applied cryptography - protocols, algorithms, and source code in c

# The scheme is two to three orders of magnitude faster

This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ok: Go! Previous Table of Contents Next ----------- Patents The Pohlig-Hellman algorithm is patented in the United States [722] and also in Canada. PKP licenses the patent, along with other public-key cryptography patents (see Section 25.5). 19.5 Rabin Rabin’s scheme [1283,1601] gets its security from the difficulty of finding square roots modulo a composite number. This problem is equivalent to factoring. Here is one implementation of this scheme. First choose two primes, p and q, both congruent to 3 mod 4. These primes are the private key; the product n = pq is the public key. To encrypt a message, M (M must be less than n), simply compute C = M2 mod n Decrypting the message is just as easy, but slightly more annoying. Since the receiver knows p and q, he can solve the two congruences using the Chinese remainder theorem. Compute m1 = C(p + 1)/4 mod p m2 = (p - C(p+ 1)/4) mod p m3 = C(q + 1)/4 mod q m4 = (q - C(q + 1)/4) mod q Then choose an integer a = q(q-1 mod p) and a integer b = p(p-1 mod q). The four possible solutions are: M1 = (am1 + bm3) mod n M2 = (am1 + bm4) mod n M3 = (am2 + bm3) mod n M4 = (am2 + bm4) mod n One of those four results, M1, M2, M3, or M4, equals M. If the message is English text, it should be easy to choose the correct Mi. On the other hand, if the message is a random-bit stream (say, for key generation or a digital signature), there is no way to determine which Mi is correct. One way to solve this problem is to add a known header to the message before encrypting. Williams Hugh Williams redefined Rabin’s schemes to eliminate these shortcomings [1601]. In his scheme, p and q are selected such that p a 3 mod 8 q a 7 mod 8 and N = pq Also, there is a small integer, S, such that J(S,N) = -1. (J is the Jacobi symbol—see Section 11.3). N and S are public. The secret key is k, such that k = 1/2 * (1/4 * (p - 1) * (q - 1) + 1) To encrypt a message M, compute c1 such that J(M,N) = (-1)c1. Then, compute M’ = (Sc1 * M) mod N. Like Rabin’s scheme, C = M’2 mod N. And c2 = M’ mod 2. The f...
View Full Document

## This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.

Ask a homework question - tutors are online