This preview shows pages 1–10. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: 1 Cryptosystems Based on Discrete Logarithms 2 Outline Discrete Logarithm Problem Cryptosystems Based on Discrete Logarithm Encryption Digital signature 3 { } 1 2   1 A group is if there is an element of order  . In this case, , , , , ; is called a generator. Let ( , ) be a finite g cycl roup ( ic not Discrete logarithm problem (DLP) G G G G G G  = K { } 1 2 1 necessarily cyclic). Let be an element of order . Then, , , , , is a cyclic (sub)group of order . For any , there is a unique such that . This integer i s call n x n G n n y x Z y x  = = K ed the discrete logarithm (or index) of with respect to base . We write log . The DLP is to compute log for a given . y y x y y = 4 { } { } * 1 2 2 * * 1 2 1 * * . , , , , , where is a large prime, and is a generator of . ( is cyclic when is prime.) . , , , , , where Frequently used settings p p p q p p p G Z G p G Z p G Z Z Z  = = = = = K K is an element of prime order . Elliptic curves defined over finite fields. For these settings, there is no polynomialtime algorithm for DLP. q 5 * 19 * 19 1 2 3 4 5 6 7 2 2 2 {1, 2, ..., 18}. 2 is a generator. That is, 2 . 2 1, 2 2, 2 4, 2 8, 2 16, 2 13, 2 7, 2 14, log 7 6 log 14 7 log 12 ? Example 1 G Z Z = = = = = = = = = = = = = = K 6 { } { } * 11 * 11 3 3 1, 2, , 10 . 3 = 1, 3, 9, 5, 4 . 3 is a generator of , but not a generator of . log 5 3 log 10 not defined Example 2 G Z G G Z = = = = = K 7 { } { } { } 1 2 * * 1 * 1 * 2 Let be a generator of (a primitive root of unity modulo ). Z 1, 2, , 1 , , , , . , , , , . Given , find the uni 0 1 2 2 que such that m DLP in p p p p p x p p p Z p p Z y Z x Z y Z  = = =  = K K K ( 29 ( 29 * lo * g od . That is, given , find . There is a subexponentialtime algorithm for DLP in Index Calculus, 2 , where log . p O p n n x p Z O x n p Z = g 8 1 Let be a generator of (any element coprime to ). Given , find the unique such tha Easy or hard t mod , . ? ) DLP in ( n n n n Z n y Z x Z y x n Z  + = 9 ( 29 1 1 RSA RSA RSA RSA is a oneway function: (easy) (difficult) trapdo ( is a trapdoor) Logar or RSA vs. Discrete Logarithm e e d e x x x x x x d exp log ithm is the inverse of exponetiation: (easy) (difficult) log is hard to compute, so exp is a oneway function,...
View
Full
Document
This note was uploaded on 01/22/2011 for the course CSE 794 taught by Professor Tenh.lai during the Spring '10 term at Ohio State.
 Spring '10
 TenH.Lai

Click to edit the document details