Conference PaperPDF Available

Modified RSA in the Domains of Gaussian Integers and Polynomials Over Finite Fields.

Authors:

Abstract

The purpose of this paper is to extend the RSA public-key encryption scheme from its classical domain of natural integers Z, to two principal ideal domains, namely the domain of Gaussian integers, Z[i], and the domain of polynomials over finite fields, F[x]. The arithmetic needed for the modifications to these domains are described. The modified RSA algorithms are given. Proofs for the new method are provided. The computational procedures are described and illustrated in numerical examples. The advantages of new scheme over the classical are pointed out.
MODIFIED RSA IN THE DOMAINS OF GAUSSIAN INTEGERS AND
POLYNOMIALS OVER FINITE FIELDS
A. N. El-Kassar Ramzi Haraty Y. A. Awad
Department of Division of Computer Department of
Mathematics Science and Mathematics Mathematics
Beirut Arab Lebanese American Lebanese International
University University University
P. O. Box 11-5020 P.O.Box 13-5053 Chouran P. O. Box 5
Beirut, Lebanon Beirut, Lebanon 1102 2801 Lebanon, West Bekaa
E-mail: ak1@bau.edu.lb E-mail : rharaty@lau.edu.lb E-mail: yawad@liu.edu.lb
Abstract
The purpose of this paper is to extend the RSA
public-key encryption scheme from its classical domain
of natural integers Z, to two principal ideal domains,
namely the domain of Gaussian integers, Z[i], and the
domain of polynomials over finite fields, F[x]. The
arithmetic needed for the modifications to these
domains are described. The modified RSA algorithms
are given. Proofs for the new method are provided. The
computational procedures are described and illustrated
in numerical examples. The advantages of new scheme
over the classical are pointed out.
Keywords: RSA public-key cryptosystem, Gaussian
integers, polynomials over finite fields
1 Introduction
The RSA public-key cryptosystem scheme [11],
invented by Rivest, Shamir, and Adleman, is the most
popular and widely used public-key cryptosystem. Its
security is based on the intractability of both the integer
factorization problem and the RSA problem. The RSA
problem, see [9], is the problem of finding an integer m
such that me c (mod n), where n is a product of two
distinct large odd primes p and q, e is a positive random
integer such that gcd(e,(p1)(q1)) = 1, and c is any
integer. That is, the RSA problem is that of finding eth
roots of an integer c modulo a composite integer n.
The classical RSA cryptosystem is described in the
settings of the ring Zn, the ring of integers modulo a
composite integer n = pq, where p and q are two
distinct odd prime integers. Many aspects of arithmetic
over the domain of integers can be carried out to the
domain of Gaussian integers Z[i], the set of all complex
numbers of the form a + bi, where a and b are integers,
and to the domain of polynomials over finite fields F[x].
Recently, El-Kassar et al. [4] modified the ElGamal
public-key encryption schemes from its classical
settings of the domain of natural integers to the domain
of Gaussian integers by extending the arithmetic needed
for the modifications to the domains. A similar
extension to the domain F[x] was given by El-Kassar
and Haraty [5]. Haraty et al. [8] gave a comparative
study of the extended ElGamal cryptographic
algorithms.
In this paper, we present two extensions of the RSA
cryptosystem in the domain of Gaussian and the domain
of polynomials over finite fields by extending the
computational procedures behind the RSA public-key
cryptosystem using arithmetic modulo a Gaussian
integer and arithmetic modulo a polynomial. First, we
review the classical RSA public-key cryptosystem.
Then, we modify the computational methods in the
domain of Gaussian integers and the domain of
polynomials over finite field. Finally, we show how the
modified computational methods can be used to extend
the RSA algorithm to these domains. Also, we show
that the extended algorithms require a little additional
computational effort than the classical one and
accomplish much greater security.
2 Classical RSA Public-Key Cryptosystem
The RSA cryptosystem is described as follows:
entity A generates the public-key by first generating two
large random odd prime integers p and q, each roughly
of the same size. Then, entity A computes the modulus
n = pq and
φ
(n) = (p 1)(q 1), where
φ
is Euler’s phi-
function. Next, entity A selects the encryption exponent
e to be any random integer in the interval (1,
φ
(n)), and
which is relatively prime to
φ
(n). Using the extended
Euclidean algorithm for integers, entity A finds the
decryption exponent d, which is the unique inverse of e
in Zn. The public-key is the pair (n, e) and A’s private-
key is the triplet (p, q, d).
To encrypt a message, entity B first represents the
message as an integer m in Zn. Then, entity B obtains
A's public-key (n, e) and use it to compute the cipher
text c me (mod n) and sends c it to entity A. Now, to
decrypt c, entity A computes m cd (mod n) and
recovers the original message m.
Example1. In order to generate the public-key, entity A
selects the artificially small primes p = 883 and q = 709.
Then A computes the modulus n = 626047 and
φ
(n) =
624456. Next, A chooses encryption exponent e =
333853 and finds the decryption d = 97213 using the
extended Euclidean algorithm for integers. Therefore,
the public-key is (626047, 333853) and the private-key
is (883, 709, 97213). Now, to encrypt the 10-bit
message 1001110001, entity B represents the message
in decimal notation as m = 625 in Zn, B computes
c 625333853 (mod 626047) = 274608
and sends it to A. Finally, to decrypt c, A uses the
decryption algorithm to get the original message
m 27460897213 (mod 626047) = 625.
3 Arithmetic in Z[i]
The domain of Gaussian integers Z[i] is the subring
of the field of complex numbers consisting of all
elements of the form a + bi, where a and b are integers
and i = 1. For a Gaussian integer γ = a + bi, let δ(γ)
= a2 + b2 be the norm of γ. We say that a nonzero
Gaussian integer β divides a Gaussian integer α if there
γ Z[i] such that α = γβ. If β divides α in Z[i] then
δ(β) divides δ(α) in Z. A Gaussian integer β is said to
be invertible, or a unit, if there is if there γ Z[i] such
that 1 = γβ; i.e., β divides 1. The units or invertible
elements of Z[i] are 1, 1, i, and i. Two elements α
and β in Z[i] are called associates, denoted by α ~ β , if
one is a unit multiple of the other. For instance, the
associates of 1+2i are 12i, 2i and 2+i.
A nonzero nonunit Gaussian integer β is called
prime provided that β divides γ or β divides α whenever
β divides αγ. It is well-known that β is a prime if and
only if β has no proper divisors, that is, the only
divisors of β are the units and the associates, see [6].
Also, if δ(γ) is prime in Z then γ must be a prime in
Z[i]. The Gaussian primes of Z[i], up to associates, see
[8] or [10], are of the form:
i) α = 1 + i;
ii) π = a + bi and π = a
bi, where ππ is an odd
prime integer q of the form 4k + 1;
iii) p, where p is an odd prime integer of the form
4k + 3.
Note that π and π in (ii) are not associates.
The domain of Gaussian integers is a factorization
domain in which every nonzero nonunit element can be
expressed as a product of primes. Moreover, this
decomposition is unique up to the order and associates
of the primes. For β Z[i], the ideal generated by β is
<β> = βZ[i] = {βγ | γ∈ Z[i] }. The coset of a Gaussian
integer α modulo <β>, denoted by α+<β> or [α], is the
set α +<β> = [α] = {α+ γ | γ∈<β>}. Two cosets
α+<β> and γ +<β> are equal if and only if α−γ<β>;
in this case both α and γ are representative of the same
coset. The quotient ring of Z[i] modulo <β>, denoted
by Z[i] /<β> or Gβ, is the set of all cosets of <β>. It is
well-known that Z[i] /<β> is a ring, see [7]. A complete
residue system modulo β, denoted by A(β), is any
complete set of distinct representatives from Z[i]/<β>.
Two Gaussian integers α and β, are congruent
modulo a nonzero Gaussian integer η, written as α≡β
(mod η), if α−β divides η. The relation modulo η is
an equivalence relation. The congruence classes are the
cosets of <β>. We identify Gβ with the complete
residue system modulo β so that Gβ is a ring under
addition and multiplication modulo β. For example,
when β = 1 + 2i, then
Z[i]/<1+2i> = {[0],[1],[2] ,[3],[4]} = G1+2i.
This ring is identified by G1+2i = {0, 1, 2, 3, 4}.
We define the function q(β) to be the order of the
quotient ring Z[i] /<β>. Now, q(βγ) = q(β)q(γ), see [2]
or [3]. J.T. Cross [2] gave a full description for
complete residue systems modulo prime powers of
Gaussian integers. In particular, when p is a Gaussian
prime of the form 4k+3,
Gp = { a+bi | 0 a p1, 0 b p1},
and when π is a factor the odd prime q = ππ with q of
the form 4k+1,
Gπ = { a | 0 a q1}.
For any two nonzero elements γ and β of Z[i], a
complete set of residue system modulo γβ, see [3], is
the set
A(γβ) = {s + r γ : s A(γ), r A(β)}.
A greatest common divisor of two Gaussian integers
α and β is a divisor γ = a + bi of both elements α and β
and any other common divisor divides γ. Any two
greatest common divisors α and β are associates so α
and β have four greatest common divisors. The greatest
common divisor α and β, denoted by gcd(α, β), is the
greatest common divisor γ = a + bi with a, b 0. The
gcd(α, β) can be written as
gcd(α, β) = α γ + β λ,
where the unique coefficients γ and λ can be obtained
by the extend Euclidean algorithm for Gaussian
integers.
For a Gaussian integer β, let *
β
G be those elements
of Gβ that are relatively prime to β; i.e.,
*
β
G= {α∈ Gβ | gcd(α,β) = 1}.
The set *
β
G is called a reduced residue system modulo
β and is the group of units of Gβ. When β is a Gaussian
prime, Gβ is a field and *
β
G is the set of nonzero
elements in Gβ. The number of elements in any reduced
residue system *
β
G, denoted by φ(β), is Euler’s phi
function in Z[i], see [2] or [3]. The φ function is a
multiplicative function; i.e., φ(αβ) = φ(α)φ(β). Also, for
a prime power Gaussian integer, the value of the φ
function is
φ(αn) = 2n 2n
1,
φ(πn) = qn1(q 1),
or φ(pn) = p2n2(p2 1).
Thus, the value of φ for any Gaussian integer β can be
obtained from the prime power decomposition of β.
4 Modified RSA In Z[i]
In the domain of Gaussian integers the RSA public-
key scheme is described as follows. Entity A generates
the public-key by first generating two large random
Gaussian primes β and γ and computes η = βγ. If β = π1
and γ = π2, then the complete residue system modulo η
has an order equal q1q2 =
(
)
(
)
2211 ππππ , see [3]. This
choice yields a message space having an order same as
that of the classical case; i.e,
2121 qq
GG Z== ππβγ = q1q2.
Moreover, the order *
βγ
Gis
*
βγ
G=
φ
(η) =
φ
(β)
φ
(γ)
= (q11)(q21) = *
21qq
Z.
Hence, the length of interval for the exponent e is
(β1)(γ1).
If β = π1 = a+bi and γ is an odd prime of the form
4k+3, then the factorization problem of the composite
Gaussian integer η = βγ = aγ+bγi is easy to solve. This
choice is excluded.
If β and γ are both of the form 4k + 3, then the
complete residue system modulo η = βγ is of the form
Gη = {r+s β | rGβ and sGγ}.
It can be shown that this set is precisely
Gη = {a+bi | 0 a βγ 1, 0 b βγ 1}.
Note that the order of Gη is β2γ2 and that of *
η
G is
φ
(η)
=
φ
(β)
φ
(γ) = (β21)(γ21). In this case, the message
space is enlarged so that its order is the square of that of
the classical case; that is, 2
βγβγ =ZG. Moreover, the
length of interval for the exponent e is enlarged from
(β1)(γ1) to (β21)(γ21).
Now, entity A selects a random integer e and
determines its unique inverse d Gη, where gcd(e,
φ
(η))
= 1 and 1 < e, d <
φ
(η). This is done by applying the
extended Euclidean algorithm and writing gcd(e,
φ
(η))
= 1 as ex +
φ
(η)y so that d x(mod
φ
(η)). The public-
key is (η, e) and the private-key is (β, γ, d).
To encrypt the message m chosen from Gη, entity B
first uses the public-key to compute the cipher text c
me (mod η) and sends it to A.
To decrypt the sent cipher text c, entity A uses the
private-key d to recover the original message by m cd
(mod η). In the following theorem, we prove that the
decryption scheme actually works.
Theorem 1. Let η be a Gaussian integer and let m, a
ŒGη. Suppose that e is an integer, 1< e <
φ
(η), gcd(e,
φ
(η))=1, and d is the inverse of e modulo
φ
(η). If c me
(mod η) and a cd (mod η), then a = m.
Proof: Let η be a Gaussian integer and let m ŒGη.
Suppose that e is an integer with gcd(e,
φ
(η)) = 1 and
1 < e <
φ
(η). Let d be the inverse of e modulo
φ
(η) so
that
ed 1 (mod
φ
(η)),
and 1 < d <
φ
(η). Since ed 1 (mod
φ
(η)) in Gη, there
exists an integer k so that ed = 1 + k
φ
(η). Suppose that
c me (mod η)
and
a cd (mod η).
Now, we have two cases to discuss.
Case 1: Suppose that gcd(m, η) = 1. Then m*
η
G and
by applying Lagrange theorem for finite groups or by
using an extension to Euler's theorem to the domain of
Gaussian integers, see [1], we have
m
φ
(η) 1 (mod η).
Then,
a cd (me)d
m1+k
φ
( η )
m.(m
φ
(β))k m (mod η).
Hence, a m (mod η). Since both a and m belong to the
same complete residue system modulo η and a m
(mod η), we conclude that a = m.
Case 2: Suppose that gcd(m, η) 1, then gcd(m, η) = β,
gcd(m, η) = γ, or gcd(m, η) = η. If gcd(m, η) = η, then m
0 (mod η) so that c = a = m = 0.
Suppose that gcd(m, η) = β. Then, m 0 (mod β).
Any power of m keeps the congruence true. Thus,
m1+kφ(β) 0 m (mod β).
Now, gcd(m, η) = β implies that gcd(m, γ) = 1 and
m
φ
(γ ) 1 (mod γ)
so that
m1+kφ(η) m1+k
φ
(γ )φ( β)
m.(mφ( β)) k
φ
(γ )
m (mod γ).
Since ed = 1 + k
φ
(η), we have that
d
eed mmm )( (mod β),
and
deed mmm )( (mod γ).
Hence,
cd m (mod β),
and
cd m (mod γ).
Since both β and γ are two distinct Gaussian primes
with (β, γ) = 1, then we have that
cd m (mod η).
Finally, since both a and m belong to the same complete
residue system modulo the Gaussian integer η, we
conclude that a = m.
The case when gcd(m, η) = η is similar to that of
gcd(m, η) = β.
In the following we provide the algorithms for the
RSA crytosystem in Z[i].
Algorithm 1: (RSA Gaussian public-key generation).
1. Generate two distinct large random Gaussian
primes β and γ.
2. Compute η and
φ
(η).
3. Select an integer e in the interval [2,
φ
(η)1].
4. Use the extended Euclidean algorithm to determine
its inverse d modulo
φ
(η).
5. The public-key is (η, e) and the private-key is
(β,γ,d).
Algorithm 2: (RSA Gaussian public-key encryption)}
1. Obtain the authentic public-key.
2. Represent the message as an integer m in Gη.
3. Compute c me (mod η) and send it to A.
Algorithm 3: (RSA Gaussian public-key decryption)}
1. Use the private-key d to recover m cd (mod η).
Example 2. Let β = 27743 and γ = 23291 be two
Gaussian primes of the form 4k + 3. Compute the
product
η = βγ = 646162213
and
φ
(η) = 417525604196912640.
Note that, had we used the classical RSA, n =
646162213 and
φ
(n) = 646111180. Now, Entity A
chooses the integer
e = 16471875800465191,
and uses the extended Euclidean algorithm for integers
to find
d = 200851669617899671
such that ed = 1 in Gη. Hence, A’s public-key is the pair
(646162213, 16471875800465191), and A’s s private-
key is the triplet (27743,23291, 200851669617899671).
Suppose that entity B wants to encrypt the message
1001110001. This representation can be regarded as a
base 1+i representation the Gaussian integer. This
message can be converted to m = 9 + 4 i. Entity B
computes the Gaussian integer me in Gη to get
me = (9 + 4 i) 16471875800465191
636415678 + 168717186 i (mod η).
Hence, Entity B sends the ciphertext
c = 495038485 + 372009420 i
in Gη entity A.
To decrypt the cipher text c, entity A computes
cd = (495038485 + 372009420 i) d
4 + 9 i (mod η)
and gets the original message m.
5 RSA Polynomials Cryptosystem
Given a prime number p and a polynomial f(x) of
degree n in the finite field Zp[x] as a product of two
distinct irreducible polynomials in Zp[x], that is f(x) =
h(x)g(x), where h(x) is of degree s and g(x) is of degree
r. The quotient ring of Zp[x] modulo the ideal generated
by f(x), denoted by Zp[x]/< f(x)>, consists of congruence
classes of polynomials of degree less than that of f(x).
The ring Zp[x]/< f(x)> is finite of order p isomorphic to
the direct sum of Zp[x]/<h(x)> and Zp[x]/<g(x)>; that is,
Zp[x]/< f(x)> Zp[x]/<h(x)> Zp[x]/<g(x)>.
Hence, the group unit U(Zp[x]/< f(x)>) is isomorphic to
the direct product of U(Zp[x]/<h(x)>) and
U(Zp[x]/<g(x)>); that is,
U(Zp[x]/< f(x)>) U(Zp[x]/<h(x)>) ×U(Zp[x]/<g(x)>).
Since h(x) and g(x) are irreducible, the quotient rings
Zp[x]/(<h(x)>) and Zp[x]/<g(x)> are finite fields of
order ps and pr , respectively. Also, the groups of units
U(Zp[x]/<h(x)>) and U(Zp[x]/<g(x)>) are cyclic and of
order φ(h(x)) = ps 1 and
φ
(g(x)) = pr1, respectively.
Now, given a positive integer e such that (e, φ(f(x)))
= 1 and a polynomial m(x), find a polynomial c(x) such
that c(x) m(x)e(mod f(x)) in Zp[x]. The polynomials
h(x) and g(x) should be selected so that factoring f(x) =
h(x)g(x) is computationally infeasible.
In the following we present three algorithms for the
RSA public-key encryption scheme over polynomials.
To create an RSA public-key and a corresponding
private-key, Entity A should do the following:
Algorithm 4: (RSA polynomials key generation).
1. Generate a random odd prime integer p.
2. Generate two irreducible polynomial h(x) and g(x)
in Zp[x].
3. Reduce the polynomial f(x) = h(x)g(x) in Zp[x].
4. Compute φ(f(x)) = (ps 1)( p
r 1) the order of
U(Zp[x]/<f(x)>).
5. Select an integer e in the interval [2,
φ
(f(x))1]
such that (e,
φ
(f(x))) = 1.
6. Use the extended Euclidean algorithm to determine
its inverse d modulo
φ
(f(x)).
7. A's public-key is (p, f(x), e), A's private-key is
(p, d, g(x), h(x)).
The following algorithm shows how entity B encrypts a
message m(x) for A. Entity B should do the following:
Algorithm 5: (RSA polynomials encryption)
1. Receive A's authentic public-key (p, f(x), e).
2. Represent the message as a polynomial m(x) in the
complete residue system modulo f(x) in Zp[x].
3. Compute the polynomial c(x) m(x)e (mod f(x)) in
Zp[x].
4. Send the ciphertext c(x) to A.
The following algorithm shows how entity A decrypts
the sent ciphertext c(x) and recovers the real message
m(x). Entity A should do the following:
Algorithm 5: (RSA polynomials decryption)
1. Receive the ciphertext c(x) from B.
2. Use the private-key d to recover m(x) by reducing
c(x)d (mod f(x)) in Zp[x].
Let a(x) be a polynomial in the complete residue system
modulo f(x) in Zp[x]. If a(x) c(x)d(mod f(x)), then a(x)
= m(x).
In the following theorem, we prove that the decryption
scheme actually works.
Theorem 2. Let a(x) be a polynomial in the complete
residue system modulo f(x) in Zp[x]. If a(x) c(x)d (mod
f(x)), then a(x) = m(x).
Proof: Let a(x) be a polynomial in the complete residue
system modulo f(x) in Zp[x] such that a(x) c(x)d (mod
f(x)). Since e.d 1(mod
φ
(f(x))), then there exists an
integer k such that e.d = 1+k
φ
(f(x). Suppose that
gcd(m(x), f(x)) = 1. Then
a(x) c(x) d (mod f(x))
(m(x)e)d (mod f(x))
m(x)ed (mod f(x))
m(x)1+k
φ
(f(x)) (mod f(x))
m(x).m(x)k
φ
(f(x)) (mod f(x))
Since gcd(m(x), f(x)) = 1, Euler's theorem gives that
m(x)
φ
(f(x)) 1 (mod f(x))
and
a(x) m(x)(mod f(x)).
Now suppose that gcd(m(x), f(x)) 1. Then, either
gcd(m(x), f(x)) = f(x), gcd(m(x), f(x)) = g(x) or gcd(m(x),
f(x)) = h(x). If gcd(m(x), f(x)) = f(x), then
m(x) 0 m(x)ed (mod f(x))
c(x)d a(x) (mod f(x)).
If gcd(m(x), f(x)) = g(x), then g(x) divides m(x) and
m(x) 0 m(x)ed (mod g(x))
c(x)d a(x) (mod g(x)).
Since gcd(m(x), f(x)) = g(x) and gcd(m(x), f(x)) f(x),
we have gcd(m(x), h(x)) = 1. Now
e.d = 1+k
φ
(f(x)) = 1+k(ps 1)( pr 1)
= 1+k’ ( pr 1) = 1+k’
φ
(h(x)).
Hence,
a(x) c(x) d (mod h(x))
m(x)ed (mod h(x))
m(x)1+k’
φ
(h(x)) (mod h(x))
m(x).m(x)k’
φ
(h(x)) (mod h(x))
Since gcd(m(x), h(x)) = 1, Euler's theorem gives that
m(x)
φ
(h(x)) 1 (mod h(x))
and
a(x) m(x)(mod h(x)).
Since h(x) and g(x) are two distinct irreducible
polynomials belonging to the ring Zp[x], which is a
principle ideal domain, it follows that h(x) and g(x) are
prime polynomials. Therefore,
a(x) m(x)(mod g(x)) and a(x) m(x)(mod h(x))
implies that a(x) m(x)(mod f(x)). A similar argument
shows that a(x) m(x)(mod f(x)) when gcd(m(x), f(x)) =
g(x). Hence, the last congruence is always true. Finally,
since m(x) and a(x) belong to the same complete residue
system modulo f(x) in Zp[x], we have that a(x) = m(x).
Next we present an example illustrating the RSA
scheme over polynomials.
Example 3. (RSA polynomials encryption with small
parameters)
Let p = 101. Entity A chooses the two irreducible
polynomials h(x) = 18x² + 71x + 88 and g(x) = 28x³ +
83x² + 3x + 95 in Z101[x]. Reducing the polynomial f(x)
= h(x)g(x) in Z101[x], we get f(x) = 100x+ 48x+28x³+
36x² + 40x + 78. Compute
φ
(f(x)) = (101³ 1)(101² 1)
= 10509060000. Then, entity A chooses the integer e =
2580882461 such that (e ,
φ
(f(x))) = 1 and 1 < e <
φ
(f(x)). Using the extended Euclidean algorithm for
integers to find d = 4894193141 such that ed 1(mod
φ
(f(x))) in Z101[x]. Hence, A's public-key is
(p = 101, f(x) = 100x+ 48x+ 28x³ + 36x² + 40x + 78,
e = 2580882461)
and A's private-key is
(p = 101, d = 4894193141, g(x) = 28x³ + 83x² + 3x + 95,
h(x) = 18x² + 71x + 88).
To encrypt the message m(x) = 1 + x + 3x², entity B
reduces the polynomial
c(x) = m(x)e = (1 + x + 3x²)2580882461
8x+ 98x³ + 39x² + 90x +40 (mod f(x))
in Z101[x] and sends it to entity A.
To decrypt the ciphertext c(x) = 8x+ 98x³ + 39x² +
90x + 40, A reduces
a(x) = c(x)d = (8x + 98x³ +39x² + 90x + 40)4894193141
1 + x + 3x² (mod f(x))
in Z101[x] to recover the original message m(x).
5 Conclusion
Arithmetic needed for the RSA cryptosystem in the
domains of Gaussian integers and polynomials over
finite fields were modified and computational
procedures were described. There are advantages for the
new schemes over the classical one. First, generating
the odd prime numbers in both the classical and the
modified methods requires the same amount of efforts.
Second, the modified method provides an extension to
the range of chosen messages and the trials will be more
complicated. This is due to the fact that the complete
residue system Zn has pq elements, while the complete
residue system Gη has δ(η) = p2q2 elements and the
complete residue system Zp[x]/<f(x)> has pspr elements.
Third, in Zn,, Euler phi function is
φ
(n) = (p 1)(q 1),
in Z[i] is
φ
(
η
) = (p2 1)(q2 1), and in Zp[x]/<f(x)> is
φ
(f(x)) = (ps 1)( pr 1) so that an attempt to find the
private key d from the public key (RSA problem) is
more complicated. Finally, we note that the
computations involved in the modified methods do not
require computational procedures that are different from
those used in the classical method.
5 REFERENCES
[1] Y. A. Awad, '' MSc Thesis '', Beirut Arab
University, 2002.
[2] J. T. Cross, ''The Euler's
φ
-function in the Gaussian
integers'', Amer. Math. Monthly vol. 90, pp. 518-528,
1983.
[3] A. N. El-Kassar, ''Doctorate Dissertation'',
University of Southwestern Louisiana, 1991.
[4] A. N. El-Kassar, Mohamed Rizk, N. M. Mirza, Y.
A. Awad, “El-Gamal public key cryptosystem in the
domain of Gaussian integers”, Int. J. Appl. Math., vol. 7
no. 4, pp. 405-412, 2001.
[5] A. N. El-Kassar, Ramzi A. Haraty, “ElGamal
Public-Key Cryptosystem Using Reducible Polynomials
Over a Finite Field”, IASSE 2004, pp. 189-194, 2004.
[6] A. R. Kenneth, ''Elementary number theory and its
applications'', AT&T Bell Laboratories in Murray Hill,
New Jersey, 1988.
[7] J. A. Gallian, ''Contemporary abstract algebra'', 4th
edition, Houghton Mifflin Company, Boston, 1998.
[8] Ramzi A. Haraty, Hadi Otrok, A. N. El-Kassar, “A
Comparative Study of ElGamal Based Cryptographic
Algorithms”, ICEIS vol. 3 , pp. 79-84, 2004.
[9] A. J. Menezes, P. C. Van Orshot, S. A. Vanstone,
''Handbook of Applied Cryptography'', CRC press,
1997.
[10] I. Niven, H. S. Zukerman, and H. L. Montegomery,
''An introduction to the theory of numbers'', 5th ed., John
Wiley, New York, 1991.
[11] R. Rivest, A. Shamir, L. Aldeman, ''A method for
obtaining digital signatures and public key
cryptosystems'', Communications of the ACM 21, 2, pp.
120-126, 1978.
... One can look at Gaussian integers as an extension of real integers into two dimensions. They exhibit similar properties as regular integers but have some notable differences, that could be exploited in various fields, such as cryptography [11,12,13,14]. One important difference is that they have a larger order for the same prime size, which provides the increased security. ...
... The time complexity of Algorithms 3.1 and 3.2 can be defined in terms of p. The most computationally expensive operations of the algorithm are (8), (13), and (14) inside the loop of Step 4 of Algorithm 3.1. Suppose that u is the time spent to multiply two integers of size p. ...
Article
Full-text available
This paper presents a pseudo-random pixel rearrangement algorithm to im-prove the security of most image watermarking techniques. Many published watermarking algorithms rely on methods of rearranging pixels. They often use chaotic maps as a part of the watermarking procedure. In this paper, we propose a new method of rearranging image pixels based on the properties of Gaussian integers. It results in a more random-looking image transformation that, in turn, significantly improves the security of the embedded watermark. The computation time is much better than the computation time of Arnold cat map chaotic transformation algorithm, used in methods previously pub-lished.
... Initially, an example dealing RSA algorithm was provided. Already there are some works regarding the Gaussian integer application on RSA algorithm [1,2,3]. Motivated by them, this work was built. ...
Article
Full-text available
Now-a-days, the exchange of sensitive information, such as credit card numbers, over the internet is common practice. Protecting data and electronic systems is crucial to our way of living. Cryptography deals with the study of communication over a channel may not be secure and problems related with them. One such well known algorithm is RSA algorithm. This paper displays the classical RSA algorithm and modifies the work in generation of keys. There will be two assignments for the alphabets. Here the only interest is on messages with two letters.
... By convention, a cryptosystem is called an RSA variant if its encryption and decryption are an exponent type. The RSA variants on the quotient rings of Euclidean rings, such as the Gaussian integer ring or rings of polynomials having coefficients on finite fields [2], and the RSA variants on finite groups such as elliptic curve groups [3], or groups of non-singular matrices whose elements are on the finite fields [4], are examples of the RSA variants. ...
Article
p> Based on the arithmetic of the endomorphisms ring End( , the paper constructs an exponent type encryption and decryption cryptosystem. Althought involving m ore operations in encryption and decryption p hases than that of original RSA one, the cryptosystem has some advantages in avoiding lattice and chosen plaintext attack s compared to original RSA cryptosystem. </p
... They form a subring of the imaginary quadratic field Q( 1 − ). In [4,2], public key cryptography (PKC) algorithms such as RSA and ElGamal are generalized to rings of Gaussian integers and the advantages of such generalizations of the PKC were also briefly discussed. The groups based on rational integers contain cycles of order O(p), whereas groups based on Gaussian integers modulo prime p contain cycles of order O(p 2 ). ...
Article
In this paper, a zero-knowledge identification protocol is proposed by extending from the rational of natural integers ℤ, to the ring of Gaussian integers ℤ[i]. Its security relies on the integer factorization problem and extraction of square roots of a Gaussian integer over ℤn. Properties, space complexity and time complexity of the proposed protocol are also discussed.
... Our protocol involves both DL cryptographic assumption and Gaussian field. The Gaussian method is recommended since the modified method provides an extension to the message space and the public exponent range [3]. The security of this protocol depends on the complexity of a DL [4]. ...
Article
Full-text available
Key agreement protocols are a fundamental building block for ensuring authenticated and private communications between two parties over an insecure network. In this paper we propose an efficient and secure authenticated key agreement protocol based on DLP (Discrete Logarithm Problem) and Gaussian number field. The main purpose of this paper is to use the Gaussian integers; the set of all complex numbers a ib + with , a b Z ∈ in the Gaussian integers, to design new key agreement protocol that can help the system to be more secure. We show that our protocol meets the security attributes and strong against most of potential attacks. Also it provides most of desirable performance attributes. Index Terms—DLP, Gaussian integers, key agreement.
Chapter
Here, first of all, the authors investigated power Fibonacci sequence modulo k and formulas for the periods of these sequences, based on the period of the Fibonacci sequence modulo k. And then, the authors described a new power sequence for positive integer modulus. They named these sequences power Pell sequences modulo k. After that the authors determined those positive integer moduli for which this sequence exists and the number of such sequences for a given modulo k. In addition, the authors provide formulas for the periods of these sequences, based on the period of the Pell sequence modulo k, and they studied sequence/subsequence relationships between power Pell sequences. Finally, the authors examined ElGamal cryptosystem which is one of the asymmetric cryptographic systems and ElGamal cryptosystem which is obtained by using some power sequences. And they obtained asymmetric cryptographic applications by using power Pell sequences which the authors described.
Article
The present paper is devoted to extension of a number well-known results on natural primes for prime elements in quadratic UFD. We obtain analogues of Miller's, Euler's, Lucas' and Pocklington's criterions of primality in quadratic UFD. There is proved that an analogue of the Miller-Rabin test can be realized in quadratic UFD and extended the Rabin result on probability of successful work of the Miller-Rabin test. We construct RSA-cryptosystem in quadratic domains and prove that there hold similar properties to RSA-cryptosystem on integers.
Article
A Gaussian prime is a Gaussian integer that cannot be expressed in the form of the product of other Gaussian integers. The concept of Gaussian integer was introduced by Gauss [4] who proved its unique factorization domain. In this paper, we propose a modified RSA variant using the domain of Gaussian integers providing more security as compared to the old one.
Conference Paper
Based on results of J.J.Climent, Pedro R. Navarro and Leandro Tortosa about Bergman ring, the paper constructs an exponent type encryption and decryption cryptosystem analogue of RSA. Althought involving many operations than original RSA in encryption and decryption processes, the cryptosystem has some advantages compare to known RSA variants.
Conference Paper
Full-text available
In 1985 a powerful and practical public-key scheme was produced by ElGamal; his work was applied using large prime integers, El-Kassar et al. and El-Kassar and Haraty modified the ElGamal public-key encryption scheme from the domain of natural integers, Z, to two principal ideal domains, namely the domain of Gaussian integers, Z[i], and the domain of the rings of polynomials over finite fields, F[x], by extending the arithmetic needed for the modifications to these domains. In this work we implement the classical and modified ElGamal cryptosystem to compare and to test their functionality, reliability and security. To test the security of the algorithms we use a famous attack algorithm called Baby-Step-Giant algorithm which works in the domain of natural integers. We enhance the Baby-Step-Giant algorithm to work with the modified ElGamal cryptosystems.
Book
Cryptography, in particular public-key cryptography, has emerged in the last 20 years as an important discipline that is not only the subject of an enormous amount of research, but provides the foundation for information security in many applications. Standards are emerging to meet the demands for cryptographic protection in most areas of data communications. Public-key cryptographic techniques are now in widespread use, especially in the financial services industry, in the public sector, and by individuals for their personal privacy, such as in electronic mail. This Handbook will serve as a valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography. It is a necessary and timely guide for professionals who practice the art of cryptography. The Handbook of Applied Cryptography provides a treatment that is multifunctional: It serves as an introduction to the more practical aspects of both conventional and public-key cryptography It is a valuable source of the latest techniques and algorithms for the serious practitioner It provides an integrated treatment of the field, while still presenting each major topic as a self-contained unit It provides a mathematical treatment to accompany practical discussions It contains enough abstraction to be a valuable reference for theoreticians while containing enough detail to actually allow implementation of the algorithms discussed Now in its third printing, this is the definitive cryptography reference that the novice as well as experienced developers, designers, researchers, engineers, computer scientists, and mathematicians alike will use.
Article
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intended recipient. Only he can decipher the message, since only he knows the corresponding decryption key. A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n , of two large secret prime numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d = 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n .
Handbook of Applied CryptographyAn introduction to the theory of numbers
  • A J Menezes
  • P C Van Orshot
  • S A Vanstone
A. J. Menezes, P. C. Van Orshot, S. A. Vanstone, ''Handbook of Applied Cryptography'', CRC press, 1997. [10] I. Niven, H. S. Zukerman, and H. L. Montegomery, ''An introduction to the theory of numbers'', 5 th ed., John Wiley, New York, 1991.