Recommended
More Related Content
Similar to lecture10.pdf
Similar to lecture10.pdf (20)
Recently uploaded
Recently uploaded (20)
lecture10.pdf
- 1. Cyclic Group a cyclic group is a group that is generated by a single element. That is, it is a set of invertible elements with a single associative binary operation, and it contains an element g (generator) such that every other element of the group may be obtained by repeatedly applying the group operation to g or its inverse. Each element can be written as a power of g in multiplicative notation, or as a multiple of g in additive notation.
- 2. Primitive Root A number α is a primitive root mod p if every number coprime to p is congruent to a power of α mod p α is said to be a primitive root of prime number p if : α0 mod p , α1mod p , α2 mod p, …., αp-1 mod p are distinct (Equally distributed) Example: is 2 a primitive root of the prime number 5 ? 21 mod p = 2 , 22mod p = 4 , 23 mod p= 3 , 25-1 mod p = 1 Example: is 3 a primitive root of the prime number 7 ?
- 3. The Discrete Logarithm Problem Consider α ε G, having order n. < α > ={αi : 0 ≤ i ≤ n-1} is a cyclic sub-group of G having order n. Discrete Logarithm Multiplicative group (G, .), an element α ε G having order n, and an element β ε < α > . Find the unique integer a, 0 ≤ a ≤ n-1 such that αa = β We will denote this integer a by logα β ; it is called the discrete logarithm of 𝛃
- 4. The Discrete Logarithm Problem cont. To understand the discrete logarithm problem, let’s try to solve a simple equation: 5x mod 17 ≡ ? If x is given , It’s Easy to compute the above equation One way function However, much harder time to solve the following equation: 5y mod 17 ≡ 12 If y is unknown. It’s hard to find y if x =12 is given
- 5. Example of Discrete Logarithm Problem Suppose p =17 is an odd prime , then the message representation Zp ={0,1,…,p-1} is a finite field , here Zp* = {1,2,…,16}, also given α =3 is a generator of Zp* , where Zp* is the set of integers which are relatively prime to p ,i.e. , Zp* ={α º mod p, α ¹ mod p, …, αn-1 mod p}. Then:- Zp*= { 30, 31, 32, 33, 34, 35, 36, 37,38,39,310,………,315 } Zp*= {1, 3, 9, 10, 13, 5, 15, 11, 16,14, 8,7, 4 , 12 ,2 ,6 } Note 316 mod 17 =1. You have to notice that , Given any a , compute b ≡ αa mod p is easy , for example given a = 10, b ≡ 3¹º mod 17 = 8 , given any b, finding an a such that b ≡ α a mod p is difficult , for example given b=14, what is a ?? , By searching the table, a = 9. The problem is, when p is large, the table becomes very large.
- 6. ElGamal Cryptosystem ElGamal is a public-key cryptosystem, which uses randomization. so that independent encryptions of the same plain-text give different cipher-texts. Blocks of input text are considered as numbers. Encryption and Decryption are done by performing arithmetic on these numbers. ElGammal cryptosystem is depends on discrete logarithmic problem assumption to guarantee security. This assumption claims that it is hard in some groups to find x given: gx mod n and x is easy to compute given : log (gx) mod n
- 7. ElGamal Cryptosystem - Key Generation Participant A : generates the public/private key pair 1. Generate large prime p and generator α of the multiplicative Group Zp ∗ of the integers modulo p. 2. Select a random integer a, 1 ≤ a ≤ p − 2, and compute β ≡ αa mod p. 3. A’s Public key is (p, α, β); A’s Private key is a.
- 8. ElGamal Cryptosystem - Encryption Procedure Participant B encrypts a message m to A 1. Obtain A’s authentic public key (p, α, β). 2. Represent the message as integers m in the range {0, 1, . . . , p − 1}. 3. Select a random integer k, 1 ≤ k ≤ p − 2. 4. Compute γ = αk mod p and δ = m ∗ (β)k. 5. Send ciphertext c = (γ, δ) to A Note that for each plaintext, there are p-1 possible ciphertexts
- 9. ElGamal Cryptosystem - Decryption Procedure ParticipantA receives encrypted message m from B 1. Use private key a can compute βk by raising αk → (γ) to a 2. Recover m by computing (γ−a) ∗ δ mod p. Note: dividing δ with βk
- 10. Example ParticipantA: p=2579, α = 2 (primitive element of Zp*) a = 765 (secret value) β = 2765 mod 2579 = 949. Participant B: wishes to send m=1299 to A. B randomly chooses k=853. Compute γ = 2853 mod 2579 = 435 and δ =1299(949853)mod 2579=2396 B sends C = (435,2396) Participant A: computes m =2396 (435765)-1 mod 2579=1299.