rabin cryptosystem and blum- goldwasser cryptosystem

29
Rabin Cryptosystem and Blum-Goldwasser Cryptosystem by Yernar

Upload: kaiya

Post on 23-Feb-2016

84 views

Category:

Documents


3 download

DESCRIPTION

Rabin Cryptosystem and Blum- Goldwasser Cryptosystem. b y Yernar. Rabin Cryptosystem. Background Key generation Encryption Decryption Preset Bits Example. Background. Asymmetric cryptographic technique, whose security, like that of RSA, is related to the difficulty of factorization. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

Rabin Cryptosystem and Blum-Goldwasser

Cryptosystem

by Yernar

Page 2: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

Background Key generation Encryption Decryption Preset Bits Example

Rabin Cryptosystem

Page 3: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

Asymmetric cryptographic technique, whose security, like that of RSA, is related to the difficulty of factorization.

Public-key encryption.

January 1979 by Michael O. Rabin.

Background

Page 4: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

1. Alice generates two large random and distinct primes p and q, roughly the same size.

2. Computes n=pq.

3. n is public key, (p,q) is private key.

Key generation

Page 5: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

Bob encrypts a message m for Alice:

1. Obtains Alice’s authentic public key n.

2. Represents the message as an integer m in the range {0,1,…,n-1}.

3. Computes c = m2 mod n.

4. Sends the ciphertext c to Alice.

Encryption

Page 6: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

To recover plaintext m from c, Alice should do:

1. Given ciphertext c Alice computes 4 square roots of c mod n using private keys p and q:

a) takemod p = x1 and x2, where x2 = p - x1

b) take mod q = y1 and y2, where y2 = q - y1

Decryption

Page 7: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

c) Get 4 square roots of c (mod n) using Chinese Remainder Theorem (CRT)

m1= x1*q*(q-1 mod p)+y1*p*(p-1 mod q) (mod n)m2=-r1 (mod n)m3=x1*q*(q-1 mod p)-y1*p*(p-1 mod q) (mod n)m4=-r3 (mod n)

Decryption (cont.)

Page 8: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

2. The message sent was either m1, m2, m3 or m4. Alice decides which one of these is m.

Usually done with the help of preset bits.

Decryption (cont.)

Page 9: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

string of bits added to every message

mechanism to distinguish the “correct” square root

usually appended to the message

Preset Bits

Page 10: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

Key generation: p=23, q=31, n=713, m=87, preset bits: “000”

Encryption: 8710= 10101112

m = 10101110002=69610

Bob computes c=m2 mod n = 6962 mod 713 = 289 and sends this to Alice.

Example

Page 11: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

Decryption: Alice uses algo for finding square roots modulo n given its prime factors p and q:

mod 23 = x1 = 6, q-1 mod 23 = 3mod 31 = y1 = 14, p-1 mod 31 = 27

Example (cont.)

Page 12: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

m1= x1*q*(q-1 mod p)+y1*p*(p-1 mod q) (mod n) = 6*31*3+14*23*27 mod 713 = 696 = 1010111000

m2=-r1 (mod n) = -696 mod 713 = 17 = 10001

m3=x1*q*(q-1 mod p)-y1*p*(p-1 mod q) (mod n) = 6*31*3-14*23*27 mod 713 = 420 = 110100100

m4=-r3 (mod n) = -420 mod 713 = 293 = 10111

Example (cont.)

Page 13: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

m1=1010111000, m2=10001, m3=110100100, m4=10111

Only m1 has required redundancy, original message is m=10101112=8710.

Example (cont.)

Page 14: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

Background Key generation Encryption Decryption Example

Blum-Goldwasser Cryptosystem

Page 15: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

Asymmetric key encryption algorithm by Manuel Blum and Shafi Goldwasser in 1984.

Probabilistic, semantically secure cryptosystem with a constant-size ciphertext expansion.

Background

Page 16: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

1. Alice selects two large random (and distinct) primes p, q, each congruent to 3 modulo 4.

2. Computes n=pq – public key.

3. Computes integers a and b, such that ap+bq=1. (p, q, a, b) – private key.

Key Generation

Page 17: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

Bob wants to send message to Alice:

1. Obtains Alice’s authentic public key n.

2. Let k = and h = . Represent the message m as a string m = m1m2…mt of length t, where each mi is a binary string of length h.

Encryption

Page 18: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

3. Select as a seed x0, a random quadratic residue modulo n (rn, x r2 mod n)

4. For i from 1 to t do the following:a) compute = mod nb) let be the h least significant bits of c) compute = ⊕

Encryption (cont.)

Page 19: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

5. Compute = mod n

6. Send the ciphertext c = (c1, c2…ct, xt+1 ) to Alice.

Encryption (cont.)

Page 20: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

To recover plaintext m from c, Alice should:

1. Compute d1 = ((p + 1)/4)t+1 mod (p - 1)

2. Compute d2 = ((q + 1)/4)t+1 mod (q - 1)

3. Compute u = mod p

4. Compute v = mod q

Decryption

Page 21: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

5. Compute x0 = vap + ubq mod n

6. For i from 1 to t do the following:a) compute xi = mod n.b) let pi be the h least significant bits of xi.c) compute xi = ⊕

Decryption (cont.)

Page 22: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

Key generation:

p=499, q=547, n=pq=272953. Alice computes the integers a=-57 and b=52 satisfying ap+bq=1.

Alice’s public key is n=272953 and private key is (p,q,a,b)

Example

Page 23: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

Encryption: k==18 and h==4.

Bob represents the message m as a string m1m2m3m4m5 (t=5) where m1=1001, m2=1100, m3=0001, m4=0000, m5=1100.

Example (cont.)

Page 24: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

Bob then selects a random quadratic residue x0=159201 (=3992 mod n), and computes:

and x6= mod n = 139680. Bob sends c = (0010, 0000, 1100, 1110, 0100, 139680) to Alice.

Example (cont.)

i xi = mod n pi = ⊕ 1 180539 1011 00102 193932 1100 00003 245613 1101 11004 130286 1110 11105 40632 1000 0100

Page 25: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

Decryption: To decrypt c Alice computes:

d1 = ((p + 1)/4)6 mod (p - 1) = 463d2 = ((q + 1)/4)6 mod (q - 1) = 337u = mod p = 20v = mod q = 24x0 = vap + ubq mod n = 159201

Example (cont.)

Page 26: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

i xi = mod n pi = ⊕ 1 180539 1011 10012 193932 1100 11003 245613 1101 00014 130286 1110 00005 40632 1000 1100

Example (cont.)Finally, Alice uses x0 to construct the xi and pi just as Bob did for encryption, and recovers the plaintext mi by XORing the pi with the ciphertext blocks ci.

Page 27: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

A. Menezes, P. van Oorschot, S. Vanstone, “Handbook of Applied Cryptography”, retrieved from http://cacr.uwaterloo.ca/hac/

M. Blum, S. Goldwasser, “An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information”, Proceedings of Advances in Cryptology - CRYPTO '84, pp. 289-299, Springer Verlag, 1985.

References

Page 28: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

1. What are the preset bits?

2. How many possible inputs can generate each output of the Rabin function?

3. What theorem is used in Rabin cryptosystem to get the square roots of c (mod n)?

4. True or False. Blum-Goldwasser cryptosystem uses Inclusive or function when computing the ciphertext.

5. Briefly explain how the keys are generated in Rabin Cryptosystem? (What is public key and what is private key).

Quiz

Page 29: Rabin Cryptosystem and  Blum- Goldwasser  Cryptosystem

1. String of bits added to every message to distinguish the “correct” square root.

2. Four.

3. Chinese Remainder Theorem.

4. False.

5. Alice generates two large random and distinct primes p and q, roughly the same size. Computes n=pq. n is public key, (p,q) is private key.

Answers