This preview shows page 1. Sign up to view the full content.
Unformatted text preview: as Beth invented a variant of the ElGamal scheme suitable for proofs of identity [146]. There are variants for password authentication [312], and for key exchange [773]. And there are thousands more (see Section 20.4). ElGamal Encryption A modification of ElGamal can encrypt messages. To encrypt message M, first choose a random k, such that k is relatively prime to p  1. Then compute a = gk mod p b = ykM mod p The pair, a and b, is the ciphertext. Note that the ciphertext is twice the size of the plaintext. To decrypt a and b, compute M = b/ax mod p Since ax a gkx (mod p), and b/ax a ykM/ax a gxkM/gxk a M (mod p), this all works (see Table 19.6). This is really the same as DiffieHellman key exchange (see Section 22.1), except that y is part of the key, and the encryption is multiplied by yk. Speed
Table 19.7 gives sample software speeds of ElGamal [918]. Table 19.6 ElGamal Encryption Public Key: p prime (can be shared among a group of users) g < p (can be shared among a group of users) y = gx mod p Private Key: x <p Encrypting: k choose at random, relatively prime to p  1. a (ciphertext) = gk mod p b (ciphertext) = ykM mod p Decrypting: M (plaintext) = b/ax mod p Patents
ElGamal is unpatented. But, before you go ahead and implement the algorithm, realize that PKP feels that this algorithm is covered under the DiffieHellman patent [718]. However, the DiffieHellman patent will expire on April 29, 1997, making ElGamal the first publickey cryptography algorithm suitable for encryption and digital signatures unencumbered by patents in the United States. I can hardly wait. 19.7 McEliece
In 1978 Robert McEliece developed a publickey cryptosystem based on algebraic coding theory [1041]. The algorithm makes use of the existence of a class of errorcorrecting codes, known as Goppa codes. His idea was to construct a Goppa code and disguise it as a general linear code. There is a fast algorithm for decoding Goppa codes, but the general problem of finding a code word of a given weight in a linear b...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details