chapter6-1 - Public-Key Cryptosystems Based on the Discrete...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Public-Key Cryptosystems Based on the Discrete Logarithm • The ElGamal Cryptosystem • Algorithms for the Discrete Logarithm Problem • Finite Fields • Elliptic Curves • Discrete Logarithm Algorithms in Practice • Security of ElGamal Systems
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 The ElGamal Cryptosystem Let G be a group and α G having order n. Define α = {α i : 0 i n-1} α is a subgroup of G and a cyclic of order n Problem 6.1: Discrete Logarithm Instance: A multiplicative group (G, ·), an element α G having order n, and an element β   α Question: Find the unique integer a , 0 a n-1, such that α a = β. We will denote this integer a by log α β. Recall : Let p be prime, G = Zp*, and α be a primitive element modulo p. Then o(α) = p-1 and G = α
Background image of page 2
3 Cryptosystem 6.1 : ElGamal Public-key Cryptosystem in Zp* Let p be a prime such that the Discrete Logarithm problem in (Zp*, ) is infeasible, and let α Zp* be a primitive element . Let P = Zp*, C = Zp* × Zp*, and define K = {(p, α, a, β) : β ≡ α a (mod p)}. The values p, α, and β are the public key, and a is the private key. For K=(p, α, a, β) and a (secret) number k Zp* , define e K (x, k) = (y 1 , y 2 ) = ( α k mod p , k mod p ) For y 1 , y 2 Z p * , define d K (y 1 , y 2 ) = y 2 (y 1 a ) -1 mod p
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Example 6.1 Suppose Bob picks p = 2579, α = 2, and a = 765. So β = 2 765 mod 2579 = 949 • Alice picks k = 853 and encrypts the plaintext x=1299 using the public key y 1 = 2 853 mod 2579 = 435, and y 2 = 1299 × 949 853 mod 2579 = 2396 • Bob decrypts the ciphertext (435, 2396) using the private key x = 2396 × (435 765 ) -1 mod 2579 = 1299
Background image of page 4
5 The ElGamal Cryptosystem • Published in 1985 by ElGamal • Its security based on the intractability of the discrete logarithm problem • Message expansion: the ciphertext is twice as big as the original message • Uses randomization, each message has p-1possible different encryptions
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Parameters Size • All parties could use the same modulus p and generator α • Different encryptions should use different k • Prime p should be chosen as 1024 bits( or at least 300 digit and p-1 should have at least one large prime factor) to ensure that DLP is infeasible, while k should be 160 bits • Several algorithms to compute discrete logarithms
Background image of page 6
7 Algorithms for Discrete Logarithm • Let G be a group, α G, and o(α) = n. Given β   α , find the unique exponent a, 0 a n-1, such that α a = β • Let m = Write a = j*m+i, where 0 i m-1 and 0 j m-1 α j*m+i = β α j*m = α -i β n  
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 ALGORITHM: SHANKS(G,n, , ) 1. m ; 2. for j 0 to m - 1 do compute mj 3. Sort the m ordered pairs (j, ) with respect to the second coordinate. Obtaining a list L 1 4. for i 0 to m - 1 do compute  -i 5. Sort the m ordered pairs (i,  -i ) , with respect to the second coordinate. Obtaining a list L 2 6. Find a pair (j,y) in L1 and a pair (i,y) in L 2 7. log   (m*j+i) mod n n  
Background image of page 8
9 Example 6.2 Consider Z 809 *. α = 3 and β = 525. Compute log 3 525. n = o(α) = 808, m = = 29. . Then α 29 mod 809 = 99 First, we compute the ordered pairs (j, 99 j mod 809) for 0 j 28. We obtain the list (0,1) (1,99) (2,93) (3,308) (4,559)
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/25/2010 for the course ALL 0204 taught by Professor 79979 during the Spring '10 term at National Chiao Tung University.

Page1 / 96

chapter6-1 - Public-Key Cryptosystems Based on the Discrete...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online