Okamoto-Uchiyama cryptosystem

The Okamoto-Uchiyama Cryptosystem was discovered in 1998 by T. Okamoto and S. Uchiyama. The system works in the group $(mathbb{Z}/nmathbb{Z})^*$ , where "n" is of the form "p"²"q". The Okamoto-Uchiyama cryptosystem is a precursor to the Paillier cryptosystem, but has mostly been replaced by Paillier's system.

cheme Definition

Like many public key cryptosystems, this scheme works in the group $(mathbb{Z}/nmathbb{Z})^*$ . A fundamental difference of this cryptosystem is that here "n" is a of the form "p"²"q", where "p" and "q" are large primes. This scheme is homomorphic and hence malleable.

Key Generation

A public/private key pair is generated as follows:

*Generate large primes "p" and "q" and set $n=p^2 q$ .
*Choose $g in (mathbb{Z}/nmathbb{Z})^*$ such that "g" has order "(p-1)p" in the subgroup $(mathbb{Z}/p^2mathbb{Z})^*$ .
*Let "h=gⁿ" mod "n".

The public key is then "(n,g,h)" and the private key is the factors "(p,q)".

Message Encryption

To encrypt a message "m", where "m" is taken to be an element in $mathbb{Z}/pmathbb{Z}$

*Select $r in mathbb{Z}/nmathbb{Z}$ at random.Set: $C = g^m h^r mod n$

Message Decryption

If we define $L(x) = frac{x-1}{p}$ , then decryption becomes

: $m = frac{Lleft(C^{p-1} mod p^2
ight)}{Lleft(g^{p-1} mod p^2
ight)} mod p$

How The System Works

The group: $(/n)^* simeq (mathbb{Z}/p^2mathbb{Z})^* imes (mathbb{Z}/qmathbb{Z})^*$ .The group $(mathbb{Z}/p^2mathbb{Z})^*$ has a unique subgroup of order "p", call it "H".By the uniqueness of "H", we must have: $H = { x : x equiv 1 mod p }$ .For any element "x" in $(mathbb{Z}/p^2mathbb{Z})^*$ , we have "x^p-1" mod "p²" is in "H", since"p" divides "x^p-1 - 1".

The map "L" should be thought of as a logarithm from the cyclic group "H" to the additive group $mathbb{Z}/pmathbb{Z}$ ,and it is easy to check that "L(ab) = L(a)+L(b)", and that the "L" is an isomorphism between these two groups. As is the case with the usual logarithm,"L(x)/L(g)" is, in a sense, the logarithm of "x" with base "g".

We have: $(g^mh^r)^{p-1} = (g^m g^{nr})^{p-1} = (g^{p-1})^m g^{p(p-1)rpq} = (g^{p-1})^m mod p^2$ .So to recover "m" we just need to take the logarithm with base "g^p-1", which is accomplished by: $frac{L left( (g^{p-1})^m
ight) }{L(g^{p-1})} = m mod p$ .

ecurity

The security of the "entire" message can be shown to be equivalent to factoring "n". The semantic security rests on the "p"-subgroup assumption, which assumes that it is difficult to determine whether an element "x" in $(mathbb{Z}/nmathbb{Z})^*$ is in the subgroup of order "p". This is very similar to the quadratic residuosity problem and the higher residuosity problem.

References

* [http://citeseer.ist.psu.edu/context/329970/0 Original Paper]

Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

Okamoto–Uchiyama cryptosystem — The Okamoto–Uchiyama cryptosystem was discovered in 1998 by T. Okamoto and S. Uchiyama. The system works in the group , where n is of the form p2q and p and q are large primes. Contents 1 Scheme definition 1.1 Key generation … Wikipedia
Okamoto–Uchiyama-Kryptosystem — Das Okamoto Uchiyama Verschlüsselungssystem ist ein semantisch sicherer, asymmetrischer Verschlüsselungsalgorithmus. Es wurde erstmals im Jahr 1998 von Tatsuaki Okamoto und Shigenori Uchiyama an der Eurocrypt, einer der größten jährlich… … Deutsch Wikipedia
Okamoto — may refer to: 6244 Okamoto, a Main belt Asteroid discovered in 1990 Okamoto Station (Hyōgo), a railway station of the Hankyu Kobe Line in Higashinada ku, Kobe Okamoto–Uchiyama cryptosystem, discovered in 1998 by T. Okamoto and S. Uchiyama Taro… … Wikipedia
Paillier cryptosystem — The Paillier cryptosystem, named after and invented by Pascal Paillier in 1999, is a probabilistic asymmetric algorithm for public key cryptography. The problem of computing n th residue classes is believed to be computationally difficult. This… … Wikipedia
Cramer–Shoup cryptosystem — The Cramer–Shoup system is an asymmetric key encryption algorithm, and was the first efficient scheme proven to be secure against adaptive chosen ciphertext attack using standard cryptographic assumptions. Its security is based on the… … Wikipedia
McEliece cryptosystem — In cryptography, the McEliece cryptosystem is an asymmetric encryption algorithm developed in 1978 by Robert McEliece.[1] It was the first such scheme to use randomization in the encryption process. The algorithm has never gained much acceptance… … Wikipedia
Naccache–Stern cryptosystem — Note: this is not to be confused with the Naccache–Stern knapsack cryptosystem. The Naccache–Stern cryptosystem is a homomorphic public key cryptosystem whose security rests on the higher residuosity problem. The Naccache–Stern cryptosystem was… … Wikipedia
Naccache–Stern knapsack cryptosystem — Note: this is not to be confused with the Naccache–Stern cryptosystem based on the higher residuosity problem. The Naccache–Stern Knapsack Cryptosystem is an atypical public key cryptosystem developed by David Naccache and Jacques Stern in 1997.… … Wikipedia
Niederreiter cryptosystem — In cryptography, the Niederreiter cryptosystem is a variation of the McEliece Cryptosystem developed in 1986 by Harald Niederreiter [1]. It applies the same idea to the parity check matrix H of a linear code. Niederreiter is equivalent to… … Wikipedia
Damgård–Jurik cryptosystem — The Damgård–Jurik cryptosystem[1] is a generalization of the Paillier cryptosystem. It uses computations modulo ns + 1 where n is an RSA modulus and s a (positive) natural number. Paillier s scheme is the special case with s = 1. The order φ(ns + … Wikipedia

Academic Dictionaries and Encyclopedias

Okamoto-Uchiyama cryptosystem

Look at other dictionaries:

Share the article and excerpts

Academic Dictionaries and Encyclopedias

Wikipedia

Okamoto-Uchiyama cryptosystem

Look at other dictionaries:

Share the article and excerpts

Direct link