s public y is (,, y) p α, and x is r privat y 3 To sign t documnt m, Alic must solv t problm: wr r, s ar t unnown variabls Alic fixs arbitrary r to b r = α mod p, wr is cosn randomly and invrtibl modulo p 1 Equation (1) is tn quivalnt to: (1) (2) Sinc Alic as t scrt y x, and as t numbr is invrtibl modulo p 1, s calculats t otr unnown variabl s by 4 Bob can vrify t signatur by ccing if congrunc (1) is valid for t variabls r and s givn by Alic 3 VARIANT OF ELGAMAL SIGNATURE SCHEME W prsnt a variant of ElGamal digital signatur systm Tis variant Error! Rfrnc sourc not found is basd on t quation: (3) r, s, t ar t unnown paramtrs, and ( p, α, y) ar Alic public ys p is an intgr (a larg prim) α is a primitiv root of lmnt of {1,2,,p-1} Z p y is calculatd by y α (4) x = mod p x is a random 12
Lt m = ( M ), wr is a as function, and M t mssag to b signd by Alic l To giv t solution (3), s fixs randomly r as r α mod p, and s to b s α mod p, wr, l ar slctd arbitrary in {1,2,,p-1} Equation (3) is tn quivalnt to: as Alic rcogniz t valus of r, s,, l, m, x, s is abl to calculat t last unnown variabl t Bob vrify t signatur by vrifying t congrunc (4) 1 tis systm dos not us t xtndd Euclidan algoritm for calculating mod ( p 1) W clarify t scm by t xampl givn by t crator of tis altrnativ[4] 31 EXAMPLE Lt ( p, α, y) b Alic public ys wr: p = 509, α = 2 and y = 482 W assrt tat w ar not confidnt if using a small valu of α dos not abat t protocol T privat y is x = 281 Suppos tat Alic wants to gnrat a signatur for t documnt M for wic m ( M ) 432[508] wit t xponnts = 208 and l = 386 ar randomly tan S computs 2 208 l r α 332[ p], s α 2 386 39[ p] and t rx + s + lm 440[ p 1] t r s m Bob or anyon can vrify t rlation α y r s [ p] Indd, w find tat α 436[ p] and y r r s s m 436[ p] 4 OUR PROTOCOL 41 DESCRIPTION In tis sction, w dscrib our nw digital signatur T protocol is basd sianously on two ard problms W assum first tat is a public scur as function li SHA1[5 p348, 7 p 242, 8 p133 ] W suppos tat Alic public ys ar ( P, α, y, ) wr: - P = 2 pq + 1, p, q ar tr prims - α, a primitiv root of t iplicativ group ( Z/ p Z) x - y = α mod P, wr x is t privat y of Alic, wic is randomly tan in {1,2,, P 1} (5) 13
- Elmnt is t public xponnt in t RSA cryptosystm W propos t following protocol: If Alic wants to sign t mssag M, s must giv a solution for t modular quation: wr m = ( M ) mod p, and r, s, t ar unnown (6) To solv quation (5), Alic starts by putting: (7) Equation (5) bcoms: (8) Alic uss t nw variant of Elgamal algoritm[4] to solv quation (9) and to gt t valus of r, s and t Tn wit r RSA privat y s solvs quations (7) and (8) T cupl r and s is r signatur for t mssag M Bob or anybody can cc tat t signatur is valid by rplacing r, s and t in rlation (5) 42 EXAMPLE Lt us illustrat t mtod by t following xampl Suppos tat Alic s public y is: P = 2167313 + 1 = 104543, α = 5, y = 23292, = 7 T privat ys for RSA and ElGamal systms ar rspctivly: x = 9502, d = 7399 Assum tat m = ( M ) = 12345 is t asd mssag tat s lis to sign If s tas Randomly = 845 and l = 2561 S will find from quation 8 tat r = 17744, s = 31839 Rlation 4 implis t = 57764 Alic uss (6) and (7) to obtain: (9) 14
r r d [ P 1] 75282 s s d [ P 1] 19005 t r mod P 1 To vrify Bob puts A = α mod P = 62833, B = y mod P = 79849, ( s mod P 1) m C = ( r mod P 1) mod P = 83421 and D = ( s mod P 1) mod P = 212997, and ccs if A = B C D mod P 43 SECURITY ANALYSIS Now tat w av prsntd t protocol, w will discuss som possibl attacs Assum tat Oscar is Alic s opponnt ATTACK 1: If t attacr try to imitat t computation mad by Alic, can find r and s, but to find t nds t valu of t privat y x to solv quation 4 ATTACK 2: Suppos Oscar is capabl to solv t discrt logaritm problm [2] H cannot calculat r and s from quation (7) and (8) will b confrontd to t factorisation of a larg composit modulus [5,8] ATTACK 3: Suppos Oscar is capabl to solv RSA quations (7) and (8) Oscar cannot gt t from quation (9) sinc x is Alic s scrt y If tris to gt t from quation (4), will b stoppd by t discrt logaritm problm 44 COMPLEXITY OF OUR ALGORITHM As in [1], lt T xp, T and T b appropriatly t tim to calculat an xponntiation, a iplication and as function of a documnt M W nglct t tim ndd for modular substraction, additions, comparisons and apply t convrsion T = 240T 441 SIGNATURE COMPLEXITY To sign t mssag M, Alic must comput t six paramtrs: l d d m = ( M ) mod P, r α [P], s α [P], r r [ P 1], s s [ P 1], t xr + s + lm [ P 1] Alic nds to prform four modular xponntiations, tr modular iplications and on as function computation So t global rquird tim is : 442 VERIFICATION COMPLEXITY xp xp T = 4T + 3T + T = 963T + T 1 Bob sould calculat 4 xponntiations, 2 iplications and on as function So t global rquird tim is : T = 4T + 2T + T = 962T + T 2 xp 15
5 CONCLUSION In tis wor, w proposd a nw signatur protocol tat can b an altrnativ if old systms ar bron Our mtod is basd sianyously on RSA cryptosystm and DLP ACKNOWLEDGEMENTS Tis wor is supportd by t MMS -orintation projct REFERENCES [1] R R Amad, E S Ismail,and N M F Taat, A nw digital signatur scm basd on factoring and discrt logaritms, J of Matmatics and Statistics (4): (2008), pp [2] T ElGamal, A public y cryptosystm and a signatur scm basd on discrt logaritm problm, IEEE Trans Info Tory, IT-31, (1985), pp [3] LC Guillou, JJ Quisquatr, A Paradoxial Idntity-basd SIgnatur Scm Rsulting from Zro- Knowldg, Advancs in cryptograpy, LNCS 403, (1990) pp [4] O Kadir, Nw variant of ElGamal signatur scm, Int J Contmp Mat Scincs, Vol 5, no 34, (2010), pp [5] A J Mnzs, P C van Oorscot and S A Vanston, Handboo of applid cryptograpy, CRC Prss, Boca Raton, Florida, 1997 [6] R Rivst, A Samir and L Adlman, A mtod for obtaining digital signaturs and public y cryptosystms, Communication of t ACM, Vol no 21, (1978), pp [7] J Bucmann, Introduction to Cryptograpy,(Scond Edition), Springr 2000 [8] D R Stinson, Cryptograpy, tory and practic, scond Edition, Capman & Hall/CRC, 2006 Autors Jaouad Ettanfoui olds an nginr dgr in Computr Scinc from t Univrsity of Hassan II of Casablanca (2011) Mmbr of t laboratory of Matmatics, Cryptograpy and Mcanics, is prparing a tsis in public y cryptograpy Dr Omar Kadir rcivd is PD dgr in Computr Scinc from t Univrsity of Roun, Franc (1994) Co-foundr of t Laboratory of Matmatics, Cryptograpy and Mcanics at t Univrsity of Hassan II Casablanca, Morocco, wr is a profssor in t Dpartmnt of Matmatics H tacs cryptograpy for graduat studnts prparing a dgr in computr scinc His currnt rsarc intrsts includ public y cryptograpy, digital signatur, primality, factorisation of larg intgrs and mor gnrally, all subjcts connctd to t information tcnology 16