Content uploaded by Ramzi A. Haraty
Author content
All content in this area was uploaded by Ramzi A. Haraty on Apr 14, 2014
Content may be subject to copyright.
MODIFIED RSA IN THE DOMAINS OF GAUSSIAN INTEGERS AND
POLYNOMIALS OVER FINITE FIELDS
A. N. El-Kassar Ramzi Haraty Y. A. Awad
Department of Division of Computer Department of
Mathematics Science and Mathematics Mathematics
Beirut Arab Lebanese American Lebanese International
University University University
P. O. Box 11-5020 P.O.Box 13-5053 Chouran P. O. Box 5
Beirut, Lebanon Beirut, Lebanon 1102 2801 Lebanon, West Bekaa
E-mail: ak1@bau.edu.lb E-mail : rharaty@lau.edu.lb E-mail: yawad@liu.edu.lb
Abstract
The purpose of this paper is to extend the RSA
public-key encryption scheme from its classical domain
of natural integers Z, to two principal ideal domains,
namely the domain of Gaussian integers, Z[i], and the
domain of polynomials over finite fields, F[x]. The
arithmetic needed for the modifications to these
domains are described. The modified RSA algorithms
are given. Proofs for the new method are provided. The
computational procedures are described and illustrated
in numerical examples. The advantages of new scheme
over the classical are pointed out.
Keywords: RSA public-key cryptosystem, Gaussian
integers, polynomials over finite fields
1 Introduction
The RSA public-key cryptosystem scheme [11],
invented by Rivest, Shamir, and Adleman, is the most
popular and widely used public-key cryptosystem. Its
security is based on the intractability of both the integer
factorization problem and the RSA problem. The RSA
problem, see [9], is the problem of finding an integer m
such that me ≡ c (mod n), where n is a product of two
distinct large odd primes p and q, e is a positive random
integer such that gcd(e,(p−1)(q−1)) = 1, and c is any
integer. That is, the RSA problem is that of finding eth
roots of an integer c modulo a composite integer n.
The classical RSA cryptosystem is described in the
settings of the ring Zn, the ring of integers modulo a
composite integer n = pq, where p and q are two
distinct odd prime integers. Many aspects of arithmetic
over the domain of integers can be carried out to the
domain of Gaussian integers Z[i], the set of all complex
numbers of the form a + bi, where a and b are integers,
and to the domain of polynomials over finite fields F[x].
Recently, El-Kassar et al. [4] modified the ElGamal
public-key encryption schemes from its classical
settings of the domain of natural integers to the domain
of Gaussian integers by extending the arithmetic needed
for the modifications to the domains. A similar
extension to the domain F[x] was given by El-Kassar
and Haraty [5]. Haraty et al. [8] gave a comparative
study of the extended ElGamal cryptographic
algorithms.
In this paper, we present two extensions of the RSA
cryptosystem in the domain of Gaussian and the domain
of polynomials over finite fields by extending the
computational procedures behind the RSA public-key
cryptosystem using arithmetic modulo a Gaussian
integer and arithmetic modulo a polynomial. First, we
review the classical RSA public-key cryptosystem.
Then, we modify the computational methods in the
domain of Gaussian integers and the domain of
polynomials over finite field. Finally, we show how the
modified computational methods can be used to extend
the RSA algorithm to these domains. Also, we show
that the extended algorithms require a little additional
computational effort than the classical one and
accomplish much greater security.
2 Classical RSA Public-Key Cryptosystem
The RSA cryptosystem is described as follows:
entity A generates the public-key by first generating two
large random odd prime integers p and q, each roughly
of the same size. Then, entity A computes the modulus
n = pq and
φ
(n) = (p − 1)(q − 1), where
φ
is Euler’s phi-
function. Next, entity A selects the encryption exponent
e to be any random integer in the interval (1,
φ
(n)), and
which is relatively prime to
φ
(n). Using the extended
Euclidean algorithm for integers, entity A finds the
decryption exponent d, which is the unique inverse of e
in Zn. The public-key is the pair (n, e) and A’s private-
key is the triplet (p, q, d).
To encrypt a message, entity B first represents the
message as an integer m in Zn. Then, entity B obtains
A's public-key (n, e) and use it to compute the cipher
text c ≡ me (mod n) and sends c it to entity A. Now, to
decrypt c, entity A computes m ≡ cd (mod n) and
recovers the original message m.
Example1. In order to generate the public-key, entity A
selects the artificially small primes p = 883 and q = 709.
Then A computes the modulus n = 626047 and
φ
(n) =
624456. Next, A chooses encryption exponent e =
333853 and finds the decryption d = 97213 using the
extended Euclidean algorithm for integers. Therefore,
the public-key is (626047, 333853) and the private-key
is (883, 709, 97213). Now, to encrypt the 10-bit
message 1001110001, entity B represents the message
in decimal notation as m = 625 in Zn, B computes
c ≡ 625333853 (mod 626047) = 274608
and sends it to A. Finally, to decrypt c, A uses the
decryption algorithm to get the original message
m ≡ 27460897213 (mod 626047) = 625.
3 Arithmetic in Z[i]
The domain of Gaussian integers Z[i] is the subring
of the field of complex numbers consisting of all
elements of the form a + bi, where a and b are integers
and i = 1−. For a Gaussian integer γ = a + bi, let δ(γ)
= a2 + b2 be the norm of γ. We say that a nonzero
Gaussian integer β divides a Gaussian integer α if there
γ ∈ Z[i] such that α = γβ. If β divides α in Z[i] then
δ(β) divides δ(α) in Z. A Gaussian integer β is said to
be invertible, or a unit, if there is if there γ ∈ Z[i] such
that 1 = γβ; i.e., β divides 1. The units or invertible
elements of Z[i] are 1, −1, i, and −i. Two elements α
and β in Z[i] are called associates, denoted by α ~ β , if
one is a unit multiple of the other. For instance, the
associates of 1+2i are −1−2i, 2−i and −2+i.
A nonzero nonunit Gaussian integer β is called
prime provided that β divides γ or β divides α whenever
β divides αγ. It is well-known that β is a prime if and
only if β has no proper divisors, that is, the only
divisors of β are the units and the associates, see [6].
Also, if δ(γ) is prime in Z then γ must be a prime in
Z[i]. The Gaussian primes of Z[i], up to associates, see
[8] or [10], are of the form:
i) α = 1 + i;
ii) π = a + bi and π = a
−
bi, where ππ is an odd
prime integer q of the form 4k + 1;
iii) p, where p is an odd prime integer of the form
4k + 3.
Note that π and π in (ii) are not associates.
The domain of Gaussian integers is a factorization
domain in which every nonzero nonunit element can be
expressed as a product of primes. Moreover, this
decomposition is unique up to the order and associates
of the primes. For β ∈ Z[i], the ideal generated by β is
<β> = βZ[i] = {βγ | γ∈ Z[i] }. The coset of a Gaussian
integer α modulo <β>, denoted by α+<β> or [α], is the
set α +<β> = [α] = {α+ γ | γ∈<β>}. Two cosets
α+<β> and γ +<β> are equal if and only if α−γ∈<β>;
in this case both α and γ are representative of the same
coset. The quotient ring of Z[i] modulo <β>, denoted
by Z[i] /<β> or Gβ, is the set of all cosets of <β>. It is
well-known that Z[i] /<β> is a ring, see [7]. A complete
residue system modulo β, denoted by A(β), is any
complete set of distinct representatives from Z[i]/<β>.
Two Gaussian integers α and β, are congruent
modulo a nonzero Gaussian integer η, written as α≡β
(mod η), if α−β divides η. The relation ≡ modulo η is
an equivalence relation. The congruence classes are the
cosets of <β>. We identify Gβ with the complete
residue system modulo β so that Gβ is a ring under
addition and multiplication modulo β. For example,
when β = 1 + 2i, then
Z[i]/<1+2i> = {[0],[1],[2] ,[3],[4]} = G1+2i.
This ring is identified by G1+2i = {0, 1, 2, 3, 4}.
We define the function q(β) to be the order of the
quotient ring Z[i] /<β>. Now, q(βγ) = q(β)q(γ), see [2]
or [3]. J.T. Cross [2] gave a full description for
complete residue systems modulo prime powers of
Gaussian integers. In particular, when p is a Gaussian
prime of the form 4k+3,
Gp = { a+bi | 0 ≤ a ≤ p−1, 0 ≤ b ≤ p−1},
and when π is a factor the odd prime q = ππ with q of
the form 4k+1,
Gπ = { a | 0 ≤ a ≤ q−1}.
For any two nonzero elements γ and β of Z[i], a
complete set of residue system modulo γβ, see [3], is
the set
A(γβ) = {s + r γ : s ∈ A(γ), r ∈ A(β)}.
A greatest common divisor of two Gaussian integers
α and β is a divisor γ = a + bi of both elements α and β
and any other common divisor divides γ. Any two
greatest common divisors α and β are associates so α
and β have four greatest common divisors. The greatest
common divisor α and β, denoted by gcd(α, β), is the
greatest common divisor γ = a + bi with a, b ≥ 0. The
gcd(α, β) can be written as
gcd(α, β) = α γ + β λ,
where the unique coefficients γ and λ can be obtained
by the extend Euclidean algorithm for Gaussian
integers.
For a Gaussian integer β, let *
β
G be those elements
of Gβ that are relatively prime to β; i.e.,
*
β
G= {α∈ Gβ | gcd(α,β) = 1}.
The set *
β
G is called a reduced residue system modulo
β and is the group of units of Gβ. When β is a Gaussian
prime, Gβ is a field and *
β
G is the set of nonzero
elements in Gβ. The number of elements in any reduced
residue system *
β
G, denoted by φ(β), is Euler’s phi
function in Z[i], see [2] or [3]. The φ function is a
multiplicative function; i.e., φ(αβ) = φ(α)φ(β). Also, for
a prime power Gaussian integer, the value of the φ
function is
φ(αn) = 2n − 2n
−
1,
φ(πn) = qn−1(q − 1),
or φ(pn) = p2n−2(p2 − 1).
Thus, the value of φ for any Gaussian integer β can be
obtained from the prime power decomposition of β.
4 Modified RSA In Z[i]
In the domain of Gaussian integers the RSA public-
key scheme is described as follows. Entity A generates
the public-key by first generating two large random
Gaussian primes β and γ and computes η = βγ. If β = π1
and γ = π2, then the complete residue system modulo η
has an order equal q1q2 =
(
)
(
)
2211 ππππ , see [3]. This
choice yields a message space having an order same as
that of the classical case; i.e,
2121 qq
GG Z== ππβγ = q1q2.
Moreover, the order *
βγ
Gis
*
βγ
G=
φ
(η) =
φ
(β)
φ
(γ)
= (q1−1)(q2−1) = *
21qq
Z.
Hence, the length of interval for the exponent e is
(β−1)(γ−1).
If β = π1 = a+bi and γ is an odd prime of the form
4k+3, then the factorization problem of the composite
Gaussian integer η = βγ = aγ+bγi is easy to solve. This
choice is excluded.
If β and γ are both of the form 4k + 3, then the
complete residue system modulo η = βγ is of the form
Gη = {r+s β | r∈Gβ and s∈Gγ}.
It can be shown that this set is precisely
Gη = {a+bi | 0 ≤ a ≤ βγ −1, 0 ≤ b ≤ βγ −1}.
Note that the order of Gη is β2γ2 and that of *
η
G is
φ
(η)
=
φ
(β)
φ
(γ) = (β2−1)(γ2−1). In this case, the message
space is enlarged so that its order is the square of that of
the classical case; that is, 2
βγβγ =ZG. Moreover, the
length of interval for the exponent e is enlarged from
(β−1)(γ−1) to (β2−1)(γ2−1).
Now, entity A selects a random integer e and
determines its unique inverse d ∈ Gη, where gcd(e,
φ
(η))
= 1 and 1 < e, d <
φ
(η). This is done by applying the
extended Euclidean algorithm and writing gcd(e,
φ
(η))
= 1 as ex +
φ
(η)y so that d ≡ x(mod
φ
(η)). The public-
key is (η, e) and the private-key is (β, γ, d).
To encrypt the message m chosen from Gη, entity B
first uses the public-key to compute the cipher text c ≡
me (mod η) and sends it to A.
To decrypt the sent cipher text c, entity A uses the
private-key d to recover the original message by m ≡ cd
(mod η). In the following theorem, we prove that the
decryption scheme actually works.
Theorem 1. Let η be a Gaussian integer and let m, a
ŒGη. Suppose that e is an integer, 1< e <
φ
(η), gcd(e,
φ
(η))=1, and d is the inverse of e modulo
φ
(η). If c ≡ me
(mod η) and a ≡ cd (mod η), then a = m.
Proof: Let η be a Gaussian integer and let m ŒGη.
Suppose that e is an integer with gcd(e,
φ
(η)) = 1 and
1 < e <
φ
(η). Let d be the inverse of e modulo
φ
(η) so
that
ed ≡ 1 (mod
φ
(η)),
and 1 < d <
φ
(η). Since ed ≡ 1 (mod
φ
(η)) in Gη, there
exists an integer k so that ed = 1 + k
φ
(η). Suppose that
c ≡ me (mod η)
and
a ≡ cd (mod η).
Now, we have two cases to discuss.
Case 1: Suppose that gcd(m, η) = 1. Then m∈*
η
G and
by applying Lagrange theorem for finite groups or by
using an extension to Euler's theorem to the domain of
Gaussian integers, see [1], we have
m
φ
(η) ≡ 1 (mod η).
Then,
a ≡ cd ≡ (me)d
≡ m1+k
φ
( η )
≡ m.(m
φ
(β))k ≡ m (mod η).
Hence, a ≡ m (mod η). Since both a and m belong to the
same complete residue system modulo η and a ≡ m
(mod η), we conclude that a = m.
Case 2: Suppose that gcd(m, η) ≠ 1, then gcd(m, η) = β,
gcd(m, η) = γ, or gcd(m, η) = η. If gcd(m, η) = η, then m
≡ 0 (mod η) so that c = a = m = 0.
Suppose that gcd(m, η) = β. Then, m ≡ 0 (mod β).
Any power of m keeps the congruence true. Thus,
m1+kφ(β) ≡ 0 ≡ m (mod β).
Now, gcd(m, η) = β implies that gcd(m, γ) = 1 and
m
φ
(γ ) ≡ 1 (mod γ)
so that
m1+kφ(η) ≡ m1+k
φ
(γ )φ( β)
≡ m.(mφ( β)) k
φ
(γ )
≡ m (mod γ).
Since ed = 1 + k
φ
(η), we have that
d
eed mmm )(≡≡ (mod β),
and
deed mmm )(≡≡ (mod γ).
Hence,
cd ≡ m (mod β),
and
cd ≡ m (mod γ).
Since both β and γ are two distinct Gaussian primes
with (β, γ) = 1, then we have that
cd ≡ m (mod η).
Finally, since both a and m belong to the same complete
residue system modulo the Gaussian integer η, we
conclude that a = m.
The case when gcd(m, η) = η is similar to that of
gcd(m, η) = β. ■
In the following we provide the algorithms for the
RSA crytosystem in Z[i].
Algorithm 1: (RSA Gaussian public-key generation).
1. Generate two distinct large random Gaussian
primes β and γ.
2. Compute η and
φ
(η).
3. Select an integer e in the interval [2,
φ
(η)−1].
4. Use the extended Euclidean algorithm to determine
its inverse d modulo
φ
(η).
5. The public-key is (η, e) and the private-key is
(β,γ,d).
Algorithm 2: (RSA Gaussian public-key encryption)}
1. Obtain the authentic public-key.
2. Represent the message as an integer m in Gη.
3. Compute c ≡ me (mod η) and send it to A.
Algorithm 3: (RSA Gaussian public-key decryption)}
1. Use the private-key d to recover m ≡ cd (mod η).
Example 2. Let β = 27743 and γ = 23291 be two
Gaussian primes of the form 4k + 3. Compute the
product
η = βγ = 646162213
and
φ
(η) = 417525604196912640.
Note that, had we used the classical RSA, n =
646162213 and
φ
(n) = 646111180. Now, Entity A
chooses the integer
e = 16471875800465191,
and uses the extended Euclidean algorithm for integers
to find
d = 200851669617899671
such that ed = 1 in Gη. Hence, A’s public-key is the pair
(646162213, 16471875800465191), and A’s s private-
key is the triplet (27743,23291, 200851669617899671).
Suppose that entity B wants to encrypt the message
1001110001. This representation can be regarded as a
base 1+i representation the Gaussian integer. This
message can be converted to m = 9 + 4 i. Entity B
computes the Gaussian integer me in Gη to get
me = (9 + 4 i) 16471875800465191
≡ 636415678 + 168717186 i (mod η).
Hence, Entity B sends the ciphertext
c = 495038485 + 372009420 i
in Gη entity A.
To decrypt the cipher text c, entity A computes
cd = (495038485 + 372009420 i) d
≡ 4 + 9 i (mod η)
and gets the original message m.
5 RSA Polynomials Cryptosystem
Given a prime number p and a polynomial f(x) of
degree n in the finite field Zp[x] as a product of two
distinct irreducible polynomials in Zp[x], that is f(x) =
h(x)g(x), where h(x) is of degree s and g(x) is of degree
r. The quotient ring of Zp[x] modulo the ideal generated
by f(x), denoted by Zp[x]/< f(x)>, consists of congruence
classes of polynomials of degree less than that of f(x).
The ring Zp[x]/< f(x)> is finite of order pⁿ isomorphic to
the direct sum of Zp[x]/<h(x)> and Zp[x]/<g(x)>; that is,
Zp[x]/< f(x)> ≅ Zp[x]/<h(x)> ⊕ Zp[x]/<g(x)>.
Hence, the group unit U(Zp[x]/< f(x)>) is isomorphic to
the direct product of U(Zp[x]/<h(x)>) and
U(Zp[x]/<g(x)>); that is,
U(Zp[x]/< f(x)>) ≅U(Zp[x]/<h(x)>) ×U(Zp[x]/<g(x)>).
Since h(x) and g(x) are irreducible, the quotient rings
Zp[x]/(<h(x)>) and Zp[x]/<g(x)> are finite fields of
order ps and pr , respectively. Also, the groups of units
U(Zp[x]/<h(x)>) and U(Zp[x]/<g(x)>) are cyclic and of
order φ(h(x)) = ps −1 and
φ
(g(x)) = pr−1, respectively.
Now, given a positive integer e such that (e, φ(f(x)))
= 1 and a polynomial m(x), find a polynomial c(x) such
that c(x) ≡ m(x)e(mod f(x)) in Zp[x]. The polynomials
h(x) and g(x) should be selected so that factoring f(x) =
h(x)g(x) is computationally infeasible.
In the following we present three algorithms for the
RSA public-key encryption scheme over polynomials.
To create an RSA public-key and a corresponding
private-key, Entity A should do the following:
Algorithm 4: (RSA polynomials key generation).
1. Generate a random odd prime integer p.
2. Generate two irreducible polynomial h(x) and g(x)
in Zp[x].
3. Reduce the polynomial f(x) = h(x)g(x) in Zp[x].
4. Compute φ(f(x)) = (ps − 1)( p
r − 1) the order of
U(Zp[x]/<f(x)>).
5. Select an integer e in the interval [2,
φ
(f(x))−1]
such that (e,
φ
(f(x))) = 1.
6. Use the extended Euclidean algorithm to determine
its inverse d modulo
φ
(f(x)).
7. A's public-key is (p, f(x), e), A's private-key is
(p, d, g(x), h(x)).
The following algorithm shows how entity B encrypts a
message m(x) for A. Entity B should do the following:
Algorithm 5: (RSA polynomials encryption)
1. Receive A's authentic public-key (p, f(x), e).
2. Represent the message as a polynomial m(x) in the
complete residue system modulo f(x) in Zp[x].
3. Compute the polynomial c(x) ≡ m(x)e (mod f(x)) in
Zp[x].
4. Send the ciphertext c(x) to A.
The following algorithm shows how entity A decrypts
the sent ciphertext c(x) and recovers the real message
m(x). Entity A should do the following:
Algorithm 5: (RSA polynomials decryption)
1. Receive the ciphertext c(x) from B.
2. Use the private-key d to recover m(x) by reducing
c(x)d (mod f(x)) in Zp[x].
Let a(x) be a polynomial in the complete residue system
modulo f(x) in Zp[x]. If a(x) ≡ c(x)d(mod f(x)), then a(x)
= m(x).
In the following theorem, we prove that the decryption
scheme actually works.
Theorem 2. Let a(x) be a polynomial in the complete
residue system modulo f(x) in Zp[x]. If a(x) ≡ c(x)d (mod
f(x)), then a(x) = m(x).
Proof: Let a(x) be a polynomial in the complete residue
system modulo f(x) in Zp[x] such that a(x) ≡ c(x)d (mod
f(x)). Since e.d ≡ 1(mod
φ
(f(x))), then there exists an
integer k such that e.d = 1+k
φ
(f(x). Suppose that
gcd(m(x), f(x)) = 1. Then
a(x) ≡ c(x) d (mod f(x))
≡ (m(x)e)d (mod f(x))
≡ m(x)ed (mod f(x))
≡ m(x)1+k
φ
(f(x)) (mod f(x))
≡ m(x).m(x)k
φ
(f(x)) (mod f(x))
Since gcd(m(x), f(x)) = 1, Euler's theorem gives that
m(x)
φ
(f(x)) ≡ 1 (mod f(x))
and
a(x) ≡ m(x)(mod f(x)).
Now suppose that gcd(m(x), f(x)) ≠ 1. Then, either
gcd(m(x), f(x)) = f(x), gcd(m(x), f(x)) = g(x) or gcd(m(x),
f(x)) = h(x). If gcd(m(x), f(x)) = f(x), then
m(x) ≡ 0 ≡ m(x)ed (mod f(x))
≡ c(x)d ≡ a(x) (mod f(x)).
If gcd(m(x), f(x)) = g(x), then g(x) divides m(x) and
m(x) ≡ 0 ≡ m(x)ed (mod g(x))
≡ c(x)d ≡ a(x) (mod g(x)).
Since gcd(m(x), f(x)) = g(x) and gcd(m(x), f(x)) ≠ f(x),
we have gcd(m(x), h(x)) = 1. Now
e.d = 1+k
φ
(f(x)) = 1+k(ps − 1)( pr − 1)
= 1+k’ ( pr − 1) = 1+k’
φ
(h(x)).
Hence,
a(x) ≡ c(x) d (mod h(x))
≡ m(x)ed (mod h(x))
≡ m(x)1+k’
φ
(h(x)) (mod h(x))
≡ m(x).m(x)k’
φ
(h(x)) (mod h(x))
Since gcd(m(x), h(x)) = 1, Euler's theorem gives that
m(x)
φ
(h(x)) ≡ 1 (mod h(x))
and
a(x) ≡ m(x)(mod h(x)).
Since h(x) and g(x) are two distinct irreducible
polynomials belonging to the ring Zp[x], which is a
principle ideal domain, it follows that h(x) and g(x) are
prime polynomials. Therefore,
a(x) ≡ m(x)(mod g(x)) and a(x) ≡ m(x)(mod h(x))
implies that a(x) ≡ m(x)(mod f(x)). A similar argument
shows that a(x) ≡ m(x)(mod f(x)) when gcd(m(x), f(x)) =
g(x). Hence, the last congruence is always true. Finally,
since m(x) and a(x) belong to the same complete residue
system modulo f(x) in Zp[x], we have that a(x) = m(x). ■
Next we present an example illustrating the RSA
scheme over polynomials.
Example 3. (RSA polynomials encryption with small
parameters)
Let p = 101. Entity A chooses the two irreducible
polynomials h(x) = 18x² + 71x + 88 and g(x) = 28x³ +
83x² + 3x + 95 in Z101[x]. Reducing the polynomial f(x)
= h(x)g(x) in Z101[x], we get f(x) = 100x⁵+ 48x⁴+28x³+
36x² + 40x + 78. Compute
φ
(f(x)) = (101³ −1)(101² −1)
= 10509060000. Then, entity A chooses the integer e =
2580882461 such that (e ,
φ
(f(x))) = 1 and 1 < e <
φ
(f(x)). Using the extended Euclidean algorithm for
integers to find d = 4894193141 such that ed ≡ 1(mod
φ
(f(x))) in Z101[x]. Hence, A's public-key is
(p = 101, f(x) = 100x⁵+ 48x⁴+ 28x³ + 36x² + 40x + 78,
e = 2580882461)
and A's private-key is
(p = 101, d = 4894193141, g(x) = 28x³ + 83x² + 3x + 95,
h(x) = 18x² + 71x + 88).
To encrypt the message m(x) = 1 + x + 3x², entity B
reduces the polynomial
c(x) = m(x)e = (1 + x + 3x²)2580882461
≡ 8x⁴+ 98x³ + 39x² + 90x +40 (mod f(x))
in Z101[x] and sends it to entity A.
To decrypt the ciphertext c(x) = 8x⁴+ 98x³ + 39x² +
90x + 40, A reduces
a(x) = c(x)d = (8x⁴ + 98x³ +39x² + 90x + 40)4894193141
≡ 1 + x + 3x² (mod f(x))
in Z101[x] to recover the original message m(x).
5 Conclusion
Arithmetic needed for the RSA cryptosystem in the
domains of Gaussian integers and polynomials over
finite fields were modified and computational
procedures were described. There are advantages for the
new schemes over the classical one. First, generating
the odd prime numbers in both the classical and the
modified methods requires the same amount of efforts.
Second, the modified method provides an extension to
the range of chosen messages and the trials will be more
complicated. This is due to the fact that the complete
residue system Zn has pq elements, while the complete
residue system Gη has δ(η) = p2q2 elements and the
complete residue system Zp[x]/<f(x)> has pspr elements.
Third, in Zn,, Euler phi function is
φ
(n) = (p − 1)(q − 1),
in Z[i] is
φ
(
η
) = (p2 − 1)(q2 − 1), and in Zp[x]/<f(x)> is
φ
(f(x)) = (ps − 1)( pr − 1) so that an attempt to find the
private key d from the public key (RSA problem) is
more complicated. Finally, we note that the
computations involved in the modified methods do not
require computational procedures that are different from
those used in the classical method.
5 REFERENCES
[1] Y. A. Awad, '' MSc Thesis '', Beirut Arab
University, 2002.
[2] J. T. Cross, ''The Euler's
φ
-function in the Gaussian
integers'', Amer. Math. Monthly vol. 90, pp. 518-528,
1983.
[3] A. N. El-Kassar, ''Doctorate Dissertation'',
University of Southwestern Louisiana, 1991.
[4] A. N. El-Kassar, Mohamed Rizk, N. M. Mirza, Y.
A. Awad, “El-Gamal public key cryptosystem in the
domain of Gaussian integers”, Int. J. Appl. Math., vol. 7
no. 4, pp. 405-412, 2001.
[5] A. N. El-Kassar, Ramzi A. Haraty, “ElGamal
Public-Key Cryptosystem Using Reducible Polynomials
Over a Finite Field”, IASSE 2004, pp. 189-194, 2004.
[6] A. R. Kenneth, ''Elementary number theory and its
applications'', AT&T Bell Laboratories in Murray Hill,
New Jersey, 1988.
[7] J. A. Gallian, ''Contemporary abstract algebra'', 4th
edition, Houghton Mifflin Company, Boston, 1998.
[8] Ramzi A. Haraty, Hadi Otrok, A. N. El-Kassar, “A
Comparative Study of ElGamal Based Cryptographic
Algorithms”, ICEIS vol. 3 , pp. 79-84, 2004.
[9] A. J. Menezes, P. C. Van Orshot, S. A. Vanstone,
''Handbook of Applied Cryptography'', CRC press,
1997.
[10] I. Niven, H. S. Zukerman, and H. L. Montegomery,
''An introduction to the theory of numbers'', 5th ed., John
Wiley, New York, 1991.
[11] R. Rivest, A. Shamir, L. Aldeman, ''A method for
obtaining digital signatures and public key
cryptosystems'', Communications of the ACM 21, 2, pp.
120-126, 1978.