This preview shows page 1. Sign up to view the full content.
Unformatted text preview: 1
b--1 (mod q) is the “multiplicative inverse” of b (mod q), i.e.
[b*b--1 ] mod q = 1 mod q ;
8--1 (mod 17) = 15 (mod 17) because (8 * 15) mod 17 = (17*7+1) mod 17 = 1
We can use Fermat’s little theorem to find b--1 mod q :
If q is prime and q does not divide b, then b--1 mod q = bqq-2 mod q
mod El Gamal - an example El Gamal El Gamal can be considered to be a generalization of Diffie-Hellman keyexchange algorithm => relies on the difficulty of doing discrete logarithm: y = αx mod q
mod Advantages: support both encryption and digital signature Not patented (but someone claims it is covered by the DH patent)
Drawbacks: The ciphertext (or digtial signature) is about twice as big as the plaintext (or
message digest to be signed on)
The scheme was never popular in practice
The Digital Signature Algorithm (DSA) used in the US Digital Signature
Standards (DSS) was a variant/ or based on the El Gamal’s scheme ;
The inventor, Taher El Gamal, also from Stanford was Netscape’s Director of
Security at one point
Security Digital Signature Standard (DSS) In 1991, NIST in US standardized
Digital Signature Standard (DSS).
SHA-1 is used to first compute
the message digest which is then
signed by the Digital Signature
DSA is based on a variant of El
Gamal digital signature, thus also
inherits it’s “size-doubling”
property => SHA-1 digest is 160property
bit long, the DSA signature is 320
bits long: signature = (r,s).
Since DSA does not support
encryption by design, it avoids
US technology-export concerns.
US Elliptic Curve Cryptosystems (ECC) Independent proposed by Koblitz (U. of Washington) and Miller (IBM) in 1985
Depends on the difficulty of the elliptic curve logarithm problem fastest method is “Pollard rho method” Best attacks for discrete logarithm problem do NOT apply to elliptic curve
The first true alternative for RSA
ECC is beginning to challenge RSA in practical deployment in selected
areas: embedded, wireless/mobile systems
It is a family of cryptosystems instead of a single one: ECC replaces modulo exponentiation by elliptic curve multiplication (and
modulo multiplication replaced by ECC addition) Apply directly to Diffie-Hellman, El Gamal and DSA to yield ECC DiffieHellman (ECDH), ECC-ElGamal and ECC-DSA algorithms to support
key exchange, encryption a...
View Full Document
- Fall '13