Content uploaded by Ramzi A. Haraty

Author content

All content in this area was uploaded by Ramzi A. Haraty on Apr 14, 2014

Content may be subject to copyright.

MODIFIED RSA IN THE DOMAINS OF GAUSSIAN INTEGERS AND

POLYNOMIALS OVER FINITE FIELDS

A. N. El-Kassar Ramzi Haraty Y. A. Awad

Department of Division of Computer Department of

Mathematics Science and Mathematics Mathematics

Beirut Arab Lebanese American Lebanese International

University University University

P. O. Box 11-5020 P.O.Box 13-5053 Chouran P. O. Box 5

Beirut, Lebanon Beirut, Lebanon 1102 2801 Lebanon, West Bekaa

E-mail: ak1@bau.edu.lb E-mail : rharaty@lau.edu.lb E-mail: yawad@liu.edu.lb

Abstract

The purpose of this paper is to extend the RSA

public-key encryption scheme from its classical domain

of natural integers Z, to two principal ideal domains,

namely the domain of Gaussian integers, Z[i], and the

domain of polynomials over finite fields, F[x]. The

arithmetic needed for the modifications to these

domains are described. The modified RSA algorithms

are given. Proofs for the new method are provided. The

computational procedures are described and illustrated

in numerical examples. The advantages of new scheme

over the classical are pointed out.

Keywords: RSA public-key cryptosystem, Gaussian

integers, polynomials over finite fields

1 Introduction

The RSA public-key cryptosystem scheme [11],

invented by Rivest, Shamir, and Adleman, is the most

popular and widely used public-key cryptosystem. Its

security is based on the intractability of both the integer

factorization problem and the RSA problem. The RSA

problem, see [9], is the problem of finding an integer m

such that me ≡ c (mod n), where n is a product of two

distinct large odd primes p and q, e is a positive random

integer such that gcd(e,(p−1)(q−1)) = 1, and c is any

integer. That is, the RSA problem is that of finding eth

roots of an integer c modulo a composite integer n.

The classical RSA cryptosystem is described in the

settings of the ring Zn, the ring of integers modulo a

composite integer n = pq, where p and q are two

distinct odd prime integers. Many aspects of arithmetic

over the domain of integers can be carried out to the

domain of Gaussian integers Z[i], the set of all complex

numbers of the form a + bi, where a and b are integers,

and to the domain of polynomials over finite fields F[x].

Recently, El-Kassar et al. [4] modified the ElGamal

public-key encryption schemes from its classical

settings of the domain of natural integers to the domain

of Gaussian integers by extending the arithmetic needed

for the modifications to the domains. A similar

extension to the domain F[x] was given by El-Kassar

and Haraty [5]. Haraty et al. [8] gave a comparative

study of the extended ElGamal cryptographic

algorithms.

In this paper, we present two extensions of the RSA

cryptosystem in the domain of Gaussian and the domain

of polynomials over finite fields by extending the

computational procedures behind the RSA public-key

cryptosystem using arithmetic modulo a Gaussian

integer and arithmetic modulo a polynomial. First, we

review the classical RSA public-key cryptosystem.

Then, we modify the computational methods in the

domain of Gaussian integers and the domain of

polynomials over finite field. Finally, we show how the

modified computational methods can be used to extend

the RSA algorithm to these domains. Also, we show

that the extended algorithms require a little additional

computational effort than the classical one and

accomplish much greater security.

2 Classical RSA Public-Key Cryptosystem

The RSA cryptosystem is described as follows:

entity A generates the public-key by first generating two

large random odd prime integers p and q, each roughly

of the same size. Then, entity A computes the modulus

n = pq and

φ

(n) = (p − 1)(q − 1), where

φ

is Euler’s phi-

function. Next, entity A selects the encryption exponent

e to be any random integer in the interval (1,

φ

(n)), and

which is relatively prime to

φ

(n). Using the extended

Euclidean algorithm for integers, entity A finds the

decryption exponent d, which is the unique inverse of e

in Zn. The public-key is the pair (n, e) and A’s private-

key is the triplet (p, q, d).

To encrypt a message, entity B first represents the

message as an integer m in Zn. Then, entity B obtains

A's public-key (n, e) and use it to compute the cipher

text c ≡ me (mod n) and sends c it to entity A. Now, to

decrypt c, entity A computes m ≡ cd (mod n) and

recovers the original message m.

Example1. In order to generate the public-key, entity A

selects the artificially small primes p = 883 and q = 709.

Then A computes the modulus n = 626047 and

φ

(n) =

624456. Next, A chooses encryption exponent e =

333853 and finds the decryption d = 97213 using the

extended Euclidean algorithm for integers. Therefore,

the public-key is (626047, 333853) and the private-key

is (883, 709, 97213). Now, to encrypt the 10-bit

message 1001110001, entity B represents the message

in decimal notation as m = 625 in Zn, B computes

c ≡ 625333853 (mod 626047) = 274608

and sends it to A. Finally, to decrypt c, A uses the

decryption algorithm to get the original message

m ≡ 27460897213 (mod 626047) = 625.

3 Arithmetic in Z[i]

The domain of Gaussian integers Z[i] is the subring

of the field of complex numbers consisting of all

elements of the form a + bi, where a and b are integers

and i = 1−. For a Gaussian integer γ = a + bi, let δ(γ)

= a2 + b2 be the norm of γ. We say that a nonzero

Gaussian integer β divides a Gaussian integer α if there

γ ∈ Z[i] such that α = γβ. If β divides α in Z[i] then

δ(β) divides δ(α) in Z. A Gaussian integer β is said to

be invertible, or a unit, if there is if there γ ∈ Z[i] such

that 1 = γβ; i.e., β divides 1. The units or invertible

elements of Z[i] are 1, −1, i, and −i. Two elements α

and β in Z[i] are called associates, denoted by α ~ β , if

one is a unit multiple of the other. For instance, the

associates of 1+2i are −1−2i, 2−i and −2+i.

A nonzero nonunit Gaussian integer β is called

prime provided that β divides γ or β divides α whenever

β divides αγ. It is well-known that β is a prime if and

only if β has no proper divisors, that is, the only

divisors of β are the units and the associates, see [6].

Also, if δ(γ) is prime in Z then γ must be a prime in

Z[i]. The Gaussian primes of Z[i], up to associates, see

[8] or [10], are of the form:

i) α = 1 + i;

ii) π = a + bi and π = a

−

bi, where ππ is an odd

prime integer q of the form 4k + 1;

iii) p, where p is an odd prime integer of the form

4k + 3.

Note that π and π in (ii) are not associates.

The domain of Gaussian integers is a factorization

domain in which every nonzero nonunit element can be

expressed as a product of primes. Moreover, this

decomposition is unique up to the order and associates

of the primes. For β ∈ Z[i], the ideal generated by β is

<β> = βZ[i] = {βγ | γ∈ Z[i] }. The coset of a Gaussian

integer α modulo <β>, denoted by α+<β> or [α], is the

set α +<β> = [α] = {α+ γ | γ∈<β>}. Two cosets

α+<β> and γ +<β> are equal if and only if α−γ∈<β>;

in this case both α and γ are representative of the same

coset. The quotient ring of Z[i] modulo <β>, denoted

by Z[i] /<β> or Gβ, is the set of all cosets of <β>. It is

well-known that Z[i] /<β> is a ring, see [7]. A complete

residue system modulo β, denoted by A(β), is any

complete set of distinct representatives from Z[i]/<β>.

Two Gaussian integers α and β, are congruent

modulo a nonzero Gaussian integer η, written as α≡β

(mod η), if α−β divides η. The relation ≡ modulo η is

an equivalence relation. The congruence classes are the

cosets of <β>. We identify Gβ with the complete

residue system modulo β so that Gβ is a ring under

addition and multiplication modulo β. For example,

when β = 1 + 2i, then

Z[i]/<1+2i> = {[0],[1],[2] ,[3],[4]} = G1+2i.

This ring is identified by G1+2i = {0, 1, 2, 3, 4}.

We define the function q(β) to be the order of the

quotient ring Z[i] /<β>. Now, q(βγ) = q(β)q(γ), see [2]

or [3]. J.T. Cross [2] gave a full description for

complete residue systems modulo prime powers of

Gaussian integers. In particular, when p is a Gaussian

prime of the form 4k+3,

Gp = { a+bi | 0 ≤ a ≤ p−1, 0 ≤ b ≤ p−1},

and when π is a factor the odd prime q = ππ with q of

the form 4k+1,

Gπ = { a | 0 ≤ a ≤ q−1}.

For any two nonzero elements γ and β of Z[i], a

complete set of residue system modulo γβ, see [3], is

the set

A(γβ) = {s + r γ : s ∈ A(γ), r ∈ A(β)}.

A greatest common divisor of two Gaussian integers

α and β is a divisor γ = a + bi of both elements α and β

and any other common divisor divides γ. Any two

greatest common divisors α and β are associates so α

and β have four greatest common divisors. The greatest

common divisor α and β, denoted by gcd(α, β), is the

greatest common divisor γ = a + bi with a, b ≥ 0. The

gcd(α, β) can be written as

gcd(α, β) = α γ + β λ,

where the unique coefficients γ and λ can be obtained

by the extend Euclidean algorithm for Gaussian

integers.

For a Gaussian integer β, let *

β

G be those elements

of Gβ that are relatively prime to β; i.e.,

*

β

G= {α∈ Gβ | gcd(α,β) = 1}.

The set *

β

G is called a reduced residue system modulo

β and is the group of units of Gβ. When β is a Gaussian

prime, Gβ is a field and *

β

G is the set of nonzero

elements in Gβ. The number of elements in any reduced

residue system *

β

G, denoted by φ(β), is Euler’s phi

function in Z[i], see [2] or [3]. The φ function is a

multiplicative function; i.e., φ(αβ) = φ(α)φ(β). Also, for

a prime power Gaussian integer, the value of the φ

function is

φ(αn) = 2n − 2n

−

1,

φ(πn) = qn−1(q − 1),

or φ(pn) = p2n−2(p2 − 1).

Thus, the value of φ for any Gaussian integer β can be

obtained from the prime power decomposition of β.

4 Modified RSA In Z[i]

In the domain of Gaussian integers the RSA public-

key scheme is described as follows. Entity A generates

the public-key by first generating two large random

Gaussian primes β and γ and computes η = βγ. If β = π1

and γ = π2, then the complete residue system modulo η

has an order equal q1q2 =

(

)

(

)

2211 ππππ , see [3]. This

choice yields a message space having an order same as

that of the classical case; i.e,

2121 qq

GG Z== ππβγ = q1q2.

Moreover, the order *

βγ

Gis

*

βγ

G=

φ

(η) =

φ

(β)

φ

(γ)

= (q1−1)(q2−1) = *

21qq

Z.

Hence, the length of interval for the exponent e is

(β−1)(γ−1).

If β = π1 = a+bi and γ is an odd prime of the form

4k+3, then the factorization problem of the composite

Gaussian integer η = βγ = aγ+bγi is easy to solve. This

choice is excluded.

If β and γ are both of the form 4k + 3, then the

complete residue system modulo η = βγ is of the form

Gη = {r+s β | r∈Gβ and s∈Gγ}.

It can be shown that this set is precisely

Gη = {a+bi | 0 ≤ a ≤ βγ −1, 0 ≤ b ≤ βγ −1}.

Note that the order of Gη is β2γ2 and that of *

η

G is

φ

(η)

=

φ

(β)

φ

(γ) = (β2−1)(γ2−1). In this case, the message

space is enlarged so that its order is the square of that of

the classical case; that is, 2

βγβγ =ZG. Moreover, the

length of interval for the exponent e is enlarged from

(β−1)(γ−1) to (β2−1)(γ2−1).

Now, entity A selects a random integer e and

determines its unique inverse d ∈ Gη, where gcd(e,

φ

(η))

= 1 and 1 < e, d <

φ

(η). This is done by applying the

extended Euclidean algorithm and writing gcd(e,

φ

(η))

= 1 as ex +

φ

(η)y so that d ≡ x(mod

φ

(η)). The public-

key is (η, e) and the private-key is (β, γ, d).

To encrypt the message m chosen from Gη, entity B

first uses the public-key to compute the cipher text c ≡

me (mod η) and sends it to A.

To decrypt the sent cipher text c, entity A uses the

private-key d to recover the original message by m ≡ cd

(mod η). In the following theorem, we prove that the

decryption scheme actually works.

Theorem 1. Let η be a Gaussian integer and let m, a

ŒGη. Suppose that e is an integer, 1< e <

φ

(η), gcd(e,

φ

(η))=1, and d is the inverse of e modulo

φ

(η). If c ≡ me

(mod η) and a ≡ cd (mod η), then a = m.

Proof: Let η be a Gaussian integer and let m ŒGη.

Suppose that e is an integer with gcd(e,

φ

(η)) = 1 and

1 < e <

φ

(η). Let d be the inverse of e modulo

φ

(η) so

that

ed ≡ 1 (mod

φ

(η)),

and 1 < d <

φ

(η). Since ed ≡ 1 (mod

φ

(η)) in Gη, there

exists an integer k so that ed = 1 + k

φ

(η). Suppose that

c ≡ me (mod η)

and

a ≡ cd (mod η).

Now, we have two cases to discuss.

Case 1: Suppose that gcd(m, η) = 1. Then m∈*

η

G and

by applying Lagrange theorem for finite groups or by

using an extension to Euler's theorem to the domain of

Gaussian integers, see [1], we have

m

φ

(η) ≡ 1 (mod η).

Then,

a ≡ cd ≡ (me)d

≡ m1+k

φ

( η )

≡ m.(m

φ

(β))k ≡ m (mod η).

Hence, a ≡ m (mod η). Since both a and m belong to the

same complete residue system modulo η and a ≡ m

(mod η), we conclude that a = m.

Case 2: Suppose that gcd(m, η) ≠ 1, then gcd(m, η) = β,

gcd(m, η) = γ, or gcd(m, η) = η. If gcd(m, η) = η, then m

≡ 0 (mod η) so that c = a = m = 0.

Suppose that gcd(m, η) = β. Then, m ≡ 0 (mod β).

Any power of m keeps the congruence true. Thus,

m1+kφ(β) ≡ 0 ≡ m (mod β).

Now, gcd(m, η) = β implies that gcd(m, γ) = 1 and

m

φ

(γ ) ≡ 1 (mod γ)

so that

m1+kφ(η) ≡ m1+k

φ

(γ )φ( β)

≡ m.(mφ( β)) k

φ

(γ )

≡ m (mod γ).

Since ed = 1 + k

φ

(η), we have that

d

eed mmm )(≡≡ (mod β),

and

deed mmm )(≡≡ (mod γ).

Hence,

cd ≡ m (mod β),

and

cd ≡ m (mod γ).

Since both β and γ are two distinct Gaussian primes

with (β, γ) = 1, then we have that

cd ≡ m (mod η).

Finally, since both a and m belong to the same complete

residue system modulo the Gaussian integer η, we

conclude that a = m.

The case when gcd(m, η) = η is similar to that of

gcd(m, η) = β. ■

In the following we provide the algorithms for the

RSA crytosystem in Z[i].

Algorithm 1: (RSA Gaussian public-key generation).

1. Generate two distinct large random Gaussian

primes β and γ.

2. Compute η and

φ

(η).

3. Select an integer e in the interval [2,

φ

(η)−1].

4. Use the extended Euclidean algorithm to determine

its inverse d modulo

φ

(η).

5. The public-key is (η, e) and the private-key is

(β,γ,d).

Algorithm 2: (RSA Gaussian public-key encryption)}

1. Obtain the authentic public-key.

2. Represent the message as an integer m in Gη.

3. Compute c ≡ me (mod η) and send it to A.

Algorithm 3: (RSA Gaussian public-key decryption)}

1. Use the private-key d to recover m ≡ cd (mod η).

Example 2. Let β = 27743 and γ = 23291 be two

Gaussian primes of the form 4k + 3. Compute the

product

η = βγ = 646162213

and

φ

(η) = 417525604196912640.

Note that, had we used the classical RSA, n =

646162213 and

φ

(n) = 646111180. Now, Entity A

chooses the integer

e = 16471875800465191,

and uses the extended Euclidean algorithm for integers

to find

d = 200851669617899671

such that ed = 1 in Gη. Hence, A’s public-key is the pair

(646162213, 16471875800465191), and A’s s private-

key is the triplet (27743,23291, 200851669617899671).

Suppose that entity B wants to encrypt the message

1001110001. This representation can be regarded as a

base 1+i representation the Gaussian integer. This

message can be converted to m = 9 + 4 i. Entity B

computes the Gaussian integer me in Gη to get

me = (9 + 4 i) 16471875800465191

≡ 636415678 + 168717186 i (mod η).

Hence, Entity B sends the ciphertext

c = 495038485 + 372009420 i

in Gη entity A.

To decrypt the cipher text c, entity A computes

cd = (495038485 + 372009420 i) d

≡ 4 + 9 i (mod η)

and gets the original message m.

5 RSA Polynomials Cryptosystem

Given a prime number p and a polynomial f(x) of

degree n in the finite field Zp[x] as a product of two

distinct irreducible polynomials in Zp[x], that is f(x) =

h(x)g(x), where h(x) is of degree s and g(x) is of degree

r. The quotient ring of Zp[x] modulo the ideal generated

by f(x), denoted by Zp[x]/< f(x)>, consists of congruence

classes of polynomials of degree less than that of f(x).

The ring Zp[x]/< f(x)> is finite of order pⁿ isomorphic to

the direct sum of Zp[x]/<h(x)> and Zp[x]/<g(x)>; that is,

Zp[x]/< f(x)> ≅ Zp[x]/<h(x)> ⊕ Zp[x]/<g(x)>.

Hence, the group unit U(Zp[x]/< f(x)>) is isomorphic to

the direct product of U(Zp[x]/<h(x)>) and

U(Zp[x]/<g(x)>); that is,

U(Zp[x]/< f(x)>) ≅U(Zp[x]/<h(x)>) ×U(Zp[x]/<g(x)>).

Since h(x) and g(x) are irreducible, the quotient rings

Zp[x]/(<h(x)>) and Zp[x]/<g(x)> are finite fields of

order ps and pr , respectively. Also, the groups of units

U(Zp[x]/<h(x)>) and U(Zp[x]/<g(x)>) are cyclic and of

order φ(h(x)) = ps −1 and

φ

(g(x)) = pr−1, respectively.

Now, given a positive integer e such that (e, φ(f(x)))

= 1 and a polynomial m(x), find a polynomial c(x) such

that c(x) ≡ m(x)e(mod f(x)) in Zp[x]. The polynomials

h(x) and g(x) should be selected so that factoring f(x) =

h(x)g(x) is computationally infeasible.

In the following we present three algorithms for the

RSA public-key encryption scheme over polynomials.

To create an RSA public-key and a corresponding

private-key, Entity A should do the following:

Algorithm 4: (RSA polynomials key generation).

1. Generate a random odd prime integer p.

2. Generate two irreducible polynomial h(x) and g(x)

in Zp[x].

3. Reduce the polynomial f(x) = h(x)g(x) in Zp[x].

4. Compute φ(f(x)) = (ps − 1)( p

r − 1) the order of

U(Zp[x]/<f(x)>).

5. Select an integer e in the interval [2,

φ

(f(x))−1]

such that (e,

φ

(f(x))) = 1.

6. Use the extended Euclidean algorithm to determine

its inverse d modulo

φ

(f(x)).

7. A's public-key is (p, f(x), e), A's private-key is

(p, d, g(x), h(x)).

The following algorithm shows how entity B encrypts a

message m(x) for A. Entity B should do the following:

Algorithm 5: (RSA polynomials encryption)

1. Receive A's authentic public-key (p, f(x), e).

2. Represent the message as a polynomial m(x) in the

complete residue system modulo f(x) in Zp[x].

3. Compute the polynomial c(x) ≡ m(x)e (mod f(x)) in

Zp[x].

4. Send the ciphertext c(x) to A.

The following algorithm shows how entity A decrypts

the sent ciphertext c(x) and recovers the real message

m(x). Entity A should do the following:

Algorithm 5: (RSA polynomials decryption)

1. Receive the ciphertext c(x) from B.

2. Use the private-key d to recover m(x) by reducing

c(x)d (mod f(x)) in Zp[x].

Let a(x) be a polynomial in the complete residue system

modulo f(x) in Zp[x]. If a(x) ≡ c(x)d(mod f(x)), then a(x)

= m(x).

In the following theorem, we prove that the decryption

scheme actually works.

Theorem 2. Let a(x) be a polynomial in the complete

residue system modulo f(x) in Zp[x]. If a(x) ≡ c(x)d (mod

f(x)), then a(x) = m(x).

Proof: Let a(x) be a polynomial in the complete residue

system modulo f(x) in Zp[x] such that a(x) ≡ c(x)d (mod

f(x)). Since e.d ≡ 1(mod

φ

(f(x))), then there exists an

integer k such that e.d = 1+k

φ

(f(x). Suppose that

gcd(m(x), f(x)) = 1. Then

a(x) ≡ c(x) d (mod f(x))

≡ (m(x)e)d (mod f(x))

≡ m(x)ed (mod f(x))

≡ m(x)1+k

φ

(f(x)) (mod f(x))

≡ m(x).m(x)k

φ

(f(x)) (mod f(x))

Since gcd(m(x), f(x)) = 1, Euler's theorem gives that

m(x)

φ

(f(x)) ≡ 1 (mod f(x))

and

a(x) ≡ m(x)(mod f(x)).

Now suppose that gcd(m(x), f(x)) ≠ 1. Then, either

gcd(m(x), f(x)) = f(x), gcd(m(x), f(x)) = g(x) or gcd(m(x),

f(x)) = h(x). If gcd(m(x), f(x)) = f(x), then

m(x) ≡ 0 ≡ m(x)ed (mod f(x))

≡ c(x)d ≡ a(x) (mod f(x)).

If gcd(m(x), f(x)) = g(x), then g(x) divides m(x) and

m(x) ≡ 0 ≡ m(x)ed (mod g(x))

≡ c(x)d ≡ a(x) (mod g(x)).

Since gcd(m(x), f(x)) = g(x) and gcd(m(x), f(x)) ≠ f(x),

we have gcd(m(x), h(x)) = 1. Now

e.d = 1+k

φ

(f(x)) = 1+k(ps − 1)( pr − 1)

= 1+k’ ( pr − 1) = 1+k’

φ

(h(x)).

Hence,

a(x) ≡ c(x) d (mod h(x))

≡ m(x)ed (mod h(x))

≡ m(x)1+k’

φ

(h(x)) (mod h(x))

≡ m(x).m(x)k’

φ

(h(x)) (mod h(x))

Since gcd(m(x), h(x)) = 1, Euler's theorem gives that

m(x)

φ

(h(x)) ≡ 1 (mod h(x))

and

a(x) ≡ m(x)(mod h(x)).

Since h(x) and g(x) are two distinct irreducible

polynomials belonging to the ring Zp[x], which is a

principle ideal domain, it follows that h(x) and g(x) are

prime polynomials. Therefore,

a(x) ≡ m(x)(mod g(x)) and a(x) ≡ m(x)(mod h(x))

implies that a(x) ≡ m(x)(mod f(x)). A similar argument

shows that a(x) ≡ m(x)(mod f(x)) when gcd(m(x), f(x)) =

g(x). Hence, the last congruence is always true. Finally,

since m(x) and a(x) belong to the same complete residue

system modulo f(x) in Zp[x], we have that a(x) = m(x). ■

Next we present an example illustrating the RSA

scheme over polynomials.

Example 3. (RSA polynomials encryption with small

parameters)

Let p = 101. Entity A chooses the two irreducible

polynomials h(x) = 18x² + 71x + 88 and g(x) = 28x³ +

83x² + 3x + 95 in Z101[x]. Reducing the polynomial f(x)

= h(x)g(x) in Z101[x], we get f(x) = 100x⁵+ 48x⁴+28x³+

36x² + 40x + 78. Compute

φ

(f(x)) = (101³ −1)(101² −1)

= 10509060000. Then, entity A chooses the integer e =

2580882461 such that (e ,

φ

(f(x))) = 1 and 1 < e <

φ

(f(x)). Using the extended Euclidean algorithm for

integers to find d = 4894193141 such that ed ≡ 1(mod

φ

(f(x))) in Z101[x]. Hence, A's public-key is

(p = 101, f(x) = 100x⁵+ 48x⁴+ 28x³ + 36x² + 40x + 78,

e = 2580882461)

and A's private-key is

(p = 101, d = 4894193141, g(x) = 28x³ + 83x² + 3x + 95,

h(x) = 18x² + 71x + 88).

To encrypt the message m(x) = 1 + x + 3x², entity B

reduces the polynomial

c(x) = m(x)e = (1 + x + 3x²)2580882461

≡ 8x⁴+ 98x³ + 39x² + 90x +40 (mod f(x))

in Z101[x] and sends it to entity A.

To decrypt the ciphertext c(x) = 8x⁴+ 98x³ + 39x² +

90x + 40, A reduces

a(x) = c(x)d = (8x⁴ + 98x³ +39x² + 90x + 40)4894193141

≡ 1 + x + 3x² (mod f(x))

in Z101[x] to recover the original message m(x).

5 Conclusion

Arithmetic needed for the RSA cryptosystem in the

domains of Gaussian integers and polynomials over

finite fields were modified and computational

procedures were described. There are advantages for the

new schemes over the classical one. First, generating

the odd prime numbers in both the classical and the

modified methods requires the same amount of efforts.

Second, the modified method provides an extension to

the range of chosen messages and the trials will be more

complicated. This is due to the fact that the complete

residue system Zn has pq elements, while the complete

residue system Gη has δ(η) = p2q2 elements and the

complete residue system Zp[x]/<f(x)> has pspr elements.

Third, in Zn,, Euler phi function is

φ

(n) = (p − 1)(q − 1),

in Z[i] is

φ

(

η

) = (p2 − 1)(q2 − 1), and in Zp[x]/<f(x)> is

φ

(f(x)) = (ps − 1)( pr − 1) so that an attempt to find the

private key d from the public key (RSA problem) is

more complicated. Finally, we note that the

computations involved in the modified methods do not

require computational procedures that are different from

those used in the classical method.

5 REFERENCES

[1] Y. A. Awad, '' MSc Thesis '', Beirut Arab

University, 2002.

[2] J. T. Cross, ''The Euler's

φ

-function in the Gaussian

integers'', Amer. Math. Monthly vol. 90, pp. 518-528,

1983.

[3] A. N. El-Kassar, ''Doctorate Dissertation'',

University of Southwestern Louisiana, 1991.

[4] A. N. El-Kassar, Mohamed Rizk, N. M. Mirza, Y.

A. Awad, “El-Gamal public key cryptosystem in the

domain of Gaussian integers”, Int. J. Appl. Math., vol. 7

no. 4, pp. 405-412, 2001.

[5] A. N. El-Kassar, Ramzi A. Haraty, “ElGamal

Public-Key Cryptosystem Using Reducible Polynomials

Over a Finite Field”, IASSE 2004, pp. 189-194, 2004.

[6] A. R. Kenneth, ''Elementary number theory and its

applications'', AT&T Bell Laboratories in Murray Hill,

New Jersey, 1988.

[7] J. A. Gallian, ''Contemporary abstract algebra'', 4th

edition, Houghton Mifflin Company, Boston, 1998.

[8] Ramzi A. Haraty, Hadi Otrok, A. N. El-Kassar, “A

Comparative Study of ElGamal Based Cryptographic

Algorithms”, ICEIS vol. 3 , pp. 79-84, 2004.

[9] A. J. Menezes, P. C. Van Orshot, S. A. Vanstone,

''Handbook of Applied Cryptography'', CRC press,

1997.

[10] I. Niven, H. S. Zukerman, and H. L. Montegomery,

''An introduction to the theory of numbers'', 5th ed., John

Wiley, New York, 1991.

[11] R. Rivest, A. Shamir, L. Aldeman, ''A method for

obtaining digital signatures and public key

cryptosystems'', Communications of the ACM 21, 2, pp.

120-126, 1978.