Okamoto–Uchiyama cryptosystem

Okamoto–Uchiyama cryptosystem

The Okamoto–Uchiyama cryptosystem was discovered in 1998 by T. Okamoto and S. Uchiyama. The system works in the group (\mathbb{Z}/n\mathbb{Z})^*, where n is of the form p2q and p and q are large primes.

Contents

Scheme definition

Like many public key cryptosystems, this scheme works in the group (\mathbb{Z}/n\mathbb{Z})^*. A fundamental difference of this cryptosystem is that here n is a of the form p2q, where p and q are large primes. This scheme is homomorphic and hence malleable.

Key generation

A public/private key pair is generated as follows:

  • Generate large primes p and q and set n = p2q.
  • Choose g \in (\mathbb{Z}/n\mathbb{Z})^* such that g^p \neq 1 \mod p^2.
  • Let h = gn mod n.

The public key is then (ngh) and the private key is the factors (pq).

Message encryption

To encrypt a message m, where m is taken to be an element in \mathbb{Z}/n\mathbb{Z}

  • Select r \in \mathbb{Z}/n\mathbb{Z} at random. Set
C = g^m h^r \mod n

Message decryption

If we define L(x) = \frac{x-1}{p}, then decryption becomes

m = \frac{L\left(C^{p-1} \mod p^2\right)}{L\left(g^{p-1} \mod p^2 \right)} \mod p

How the system works

The group

(\Z/n\Z)^* \simeq (\mathbb{Z}/p^2\mathbb{Z})^* \times (\mathbb{Z}/q\mathbb{Z})^*.

The group (\mathbb{Z}/p^2\mathbb{Z})^* has a unique subgroup of order p, call it H. By the uniqueness of H, we must have

H = \{ x : x \equiv 1 \mod p \}.

For any element x in (\mathbb{Z}/p^2\mathbb{Z})^*, we have xp−1 mod p2 is in H, since p divides xp−1 − 1.

The map L should be thought of as a logarithm from the cyclic group H to the additive group \mathbb{Z}/p\mathbb{Z}, and it is easy to check that L(ab) = L(a) + L(b), and that the L is an isomorphism between these two groups. As is the case with the usual logarithm, L(x)/L(g) is, in a sense, the logarithm of x with base g.

We have

(g^mh^r)^{p-1} = (g^m g^{nr})^{p-1} = (g^{p-1})^m g^{p(p-1)rpq} = (g^{p-1})^m \mod p^2.

So to recover m we just need to take the logarithm with base gp−1, which is accomplished by

\frac{L \left( (g^{p-1})^m \right) }{L(g^{p-1})} = m \mod p.

Security

The security of the entire message can be shown to be equivalent to factoring n. The semantic security rests on the p-subgroup assumption, which assumes that it is difficult to determine whether an element x in (\mathbb{Z}/n\mathbb{Z})^* is in the subgroup of order p. This is very similar to the quadratic residuosity problem and the higher residuosity problem.

References

External links

v · d · e Public-key cryptography
Algorithms

Benaloh · Blum–Goldwasser · Cayley–Purser · CEILIDH · Cramer–Shoup · Damgård–Jurik · DH · DSA · EPOC · ECDH · ECDSA · EKE · ElGamal (encryption · signature scheme· GMR · Goldwasser–Micali · HFE · IES · Lamport · McEliece · Merkle–Hellman · MQV · Naccache–Stern · NTRUEncrypt · NTRUSign · Paillier · Rabin · RSA · Okamoto–Uchiyama · Schnorr · Schmidt–Samoa · SPEKE · SRP · STS · Three-pass protocol · XTR
Theory
Standardization

ANS X9F1 · CRYPTREC · IEEE P1363 · NESSIE · NSA Suite B
Topics
v · d · e Cryptography

Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Okamoto-Uchiyama cryptosystem — The Okamoto Uchiyama Cryptosystem was discovered in 1998 by T. Okamoto and S. Uchiyama. The system works in the group (mathbb{Z}/nmathbb{Z})^*, where n is of the form p 2 q . The Okamoto Uchiyama cryptosystem is a precursor to the Paillier… …   Wikipedia

  • Okamoto–Uchiyama-Kryptosystem — Das Okamoto Uchiyama Verschlüsselungssystem ist ein semantisch sicherer, asymmetrischer Verschlüsselungsalgorithmus. Es wurde erstmals im Jahr 1998 von Tatsuaki Okamoto und Shigenori Uchiyama an der Eurocrypt, einer der größten jährlich… …   Deutsch Wikipedia

  • Okamoto — may refer to: 6244 Okamoto, a Main belt Asteroid discovered in 1990 Okamoto Station (Hyōgo), a railway station of the Hankyu Kobe Line in Higashinada ku, Kobe Okamoto–Uchiyama cryptosystem, discovered in 1998 by T. Okamoto and S. Uchiyama Taro… …   Wikipedia

  • Paillier cryptosystem — The Paillier cryptosystem, named after and invented by Pascal Paillier in 1999, is a probabilistic asymmetric algorithm for public key cryptography. The problem of computing n th residue classes is believed to be computationally difficult. This… …   Wikipedia

  • Cramer–Shoup cryptosystem — The Cramer–Shoup system is an asymmetric key encryption algorithm, and was the first efficient scheme proven to be secure against adaptive chosen ciphertext attack using standard cryptographic assumptions. Its security is based on the… …   Wikipedia

  • McEliece cryptosystem — In cryptography, the McEliece cryptosystem is an asymmetric encryption algorithm developed in 1978 by Robert McEliece.[1] It was the first such scheme to use randomization in the encryption process. The algorithm has never gained much acceptance… …   Wikipedia

  • Naccache–Stern cryptosystem — Note: this is not to be confused with the Naccache–Stern knapsack cryptosystem. The Naccache–Stern cryptosystem is a homomorphic public key cryptosystem whose security rests on the higher residuosity problem. The Naccache–Stern cryptosystem was… …   Wikipedia

  • Naccache–Stern knapsack cryptosystem — Note: this is not to be confused with the Naccache–Stern cryptosystem based on the higher residuosity problem. The Naccache–Stern Knapsack Cryptosystem is an atypical public key cryptosystem developed by David Naccache and Jacques Stern in 1997.… …   Wikipedia

  • Niederreiter cryptosystem — In cryptography, the Niederreiter cryptosystem is a variation of the McEliece Cryptosystem developed in 1986 by Harald Niederreiter [1]. It applies the same idea to the parity check matrix H of a linear code. Niederreiter is equivalent to… …   Wikipedia

  • Damgård–Jurik cryptosystem — The Damgård–Jurik cryptosystem[1] is a generalization of the Paillier cryptosystem. It uses computations modulo ns + 1 where n is an RSA modulus and s a (positive) natural number. Paillier s scheme is the special case with s = 1. The order φ(ns + …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”