{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

5.discrete-log - Cryptosystems Based on Discrete Logarithms...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Cryptosystems Based on Discrete Logarithms
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 Outline Discrete Logarithm Problem Cryptosystems Based on Discrete Logarithm Encryption Digital signature
Background image of page 2
3 { } 0 1 2 | | 1 A group is if there is an element of order | |. In this case, , , , , ; is called a generator. Let ( , ) be a finite g cycl roup ( ic not Discrete logarithm problem (DLP) G G G G G G α α α α α α - = K { } 0 1 2 1 necessarily cyclic). Let be an element of order . Then, , , , , is a cyclic (sub)group of order . For any , there is a unique such that . This integer i s call n x n G n n y x Z y x α α α α α α α α - = = K ed the discrete logarithm (or index) of with respect to base . We write log . The DLP is to compute log for a given . y y x y y α α α =
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
4 { } { } * 0 1 2 2 * * 0 1 2 1 * * . , , , , , where is a large prime, and is a generator of . ( is cyclic when is prime.) . , , , , , where Frequently used settings p p p q p p p G Z G p G Z p G Z Z Z α α α α α α α α α α α α - - = = = = = K K is an element of prime order . Elliptic curves defined over finite fields. For these settings, there is no polynomial-time algorithm for DLP. q
Background image of page 4
5 * 19 * 19 0 1 2 3 4 5 6 7 2 2 2 {1, 2, ..., 18}. 2 is a generator. That is, 2 . 2 1, 2 2, 2 4, 2 8, 2 16, 2 13, 2 7, 2 14, log 7 6 log 14 7 log 12 ? Example 1 G Z Z = = = = = = = = = = = = = = K
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
6 { } { } * 11 * 11 3 3 1, 2, , 10 . 3 = 1, 3, 9, 5, 4 . 3 is a generator of , but not a generator of . log 5 3 log 10 not defined Example 2 G Z G G Z = = = = = K
Background image of page 6
7 { } { } { } 0 1 2 * * 1 * 1 * 2 Let be a generator of (a primitive root of unity modulo ). Z 1, 2, , 1 , , , , . , , , , . Given , find the uni 0 1 2 2 que such that m DLP in p p p p p x p p p Z p p Z y Z x Z y Z α α α α α α - - - = - = = - = K K K ( 29 ( 29 * lo * g od . That is, given , find . There is a subexponential-time algorithm for DLP in Index Calculus, 2 , where log . p O p n n x p Z O x n p Z α = g
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
8 1 Let be a generator of (any element coprime to ). Given , find the unique such tha Easy or hard t mod , . ? ) DLP in ( n n n n Z n y Z x Z y x n Z α α - + =
Background image of page 8
9 ( 29 1 1 RSA RSA RSA RSA is a one-way function: (easy) (difficult) trapdo ( is a trapdoor) Logar or RSA vs. Discrete Logarithm e e d e x x x x x x d - - → ← ← exp log ithm is the inverse of exponetiation: (easy) (difficult) log is hard to compute, so exp is a one-way function, but without a trapd x x x x α α α α → ← .
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}