5.discrete-log

5.discrete-log - 1 Cryptosystems Based on Discrete...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 1 Cryptosystems Based on Discrete Logarithms 2 Outline Discrete Logarithm Problem Cryptosystems Based on Discrete Logarithm Encryption Digital signature 3 { } 1 2 | | 1 A group is if there is an element of order | |. In this case, , , , , ; is called a generator. Let ( , ) be a finite g cycl roup ( ic not Discrete logarithm problem (DLP) G G G G G G - = K { } 1 2 1 necessarily cyclic). Let be an element of order . Then, , , , , is a cyclic (sub)group of order . For any , there is a unique such that . This integer i s call n x n G n n y x Z y x - = = K ed the discrete logarithm (or index) of with respect to base . We write log . The DLP is to compute log for a given . y y x y y = 4 { } { } * 1 2 2 * * 1 2 1 * * . , , , , , where is a large prime, and is a generator of . ( is cyclic when is prime.) . , , , , , where Frequently used settings p p p q p p p G Z G p G Z p G Z Z Z -- = = = = = K K is an element of prime order . Elliptic curves defined over finite fields. For these settings, there is no polynomial-time algorithm for DLP. q 5 * 19 * 19 1 2 3 4 5 6 7 2 2 2 {1, 2, ..., 18}. 2 is a generator. That is, 2 . 2 1, 2 2, 2 4, 2 8, 2 16, 2 13, 2 7, 2 14, log 7 6 log 14 7 log 12 ? Example 1 G Z Z = = = = = = = = = = = = = = K 6 { } { } * 11 * 11 3 3 1, 2, , 10 . 3 = 1, 3, 9, 5, 4 . 3 is a generator of , but not a generator of . log 5 3 log 10 not defined Example 2 G Z G G Z = = = = = K 7 { } { } { } 1 2 * * 1 * 1 * 2 Let be a generator of (a primitive root of unity modulo ). Z 1, 2, , 1 , , , , . , , , , . Given , find the uni 0 1 2 2 que such that m DLP in p p p p p x p p p Z p p Z y Z x Z y Z --- =- = = - = K K K ( 29 ( 29 * lo * g od . That is, given , find . There is a subexponential-time algorithm for DLP in Index Calculus, 2 , where log . p O p n n x p Z O x n p Z = g 8 1 Let be a generator of (any element coprime to ). Given , find the unique such tha Easy or hard t mod , . ? ) DLP in ( n n n n Z n y Z x Z y x n Z - + = 9 ( 29 1 1 RSA RSA RSA RSA is a one-way function: (easy) (difficult) trapdo ( is a trapdoor) Logar or RSA vs. Discrete Logarithm e e d e x x x x x x d-- exp log ithm is the inverse of exponetiation: (easy) (difficult) log is hard to compute, so exp is a one-way function,...
View Full Document

This note was uploaded on 01/22/2011 for the course CSE 794 taught by Professor Tenh.lai during the Spring '10 term at Ohio State.

Page1 / 27

5.discrete-log - 1 Cryptosystems Based on Discrete...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online