Cryptographic techniques
نویسنده
چکیده
The public key cryptosystem published by Diffie and Hellman in 1976 is still of great interest today. Of the public key systems that have been proposed the RSA scheme of Rivest, Shamir and Adelman is of most current interest. We shall briefly describe this system (more can be found in references 2 and 7) and then describe a method to obtain suitable primes for use in the scheme. Disciplines Physical Sciences and Mathematics Publication Details Seberry, J, Cryptographic techniques, Security Data Communication Workshop, Digest of Papers, IEEE, Melbourne, September, 1989. This conference paper is available at Research Online: http://ro.uow.edu.au/infopapers/1043 Cryptographic Techniques Jennifer Seberry Department of Computer Science University'College University of New South Wales Centre for Communications Security Research Australian Defence Fnrce Academy Canberra, ACT, 2600 AUSTRAUA The public key cryptosystem published by Diffie and Hellman in 1976 is still of great interest today. Of the public key systems that have been proposed the RSA scheme of Rivest, Shamir and Adelman is of most current interest. We shall briefly describe this system (more can be found in references 2 and 7) and then describe a method to obtain suitable primes for use in the scheme. The RSA Scheme To implement this scheme a person (traditionally Bob) makes himself a set of three large numbers: m, E andD, (the modulus, public key and secret key respectively) with the following properties ify =x E (modm) then X= yD (modm) for all numbers x in the range (0, m ~ 1). The numbers E and m are published, and someone else (traditionally Alice) who wishes to send a secret message x (regarded for the purposes of encryption as a large integer) to Bob, calculates y from x and sends to Bob the cryptogram y. Since Bob knows D he can recover the message. Anyone else wishing to eavesdrop must find D • or else discover x some other way. Both of these recourses appear to be computationally infeasible for suitable choices of parameters. Bob makes m ,E and D as follows. He chooses two very large primes p and q with p and q of roughly equal size (of say 500-600 bits each). This choice ofp and q is what will concern us here. Bob chooses E at random, relatively prime to gcd(p 1. q 1), and then finds D by solving ED = 1 (mod(p -1)(q -1)) which he can do easily and quickly using Euclid's algorithm (see reference 7). Finally he fonns m by choosing m = pq. A potential eavesdropper must, it seems, first findD. which appears to require the determination of p and q ,which in turn seems to imply that he must be able to factorize m. To factorize m = pq where p and q are very large primes of say 500-600 bits each is one of the hardest known common problems (see references 2 and 3). Strong primes give more cryptographic security The advanced techniques a cryptanalyst might use (see references 2, 3 and 6) break down when p (and similarly q) is not only prime but has the property that p I has a large prime factor, say r , and p + 1 has a large prime factor, say s (see reference 6). The cryptanalyst's task is made even more difficult if r 1 should have a large prime factor, say t, as well. For logistical reasons it is also necessary to be able choose p in some sense at random but with a given number of bits. Thus there is considerable urgency to solve the problem of rmding primes with these desirable properties. However very little has been published on the way to do so. The method we describe is due to John Gordon (reference 5). It fmds the large prime factors r, s and t separately and incorporates them in the construction. The extra conditions imposed on p and q add only 19% to the task of finding p and q . A prime p will be called a strong prime if it satisfies the following seven conditions: (i) P is large (li) p is prime (iii) P is chosen at random in response to a seed (iv) p has a given number of bits (v) p I has a large prime factor, say r (vi) p + 1 has a large prime factor, say s (vii) r 1 has a large prime factor, say t. Since we wish p, rand s all to be large we are only interested in odd primes p whose properties are p =2jr +1 (or p = I (mod2r)) p =2ks -1 (or p =(s -1 )(mod2s)) r=2Lt+1 (or pr=1 (mod2t)) for some j, k and L where r, s and t are primes. Gordon's technique Gordon proposes the following steps: (i) choose random seeds a and b (ii) from a and b generate random primes s and t (iii) from t construct r (iv) from r and s construct p . Find r and s,' Finding random primes r and s which are of a specified number of bits (n ) and greater than a given seed is relatively straightforward. Starting with a random seed a , we fmd the first prime s (or t ) greater than a. The time to rmd s (or t ) in this way using Knuth's Algorithm P (see reference 3), is dominated by the time to perform modular exponentiations which take, on average, approximately Texp In) = eTn 3 Iw seconds where c is a constant of size about 8, T is the time (in seconds) for one instruction and w is the word size in bits. If we quickly eliminate by trial division all multiples of primes less than, say, 256 it is necessary to examine only about 0.07n numbers on average before fmding a prime (see reference 5), and so the time needed to find s (or t ) (ignoring the time for quick eliminations) is about 0.07n times cTn 3 /w • i.e. about Tprime (n) = evTn 4 Iw when we have found s (or t ) it is unlikely to have more bits than the seed a. We can virtually ensure this by picking our value of a in the range (2n-1• 2n-l +2n-2 1). This ensures a starts with the two binary digits 10 which leaves a run of 2n-2 integers in which to find a prime before increasing the number of bits. Find r: We now wish to find a prime of the form 2Lt +1. We search through (2Lt + I)-space for successive values of L. We are likely to exhaust about nLn(2)/2 = 0.35n sucessive values of L before finding r (see reference 5). Every time L doubles another bit is added to 2Lt + 1. A naive search will almost certainly result in a prime of too many bits. A more sophisticated approach is to choose 21 to be, say, dIn) = log 2 (n ) bits shorter than the desired length of r (see below). then starting with unity. to add in successive multiples of 2t until the desired length of r is achieved and then to begin checking primality at each subsequent addition of 2t. In this way, L is unlikely to double during the search for primes. This certainty of success can be increased by using a larger d(n). Find p: We now wish, given primes r and s • to find a prime p , close in size to a given number of bits, and satisfying p =2jr +1 =2ks -I for some j and k or p =1(mod2r) =(2s -1)(mod2s) The key to fmding primes with these properties is the following theorem. Theorem: If r and s are odd primes, then p satisfies p = I (mod 2r ) = (s -1)(mod 2s) if and only if p is of the form p = PO +2krs
منابع مشابه
Design of cybernetic metamodel of cryptographic algorithms and ranking of its supporting components using ELECTRE III method
Nowadays, achieving desirable and stable security in networks with national and organizational scope and even in sensitive information systems, should be based on a systematic and comprehensive method and should be done step by step. Cryptography is the most important mechanism for securing information. a cryptographic system consists of three main components: cryptographic algorithms, cryptogr...
متن کاملLightweight 4x4 MDS Matrices for Hardware-Oriented Cryptographic Primitives
Linear diffusion layer is an important part of lightweight block ciphers and hash functions. This paper presents an efficient class of lightweight 4x4 MDS matrices such that the implementation cost of them and their corresponding inverses are equal. The main target of the paper is hardware oriented cryptographic primitives and the implementation cost is measured in terms of the required number ...
متن کاملDevelopment of a Unique Biometric-based Cryptographic Key Generation with Repeatability using Brain Signals
Network security is very important when sending confidential data through the network. Cryptography is the science of hiding information, and a combination of cryptography solutions with cognitive science starts a new branch called cognitive cryptography that guarantee the confidentiality and integrity of the data. Brain signals as a biometric indicator can convert to a binary code which can be...
متن کاملCryptographic Techniques, Threats and Privacy Challenges in Cloud Computing
Cryptography is essential for the security and integrity of the data that is stored in the cloud. Several cryptographic techniques are used to protect the integrity of data for various applications. A particular security method makes use of different cryptographic techniques to encrypt data and make it into an un-readable form, which can then be decrypted only with the help of a key. A number o...
متن کاملCryptographic Techniques for Privacy Preserving Identity
Cryptographic Techniques for Privacy Preserving Identity
متن کاملSecurity Based on Cryptographic Techniques for Remote Control Systems
Security based on cryptographic techniques is commonly used in many applications from many fields. Using security based on cryptographic techniques in remote control systems is certainly a subject of great interest. This paper will try to bring some points of view on the security objectives present in remote control systems and on the cryptographic primitives used to ensure them. Two solutions ...
متن کامل