# chapter6-1 - Public-Key Cryptosystems Based on the Discrete...

This preview shows pages 1–10. Sign up to view the full content.

1 Public-Key Cryptosystems Based on the Discrete Logarithm • The ElGamal Cryptosystem • Algorithms for the Discrete Logarithm Problem • Finite Fields • Elliptic Curves • Discrete Logarithm Algorithms in Practice • Security of ElGamal Systems

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
2 The ElGamal Cryptosystem Let G be a group and α G having order n. Define α = {α i : 0 i n-1} α is a subgroup of G and a cyclic of order n Problem 6.1: Discrete Logarithm Instance: A multiplicative group (G, ·), an element α G having order n, and an element β   α Question: Find the unique integer a , 0 a n-1, such that α a = β. We will denote this integer a by log α β. Recall : Let p be prime, G = Zp*, and α be a primitive element modulo p. Then o(α) = p-1 and G = α
3 Cryptosystem 6.1 : ElGamal Public-key Cryptosystem in Zp* Let p be a prime such that the Discrete Logarithm problem in (Zp*, ) is infeasible, and let α Zp* be a primitive element . Let P = Zp*, C = Zp* × Zp*, and define K = {(p, α, a, β) : β ≡ α a (mod p)}. The values p, α, and β are the public key, and a is the private key. For K=(p, α, a, β) and a (secret) number k Zp* , define e K (x, k) = (y 1 , y 2 ) = ( α k mod p , k mod p ) For y 1 , y 2 Z p * , define d K (y 1 , y 2 ) = y 2 (y 1 a ) -1 mod p

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
4 Example 6.1 Suppose Bob picks p = 2579, α = 2, and a = 765. So β = 2 765 mod 2579 = 949 • Alice picks k = 853 and encrypts the plaintext x=1299 using the public key y 1 = 2 853 mod 2579 = 435, and y 2 = 1299 × 949 853 mod 2579 = 2396 • Bob decrypts the ciphertext (435, 2396) using the private key x = 2396 × (435 765 ) -1 mod 2579 = 1299
5 The ElGamal Cryptosystem • Published in 1985 by ElGamal • Its security based on the intractability of the discrete logarithm problem • Message expansion: the ciphertext is twice as big as the original message • Uses randomization, each message has p-1possible different encryptions

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
6 Parameters Size • All parties could use the same modulus p and generator α • Different encryptions should use different k • Prime p should be chosen as 1024 bits( or at least 300 digit and p-1 should have at least one large prime factor) to ensure that DLP is infeasible, while k should be 160 bits • Several algorithms to compute discrete logarithms
7 Algorithms for Discrete Logarithm • Let G be a group, α G, and o(α) = n. Given β   α , find the unique exponent a, 0 a n-1, such that α a = β • Let m = Write a = j*m+i, where 0 i m-1 and 0 j m-1 α j*m+i = β α j*m = α -i β n  

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
8 ALGORITHM: SHANKS(G,n, , ) 1. m ; 2. for j 0 to m - 1 do compute mj 3. Sort the m ordered pairs (j, ) with respect to the second coordinate. Obtaining a list L 1 4. for i 0 to m - 1 do compute  -i 5. Sort the m ordered pairs (i,  -i ) , with respect to the second coordinate. Obtaining a list L 2 6. Find a pair (j,y) in L1 and a pair (i,y) in L 2 7. log   (m*j+i) mod n n  
9 Example 6.2 Consider Z 809 *. α = 3 and β = 525. Compute log 3 525. n = o(α) = 808, m = = 29. . Then α 29 mod 809 = 99 First, we compute the ordered pairs (j, 99 j mod 809) for 0 j 28. We obtain the list (0,1) (1,99) (2,93) (3,308) (4,559)

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
This is the end of the preview. Sign up to access the rest of the document.

## This note was uploaded on 12/25/2010 for the course ALL 0204 taught by Professor 79979 during the Spring '10 term at National Chiao Tung University.

### Page1 / 96

chapter6-1 - Public-Key Cryptosystems Based on the Discrete...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online