A NEW SIGNATURE PROTOCOL BASED ON RSA AND ELGAMAL SCHEME

Similar documents
New Variant of ElGamal Signature Scheme

BINOMIAL COEFFICIENTS INVOLVING INFINITE POWERS OF PRIMES. 1. Statement of results

BINOMIAL COEFFICIENTS INVOLVING INFINITE POWERS OF PRIMES

A generalized attack on RSA type cryptosystems

Derangements and Applications

Efficient encryption and decryption

3-2-1 ANN Architecture

Characteristics of Gliding Arc Discharge Plasma

Application of Vague Soft Sets in students evaluation

COUNTING TAMELY RAMIFIED EXTENSIONS OF LOCAL FIELDS UP TO ISOMORPHISM

Construction of asymmetric orthogonal arrays of strength three via a replacement method

Rational Approximation for the one-dimensional Bratu Equation

On the irreducibility of some polynomials in two variables

The Matrix Exponential

Lagrangian Analysis of a Class of Quadratic Liénard-Type Oscillator Equations with Exponential-Type Restoring Force function

Homotopy perturbation technique

The Matrix Exponential

(Upside-Down o Direct Rotation) β - Numbers

Fourier Transforms and the Wave Equation. Key Mathematics: More Fourier transform theory, especially as applied to solving the wave equation.

SECTION where P (cos θ, sin θ) and Q(cos θ, sin θ) are polynomials in cos θ and sin θ, provided Q is never equal to zero.

MCE503: Modeling and Simulation of Mechatronic Systems Discussion on Bond Graph Sign Conventions for Electrical Systems

ON THE DISTRIBUTION OF THE ELLIPTIC SUBSET SUM GENERATOR OF PSEUDORANDOM NUMBERS

Difference -Analytical Method of The One-Dimensional Convection-Diffusion Equation

A Prey-Predator Model with an Alternative Food for the Predator, Harvesting of Both the Species and with A Gestation Period for Interaction

SOME PARAMETERS ON EQUITABLE COLORING OF PRISM AND CIRCULANT GRAPH.

NEW APPLICATIONS OF THE ABEL-LIOUVILLE FORMULA

Abstract Interpretation: concrete and abstract semantics

Properties of Phase Space Wavefunctions and Eigenvalue Equation of Momentum Dispersion Operator

Trigonometric functions

Division of Mechanics Lund University MULTIBODY DYNAMICS. Examination Name (write in block letters):.

Sundials and Linear Algebra

On spanning trees and cycles of multicolored point sets with few intersections

Dynamic Modelling of Hoisting Steel Wire Rope. Da-zhi CAO, Wen-zheng DU, Bao-zhu MA *

dy 1. If fx ( ) is continuous at x = 3, then 13. If y x ) for x 0, then f (g(x)) = g (f (x)) when x = a. ½ b. ½ c. 1 b. 4x a. 3 b. 3 c.

University of Washington Department of Chemistry Chemistry 453 Winter Quarter 2014 Lecture 20: Transition State Theory. ERD: 25.14

Available online at ScienceDirect. Procedia Engineering 126 (2015 )

Inference Methods for Stochastic Volatility Models

SCHUR S THEOREM REU SUMMER 2005

Thermodynamical insight on the role of additives in shifting the equilibrium between white and grey tin

Some remarks on Kurepa s left factorial

Pipe flow friction, small vs. big pipes

THE SOLDNER PROJECTION OF THE WHOLE ELLIPSOID

New Attacks on RSA with Modulus N = p 2 q Using Continued Fractions

Digital Signature Scheme Based on a New Hard Problem

Cramér-Rao Inequality: Let f(x; θ) be a probability density function with continuous parameter

Chapter Taylor Theorem Revisited

arxiv: v1 [math.oc] 26 Mar 2017

Full Waveform Inversion Using an Energy-Based Objective Function with Efficient Calculation of the Gradient

1973 AP Calculus AB: Section I

SUMMER 17 EXAMINATION

u r du = ur+1 r + 1 du = ln u + C u sin u du = cos u + C cos u du = sin u + C sec u tan u du = sec u + C e u du = e u + C

Introduction to Arithmetic Geometry Fall 2013 Lecture #20 11/14/2013

Cryptanalysis of Improved Liaw s Broadcasting Cryptosystem *

The second condition says that a node α of the tree has exactly n children if the arity of its label is n.

Exponential Functions

VSMN30 FINITA ELEMENTMETODEN - DUGGA

5.80 Small-Molecule Spectroscopy and Dynamics

General Notes About 2007 AP Physics Scoring Guidelines

Atomic Physics. Final Mon. May 12, 12:25-2:25, Ingraham B10 Get prepared for the Final!

Text: WMM, Chapter 5. Sections , ,

ON RIGHT(LEFT) DUO PO-SEMIGROUPS. S. K. Lee and K. Y. Park

Mutually Independent Hamiltonian Cycles of Pancake Networks

The graph of y = x (or y = ) consists of two branches, As x 0, y + ; as x 0, y +. x = 0 is the

MAE4700/5700 Finite Element Analysis for Mechanical and Aerospace Design

Quasi-Classical States of the Simple Harmonic Oscillator

A Propagating Wave Packet Group Velocity Dispersion

Convergence analysis of a discontinuous Galerkin method with plane waves and Lagrange multipliers for the solution of Helmholtz problems

Hardy-Littlewood Conjecture and Exceptional real Zero. JinHua Fei. ChangLing Company of Electronic Technology Baoji Shannxi P.R.

Massachusetts Institute of Technology Department of Mechanical Engineering

Ewald s Method Revisited: Rapidly Convergent Series Representations of Certain Green s Functions. Vassilis G. Papanicolaou 1

There is an arbitrary overall complex phase that could be added to A, but since this makes no difference we set it to zero and choose A real.

Dynamic response of a finite length euler-bernoulli beam on linear and nonlinear viscoelastic foundations to a concentrated moving force

Another view for a posteriori error estimates for variational inequalities of the second kind

Problem Set #2 Due: Friday April 20, 2018 at 5 PM.

ph People Grade Level: basic Duration: minutes Setting: classroom or field site

Impedance Transformation and Parameter Relations

Content Skills Assessments Lessons. Identify, classify, and apply properties of negative and positive angles.

International Journal of Scientific & Engineering Research, Volume 6, Issue 7, July ISSN

Einstein Rosen inflationary Universe in general relativity

Case Study 1 PHA 5127 Fall 2006 Revised 9/19/06

AP Calculus BC AP Exam Problems Chapters 1 3

a g f 8 e 11 Also: Minimum degree, maximum degree, vertex of degree d 1 adjacent to vertex of degree d 2,...

A New Approach to the Fatigue Life Prediction for Notched Components Under Multiaxial Cyclic Loading. Zhi-qiang TAO and De-guang SHANG *

VALUING SURRENDER OPTIONS IN KOREAN INTEREST INDEXED ANNUITIES

An Extensive Study of Approximating the Periodic. Solutions of the Prey Predator System

perm4 A cnt 0 for for if A i 1 A i cnt cnt 1 cnt i j. j k. k l. i k. j l. i l

OVERFLOW IN A CYLINDRICAL PIPE BEND. 1. Introduction. Fig. 1: Overflow in a cylindrical pipe bend

Exam 1. It is important that you clearly show your work and mark the final answer clearly, closed book, closed notes, no calculator.

Finite element discretization of Laplace and Poisson equations

Bifurcation Theory. , a stationary point, depends on the value of α. At certain values

Where k is either given or determined from the data and c is an arbitrary constant.

nd the particular orthogonal trajectory from the family of orthogonal trajectories passing through point (0; 1).

Chapter 8 Public-key Cryptography and Digital Signatures

EEO 401 Digital Signal Processing Prof. Mark Fowler

Improved Dual to Ratio Cum Dual to Product Estimator in the Stratified Random Sampling

Bernadette Faye, Florian Luca, and Amadou Tall

Einstein Equations for Tetrad Fields

Elements of Statistical Thermodynamics

cycle that does not cross any edges (including its own), then it has at least

That is, we start with a general matrix: And end with a simpler matrix:

Transcription:

A NEW SIGNATURE PROTOCOL BASED ON RSA AND ELGAMAL SCHEME ABSTRACT J Ettanfoui and O Kadir Laboratory of Matmatics, Cryptograpy and Mcanics, Fstm, Univrsity Hassan II of Casablanca, Morocco In tis papr, w prsnt a nw signatur scm basd on factoring and discrt logaritm problms Drivd from a variant of ElGamal signatur protocol and t RSA algoritm, tis mtod can b sn as an altrnativ protocol if nown systms ar bron KEYWORDS Factoring, DLP, PKC, ElGamal signatur scm, RSA MSC: 94A 60 1 INTRODUCTION In 1977, Rivst, Samir, and Adlman[ 6 ] dscribd t famous RSA algoritm wic is basd on t prsumd difficulty of factoring larg intgrs In 1985, ElGamal [2] proposd a signatur digital protocol tat uss t ardnss of t discrt logaritm problm[ 5 p116, 7 p 213, 8 p 228 ] Sinc tn, many similar scms wr laboratd and publisd[1,3 ] Among tm, a nw variant was concivd in 2010 by t scond autor[ 4 ]In tis wor, w apply a combination of t nw variant of Elgamal and RSA algoritm to build a scur digital signatur T fficincy of t mtod is discussd and its scurity analyzd T papr is organisd as follows: In sction 2, w dscrib t basic ElGamal digital signatur algoritm and its variant Sction 3 is dvotd to our nw digital signatur mtod W nd wit t conclusion in sction 4 In t papr, w will rspct ElGamal wor notations [3] N, Z ar rspctivly t sts of intgrs and non-ngativ intgrs For vry positiv intgr n, w dnot by Z/ nz t finit ring of modular intgrs and by ( Z/ n Z) t iplicativ group of its invrtibl lmnts Lt a, b, c b tr intgrs T GCD of a and b is writtn as gcd ( a, b) W writ a b 01cm[ c] if c divids a b, and a = b mod c if a is t rst in t division of b by c T bit lngt of n is t numbr of bits in its binary modl, wit n an intgr W start by prsnting t basic ElGamal digital signatur algoritm and its variant: DOI: 105121/ijitmc20164302 11

2 ELGAMAL SIGNATURE SCHEME In tis sction w rcall ElGamal signatur scm[2] and its variant[4] 1 Alic cooss tr numbrs: - p, a larg prim intgr - α, a primitiv root of t finit iplicativ group - x, a random lmnt of {1,2,, p 1} ( Z/ p Z) 2 S computs y α x = mod p Alic s public y is (,, y) p α, and x is r privat y 3 To sign t documnt m, Alic must solv t problm: wr r, s ar t unnown variabls Alic fixs arbitrary r to b r = α mod p, wr is cosn randomly and invrtibl modulo p 1 Equation (1) is tn quivalnt to: (1) (2) Sinc Alic as t scrt y x, and as t numbr is invrtibl modulo p 1, s calculats t otr unnown variabl s by 4 Bob can vrify t signatur by ccing if congrunc (1) is valid for t variabls r and s givn by Alic 3 VARIANT OF ELGAMAL SIGNATURE SCHEME W prsnt a variant of ElGamal digital signatur systm Tis variant Error! Rfrnc sourc not found is basd on t quation: (3) r, s, t ar t unnown paramtrs, and ( p, α, y) ar Alic public ys p is an intgr (a larg prim) α is a primitiv root of lmnt of {1,2,,p-1} Z p y is calculatd by y α (4) x = mod p x is a random 12

Lt m = ( M ), wr is a as function, and M t mssag to b signd by Alic l To giv t solution (3), s fixs randomly r as r α mod p, and s to b s α mod p, wr, l ar slctd arbitrary in {1,2,,p-1} Equation (3) is tn quivalnt to: as Alic rcogniz t valus of r, s,, l, m, x, s is abl to calculat t last unnown variabl t Bob vrify t signatur by vrifying t congrunc (4) 1 tis systm dos not us t xtndd Euclidan algoritm for calculating mod ( p 1) W clarify t scm by t xampl givn by t crator of tis altrnativ[4] 31 EXAMPLE Lt ( p, α, y) b Alic public ys wr: p = 509, α = 2 and y = 482 W assrt tat w ar not confidnt if using a small valu of α dos not abat t protocol T privat y is x = 281 Suppos tat Alic wants to gnrat a signatur for t documnt M for wic m ( M ) 432[508] wit t xponnts = 208 and l = 386 ar randomly tan S computs 2 208 l r α 332[ p], s α 2 386 39[ p] and t rx + s + lm 440[ p 1] t r s m Bob or anyon can vrify t rlation α y r s [ p] Indd, w find tat α 436[ p] and y r r s s m 436[ p] 4 OUR PROTOCOL 41 DESCRIPTION In tis sction, w dscrib our nw digital signatur T protocol is basd sianously on two ard problms W assum first tat is a public scur as function li SHA1[5 p348, 7 p 242, 8 p133 ] W suppos tat Alic public ys ar ( P, α, y, ) wr: - P = 2 pq + 1, p, q ar tr prims - α, a primitiv root of t iplicativ group ( Z/ p Z) x - y = α mod P, wr x is t privat y of Alic, wic is randomly tan in {1,2,, P 1} (5) 13

- Elmnt is t public xponnt in t RSA cryptosystm W propos t following protocol: If Alic wants to sign t mssag M, s must giv a solution for t modular quation: wr m = ( M ) mod p, and r, s, t ar unnown (6) To solv quation (5), Alic starts by putting: (7) Equation (5) bcoms: (8) Alic uss t nw variant of Elgamal algoritm[4] to solv quation (9) and to gt t valus of r, s and t Tn wit r RSA privat y s solvs quations (7) and (8) T cupl r and s is r signatur for t mssag M Bob or anybody can cc tat t signatur is valid by rplacing r, s and t in rlation (5) 42 EXAMPLE Lt us illustrat t mtod by t following xampl Suppos tat Alic s public y is: P = 2167313 + 1 = 104543, α = 5, y = 23292, = 7 T privat ys for RSA and ElGamal systms ar rspctivly: x = 9502, d = 7399 Assum tat m = ( M ) = 12345 is t asd mssag tat s lis to sign If s tas Randomly = 845 and l = 2561 S will find from quation 8 tat r = 17744, s = 31839 Rlation 4 implis t = 57764 Alic uss (6) and (7) to obtain: (9) 14

r r d [ P 1] 75282 s s d [ P 1] 19005 t r mod P 1 To vrify Bob puts A = α mod P = 62833, B = y mod P = 79849, ( s mod P 1) m C = ( r mod P 1) mod P = 83421 and D = ( s mod P 1) mod P = 212997, and ccs if A = B C D mod P 43 SECURITY ANALYSIS Now tat w av prsntd t protocol, w will discuss som possibl attacs Assum tat Oscar is Alic s opponnt ATTACK 1: If t attacr try to imitat t computation mad by Alic, can find r and s, but to find t nds t valu of t privat y x to solv quation 4 ATTACK 2: Suppos Oscar is capabl to solv t discrt logaritm problm [2] H cannot calculat r and s from quation (7) and (8) will b confrontd to t factorisation of a larg composit modulus [5,8] ATTACK 3: Suppos Oscar is capabl to solv RSA quations (7) and (8) Oscar cannot gt t from quation (9) sinc x is Alic s scrt y If tris to gt t from quation (4), will b stoppd by t discrt logaritm problm 44 COMPLEXITY OF OUR ALGORITHM As in [1], lt T xp, T and T b appropriatly t tim to calculat an xponntiation, a iplication and as function of a documnt M W nglct t tim ndd for modular substraction, additions, comparisons and apply t convrsion T = 240T 441 SIGNATURE COMPLEXITY To sign t mssag M, Alic must comput t six paramtrs: l d d m = ( M ) mod P, r α [P], s α [P], r r [ P 1], s s [ P 1], t xr + s + lm [ P 1] Alic nds to prform four modular xponntiations, tr modular iplications and on as function computation So t global rquird tim is : 442 VERIFICATION COMPLEXITY xp xp T = 4T + 3T + T = 963T + T 1 Bob sould calculat 4 xponntiations, 2 iplications and on as function So t global rquird tim is : T = 4T + 2T + T = 962T + T 2 xp 15

5 CONCLUSION In tis wor, w proposd a nw signatur protocol tat can b an altrnativ if old systms ar bron Our mtod is basd sianyously on RSA cryptosystm and DLP ACKNOWLEDGEMENTS Tis wor is supportd by t MMS -orintation projct REFERENCES [1] R R Amad, E S Ismail,and N M F Taat, A nw digital signatur scm basd on factoring and discrt logaritms, J of Matmatics and Statistics (4): (2008), pp [2] T ElGamal, A public y cryptosystm and a signatur scm basd on discrt logaritm problm, IEEE Trans Info Tory, IT-31, (1985), pp [3] LC Guillou, JJ Quisquatr, A Paradoxial Idntity-basd SIgnatur Scm Rsulting from Zro- Knowldg, Advancs in cryptograpy, LNCS 403, (1990) pp [4] O Kadir, Nw variant of ElGamal signatur scm, Int J Contmp Mat Scincs, Vol 5, no 34, (2010), pp [5] A J Mnzs, P C van Oorscot and S A Vanston, Handboo of applid cryptograpy, CRC Prss, Boca Raton, Florida, 1997 [6] R Rivst, A Samir and L Adlman, A mtod for obtaining digital signaturs and public y cryptosystms, Communication of t ACM, Vol no 21, (1978), pp [7] J Bucmann, Introduction to Cryptograpy,(Scond Edition), Springr 2000 [8] D R Stinson, Cryptograpy, tory and practic, scond Edition, Capman & Hall/CRC, 2006 Autors Jaouad Ettanfoui olds an nginr dgr in Computr Scinc from t Univrsity of Hassan II of Casablanca (2011) Mmbr of t laboratory of Matmatics, Cryptograpy and Mcanics, is prparing a tsis in public y cryptograpy Dr Omar Kadir rcivd is PD dgr in Computr Scinc from t Univrsity of Roun, Franc (1994) Co-foundr of t Laboratory of Matmatics, Cryptograpy and Mcanics at t Univrsity of Hassan II Casablanca, Morocco, wr is a profssor in t Dpartmnt of Matmatics H tacs cryptograpy for graduat studnts prparing a dgr in computr scinc His currnt rsarc intrsts includ public y cryptograpy, digital signatur, primality, factorisation of larg intgrs and mor gnrally, all subjcts connctd to t information tcnology 16

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback