Cryptosystème de Rabin

The cryptosystème of Rabin is an asymmetrical cryptosystème based on the difficulty of the problem of the Factorization (like RSA). He was invented in 1979 by Michael Rabin: it is the asymmetrical first cryptosystème whose safety is reduced to the intractability of the factorization of an integer.

The cryptosystème of Rabin to the advantage of having a proof of difficulty as large as factorization of entireties, proof which does not exist yet for RSA. It on the other hand has a disadvantage due to a not-determinism: an exit produced by the function presents in the cryptosystème can be the result of four distinct entries. It is thus necessary to determine which entry is the good one by an additional mechanism.

Generation of keys

As for all the algorithms of asymmetrical cryptography, the cryptosystème of Rabin makes use of a public key and a private key . The public key is used for chiffer and is not secret, while the private key is secret and must be known only of its owner: the recipient of the message (so that it is the only one with being able to decipher).

Explicitly, the generation of keys is as follows.

• Choisisr two large prime numbers, p and Q , randomly. (To simplify calculations, one can choose them such as p ≡ Q ≡3 (MOD 4).)

• Posons N = p * Q , which makes N the public key. The prime numbers p and Q constitute the private key.

For chiffer, there are needs only for the public key, N . To decipher, the factors of N , p and Q , are necessary.

; Example

Here an example which, on the other hand, does not use enough large parameters to guarantee safety in the real-world. If $p\; =\; 7$ and $q\; =\; 11$, then $n=77$. It is obviously, a poor choice of key, since it is commonplace to factorize number 77.

Coding

For coding, only the public key, N , are used. One as follows produces the text quantified starting from the plaintext m .

That is to say $P\; =\; \backslash \; \{0,\dots ,\; n-1\; \backslash \}$ the space of the possible plaintexts (all the numbers) and let us pose $m\; \backslash \; in\; P$ as being the plaintext. The text quantified $c$ is determined as follows.

$c\; =\; m^2\; \backslash ,\; \backslash \; bmod\; \backslash ,\; n$.

In other words, C is the quadratic Résidu square of the plaintext, taken modulo N . In practice Chiffrement per block is generally used.

Example

In our preceding example, $P\; =\; \backslash \; \{0,\dots ,\; 76\; \backslash \}$ is the space of the possible plaintexts. Let us take $m\; =\; 20$ like plaintext. The text figure is then $c\; =\; m^2\; \backslash ,\; \backslash \; bmod\; \backslash ,\; N\; =\; 400\; \backslash ,\; \backslash \; bmod\; \backslash ,\; 77\; =\; 15$.

Note

The text quantified 15 is produced for four various values of m , that is to say $m\; \backslash \; in\; \backslash \; \{13,20,57,64\; \backslash \}$. This is also true for the majority of the quantified texts produced by the algorithm of Rabin. In other words, it is a function of “four-in-a”.

Deciphering

To decipher, the private key is necessary. The process is as follows.

The square roots

$m\_p\; =\; \backslash \; sqrt\; \{C\}\; \backslash ,\; \backslash \; bmod\; \backslash ,\; p$

and

$m\_q\; =\; \backslash \; sqrt\; \{C\}\; \backslash ,\; \backslash \; bmod\; \backslash ,\; q$

are calculated. The Algorithme of wide Euclide makes it possible to calculate $y\_p$ and $y\_q$, such as $y\_p\; \backslash \; cdot\; p\; +\; y\_q\; \backslash \; cdot\; Q\; =\; 1$.

One then calls upon the Théorème of the Chinese remainders to calculate the four square roots $+r$, $-r$, $+s$ and $-s$ of $c\; +\; N\; \backslash \; mathbb\; \{Z\}\; \backslash \; in\; \backslash \; mathbb\; \{Z\}/N\; \backslash \; mathbb\; \{Z\}$. ($\backslash \; mathbb\; \{Z\}/N\; \backslash \; mathbb\; \{Z\}$ is the whole of the class remainders modulo N ; the four square roots are as a whole $\backslash \; \{0,\dots ,\; n-1\; \backslash \}$):

$\backslash begin\{matrix\}$

R & = & (y_p \ cdot p \ cdot m_q + y_q \ cdot Q \ cdot m_p) \, \ bmod \, N \ \ - R & = & N - R \ \ S & = & (y_p \ cdot p \ cdot m_q - y_q \ cdot Q \ cdot m_p) \, \ bmod \, N \ \ - S & = & N - S \end{matrix}

Example

In the preceding example, one finds initially the modulo roots the prime numbers of the private key: $m\_p\; =\; 1$ and $m\_q\; =\; 9$.

The algorithm of wide Euclide gives then $y\_p\; =\; -3$ and $y\_q\; =\; 2$.

The theorem of the Chinese remainders gives the four possible square roots, $m\; \backslash \; in\; \backslash \; \{64,\; \backslash \; mathbf\; \{20\},\; 13,57\; \backslash \}$, of which m=20 , the original plaintext.

References

• Buchmann, Johannes. Einführung in die Kryptographie . Second Edition. Berlin: Springer, 2001. ISBN 3540412832

• Menezes, Alfred; van Oorschot, Paul C.; and Vanstone, Scott A. Handbook off Applied Cryptography . CRC Close, October 1996. ISBN 0849385237
• Rabin, Michael. Digitalized Signatures and Public-Key Functions ace Intractable ace Factorization (in pdf). MIT Laboratory for Computer Science, January 1979.
• Scott Lindhurst, Year analysis off Shank' S algorithm for computing public garden roots in finite fields. in R Gupta and K S Williams, Proc 5th Conf Edge NR Theo Assoc, 1999, flight 19 CRM Proc & Lec Notes, AMS, Aug 1999.
• R Kumanduri and C Romero, Number Theory W Applicatiosn Computer, Alg 9.2.9, Prentice Hall, 1997. With probablistic for public garden root off has quadratic resiue modulo a prime.

Random links:

Side (software) | Castle of Saissac | Interstate 395 (District of Columbia-Virginia) | Fantan Mojah | Extreme left in France | Sulawesi_central

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org