1 / 29

Rabin Cryptosystem and Blum- Goldwasser Cryptosystem

Rabin Cryptosystem and Blum- Goldwasser Cryptosystem. b y Yernar. Rabin Cryptosystem. Background Key generation Encryption Decryption Preset Bits Example. Background. Asymmetric cryptographic technique, whose security, like that of RSA, is related to the difficulty of factorization.

kaiya
Download Presentation

Rabin Cryptosystem and Blum- Goldwasser Cryptosystem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Rabin Cryptosystem and Blum-Goldwasser Cryptosystem by Yernar

  2. Rabin Cryptosystem • Background • Key generation • Encryption • Decryption • Preset Bits • Example

  3. Background • Asymmetric cryptographic technique, whose security, like that of RSA, is related to the difficulty of factorization. • Public-key encryption. • January 1979 by Michael O. Rabin.

  4. Key generation • 1. Alice generates two large random and distinct primes p and q, roughly the same size. • 2. Computes n=pq. • 3. n is public key, (p,q) is private key.

  5. Encryption • Bob encrypts a message m for Alice: 1. Obtains Alice’s authentic public key n. 2. Represents the message as an integer m in the range {0,1,…,n-1}. 3. Computes c = m2 mod n. 4. Sends the ciphertext c to Alice.

  6. Decryption • To recover plaintext m from c, Alice should do: 1. Given ciphertext c Alice computes 4 square roots of c mod n using private keys p and q: a) takemod p = x1 and x2, where x2 = p - x1 b) take mod q = y1 and y2, where y2 = q - y1

  7. Decryption (cont.) c) Get 4 square roots of c (mod n) using Chinese Remainder Theorem (CRT) m1=x1*q*(q-1 mod p)+y1*p*(p-1 mod q) (mod n) m2=-r1(mod n) m3=x1*q*(q-1 mod p)-y1*p*(p-1 mod q) (mod n) m4=-r3(mod n)

  8. Decryption (cont.) 2. The message sent was either m1, m2, m3 or m4. Alice decides which one of these is m. Usually done with the help of preset bits.

  9. Preset Bits • string of bits added to every message • mechanism to distinguish the “correct” square root • usually appended to the message

  10. Example • Key generation: p=23, q=31, n=713, m=87, preset bits: “000” • Encryption: 8710=10101112 m = 10101110002=69610 • Bob computes c=m2 mod n = 6962 mod 713 = 289 and sends this to Alice.

  11. Example (cont.) • Decryption: Alice uses algo for finding square roots modulo n given its prime factors p and q: mod 23 = x1 = 6, q-1 mod 23 = 3 mod 31 = y1 = 14, p-1 mod 31 = 27

  12. Example (cont.) m1= x1*q*(q-1 mod p)+y1*p*(p-1 mod q) (mod n) = 6*31*3+14*23*27 mod 713 = 696 = 1010111000 m2=-r1 (mod n) = -696 mod 713 = 17 = 10001 m3=x1*q*(q-1 mod p)-y1*p*(p-1 mod q) (mod n) = 6*31*3-14*23*27 mod 713 = 420 = 110100100 m4=-r3 (mod n) = -420 mod 713 = 293 = 10111

  13. Example (cont.) • m1=1010111000, m2=10001, m3=110100100, m4=10111 • Only m1 has required redundancy, original message is m=10101112=8710.

  14. Blum-Goldwasser Cryptosystem • Background • Key generation • Encryption • Decryption • Example

  15. Background • Asymmetric key encryption algorithm by Manuel Blum and ShafiGoldwasser in 1984. • Probabilistic, semantically secure cryptosystem with a constant-size ciphertext expansion.

  16. Key Generation • 1. Alice selects two large random (and distinct) primes p, q, each congruent to 3 modulo 4. • 2. Computes n=pq – public key. • 3. Computes integers a and b, such that ap+bq=1. (p, q, a, b) – private key.

  17. Encryption • Bob wants to send message to Alice: 1. Obtains Alice’s authentic public key n. 2. Let k = and h = . Represent the message m as a string m = m1m2…mt of length t, where each mi is a binary string of length h.

  18. Encryption (cont.) • 3. Select as a seed x0, a random quadratic residue modulo n (rn, x r2 mod n) • 4. For i from 1 to t do the following: a) compute = mod n b) let be the h least significant bits of c) compute = ⊕

  19. Encryption (cont.) • 5. Compute = mod n • 6. Send the ciphertext c = (c1, c2…ct, xt+1 ) to Alice.

  20. Decryption • To recover plaintext m from c, Alice should: 1. Compute d1 = ((p + 1)/4)t+1 mod (p - 1) 2. Compute d2 = ((q + 1)/4)t+1 mod (q - 1) 3. Compute u = mod p 4. Compute v = mod q

  21. Decryption (cont.) 5. Compute x0 = vap + ubq mod n 6. For i from 1 to t do the following: a) compute xi = mod n. b) let pi be the h least significant bits of xi. c) compute xi = ⊕

  22. Example • Key generation: • p=499, q=547, n=pq=272953. Alice computes the integers a=-57 and b=52 satisfying ap+bq=1. • Alice’s public key is n=272953 and private key is (p,q,a,b)

  23. Example (cont.) • Encryption: k==18 and h==4. • Bob represents the message m as a string m1m2m3m4m5 (t=5) where m1=1001, m2=1100, m3=0001, m4=0000, m5=1100.

  24. Example (cont.) • Bob then selects a random quadratic residue x0=159201 (=3992 mod n), and computes: • and x6= mod n = 139680. Bob sends c = (0010, 0000, 1100, 1110, 0100, 139680) to Alice.

  25. Example (cont.) • Decryption: To decrypt c Alice computes: d1 = ((p + 1)/4)6mod (p - 1) = 463 d2 = ((q + 1)/4)6mod (q - 1) = 337 u = mod p = 20 v = mod q = 24 x0 = vap + ubq mod n = 159201

  26. Example (cont.) Finally, Alice uses x0 to construct the xi and pi just as Bob did for encryption, and recovers the plaintext mi by XORing the pi with the ciphertext blocks ci.

  27. References • A. Menezes, P. van Oorschot, S. Vanstone, “Handbook of Applied Cryptography”, retrieved from http://cacr.uwaterloo.ca/hac/ • M. Blum, S. Goldwasser, “An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information”, Proceedings of Advances in Cryptology - CRYPTO '84, pp. 289-299, Springer Verlag, 1985.

  28. Quiz 1. What are the preset bits? 2. How many possible inputs can generate each output of the Rabin function? 3. What theorem is used in Rabin cryptosystem to get the square roots of c (mod n)? 4. True or False. Blum-Goldwasser cryptosystem uses Inclusive or function when computing the ciphertext. 5. Briefly explain how the keys are generated in Rabin Cryptosystem? (What is public key and what is private key).

  29. Answers 1. String of bits added to every message to distinguish the “correct” square root. 2. Four. 3. Chinese Remainder Theorem. 4. False. 5. Alice generates two large random and distinct primes p and q, roughly the same size. Computes n=pq. n is public key, (p,q) is private key.

More Related