Discrete Mathematics with Applications MATH236 Dr. Hung P. - - PowerPoint PPT Presentation

Discrete Mathematics with Applications MATH236

• Dr. Hung P. Tong-Viet

School of Mathematics, Statistics and Computer Science University of KwaZulu-Natal Pietermaritzburg Campus

Semester 1, 2013

Tong-Viet (UKZN) MATH236 Semester 1, 2013 1 / 22

Table of contents

1

Digital signatures with RSA

2

The mathematics of RSA

3

The El Gamal public-key cryptosystem

Tong-Viet (UKZN) MATH236 Semester 1, 2013 2 / 22

Representing the alphabet with numbers

Table: An alphabet with spaces

letter number letter number letter number letter number space 00 g 07 n 14 u 21 a 01 h 08

• 15

v 22 b 02 i 09 p 16 w 23 c 03 j 10 q 17 x 24 d 04 k 11 r 18 y 25 e 05 l 12 s 19 z 26 f 06 m 13 t 20

Tong-Viet (UKZN) MATH236 Semester 1, 2013 3 / 22

Digital signatures with RSA

Digital Signature

A digital signature is analogous to a handwritten signature: It’s a way of signing a message so that someone reading the message will know with certainty that the message was created by the signer

Tong-Viet (UKZN) MATH236 Semester 1, 2013 4 / 22

Digital signatures with RSA

Digital Signature

A digital signature is analogous to a handwritten signature: It’s a way of signing a message so that someone reading the message will know with certainty that the message was created by the signer RSA can be used to create digital signatures

Tong-Viet (UKZN) MATH236 Semester 1, 2013 4 / 22

Digital signatures with RSA

Digital Signature

A digital signature is analogous to a handwritten signature: It’s a way of signing a message so that someone reading the message will know with certainty that the message was created by the signer RSA can be used to create digital signatures We introduce some new terminology

Tong-Viet (UKZN) MATH236 Semester 1, 2013 4 / 22

Digital signatures with RSA

Digital Signature

A digital signature is analogous to a handwritten signature: It’s a way of signing a message so that someone reading the message will know with certainty that the message was created by the signer RSA can be used to create digital signatures We introduce some new terminology Concatenate means to place end to end

Tong-Viet (UKZN) MATH236 Semester 1, 2013 4 / 22

Digital signatures with RSA

Digital Signature

A digital signature is analogous to a handwritten signature: It’s a way of signing a message so that someone reading the message will know with certainty that the message was created by the signer RSA can be used to create digital signatures We introduce some new terminology Concatenate means to place end to end If we concatenate message A with message B, we denote the result by A||B

Tong-Viet (UKZN) MATH236 Semester 1, 2013 4 / 22

Digital signatures with RSA

Digital Signature

A digital signature is analogous to a handwritten signature: It’s a way of signing a message so that someone reading the message will know with certainty that the message was created by the signer RSA can be used to create digital signatures We introduce some new terminology Concatenate means to place end to end If we concatenate message A with message B, we denote the result by A||B For example, if A = ‘big′ and B = ‘cat′, then A||B =‘bigcat’ and B||A =‘cat big’

Tong-Viet (UKZN) MATH236 Semester 1, 2013 4 / 22

Digital signatures with RSA

Digital Signature

A digital signature is analogous to a handwritten signature: It’s a way of signing a message so that someone reading the message will know with certainty that the message was created by the signer RSA can be used to create digital signatures We introduce some new terminology Concatenate means to place end to end If we concatenate message A with message B, we denote the result by A||B For example, if A = ‘big′ and B = ‘cat′, then A||B =‘bigcat’ and B||A =‘cat big’

Tong-Viet (UKZN) MATH236 Semester 1, 2013 4 / 22

Digital signatures with RSA

Digital signature

Suppose Alice wants to send Bob a message M in such a way that he is certain that she is the one who sent it. She uses an RSA key pair pub(Alice)=(n,e) and pri(Alice)=d.

Tong-Viet (UKZN) MATH236 Semester 1, 2013 5 / 22

Digital signatures with RSA

Digital signature

Suppose Alice wants to send Bob a message M in such a way that he is certain that she is the one who sent it. She uses an RSA key pair pub(Alice)=(n,e) and pri(Alice)=d.

1 She begins by representing the message M as an integer in the

interval [0, n − 1]

Tong-Viet (UKZN) MATH236 Semester 1, 2013 5 / 22

Digital signatures with RSA

Digital signature

Suppose Alice wants to send Bob a message M in such a way that he is certain that she is the one who sent it. She uses an RSA key pair pub(Alice)=(n,e) and pri(Alice)=d.

1 She begins by representing the message M as an integer in the

interval [0, n − 1]

2 Using her private key, she computes the message signature

Mpri(Alice) = Md mod n, i.e., she encrypts the message M with her private key

Tong-Viet (UKZN) MATH236 Semester 1, 2013 5 / 22

Digital signatures with RSA

Digital signature

Suppose Alice wants to send Bob a message M in such a way that he is certain that she is the one who sent it. She uses an RSA key pair pub(Alice)=(n,e) and pri(Alice)=d.

1 She begins by representing the message M as an integer in the

interval [0, n − 1]

2 Using her private key, she computes the message signature

Mpri(Alice) = Md mod n, i.e., she encrypts the message M with her private key

3 Alice concatenates M with Mpri(Alice) to produce M||Mpri(Alice) Tong-Viet (UKZN) MATH236 Semester 1, 2013 5 / 22

Digital signatures with RSA

Digital signature

Suppose Alice wants to send Bob a message M in such a way that he is certain that she is the one who sent it. She uses an RSA key pair pub(Alice)=(n,e) and pri(Alice)=d.

1 She begins by representing the message M as an integer in the

interval [0, n − 1]

2 Using her private key, she computes the message signature

Mpri(Alice) = Md mod n, i.e., she encrypts the message M with her private key

3 Alice concatenates M with Mpri(Alice) to produce M||Mpri(Alice) 4 Assuming that the message M is confidential, she encrypted

M||Mpri(Alice) with Bob’s public key, pub(Bob); she then sends (M||Mpri(Alice))pub(Bob) to Bob

Tong-Viet (UKZN) MATH236 Semester 1, 2013 5 / 22

Digital signatures with RSA

Digital signature

Suppose Alice wants to send Bob a message M in such a way that he is certain that she is the one who sent it. She uses an RSA key pair pub(Alice)=(n,e) and pri(Alice)=d.

1 She begins by representing the message M as an integer in the

interval [0, n − 1]

2 Using her private key, she computes the message signature

Mpri(Alice) = Md mod n, i.e., she encrypts the message M with her private key

3 Alice concatenates M with Mpri(Alice) to produce M||Mpri(Alice) 4 Assuming that the message M is confidential, she encrypted

M||Mpri(Alice) with Bob’s public key, pub(Bob); she then sends (M||Mpri(Alice))pub(Bob) to Bob

Tong-Viet (UKZN) MATH236 Semester 1, 2013 5 / 22

Digital signatures with RSA

Digital Signature

From Bob’s perspective:

1 Bob receives a message (M||M′)pub(Bob) from someone claiming to be

• Alice. He begins by using his private key pri(Bob) to remove the
• uter layer of encryption, recovering M||M′, which he separates into

M and M′.

Tong-Viet (UKZN) MATH236 Semester 1, 2013 6 / 22

Digital signatures with RSA

Digital Signature

From Bob’s perspective:

1 Bob receives a message (M||M′)pub(Bob) from someone claiming to be

• Alice. He begins by using his private key pri(Bob) to remove the
• uter layer of encryption, recovering M||M′, which he separates into

M and M′.

2 Bob now encrypts M′ with Alice’s public key, pub(Alice), i.e., he finds

M′

pub(Alice) = (M′)e mod n and compare it with M, the first half of

the concatenated message he received.

Tong-Viet (UKZN) MATH236 Semester 1, 2013 6 / 22

Digital signatures with RSA

Digital Signature

From Bob’s perspective:

1 Bob receives a message (M||M′)pub(Bob) from someone claiming to be

• Alice. He begins by using his private key pri(Bob) to remove the
• uter layer of encryption, recovering M||M′, which he separates into

M and M′.

2 Bob now encrypts M′ with Alice’s public key, pub(Alice), i.e., he finds

M′

pub(Alice) = (M′)e mod n and compare it with M, the first half of

the concatenated message he received. There are two possibilities:

Tong-Viet (UKZN) MATH236 Semester 1, 2013 6 / 22

Digital signatures with RSA

Digital Signature

From Bob’s perspective:

1 Bob receives a message (M||M′)pub(Bob) from someone claiming to be

• Alice. He begins by using his private key pri(Bob) to remove the
• uter layer of encryption, recovering M||M′, which he separates into

M and M′.

2 Bob now encrypts M′ with Alice’s public key, pub(Alice), i.e., he finds

M′

pub(Alice) = (M′)e mod n and compare it with M, the first half of

the concatenated message he received. There are two possibilities:

M′

pub(Alice) = M. Then Bob knows that M′ was encrypted with Alice’s

private key. This proves that the message M is from Alice

Tong-Viet (UKZN) MATH236 Semester 1, 2013 6 / 22

Digital signatures with RSA

Digital Signature

From Bob’s perspective:

1 Bob receives a message (M||M′)pub(Bob) from someone claiming to be

• Alice. He begins by using his private key pri(Bob) to remove the
• uter layer of encryption, recovering M||M′, which he separates into

M and M′.

2 Bob now encrypts M′ with Alice’s public key, pub(Alice), i.e., he finds

M′

pub(Alice) = (M′)e mod n and compare it with M, the first half of

the concatenated message he received. There are two possibilities:

M′

pub(Alice) = M. Then Bob knows that M′ was encrypted with Alice’s

private key. This proves that the message M is from Alice M′

pub(Alice) = M. Therefore, either M′ was not encrypted with Alice’s

private key,

Tong-Viet (UKZN) MATH236 Semester 1, 2013 6 / 22

Digital signatures with RSA

Digital Signature

From Bob’s perspective:

1 Bob receives a message (M||M′)pub(Bob) from someone claiming to be

• Alice. He begins by using his private key pri(Bob) to remove the
• uter layer of encryption, recovering M||M′, which he separates into

M and M′.

2 Bob now encrypts M′ with Alice’s public key, pub(Alice), i.e., he finds

M′

pub(Alice) = (M′)e mod n and compare it with M, the first half of

the concatenated message he received. There are two possibilities:

M′

pub(Alice) = M. Then Bob knows that M′ was encrypted with Alice’s

private key. This proves that the message M is from Alice M′

pub(Alice) = M. Therefore, either M′ was not encrypted with Alice’s

private key, or some malicious third party altered the text M after Alice added her signature; in either case,

Tong-Viet (UKZN) MATH236 Semester 1, 2013 6 / 22

Digital signatures with RSA

Digital Signature

From Bob’s perspective:

1 Bob receives a message (M||M′)pub(Bob) from someone claiming to be

• Alice. He begins by using his private key pri(Bob) to remove the
• uter layer of encryption, recovering M||M′, which he separates into

M and M′.

2 Bob now encrypts M′ with Alice’s public key, pub(Alice), i.e., he finds

M′

pub(Alice) = (M′)e mod n and compare it with M, the first half of

the concatenated message he received. There are two possibilities:

M′

pub(Alice) = M. Then Bob knows that M′ was encrypted with Alice’s

private key. This proves that the message M is from Alice M′

pub(Alice) = M. Therefore, either M′ was not encrypted with Alice’s

private key, or some malicious third party altered the text M after Alice added her signature; in either case, Bob knows that the message was not authorised by Alice.

Tong-Viet (UKZN) MATH236 Semester 1, 2013 6 / 22

Digital signatures with RSA

Digital Signature

From Bob’s perspective:

1 Bob receives a message (M||M′)pub(Bob) from someone claiming to be

• Alice. He begins by using his private key pri(Bob) to remove the
• uter layer of encryption, recovering M||M′, which he separates into

M and M′.

2 Bob now encrypts M′ with Alice’s public key, pub(Alice), i.e., he finds

M′

pub(Alice) = (M′)e mod n and compare it with M, the first half of

the concatenated message he received. There are two possibilities:

M′

pub(Alice) = M. Then Bob knows that M′ was encrypted with Alice’s

private key. This proves that the message M is from Alice M′

pub(Alice) = M. Therefore, either M′ was not encrypted with Alice’s

private key, or some malicious third party altered the text M after Alice added her signature; in either case, Bob knows that the message was not authorised by Alice.

Tong-Viet (UKZN) MATH236 Semester 1, 2013 6 / 22

Digital signatures with RSA

Examples

Suppose that Alice wishes to send the signed and encrypted message ‘go’ to Bob and that pub(Alice)=(2773,17) and pri(Alice)=157 and

Tong-Viet (UKZN) MATH236 Semester 1, 2013 7 / 22

Digital signatures with RSA

Examples

Suppose that Alice wishes to send the signed and encrypted message ‘go’ to Bob and that pub(Alice)=(2773,17) and pri(Alice)=157 and pub(Bob)=(3233,19) and pri(Bob)=2299

Tong-Viet (UKZN) MATH236 Semester 1, 2013 7 / 22

Digital signatures with RSA

Examples

Suppose that Alice wishes to send the signed and encrypted message ‘go’ to Bob and that pub(Alice)=(2773,17) and pri(Alice)=157 and pub(Bob)=(3233,19) and pri(Bob)=2299 Alice encodes the message as M = 0715

Tong-Viet (UKZN) MATH236 Semester 1, 2013 7 / 22

Digital signatures with RSA

Examples

Suppose that Alice wishes to send the signed and encrypted message ‘go’ to Bob and that pub(Alice)=(2773,17) and pri(Alice)=157 and pub(Bob)=(3233,19) and pri(Bob)=2299 Alice encodes the message as M = 0715 She encrypts M by the rule M′ = M157 mod 2773 to produce the message signature Mpri(Alice) = 2192

Tong-Viet (UKZN) MATH236 Semester 1, 2013 7 / 22

Digital signatures with RSA

Examples

Suppose that Alice wishes to send the signed and encrypted message ‘go’ to Bob and that pub(Alice)=(2773,17) and pri(Alice)=157 and pub(Bob)=(3233,19) and pri(Bob)=2299 Alice encodes the message as M = 0715 She encrypts M by the rule M′ = M157 mod 2773 to produce the message signature Mpri(Alice) = 2192 So M||M′ = 0715 2192

Tong-Viet (UKZN) MATH236 Semester 1, 2013 7 / 22

Digital signatures with RSA

Examples

Suppose that Alice wishes to send the signed and encrypted message ‘go’ to Bob and that pub(Alice)=(2773,17) and pri(Alice)=157 and pub(Bob)=(3233,19) and pri(Bob)=2299 Alice encodes the message as M = 0715 She encrypts M by the rule M′ = M157 mod 2773 to produce the message signature Mpri(Alice) = 2192 So M||M′ = 0715 2192 Alice now encrypts each block B with Bob’s public key, using the rule C = B19 mod 3233 to obtain

Tong-Viet (UKZN) MATH236 Semester 1, 2013 7 / 22

Digital signatures with RSA

Examples

Suppose that Alice wishes to send the signed and encrypted message ‘go’ to Bob and that pub(Alice)=(2773,17) and pri(Alice)=157 and pub(Bob)=(3233,19) and pri(Bob)=2299 Alice encodes the message as M = 0715 She encrypts M by the rule M′ = M157 mod 2773 to produce the message signature Mpri(Alice) = 2192 So M||M′ = 0715 2192 Alice now encrypts each block B with Bob’s public key, using the rule C = B19 mod 3233 to obtain (M||Mpri(Alice))pub(Bob) = 1718 2330 and she sends this to Bob

Tong-Viet (UKZN) MATH236 Semester 1, 2013 7 / 22

Digital signatures with RSA

Examples

Suppose that Alice wishes to send the signed and encrypted message ‘go’ to Bob and that pub(Alice)=(2773,17) and pri(Alice)=157 and pub(Bob)=(3233,19) and pri(Bob)=2299 Alice encodes the message as M = 0715 She encrypts M by the rule M′ = M157 mod 2773 to produce the message signature Mpri(Alice) = 2192 So M||M′ = 0715 2192 Alice now encrypts each block B with Bob’s public key, using the rule C = B19 mod 3233 to obtain (M||Mpri(Alice))pub(Bob) = 1718 2330 and she sends this to Bob

Tong-Viet (UKZN) MATH236 Semester 1, 2013 7 / 22

Digital signatures with RSA

Examples

Bob receives the ciphertext Y = 1718 2330 First, he uses his private key d = 2299 with the rule C = B2299 to discover the underline message is X = 0715 2192

Tong-Viet (UKZN) MATH236 Semester 1, 2013 8 / 22

Digital signatures with RSA

Examples

Bob receives the ciphertext Y = 1718 2330 First, he uses his private key d = 2299 with the rule C = B2299 to discover the underline message is X = 0715 2192 He decodes the message to go||2192

Tong-Viet (UKZN) MATH236 Semester 1, 2013 8 / 22

Digital signatures with RSA

Examples

Bob receives the ciphertext Y = 1718 2330 First, he uses his private key d = 2299 with the rule C = B2299 to discover the underline message is X = 0715 2192 He decodes the message to go||2192 Bob now verifies the signature, he decrypts the second half of the message with Alice’s public key pub(Alice)=(2773,17) and the rule C = B17 mod 2773

Tong-Viet (UKZN) MATH236 Semester 1, 2013 8 / 22

Digital signatures with RSA

Examples

Bob receives the ciphertext Y = 1718 2330 First, he uses his private key d = 2299 with the rule C = B2299 to discover the underline message is X = 0715 2192 He decodes the message to go||2192 Bob now verifies the signature, he decrypts the second half of the message with Alice’s public key pub(Alice)=(2773,17) and the rule C = B17 mod 2773 The signature becomes 0715 which is translated to ‘go’

Tong-Viet (UKZN) MATH236 Semester 1, 2013 8 / 22

Digital signatures with RSA

Examples

Bob receives the ciphertext Y = 1718 2330 First, he uses his private key d = 2299 with the rule C = B2299 to discover the underline message is X = 0715 2192 He decodes the message to go||2192 Bob now verifies the signature, he decrypts the second half of the message with Alice’s public key pub(Alice)=(2773,17) and the rule C = B17 mod 2773 The signature becomes 0715 which is translated to ‘go’ So Bob knows that the message was authorised by Alice

Tong-Viet (UKZN) MATH236 Semester 1, 2013 8 / 22

Digital signatures with RSA

Examples

Bob receives the ciphertext Y = 1718 2330 First, he uses his private key d = 2299 with the rule C = B2299 to discover the underline message is X = 0715 2192 He decodes the message to go||2192 Bob now verifies the signature, he decrypts the second half of the message with Alice’s public key pub(Alice)=(2773,17) and the rule C = B17 mod 2773 The signature becomes 0715 which is translated to ‘go’ So Bob knows that the message was authorised by Alice

Tong-Viet (UKZN) MATH236 Semester 1, 2013 8 / 22

The mathematics of RSA

The mathematics of RSA

Lemma Let p and q be distinct primes and let a and b be integers. If a ≡ b (mod p) and a ≡ b (mod q), then a ≡ b (mod pq). Proof. By the hypothesis, we obtain that p | a − b and q | a − b We have that a − b = qm for some integer m

Tong-Viet (UKZN) MATH236 Semester 1, 2013 9 / 22

The mathematics of RSA

The mathematics of RSA

Lemma Let p and q be distinct primes and let a and b be integers. If a ≡ b (mod p) and a ≡ b (mod q), then a ≡ b (mod pq). Proof. By the hypothesis, we obtain that p | a − b and q | a − b We have that a − b = qm for some integer m It follows that p | a − b = qm

Tong-Viet (UKZN) MATH236 Semester 1, 2013 9 / 22

The mathematics of RSA

The mathematics of RSA

Lemma Let p and q be distinct primes and let a and b be integers. If a ≡ b (mod p) and a ≡ b (mod q), then a ≡ b (mod pq). Proof. By the hypothesis, we obtain that p | a − b and q | a − b We have that a − b = qm for some integer m It follows that p | a − b = qm Since p = q are primes, we have gcd(p, q) = 1 so that p | m

Tong-Viet (UKZN) MATH236 Semester 1, 2013 9 / 22

The mathematics of RSA

The mathematics of RSA

Lemma Let p and q be distinct primes and let a and b be integers. If a ≡ b (mod p) and a ≡ b (mod q), then a ≡ b (mod pq). Proof. By the hypothesis, we obtain that p | a − b and q | a − b We have that a − b = qm for some integer m It follows that p | a − b = qm Since p = q are primes, we have gcd(p, q) = 1 so that p | m Hence, pq | qm = a − b or equivalently a ≡ b (mod pq) as wanted.

Tong-Viet (UKZN) MATH236 Semester 1, 2013 9 / 22

The mathematics of RSA

The mathematics of RSA

Lemma Let p and q be distinct primes and let a and b be integers. If a ≡ b (mod p) and a ≡ b (mod q), then a ≡ b (mod pq). Proof. By the hypothesis, we obtain that p | a − b and q | a − b We have that a − b = qm for some integer m It follows that p | a − b = qm Since p = q are primes, we have gcd(p, q) = 1 so that p | m Hence, pq | qm = a − b or equivalently a ≡ b (mod pq) as wanted.

Tong-Viet (UKZN) MATH236 Semester 1, 2013 9 / 22

The mathematics of RSA

The RSA Theorem

Theorem Let (n, e) be a public key for the RSA cryptosystem and (n, d) the corresponding private key, and let E(M) = Me mod n and D(C) = C d mod n be the encryption and decryption rules, respectively.

Tong-Viet (UKZN) MATH236 Semester 1, 2013 10 / 22

The mathematics of RSA

The RSA Theorem

Theorem Let (n, e) be a public key for the RSA cryptosystem and (n, d) the corresponding private key, and let E(M) = Me mod n and D(C) = C d mod n be the encryption and decryption rules, respectively. Then D(E(M)) = M (mod n).

Tong-Viet (UKZN) MATH236 Semester 1, 2013 10 / 22

The mathematics of RSA

The RSA Theorem

Theorem Let (n, e) be a public key for the RSA cryptosystem and (n, d) the corresponding private key, and let E(M) = Me mod n and D(C) = C d mod n be the encryption and decryption rules, respectively. Then D(E(M)) = M (mod n).

Tong-Viet (UKZN) MATH236 Semester 1, 2013 10 / 22

The mathematics of RSA

Proof of the RSA Theorem

Proof. Since ed ≡ 1 (mod φ(n)), there exists some integer k such that ed = 1 + kφ(n) Hence D(E(M)) ≡ (Me)d (mod n) ≡ Med (mod n) ≡ Mkφ(n)+1 (mod n)

Tong-Viet (UKZN) MATH236 Semester 1, 2013 11 / 22

The mathematics of RSA

Proof of the RSA Theorem

Proof. Since ed ≡ 1 (mod φ(n)), there exists some integer k such that ed = 1 + kφ(n) Hence D(E(M)) ≡ (Me)d (mod n) ≡ Med (mod n) ≡ Mkφ(n)+1 (mod n) Let p and q be primes such that n = pq

Tong-Viet (UKZN) MATH236 Semester 1, 2013 11 / 22

The mathematics of RSA

Proof of the RSA Theorem

Proof. Since ed ≡ 1 (mod φ(n)), there exists some integer k such that ed = 1 + kφ(n) Hence D(E(M)) ≡ (Me)d (mod n) ≡ Med (mod n) ≡ Mkφ(n)+1 (mod n) Let p and q be primes such that n = pq If p does not divide M, then by Fermat’s Little Theorem, we have Mp−1 ≡ 1 (mod p)

Tong-Viet (UKZN) MATH236 Semester 1, 2013 11 / 22

The mathematics of RSA

Proof of the RSA Theorem

Proof. Since ed ≡ 1 (mod φ(n)), there exists some integer k such that ed = 1 + kφ(n) Hence D(E(M)) ≡ (Me)d (mod n) ≡ Med (mod n) ≡ Mkφ(n)+1 (mod n) Let p and q be primes such that n = pq If p does not divide M, then by Fermat’s Little Theorem, we have Mp−1 ≡ 1 (mod p)

Tong-Viet (UKZN) MATH236 Semester 1, 2013 11 / 22

The mathematics of RSA

Proof of the RSA Theorem

Proof. Raising both sides to the power k(q − 1), we have Mk(p−1)(q−1) ≡ 1 (mod p) So Mkφ(n) · M ≡ 1 · M (mod p)

Tong-Viet (UKZN) MATH236 Semester 1, 2013 12 / 22

The mathematics of RSA

Proof of the RSA Theorem

Proof. Raising both sides to the power k(q − 1), we have Mk(p−1)(q−1) ≡ 1 (mod p) So Mkφ(n) · M ≡ 1 · M (mod p) Finally, we obtain Mkφ(n)+1 ≡ M (mod p)

Tong-Viet (UKZN) MATH236 Semester 1, 2013 12 / 22

The mathematics of RSA

Proof of the RSA Theorem

Proof. Raising both sides to the power k(q − 1), we have Mk(p−1)(q−1) ≡ 1 (mod p) So Mkφ(n) · M ≡ 1 · M (mod p) Finally, we obtain Mkφ(n)+1 ≡ M (mod p) The previous equation is trivially true if p | M. So it is true for all M.

Tong-Viet (UKZN) MATH236 Semester 1, 2013 12 / 22

The mathematics of RSA

Proof of the RSA Theorem

Proof. Raising both sides to the power k(q − 1), we have Mk(p−1)(q−1) ≡ 1 (mod p) So Mkφ(n) · M ≡ 1 · M (mod p) Finally, we obtain Mkφ(n)+1 ≡ M (mod p) The previous equation is trivially true if p | M. So it is true for all M. Similarly, we obtain that Mkφ(n)+1 ≡ 1 (mod q)

Tong-Viet (UKZN) MATH236 Semester 1, 2013 12 / 22

The mathematics of RSA

Proof of the RSA Theorem

Proof. Raising both sides to the power k(q − 1), we have Mk(p−1)(q−1) ≡ 1 (mod p) So Mkφ(n) · M ≡ 1 · M (mod p) Finally, we obtain Mkφ(n)+1 ≡ M (mod p) The previous equation is trivially true if p | M. So it is true for all M. Similarly, we obtain that Mkφ(n)+1 ≡ 1 (mod q) By the previous lemma, we deduce that D(E(M)) ≡ Mkφ(n)+1 ≡ M (mod n) as wanted.

Tong-Viet (UKZN) MATH236 Semester 1, 2013 12 / 22

The mathematics of RSA

Proof of the RSA Theorem

Proof. Raising both sides to the power k(q − 1), we have Mk(p−1)(q−1) ≡ 1 (mod p) So Mkφ(n) · M ≡ 1 · M (mod p) Finally, we obtain Mkφ(n)+1 ≡ M (mod p) The previous equation is trivially true if p | M. So it is true for all M. Similarly, we obtain that Mkφ(n)+1 ≡ 1 (mod q) By the previous lemma, we deduce that D(E(M)) ≡ Mkφ(n)+1 ≡ M (mod n) as wanted.

Tong-Viet (UKZN) MATH236 Semester 1, 2013 12 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation

This system was first published by Taher El Gamal in 1985 Suppose that Alice wants to use the El Gamal system

Tong-Viet (UKZN) MATH236 Semester 1, 2013 13 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation

This system was first published by Taher El Gamal in 1985 Suppose that Alice wants to use the El Gamal system She must first generate a key-pair: pri(Alice) and pub(Alice)

Tong-Viet (UKZN) MATH236 Semester 1, 2013 13 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation

This system was first published by Taher El Gamal in 1985 Suppose that Alice wants to use the El Gamal system She must first generate a key-pair: pri(Alice) and pub(Alice) This is accomplished as follows:

Tong-Viet (UKZN) MATH236 Semester 1, 2013 13 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation

This system was first published by Taher El Gamal in 1985 Suppose that Alice wants to use the El Gamal system She must first generate a key-pair: pri(Alice) and pub(Alice) This is accomplished as follows:

1

Alice chooses a large random prime p and a generator α of Z∗

p

Tong-Viet (UKZN) MATH236 Semester 1, 2013 13 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation

This system was first published by Taher El Gamal in 1985 Suppose that Alice wants to use the El Gamal system She must first generate a key-pair: pri(Alice) and pub(Alice) This is accomplished as follows:

1

Alice chooses a large random prime p and a generator α of Z∗

p

2

She next choses a random integer a ∈ {2, 3, · · · , p − 2} and computes αa (mod p)

Tong-Viet (UKZN) MATH236 Semester 1, 2013 13 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation

This system was first published by Taher El Gamal in 1985 Suppose that Alice wants to use the El Gamal system She must first generate a key-pair: pri(Alice) and pub(Alice) This is accomplished as follows:

1

Alice chooses a large random prime p and a generator α of Z∗

p

2

She next choses a random integer a ∈ {2, 3, · · · , p − 2} and computes αa (mod p)

3

She sets pub(Alice) = (p, α, αa) and pri(Alice) = a

Tong-Viet (UKZN) MATH236 Semester 1, 2013 13 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation

This system was first published by Taher El Gamal in 1985 Suppose that Alice wants to use the El Gamal system She must first generate a key-pair: pri(Alice) and pub(Alice) This is accomplished as follows:

1

Alice chooses a large random prime p and a generator α of Z∗

p

2

She next choses a random integer a ∈ {2, 3, · · · , p − 2} and computes αa (mod p)

3

She sets pub(Alice) = (p, α, αa) and pri(Alice) = a

Tong-Viet (UKZN) MATH236 Semester 1, 2013 13 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation-Examples

Example Suppose that Alice chooses the prime p = 149 She now find a generator α of Z∗

149 (Using Theorem 40)

Tong-Viet (UKZN) MATH236 Semester 1, 2013 14 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation-Examples

Example Suppose that Alice chooses the prime p = 149 She now find a generator α of Z∗

149 (Using Theorem 40)

She decides to try α = 5

Tong-Viet (UKZN) MATH236 Semester 1, 2013 14 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation-Examples

Example Suppose that Alice chooses the prime p = 149 She now find a generator α of Z∗

149 (Using Theorem 40)

She decides to try α = 5

Tong-Viet (UKZN) MATH236 Semester 1, 2013 14 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation-Examples

Example Since 148 = 22 · 37, she must compute 5148/2 = 574 mod 149 and 5148/37 = 54 mod 149 She finds 574 ≡ 1 mod 149 so 5 is not a generator

Tong-Viet (UKZN) MATH236 Semester 1, 2013 15 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation-Examples

Example Since 148 = 22 · 37, she must compute 5148/2 = 574 mod 149 and 5148/37 = 54 mod 149 She finds 574 ≡ 1 mod 149 so 5 is not a generator She next tries α = 12 and finds that 1274 ≡ 148 mod 149 and 124 ≡ 25 mod 149 so α = 12 is a generator for Z∗

149

Tong-Viet (UKZN) MATH236 Semester 1, 2013 15 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation-Examples

Example Since 148 = 22 · 37, she must compute 5148/2 = 574 mod 149 and 5148/37 = 54 mod 149 She finds 574 ≡ 1 mod 149 so 5 is not a generator She next tries α = 12 and finds that 1274 ≡ 148 mod 149 and 124 ≡ 25 mod 149 so α = 12 is a generator for Z∗

149

She pick a = 37 and calculate αa = 1237 ≡ 105 mod 149

Tong-Viet (UKZN) MATH236 Semester 1, 2013 15 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation-Examples

Example Since 148 = 22 · 37, she must compute 5148/2 = 574 mod 149 and 5148/37 = 54 mod 149 She finds 574 ≡ 1 mod 149 so 5 is not a generator She next tries α = 12 and finds that 1274 ≡ 148 mod 149 and 124 ≡ 25 mod 149 so α = 12 is a generator for Z∗

149

She pick a = 37 and calculate αa = 1237 ≡ 105 mod 149 Thus pub(Alice)=(149, 12, 105) and pri(Alice)=37

Tong-Viet (UKZN) MATH236 Semester 1, 2013 15 / 22

The El Gamal public-key cryptosystem

El Gamal: Key generation-Examples

Example Since 148 = 22 · 37, she must compute 5148/2 = 574 mod 149 and 5148/37 = 54 mod 149 She finds 574 ≡ 1 mod 149 so 5 is not a generator She next tries α = 12 and finds that 1274 ≡ 148 mod 149 and 124 ≡ 25 mod 149 so α = 12 is a generator for Z∗

149

She pick a = 37 and calculate αa = 1237 ≡ 105 mod 149 Thus pub(Alice)=(149, 12, 105) and pri(Alice)=37

Tong-Viet (UKZN) MATH236 Semester 1, 2013 15 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Suppose that Bob wants to send Alice a message using the El Gamal cryptosystem Bob first looks up Alice’s public key pub(Alice)= (p, α, αa)

Tong-Viet (UKZN) MATH236 Semester 1, 2013 16 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Suppose that Bob wants to send Alice a message using the El Gamal cryptosystem Bob first looks up Alice’s public key pub(Alice)= (p, α, αa) He then represents the message as an integer M in the range {0, 1, · · · , p − 1}

Tong-Viet (UKZN) MATH236 Semester 1, 2013 16 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Suppose that Bob wants to send Alice a message using the El Gamal cryptosystem Bob first looks up Alice’s public key pub(Alice)= (p, α, αa) He then represents the message as an integer M in the range {0, 1, · · · , p − 1} Bob selects a random integer k ∈ {1, 2, · · · , p − 2}

Tong-Viet (UKZN) MATH236 Semester 1, 2013 16 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Suppose that Bob wants to send Alice a message using the El Gamal cryptosystem Bob first looks up Alice’s public key pub(Alice)= (p, α, αa) He then represents the message as an integer M in the range {0, 1, · · · , p − 1} Bob selects a random integer k ∈ {1, 2, · · · , p − 2} He then computes γ = αk mod p and δ = M(αa)k mod p

Tong-Viet (UKZN) MATH236 Semester 1, 2013 16 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Suppose that Bob wants to send Alice a message using the El Gamal cryptosystem Bob first looks up Alice’s public key pub(Alice)= (p, α, αa) He then represents the message as an integer M in the range {0, 1, · · · , p − 1} Bob selects a random integer k ∈ {1, 2, · · · , p − 2} He then computes γ = αk mod p and δ = M(αa)k mod p Finally, Bob sends (γ, δ) to Alice

Tong-Viet (UKZN) MATH236 Semester 1, 2013 16 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Suppose that Bob wants to send Alice a message using the El Gamal cryptosystem Bob first looks up Alice’s public key pub(Alice)= (p, α, αa) He then represents the message as an integer M in the range {0, 1, · · · , p − 1} Bob selects a random integer k ∈ {1, 2, · · · , p − 2} He then computes γ = αk mod p and δ = M(αa)k mod p Finally, Bob sends (γ, δ) to Alice

Tong-Viet (UKZN) MATH236 Semester 1, 2013 16 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

To decrypt the message that Bob sends her, Alice follows a two-step procedure:

1 She uses her private key pri(Alice)=a to compute γp−1−a mod p Tong-Viet (UKZN) MATH236 Semester 1, 2013 17 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

To decrypt the message that Bob sends her, Alice follows a two-step procedure:

1 She uses her private key pri(Alice)=a to compute γp−1−a mod p 2 Now she can recover the message M by finding

δγp−1−a = M · αakα−ak ≡ M mod p.

Tong-Viet (UKZN) MATH236 Semester 1, 2013 17 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

To decrypt the message that Bob sends her, Alice follows a two-step procedure:

1 She uses her private key pri(Alice)=a to compute γp−1−a mod p 2 Now she can recover the message M by finding

δγp−1−a = M · αakα−ak ≡ M mod p.

Tong-Viet (UKZN) MATH236 Semester 1, 2013 17 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Key generation) Suppose that Alice chooses p = 2579 She writes 2578 = 2 · 1289

Tong-Viet (UKZN) MATH236 Semester 1, 2013 18 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Key generation) Suppose that Alice chooses p = 2579 She writes 2578 = 2 · 1289 She tries to find a generator for Z∗

2579

Tong-Viet (UKZN) MATH236 Semester 1, 2013 18 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Key generation) Suppose that Alice chooses p = 2579 She writes 2578 = 2 · 1289 She tries to find a generator for Z∗

2579

She tries α = 2; She computes α2 = 4 mod 2579 and α1289 = 2578 mod 2579

Tong-Viet (UKZN) MATH236 Semester 1, 2013 18 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Key generation) Suppose that Alice chooses p = 2579 She writes 2578 = 2 · 1289 She tries to find a generator for Z∗

2579

She tries α = 2; She computes α2 = 4 mod 2579 and α1289 = 2578 mod 2579 She picks a = 956 and finds 2956 ≡ 1272 mod 2579

Tong-Viet (UKZN) MATH236 Semester 1, 2013 18 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Key generation) Suppose that Alice chooses p = 2579 She writes 2578 = 2 · 1289 She tries to find a generator for Z∗

2579

She tries α = 2; She computes α2 = 4 mod 2579 and α1289 = 2578 mod 2579 She picks a = 956 and finds 2956 ≡ 1272 mod 2579 She publishes the information pub(Alice)=(2579, 2, 1272)

Tong-Viet (UKZN) MATH236 Semester 1, 2013 18 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Key generation) Suppose that Alice chooses p = 2579 She writes 2578 = 2 · 1289 She tries to find a generator for Z∗

2579

She tries α = 2; She computes α2 = 4 mod 2579 and α1289 = 2578 mod 2579 She picks a = 956 and finds 2956 ≡ 1272 mod 2579 She publishes the information pub(Alice)=(2579, 2, 1272) She keeps pri(Alice)=956

Tong-Viet (UKZN) MATH236 Semester 1, 2013 18 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Key generation) Suppose that Alice chooses p = 2579 She writes 2578 = 2 · 1289 She tries to find a generator for Z∗

2579

She tries α = 2; She computes α2 = 4 mod 2579 and α1289 = 2578 mod 2579 She picks a = 956 and finds 2956 ≡ 1272 mod 2579 She publishes the information pub(Alice)=(2579, 2, 1272) She keeps pri(Alice)=956

Tong-Viet (UKZN) MATH236 Semester 1, 2013 18 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Encryption) Bob decides to send the message ‘nuts’ to Alice He encodes ‘nuts’ as 14212019

Tong-Viet (UKZN) MATH236 Semester 1, 2013 19 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Encryption) Bob decides to send the message ‘nuts’ to Alice He encodes ‘nuts’ as 14212019 He looks up Alice’s public key and determines that p = 2579 so he decides to split the message up into two blocks, each of length 4 : 1421 2019

Tong-Viet (UKZN) MATH236 Semester 1, 2013 19 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Encryption) Bob decides to send the message ‘nuts’ to Alice He encodes ‘nuts’ as 14212019 He looks up Alice’s public key and determines that p = 2579 so he decides to split the message up into two blocks, each of length 4 : 1421 2019 For additional security, he will seclect a different value of k for each block

Tong-Viet (UKZN) MATH236 Semester 1, 2013 19 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Encryption) Bob decides to send the message ‘nuts’ to Alice He encodes ‘nuts’ as 14212019 He looks up Alice’s public key and determines that p = 2579 so he decides to split the message up into two blocks, each of length 4 : 1421 2019 For additional security, he will seclect a different value of k for each block For the first block, M1 = 1421, he picks k1 = 318, while for the second block, M2 = 2019, he will use k2 = 1905

Tong-Viet (UKZN) MATH236 Semester 1, 2013 19 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Encryption) Bob decides to send the message ‘nuts’ to Alice He encodes ‘nuts’ as 14212019 He looks up Alice’s public key and determines that p = 2579 so he decides to split the message up into two blocks, each of length 4 : 1421 2019 For additional security, he will seclect a different value of k for each block For the first block, M1 = 1421, he picks k1 = 318, while for the second block, M2 = 2019, he will use k2 = 1905

Tong-Viet (UKZN) MATH236 Semester 1, 2013 19 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Encryption) For the first block: γ1 = αk1 mod p = 2318 δ1 = M1(αa)k1 = 1421 · 1272318 mod 2579 = 590

Tong-Viet (UKZN) MATH236 Semester 1, 2013 20 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Encryption) For the first block: γ1 = αk1 mod p = 2318 δ1 = M1(αa)k1 = 1421 · 1272318 mod 2579 = 590 For the second block: γ2 = αk2 mod p = 21905 mod 2579 = 1035

Tong-Viet (UKZN) MATH236 Semester 1, 2013 20 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Encryption) For the first block: γ1 = αk1 mod p = 2318 δ1 = M1(αa)k1 = 1421 · 1272318 mod 2579 = 590 For the second block: γ2 = αk2 mod p = 21905 mod 2579 = 1035 δ2 = M2(αa)k2 = 2019 · 12721905 mod 2579 = 1684

Tong-Viet (UKZN) MATH236 Semester 1, 2013 20 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Encryption) For the first block: γ1 = αk1 mod p = 2318 δ1 = M1(αa)k1 = 1421 · 1272318 mod 2579 = 590 For the second block: γ2 = αk2 mod p = 21905 mod 2579 = 1035 δ2 = M2(αa)k2 = 2019 · 12721905 mod 2579 = 1684 Bob sends the message (792, 590), (1035, 1684) to Alice

Tong-Viet (UKZN) MATH236 Semester 1, 2013 20 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Encryption) For the first block: γ1 = αk1 mod p = 2318 δ1 = M1(αa)k1 = 1421 · 1272318 mod 2579 = 590 For the second block: γ2 = αk2 mod p = 21905 mod 2579 = 1035 δ2 = M2(αa)k2 = 2019 · 12721905 mod 2579 = 1684 Bob sends the message (792, 590), (1035, 1684) to Alice He could concatenate everything and sends 0792059010351684 to Alice

Tong-Viet (UKZN) MATH236 Semester 1, 2013 20 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Encryption) For the first block: γ1 = αk1 mod p = 2318 δ1 = M1(αa)k1 = 1421 · 1272318 mod 2579 = 590 For the second block: γ2 = αk2 mod p = 21905 mod 2579 = 1035 δ2 = M2(αa)k2 = 2019 · 12721905 mod 2579 = 1684 Bob sends the message (792, 590), (1035, 1684) to Alice He could concatenate everything and sends 0792059010351684 to Alice

Tong-Viet (UKZN) MATH236 Semester 1, 2013 20 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Decryption) Alice receives the message 0792059010351684 from Bob, and recovers γ1 = 792, δ1 = 590 and γ2 = 1035, δ2 = 1684

Tong-Viet (UKZN) MATH236 Semester 1, 2013 21 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Decryption) Alice receives the message 0792059010351684 from Bob, and recovers γ1 = 792, δ1 = 590 and γ2 = 1035, δ2 = 1684 Using her private key pri(Alice)= a = 956, she decrypts the first block

Tong-Viet (UKZN) MATH236 Semester 1, 2013 21 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Decryption) Alice receives the message 0792059010351684 from Bob, and recovers γ1 = 792, δ1 = 590 and γ2 = 1035, δ2 = 1684 Using her private key pri(Alice)= a = 956, she decrypts the first block γp−1−a

1

mod p=7922579−1−956 mod 2579 = 1187

Tong-Viet (UKZN) MATH236 Semester 1, 2013 21 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Decryption) Alice receives the message 0792059010351684 from Bob, and recovers γ1 = 792, δ1 = 590 and γ2 = 1035, δ2 = 1684 Using her private key pri(Alice)= a = 956, she decrypts the first block γp−1−a

1

mod p=7922579−1−956 mod 2579 = 1187 and M1 = δ1γp−1−a

1

mod p = 590 · 1187 ≡ 1421 mod 2579

Tong-Viet (UKZN) MATH236 Semester 1, 2013 21 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Decryption) Alice receives the message 0792059010351684 from Bob, and recovers γ1 = 792, δ1 = 590 and γ2 = 1035, δ2 = 1684 Using her private key pri(Alice)= a = 956, she decrypts the first block γp−1−a

1

mod p=7922579−1−956 mod 2579 = 1187 and M1 = δ1γp−1−a

1

mod p = 590 · 1187 ≡ 1421 mod 2579 Similarly, M2 = δ2γp−1−a

2

mod p = 1684 · 10352579−1−956 mod 2579 ≡ 2019

Tong-Viet (UKZN) MATH236 Semester 1, 2013 21 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Decryption) Alice receives the message 0792059010351684 from Bob, and recovers γ1 = 792, δ1 = 590 and γ2 = 1035, δ2 = 1684 Using her private key pri(Alice)= a = 956, she decrypts the first block γp−1−a

1

mod p=7922579−1−956 mod 2579 = 1187 and M1 = δ1γp−1−a

1

mod p = 590 · 1187 ≡ 1421 mod 2579 Similarly, M2 = δ2γp−1−a

2

mod p = 1684 · 10352579−1−956 mod 2579 ≡ 2019 The encoded message is thus 14212019, which is decoded to ‘nuts’

Tong-Viet (UKZN) MATH236 Semester 1, 2013 21 / 22

The El Gamal public-key cryptosystem

El Gamal: Encryption and Decryption

Example (Decryption) Alice receives the message 0792059010351684 from Bob, and recovers γ1 = 792, δ1 = 590 and γ2 = 1035, δ2 = 1684 Using her private key pri(Alice)= a = 956, she decrypts the first block γp−1−a

1

mod p=7922579−1−956 mod 2579 = 1187 and M1 = δ1γp−1−a

1

mod p = 590 · 1187 ≡ 1421 mod 2579 Similarly, M2 = δ2γp−1−a

2

mod p = 1684 · 10352579−1−956 mod 2579 ≡ 2019 The encoded message is thus 14212019, which is decoded to ‘nuts’

Tong-Viet (UKZN) MATH236 Semester 1, 2013 21 / 22

The El Gamal public-key cryptosystem

El Gamal cryptosystem

Since k is chosen randomly for each encryption, the same message M would probably be encrypted differently if it was sent from Bob to Alice a second time This is an advantage that the El Gamal system has over RSA encryption

Tong-Viet (UKZN) MATH236 Semester 1, 2013 22 / 22

The El Gamal public-key cryptosystem

El Gamal cryptosystem

Since k is chosen randomly for each encryption, the same message M would probably be encrypted differently if it was sent from Bob to Alice a second time This is an advantage that the El Gamal system has over RSA encryption However, ciphertext generated by El Gamal system is twice as long as the plaintext

Tong-Viet (UKZN) MATH236 Semester 1, 2013 22 / 22

The El Gamal public-key cryptosystem

El Gamal cryptosystem

Since k is chosen randomly for each encryption, the same message M would probably be encrypted differently if it was sent from Bob to Alice a second time This is an advantage that the El Gamal system has over RSA encryption However, ciphertext generated by El Gamal system is twice as long as the plaintext

Tong-Viet (UKZN) MATH236 Semester 1, 2013 22 / 22