{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

5.discrete-log

5.discrete-log - Cryptosystems Based on Discrete Logarithms...

This preview shows pages 1–10. Sign up to view the full content.

1 Cryptosystems Based on Discrete Logarithms

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
2 Outline Discrete Logarithm Problem Cryptosystems Based on Discrete Logarithm Encryption Digital signature
3 { } 0 1 2 | | 1 A group is if there is an element of order | |. In this case, , , , , ; is called a generator. Let ( , ) be a finite g cycl roup ( ic not Discrete logarithm problem (DLP) G G G G G G α α α α α α - = K { } 0 1 2 1 necessarily cyclic). Let be an element of order . Then, , , , , is a cyclic (sub)group of order . For any , there is a unique such that . This integer i s call n x n G n n y x Z y x α α α α α α α α - = = K ed the discrete logarithm (or index) of with respect to base . We write log . The DLP is to compute log for a given . y y x y y α α α =

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
4 { } { } * 0 1 2 2 * * 0 1 2 1 * * . , , , , , where is a large prime, and is a generator of . ( is cyclic when is prime.) . , , , , , where Frequently used settings p p p q p p p G Z G p G Z p G Z Z Z α α α α α α α α α α α α - - = = = = = K K is an element of prime order . Elliptic curves defined over finite fields. For these settings, there is no polynomial-time algorithm for DLP. q
5 * 19 * 19 0 1 2 3 4 5 6 7 2 2 2 {1, 2, ..., 18}. 2 is a generator. That is, 2 . 2 1, 2 2, 2 4, 2 8, 2 16, 2 13, 2 7, 2 14, log 7 6 log 14 7 log 12 ? Example 1 G Z Z = = = = = = = = = = = = = = K

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
6 { } { } * 11 * 11 3 3 1, 2, , 10 . 3 = 1, 3, 9, 5, 4 . 3 is a generator of , but not a generator of . log 5 3 log 10 not defined Example 2 G Z G G Z = = = = = K
7 { } { } { } 0 1 2 * * 1 * 1 * 2 Let be a generator of (a primitive root of unity modulo ). Z 1, 2, , 1 , , , , . , , , , . Given , find the uni 0 1 2 2 que such that m DLP in p p p p p x p p p Z p p Z y Z x Z y Z α α α α α α - - - = - = = - = K K K ( 29 ( 29 * lo * g od . That is, given , find . There is a subexponential-time algorithm for DLP in Index Calculus, 2 , where log . p O p n n x p Z O x n p Z α = g

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
8 1 Let be a generator of (any element coprime to ). Given , find the unique such tha Easy or hard t mod , . ? ) DLP in ( n n n n Z n y Z x Z y x n Z α α - + =
9 ( 29 1 1 RSA RSA RSA RSA is a one-way function: (easy) (difficult) trapdo ( is a trapdoor) Logar or RSA vs. Discrete Logarithm e e d e x x x x x x d - - → ← ← exp log ithm is the inverse of exponetiation: (easy) (difficult) log is hard to compute, so exp is a one-way function, but without a trapd x x x x α α α α → ← .

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}