04 publickeycrypto

04 publickeycrypto

This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: tion Select k: 1 ≤ k ≤ q-2 Select C1 = k mod q C1 mod C2 = (ykM) mod q C2 Ciphertext = (C1,C2) Ciphertext Decryption: Decryption M = [C2 * (C1x )-1 ] mod q [C2 mod where b-1 (mod q) is the “multiplicative inverse” of b (mod q), i.e. (mod [b*b-1 ] mod q = 1 mod q ; mod El Gamal Encryption of plaintext message M (< q ): Encryption Select k: 0< k < q, relatively prime to (q-1) Select C1 = k mod q C1 mod C2 = (ykM) mod q C2 Ciphertext = (C1,C2) Ciphertext Decryption: Decryption M = [C2 * (C1x )-1 ] mod q [C2 mod Proof: [C2 * (C1x )-1 ]mod q = [yk M * (C1x )-1 ]mod qmod (C1mod = [kx M * (C1x )-1 ]mod q = [C1x * M * (C1x )-1 ] mod q = M mod q = M (C1mod (C1 mod k mod q = kx mod q = C1x because y mod mod where where b-1 (mod q) is the “multiplicative inverse” of b (mod q), i.e. (mod [b*b-1 ] mod q = 1 mod q ; mod e.g. 8-1 (mod 17) = 15 (mod 17) because (8 * 15) mod 17 = (17*7+1) mod 17 = 1 (mod We can use Fermat’s little theorem to find b-1 mod q : mod If q is prime and q does not divide b, then b-1 mod q = bq-2 mod q mod mod El Gamal - an example El Gamal Ell Gamal can be considered to be a generalization of Diffie-Hellman keyE exchange algorithm => relies on the difficulty of doing discrete logarithm: y = x mod q mod Advantages: Advantages: support both encryption and digital signature support Not patented (but someone claims it is covered by the DH patent) Not Drawbacks: Drawbacks: The ciphertext (or digtial signature) is about twice as big as the plaintext (or The message digest to be signed on) The scheme was never popular in practice The The Digital Signature Algorithm (DSA) used in the US Digital Signature The Standards (DSS) was a variant/ or based on the El Gamal’s scheme ; The inventor, Taher El Gamal, also from Stanford was Netscape’s Director of The Security at one point Digital Signature Standard (DSS) In 1991, NIST in US standardized In Digital Signature Standard (DSS). SHA-1 is used to first compute the message digest which is then signed by the Digital Signature Algorithm (DSA). DSA is based on a variant of El DSA Gamal digital signature, thus also inherits it’s “size-doubling” property => SHA-1 digest is 160bit long, the DSA signature is 320 bits long: signature = (r,s). Since DSA does not support Since encryption by design, it avoids US technology-export concerns. Elliptic Curve Cryptosystems (ECC) Independent proposed by Koblitz (U. of Washington) and Miller (IBM) in 1985 Independent Depends on the difficulty of the elliptic curve logarithm problem Depends fastest method is “Pollard rho method” fastest Best attacks for discrete logarithm problem do NOT apply to elliptic curve Best logarithm problem The first true alternative for RSA The ECC is beginning to challenge RSA in practical deployment in selected ECC areas: embedded, wireless/mobile systems It is a family of cryptosystems instead of a single one: It ECC replaces modulo exponentiation by elliptic curve multiplication (and ECC modulo multiplication replaced by ECC addition) Apply directly to Diffie-Hellman, El Gamal and DSA to yield ECC DiffieApply Hellman (ECDH), ECC-ElGamal and ECC-DSA algorithms to support key exchange, encryption and digital signature...
View Full Document

This note was uploaded on 04/15/2013 for the course IE IERG4130 taught by Professor Zhangkehuan during the Spring '13 term at CUHK.

Ask a homework question - tutors are online