L03_publickeycrypto

E bb 1 mod q 1 mod q bb 1 eg 1 8 1 mod 17

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 1 b--1 (mod q) is the “multiplicative inverse” of b (mod q), i.e. [b*b--1 ] mod q = 1 mod q ; [b*b 1 e.g. 1 8--1 (mod 17) = 15 (mod 17) because (8 * 15) mod 17 = (17*7+1) mod 17 = 1 (mod 1 We can use Fermat’s little theorem to find b--1 mod q : 1 -2 If q is prime and q does not divide b, then b--1 mod q = bqq-2 mod q If mod El Gamal - an example El Gamal El Gamal can be considered to be a generalization of Diffie-Hellman keyexchange algorithm => relies on the difficulty of doing discrete logarithm: y = αx mod q mod Advantages: support both encryption and digital signature Not patented (but someone claims it is covered by the DH patent) Drawbacks: The ciphertext (or digtial signature) is about twice as big as the plaintext (or The message digest to be signed on) message The scheme was never popular in practice The Digital Signature Algorithm (DSA) used in the US Digital Signature The Standards (DSS) was a variant/ or based on the El Gamal’s scheme ; The inventor, Taher El Gamal, also from Stanford was Netscape’s Director of The Security at one point Security Digital Signature Standard (DSS) In 1991, NIST in US standardized In Digital Signature Standard (DSS). SHA-1 is used to first compute the message digest which is then signed by the Digital Signature Algorithm (DSA). Algorithm DSA is based on a variant of El DSA Gamal digital signature, thus also inherits it’s “size-doubling” property => SHA-1 digest is 160property bit long, the DSA signature is 320 bit bits long: signature = (r,s). bits Since DSA does not support Since encryption by design, it avoids US technology-export concerns. US Elliptic Curve Cryptosystems (ECC) Independent proposed by Koblitz (U. of Washington) and Miller (IBM) in 1985 Depends on the difficulty of the elliptic curve logarithm problem fastest method is “Pollard rho method” Best attacks for discrete logarithm problem do NOT apply to elliptic curve Best logarithm problem logarithm The first true alternative for RSA ECC is beginning to challenge RSA in practical deployment in selected areas: embedded, wireless/mobile systems areas: It is a family of cryptosystems instead of a single one: ECC replaces modulo exponentiation by elliptic curve multiplication (and ECC modulo multiplication replaced by ECC addition) Apply directly to Diffie-Hellman, El Gamal and DSA to yield ECC DiffieHellman (ECDH), ECC-ElGamal and ECC-DSA algorithms to support Hellman key exchange, encryption a...
View Full Document

Ask a homework question - tutors are online