Unformatted text preview: ok:
Go! Previous Table of Contents Next
 Patents
The PohligHellman algorithm is patented in the United States [722] and also in Canada. PKP licenses the patent, along with other publickey cryptography patents (see Section 25.5). 19.5 Rabin
Rabin’s scheme [1283,1601] gets its security from the difficulty of finding square roots modulo a composite number. This problem is equivalent to factoring. Here is one implementation of this scheme. First choose two primes, p and q, both congruent to 3 mod 4. These primes are the private key; the product n = pq is the public key. To encrypt a message, M (M must be less than n), simply compute C = M2 mod n Decrypting the message is just as easy, but slightly more annoying. Since the receiver knows p and q, he can solve the two congruences using the Chinese remainder theorem. Compute m1 = C(p + 1)/4 mod p m2 = (p  C(p+ 1)/4) mod p m3 = C(q + 1)/4 mod q m4 = (q  C(q + 1)/4) mod q Then choose an integer a = q(q1 mod p) and a integer b = p(p1 mod q). The four possible solutions are: M1 = (am1 + bm3) mod n M2 = (am1 + bm4) mod n M3 = (am2 + bm3) mod n M4 = (am2 + bm4) mod n One of those four results, M1, M2, M3, or M4, equals M. If the message is English text, it should be easy to choose the correct Mi. On the other hand, if the message is a randombit stream (say, for key generation or a digital signature), there is no way to determine which Mi is correct. One way to solve this problem is to add a known header to the message before encrypting. Williams
Hugh Williams redefined Rabin’s schemes to eliminate these shortcomings [1601]. In his scheme, p and q are selected such that p a 3 mod 8 q a 7 mod 8 and N = pq Also, there is a small integer, S, such that J(S,N) = 1. (J is the Jacobi symbol—see Section 11.3). N and S are public. The secret key is k, such that k = 1/2 * (1/4 * (p  1) * (q  1) + 1) To encrypt a message M, compute c1 such that J(M,N) = (1)c1. Then, compute M’ = (Sc1 * M) mod N. Like Rabin’s scheme, C = M’2 mod N. And c2 = M’ mod 2. The f...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details