# NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm, University of Hassan II Mohammedia-Casablanca, Morocco ABSTRACT In this work, a new digital signature based on elliptic curves is presented. We established its efficiency and security. The method, derived from a variant of ElGamal signature scheme, can be seen as a secure alternative protocol if known systems are completely broken. KEYWORDS Public key cryptography, Digital signature, ElGamal signature scheme, Elliptic curves, Discrete logarithm problem. 1. INTRODUCTION A lot of practical algorithms for digital signature have been developed since the invention of the public key cryptography in the late 1970 s [1,12,11]. Let us recall the principle of these methods. The signer Alice needs to possess two kinds of keys. The first one is private, must be kept secret and stored only locally. The second is public and must be largely diffused to be accessible to the other users. If Alice wishes to sign a particular message, a contract or a will, she has to give the solutions of a hard mathematical equation depending of and of her public key. With the help of her private key, she is able to solve the problem. Bob, the judge or anybody, can verify that the solutions computed by Alice are valid. The algorithm is constructed in such a way that, for an adversary, without knowing Alice private key, it is computationally too hard to solve the considered equation. Nobody other than Alice can forge her signature and give the right answer, even who conceived the signature equation. In 1985, Koblitz [8] and Miller [10] proposed independently the use of elliptic curves in cryptography. They showed that there exist groups more complex than the traditional multiplicative group (( / ),.) where is the set of all integers and is a prime number. These structures are useful and practical in public key cryptography. Opponent s task became more complicated. In the same year, ElGamal [2] proposed a digital signature protocol based on the discrete logarithm problem. Since then, many similar schemes were elaborated and published [3, 4]. Among them, a new variant was presented by one of the authors [7] in 2010 and later, exploited for interesting research works connected to the networks privacy and anonymity [15,16]. Permanently, classical signature schemes are facing attacks more and more sophisticated. If these systems are completely broken, alternative protocols, previously designed, prepared and tested, would be useful. DOI: /ijcis

2 In this article, we apply a variant of ElGamal scheme to build a new digital signature based on the elliptic curves. The efficiency of the method is discussed and its security analyzed. The paper is organised as follows. In section 2, we review the basic ElGamal digital signature algorithm. A known variant [7] of this protocol is described in section 3. In section 4, we recall the standard definition of the group law defined on elliptic curves. Section 5 is devoted to our new digital signature method. We end with the conclusion in section 6. In the sequel, we will respect ElGamal paper notations [2]., are respectively the sets of integers and non-negative integers. For every positive integer, we denote by / the finite ring of modular integers and by ( / ) the multiplicative group of its invertible elements. Let,, be three integers. The great common divisor of and is denoted by gcd (, ). We write [ ] if divides the difference, and = if is the remainder in the division of by. The bit-length of an integer is the number of bits in its binary representation. We start by describing the original ElGamal signature scheme. 2. ELGAMAL SIGNATURE PROTOCOL In this section we recall ElGamal signature scheme [2]. 1. Alice chooses three numbers: - p, a large prime integer. - α, a primitive root of the finite multiplicative group ( /p ). - x, a random element in {1,2,.., p 1}. Then she computes =. Alice public keys are (,, ), and her private key. 2. To sign the message, Alice needs to solve the equation : [ ] (1) where, are the unknown variables. Alice fixes arbitrary to be =, where is chosen randomly and invertible modulo 1. Equation (1) is then equivalent to : + [ 1] (2) As Alice knows the secret key, and as the integer is invertible modulo 1, she computes the other unknown variable by [ 1]. 3. Bob can verify the signature by checking that congruence (1) is valid for the variables and given by Alice. Observe that, in step 1, we need to know how to product prime integers. Generally, the running time for generating these numbers takes the most important part in the total running time. In [6], we obtained interesting experimental results, and concluded by suggesting some rapid procedures. In the next section, we recall briefly a digital signature protocol that was conceived by one of the authors in

3 3. VARIANT OF ELGAMAL SIGNATURE PROTOCOL We describe a variant of ElGamal signature protocol. This variant [7] is based on the equation: [ ] (3),, are three unknown parameters, and (,, ) are Alice public keys, is a large prime integer. α is a primitive root of the finite multiplicative group ( / ). is calculated by =, is a random element in {1,2,..., 1}. Let = ( ), where is a hash function, and the message to be signed by Alice. To solve (3), Alice fixes arbitrary to be =, and to be =, where, are chosen randomly in {1,2,..., 1}. Equation (3) is then equivalent to + + [ 1] (4) Since Alice knows the values of,,,,, she can compute the third unknown variable. Bob can verify the signature by checking the congruence (3). This scheme has the advantage that it does not use the extended Euclidean algorithm for computing ( 1). We illustrate the technique by the example given by the author of this variant [7]. Example 3.1. Let (,, ) be Alice public keys where = 509, = 2 and = 482. We emphasise that we are not sure if using a small value of α does not weaken the system. The private key is = 281. Suppose that Alice wants to produce a signature for the message M for which ( ) 432 [508] with the two random exponents = 208 and l = 386. She computes [ ], 2 39 [ ] and [ 1]. Bob or anyone can verify the relation [ ]. Indeed, we find that 436 [ ] and 436 [ ]. Notice here that and are even integers unlike in ElGamal protocol where the exponent is always odd since it must be relatively prime with ( 1). 4. GROUP LAW ON ELLIPTIC CURVES In this section we recall the additive operation on points belonging to an elliptic curve ( ). For more details, we refer the reader to [8,9,10,11,12]. Suppose that the equation of ( ) is, (5) where is a prime integer and, {1,2,, 1}. Let (, ) and (, ) two points on the curve ( ) and an imaginary point at infinity. 1. If, then 15

4 [ ], [ ] 2. If = and = then =. 3. If = and = 0 then =. 4. If = and 0 then ( ) [ ] 2 [ ], ( ) [ ] [ ] With this additive law, the elliptic curve becomes a finite Abelian group. Its structure seems to be more complex than the traditional multiplicative group We move to the next section where we describe our method. 5. OUR SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES In this section we present our signature scheme. For elliptic curves digital signature algorithm (ECDSA) based partially on the ElGamal classical protocol, see [14, p.297] or [8, p.134]. Our method has some advantages and can be seen as an alternative if known systems are completely broken. Unlike what happens with other algorithms, we don t need to compute any modular inverse Description of our protocol :. Let be a prime integer and ( ) the elliptic curve defined by = + + [ ] (6) From the last section, we know that the points of the elliptic curve, with the particular point at infinity, form an additive Abelian group (E, +). Let G be an element of the curve whose order is a large prime integer. We put B = αg where α is taken randomly in {1,2,..., 1} as Alice private key. For a message, we compute = ( ) where is a secure hash function, like SHA1[9,14]. We suppose that <. Alice public keys are (,,,, ). We propose the following new protocol: If Alice wants to sign the message, she has to give the solutions of the equation: = + + (7) Where (, ), (, ) are two unknown points belonging to the curve. Points, and integer are to be determined by Alice. Her signature is (,, ) is formed by two points and a natural integer <. 16

5 To solve the equation (7) Alice sets =, = where and are chosen randomly in {1,2,, 1}. Equation (7) is equivalent to : = + + αg and as is the order of the point, we obtain: (8) Knowing,,, and Alice is able to compute the last unknown variable. So she has all the solutions of relation (7). Notice that there exist efficient algorithms for the elliptic curve scalar multiplication, see for instance [5]. In another hand, Bob can verify the validity of the solutions by replacing, and in the original relation. Observe that in our scheme, unlike ECDSA[8,14], we don t need to compute any modular inverse. Let us illustrate the method by the following example. Example 5.1. Let ( ) be the elliptic curve defined by [757]. We find that the cardinality of ( ) is = 791. The point = (529,566) has as order the prime integer = 113. Assume that Alice private key is = 78 so = = (319,629). Alice public keys are therefore (,,,, ). Suppose that the hashed of the message is ( ) 56 [ ] and that Alice wants to sign the message. Let us admit that Alice chooses the random exponents = 81 and = 63. She calculates = = (248,195) and S= = (157,326). By formula (8) : [ ]. So the signature is (,, ) = (248, 195, 157, 326, 52). We can check that = (555,156), = (555,601), = (292,266), = (26,319), and therefore = + +. Remark 5.1: Alice can sign two messages with the same secret couple (, ) without risking to reveal her private key. Indeed, let (,, ) and (,, ) be the signature of two different messages and associated to the secret couple (, ). We have where = ( ) and = ( ). We have two modular equations and three unknown variables, and. It seems that it is not an easy task to retrieve secret parameters and. Notice that parts of papers [15] and [16] are based on a similar remark figuring in [7]. 17

6 5.2. Security analysis : Now that we presented the protocol, we start discussing some eventual attacks. Assume that Oscar is Alice opponent. Attack 1 : Suppose that Oscar knows Alice signature for a message, and he tries to find Alice private key. As formula (7) is equivalent to, Oscar cannot compute since he ignores the values of the parameters and. Attack 2 : Suppose that Oscar tries to forge Alice signature by fixing arbitrary two parameters and looking for the third: (1) If Oscar fixes and and aims to compute in equation (7), he will be confronted to the elliptic curves discrete logarithm problem. (2) If Oscar fixes and or and t, he will have from formula (7), + = and there is no known way to solve this type of equations. Attack 3 : Suppose that Oscar has obtained different valid signatures for messages, {1,2,..., 1},. If we put = ( ), he will get a system of modular equations: (S) Since system ( ) contains unknown variables,,, {1,2,.., 1}, Oscar will find many solutions. He cannot know the correct one due to the uniqueness of Alice private key α Complexity of our method : As in [4], let,,, be respectively the time to perform a multiple point in an elliptic curve, a modular multiplication and a hash function computation of a message. We ignore the time required for modular additions, substractions, comparisons and make the conversion = 240. The signer Alice needs to perform two multiple points, three modular multiplications and one hash function computation. So the global required time is : = = The verifier Bob needs to perform four multiple points in an elliptic curve and one hash function computation. So the global required time is : = 4 + = The cost of communication, without, is 12, since to sign, Alice transmits (,,,, ) and (,, ); p denoting the bit-length of the integer. 6. CONCLUSION In this work we presented a new digital signature. A variant of ElGamal signature scheme was applied to the elliptic curves. We also analyzed its security and efficiency. The method can be seen as a practical alternative system if known protocols are completely broken. 18

### International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

### SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

### An Approach to Shorten Digital Signature Length

Computer Science Journal of Moldova, vol.14, no.342, 2006 An Approach to Shorten Digital Signature Length Nikolay A. Moldovyan Abstract A new method is proposed to design short signature schemes based

### A Factoring and Discrete Logarithm based Cryptosystem

Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques

### The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

### A SOFTWARE COMPARISON OF RSA AND ECC

International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138

### Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

### Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

### A New Generic Digital Signature Algorithm

Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study

### Digital Signature. Raj Jain. Washington University in St. Louis

Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

### Software Tool for Implementing RSA Algorithm

Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key

### Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

### Implementation of Elliptic Curve Digital Signature Algorithm

Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India

### Public Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography

Public Key Cryptography c Eli Biham - March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known a-priori to all the users, before they can encrypt

### Signature Schemes. CSG 252 Fall 2006. Riccardo Pucella

Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by

### A New Efficient Digital Signature Scheme Algorithm based on Block cipher

IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661, ISBN: 2278-8727Volume 7, Issue 1 (Nov. - Dec. 2012), PP 47-52 A New Efficient Digital Signature Scheme Algorithm based on Block cipher 1

### LUC: A New Public Key System

LUC: A New Public Key System Peter J. Smith a and Michael J. J. Lennon b a LUC Partners, Auckland UniServices Ltd, The University of Auckland, Private Bag 92019, Auckland, New Zealand. b Department of

### A blind digital signature scheme using elliptic curve digital signature algorithm

A blind digital signature scheme using elliptic curve digital signature algorithm İsmail BÜTÜN * and Mehmet DEMİRER *Department of Electrical Engineering, University of South Florida, Tampa, FL, USA Department

### Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie

### In this paper a new signature scheme and a public key cryptotsystem are proposed. They can be seen as a compromise between the RSA and ElGamal-type sc

Digital Signature and Public Key Cryptosystem in a Prime Order Subgroup of Z n Colin Boyd Information Security Research Centre, School of Data Communications Queensland University of Technology, Brisbane

### Blinding Self-Certified Key Issuing Protocols Using Elliptic Curves

Blinding Self-Certified Key Issuing Protocols Using Elliptic Curves Billy Bob Brumley Helsinki University of Technology Laboratory for Theoretical Computer Science billy.brumley@hut.fi Abstract Self-Certified

### Notes on Network Security Prof. Hemant K. Soni

Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

### Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 2 Basics 2.2 Public Key Cryptography

### Improvement of digital signature with message recovery using self-certified public keys and its variants

Applied Mathematics and Computation 159 (2004) 391 399 www.elsevier.com/locate/amc Improvement of digital signature with message recovery using self-certified public keys and its variants Zuhua Shao Department

### IMPLEMENTATION AND PERFORMANCE ANALYSIS OF ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM

NABI ET AL: IMPLEMENTATION AND PERFORMANCE ANALYSIS OF ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM 28 IMPLEMENTATION AND PERFORMANCE ANALYSIS OF ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM Mohammad Noor

### 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

### Overview of Public-Key Cryptography

CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

### 2 Primality and Compositeness Tests

Int. J. Contemp. Math. Sciences, Vol. 3, 2008, no. 33, 1635-1642 On Factoring R. A. Mollin Department of Mathematics and Statistics University of Calgary, Calgary, Alberta, Canada, T2N 1N4 http://www.math.ucalgary.ca/

1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

### Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master

### Cryptography: RSA and the discrete logarithm problem

Cryptography: and the discrete logarithm problem R. Hayden Advanced Maths Lectures Department of Computing Imperial College London February 2010 Public key cryptography Assymmetric cryptography two keys:

### Improved Online/Offline Signature Schemes

Improved Online/Offline Signature Schemes Adi Shamir and Yael Tauman Applied Math. Dept. The Weizmann Institute of Science Rehovot 76100, Israel {shamir,tauman}@wisdom.weizmann.ac.il Abstract. The notion

### Cryptography and Network Security

Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared

### Digital Signatures. Meka N.L.Sneha. Indiana State University. nmeka@sycamores.indstate.edu. October 2015

Digital Signatures Meka N.L.Sneha Indiana State University nmeka@sycamores.indstate.edu October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital

### Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

### Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring

Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring Eli Biham Dan Boneh Omer Reingold Abstract The Diffie-Hellman key-exchange protocol may naturally be extended to k > 2

### Embedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme

International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Embedding more security in digital signature system by using combination of public

### MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins

MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins The RSA encryption scheme works as follows. In order to establish the necessary public

### CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

### A Novel Approach for Signing Multiple Messages: Hash- Based Signature

International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 15 (2014), pp. International Research Publications House http://www. irphouse.com A Novel Approach for Signing

### Elliptic Curves and Elliptic Curve Cryptography

Undergraduate Colloquium Series Elliptic Curves and Elliptic Curve Cryptography Amiee O Maley Amiee O Maley graduated Summa Cum Laude from Ball State in May 00 with a major in Mathematics. She is currently

### Computer Security: Principles and Practice

Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography

### The RSA Algorithm: A Mathematical History of the Ubiquitous Cryptological Algorithm

The RSA Algorithm: A Mathematical History of the Ubiquitous Cryptological Algorithm Maria D. Kelly December 7, 2009 Abstract The RSA algorithm, developed in 1977 by Rivest, Shamir, and Adlemen, is an algorithm

### Shor s algorithm and secret sharing

Shor s algorithm and secret sharing Libor Nentvich: QC 23 April 2007: Shor s algorithm and secret sharing 1/41 Goals: 1 To explain why the factoring is important. 2 To describe the oldest and most successful

### EMBEDDING DEGREE OF HYPERELLIPTIC CURVES WITH COMPLEX MULTIPLICATION

EMBEDDING DEGREE OF HYPERELLIPTIC CURVES WITH COMPLEX MULTIPLICATION CHRISTIAN ROBENHAGEN RAVNSHØJ Abstract. Consider the Jacobian of a genus two curve defined over a finite field and with complex multiplication.

### MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

MATH 168: FINAL PROJECT Troels Eriksen 1 Introduction In the later years cryptosystems using elliptic curves have shown up and are claimed to be just as secure as a system like RSA with much smaller key

### 9 Modular Exponentiation and Cryptography

9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.

### Number Theory and Cryptography using PARI/GP

Number Theory and Cryptography using Minh Van Nguyen nguyenminh2@gmail.com 25 November 2008 This article uses to study elementary number theory and the RSA public key cryptosystem. Various commands will

### Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem

### Elements of Applied Cryptography Public key encryption

Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let

### Cryptography and Network Security Chapter 10

Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central

### Textbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 12 Digital Signatures

Textbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 12 Digital Signatures Department of Computer Science and Information Engineering, Chaoyang University of Technology 朝 陽 科 技 大 學 資 工

### Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a

### Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study

### Elliptic Curve Cryptography

Elliptic Curve Cryptography Elaine Brow, December 2010 Math 189A: Algebraic Geometry 1. Introduction to Public Key Cryptography To understand the motivation for elliptic curve cryptography, we must first

### Implementing Network Security Protocols

Implementing Network Security Protocols based on Elliptic Curve Cryptography M. Aydos, E. Savaş, and Ç. K. Koç Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331, USA {aydos,savas,koc}@ece.orst.edu

### CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

### CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

### Introduction. Chapter 1

Chapter 1 Introduction This is a chapter from version 1.1 of the book Mathematics of Public Key Cryptography by Steven Galbraith, available from http://www.isg.rhul.ac.uk/ sdg/crypto-book/ The copyright

### A novel deniable authentication protocol using generalized ElGamal signature scheme

Information Sciences 177 (2007) 1376 1381 www.elsevier.com/locate/ins A novel deniable authentication protocol using generalized ElGamal signature scheme Wei-Bin Lee a, Chia-Chun Wu a, Woei-Jiunn Tsaur

### Introduction. Digital Signature

Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology

### Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

### Study of algorithms for factoring integers and computing discrete logarithms

Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department

### Security Strength of RSA and Attribute Based Encryption for Data Security in Cloud Computing

Security Strength of RSA and Attribute Based Encryption for Data Security in Cloud Computing S.Hemalatha, Dr.R.Manickachezian Ph.D Research Scholar, Department of Computer Science, N.G.M College, Pollachi,

### CRC Press has granted the following specific permissions for the electronic version of this book:

This is a Chapter from the Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996. For further information, see www.cacr.math.uwaterloo.ca/hac CRC Press has

### A One Round Protocol for Tripartite

A One Round Protocol for Tripartite Diffie Hellman Antoine Joux SCSSI, 18, rue du Dr. Zamenhoff F-92131 Issy-les-Mx Cedex, France Antoine.Joux@ens.fr Abstract. In this paper, we propose a three participants

### Klaus Hansen, Troels Larsen and Kim Olsen Department of Computer Science University of Copenhagen Copenhagen, Denmark

On the Efficiency of Fast RSA Variants in Modern Mobile Phones Klaus Hansen, Troels Larsen and Kim Olsen Department of Computer Science University of Copenhagen Copenhagen, Denmark Abstract Modern mobile

### Homework 5 Solutions

Homework 5 Solutions 4.2: 2: a. 321 = 256 + 64 + 1 = (01000001) 2 b. 1023 = 512 + 256 + 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = (1111111111) 2. Note that this is 1 less than the next power of 2, 1024, which

### ACTA UNIVERSITATIS APULENSIS No 13/2007 MATHEMATICAL FOUNDATION OF DIGITAL SIGNATURES. Daniela Bojan and Sidonia Vultur

ACTA UNIVERSITATIS APULENSIS No 13/2007 MATHEMATICAL FOUNDATION OF DIGITAL SIGNATURES Daniela Bojan and Sidonia Vultur Abstract.The new services available on the Internet have born the necessity of a permanent

### Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

### Applied Cryptography Public Key Algorithms

Applied Cryptography Public Key Algorithms Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Public Key Cryptography Independently invented by Whitfield Diffie & Martin

### Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)

### Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)

### CMSS An Improved Merkle Signature Scheme

CMSS An Improved Merkle Signature Scheme Johannes Buchmann 1, Luis Carlos Coronado García 2, Erik Dahmen 1, Martin Döring 1, and Elena Klintsevich 1 1 Technische Universität Darmstadt Department of Computer

### Public Key Cryptography. Performance Comparison and Benchmarking

Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What

### Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

### HASH CODE BASED SECURITY IN CLOUD COMPUTING

ABSTRACT HASH CODE BASED SECURITY IN CLOUD COMPUTING Kaleem Ur Rehman M.Tech student (CSE), College of Engineering, TMU Moradabad (India) The Hash functions describe as a phenomenon of information security

### Faster Cryptographic Key Exchange on Hyperelliptic Curves

Faster Cryptographic Key Exchange on Hyperelliptic Curves No Author Given No Institute Given Abstract. We present a key exchange procedure based on divisor arithmetic for the real model of a hyperelliptic

### Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition

### Digital Signature Standard (DSS)

FIPS PUB 186-4 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Digital Signature Standard (DSS) CATEGORY: COMPUTER SECURITY SUBCATEGORY: CRYPTOGRAPHY Information Technology Laboratory National Institute

### THE ADVANTAGES OF ELLIPTIC CURVE CRYPTOGRAPHY FOR WIRELESS SECURITY KRISTIN LAUTER, MICROSOFT CORPORATION

T OPICS IN WIRELESS SECURITY THE ADVANTAGES OF ELLIPTIC CURVE CRYPTOGRAPHY FOR WIRELESS SECURITY KRISTIN LAUTER, MICROSOFT CORPORATION Q 2 = R 1 Q 2 R 1 R 1 As the wireless industry explodes, it faces

### RSA signatures and Rabin Williams signatures: the state of the art

RSA signatures and Rabin Williams signatures: the state of the art Daniel J. Bernstein Department of Mathematics, Statistics, and Computer Science (M/C 249) The University of Illinois at Chicago, Chicago,

### A short primer on cryptography

A short primer on cryptography A. V. Atanasov April 14 2007 1 Preliminaries (This section is an introduction to the referred mathematical concepts. Feel free to skip it if you are familiar with the first

### MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS

INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS Kanchupati Kondaiah 1, B.Sudhakar 2 1 M.Tech Student, Dept of CSE,

### Security in Electronic Payment Systems

Security in Electronic Payment Systems Jan L. Camenisch, Jean-Marc Piveteau, Markus A. Stadler Institute for Theoretical Computer Science, ETH Zurich, CH-8092 Zurich e-mail: {camenisch, stadler}@inf.ethz.ch

Group Blind Digital Signatures: Theory and Applications by Zulækar Amin Ramzan Submitted to the Department of Electrical Engineering and Computer Science in partial fulællment of the requirements for the

### Lecture 6 - Cryptography

Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about

### Masao KASAHARA. Public Key Cryptosystem, Error-Correcting Code, Reed-Solomon code, CBPKC, McEliece PKC.

A New Class of Public Key Cryptosystems Constructed Based on Reed-Solomon Codes, K(XII)SEPKC. Along with a presentation of K(XII)SEPKC over the extension field F 2 8 extensively used for present day various

### U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory

### Session Initiation Protocol Attacks and Challenges

2012 IACSIT Hong Kong Conferences IPCSIT vol. 29 (2012) (2012) IACSIT Press, Singapore Session Initiation Protocol Attacks and Challenges Hassan Keshavarz +, Mohammad Reza Jabbarpour Sattari and Rafidah

### Cryptanalysis of a Partially Blind Signature Scheme or How to make \$100 bills with \$1 and \$2 ones

Cryptanalysis of a Partially Blind Signature Scheme or How to make \$100 bills with \$1 and \$2 ones Gwenaëlle Martinet 1, Guillaume Poupard 1, and Philippe Sola 2 1 DCSSI Crypto Lab, 51 boulevard de La Tour-Maubourg

### CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

Cunsheng DING, HKUST Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.

### Public Key (asymmetric) Cryptography

Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

### Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

The : Keeping Eve The Eavesdropper Away From Your Credit Card Information Department of Mathematics North Dakota State University 16 September 2010 Science Cafe Introduction Disclaimer: is not an internet

### RSA and Primality Testing

and Primality Testing Joan Boyar, IMADA, University of Southern Denmark Studieretningsprojekter 2010 1 / 81 Correctness of cryptography cryptography Introduction to number theory Correctness of with 2

### Number Theory and the RSA Public Key Cryptosystem

Number Theory and the RSA Public Key Cryptosystem Minh Van Nguyen nguyenminh2@gmail.com 05 November 2008 This tutorial uses to study elementary number theory and the RSA public key cryptosystem. A number

### Constructing Pairing-Friendly Elliptic Curves with Embedding Degree 10

with Embedding Degree 10 University of California, Berkeley, USA ANTS-VII, 2006 Outline 1 Introduction 2 The CM Method: The Basic Construction The CM Method: Generating Families of Curves 3 Outline 1 Introduction

### ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS

ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS D. Sravana Kumar 1 CH. Suneetha 2 A. ChandrasekhAR 3 1 Reader in Physics, SVLNS Government College, Bheemunipatnam, Visakhapatnam Dt., India skdharanikota@gmail.com