{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

applied cryptography - protocols, algorithms, and source code in c

# In theory theory and practice are the same in

This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: the ciphertext, he cannot prove that the ciphertext is the encryption of the plaintext without the private decryption key. Even if he tries exhaustive search, he can only prove that every conceivable plaintext is a possible plaintext. Under this scheme, the ciphertext will always be larger than the plaintext. You can’t get around this; it’s a result of the fact that many ciphertexts decrypt to the same plaintexts. The first probabilistic encryption scheme [625] resulted in a ciphertext so much larger than the plaintext that it was unusable. However, Manual Blum and Goldwasser have an efficient implementation of probabilistic encryption using the Blum Blum Shub (BBS) random-bit generator described in Section 17.9 [199]. The BBS generator is based on the theory of quadratic residues. In English, there are two primes, p and q, that are congruent to 3 modulo 4. That’s the private key. Their product, pq =n, is the public key. (Mind your ps and qs; the security of this scheme rests in the difficulty of factoring n.) To encrypt a message, M, first choose some random x, relatively prime to n. Then compute x0 = x2 mod n Use x0 as the seed of the BBS pseudo-random-bit generator and use the output of the generator as a stream cipher. XOR M, one bit at a time, with the output of the generator. The generator spits out bits bi (the least-significant bit of xi, where xi =xi-12 mod n), so M = M1 , M2 , M3 , ..., Mt C = M1 • b1 , M2 • b2 , M3 • b3 , ..., Mt • bt where t is the length of the plaintext Append the last computed value, xt, to the end of the message and you’re done. The only way to decrypt this message is to recover x0 and then set up the same BBS generator to XOR with the ciphertext. Because the BBS generator is secure to the left, the value xt is of no use to the cryptanalyst. Only someone who knows p and q can decrypt the message. In C, the algorithm to recover x0 from xt is: int x0 (int p, int q, int n, int t, int xt) { int a, b, u, v, w, z; /* we already know that gcd...
View Full Document

{[ snackBarMessage ]}

### What students are saying

• As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

Kiran Temple University Fox School of Business ‘17, Course Hero Intern

• I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

Dana University of Pennsylvania ‘17, Course Hero Intern

• The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

Jill Tulane University ‘16, Course Hero Intern