Unformatted text preview: 1
b1 (mod q) is the “multiplicative inverse” of b (mod q), i.e.
[b*b1 ] mod q = 1 mod q ;
[b*b 1
e.g.
1
81 (mod 17) = 15 (mod 17) because (8 * 15) mod 17 = (17*7+1) mod 17 = 1
(mod 1
We can use Fermat’s little theorem to find b1 mod q :
1
2
If q is prime and q does not divide b, then b1 mod q = bqq2 mod q
If
mod El Gamal  an example El Gamal El Gamal can be considered to be a generalization of DiffieHellman keyexchange algorithm => relies on the difficulty of doing discrete logarithm: y = αx mod q
mod Advantages: support both encryption and digital signature Not patented (but someone claims it is covered by the DH patent)
Drawbacks: The ciphertext (or digtial signature) is about twice as big as the plaintext (or
The
message digest to be signed on)
message
The scheme was never popular in practice
The Digital Signature Algorithm (DSA) used in the US Digital Signature
The
Standards (DSS) was a variant/ or based on the El Gamal’s scheme ;
The inventor, Taher El Gamal, also from Stanford was Netscape’s Director of
The
Security at one point
Security Digital Signature Standard (DSS) In 1991, NIST in US standardized
In
Digital Signature Standard (DSS).
SHA1 is used to first compute
the message digest which is then
signed by the Digital Signature
Algorithm (DSA).
Algorithm
DSA is based on a variant of El
DSA
Gamal digital signature, thus also
inherits it’s “sizedoubling”
property => SHA1 digest is 160property
bit long, the DSA signature is 320
bit
bits long: signature = (r,s).
bits
Since DSA does not support
Since
encryption by design, it avoids
US technologyexport concerns.
US Elliptic Curve Cryptosystems (ECC) Independent proposed by Koblitz (U. of Washington) and Miller (IBM) in 1985
Depends on the difficulty of the elliptic curve logarithm problem fastest method is “Pollard rho method” Best attacks for discrete logarithm problem do NOT apply to elliptic curve
Best
logarithm problem
logarithm
The first true alternative for RSA
ECC is beginning to challenge RSA in practical deployment in selected
areas: embedded, wireless/mobile systems
areas:
It is a family of cryptosystems instead of a single one: ECC replaces modulo exponentiation by elliptic curve multiplication (and
ECC
modulo multiplication replaced by ECC addition) Apply directly to DiffieHellman, El Gamal and DSA to yield ECC DiffieHellman (ECDH), ECCElGamal and ECCDSA algorithms to support
Hellman
key exchange, encryption a...
View
Full Document
 Fall '13
 CHOWSzeMing,Sherman
 Cryptography, Publickey cryptography

Click to edit the document details