rt r r - - PowerPoint PPT Presentation

✹✶✹✲❙✶✼ ❈r②♣t♦

❙❤❛♥❦❛r ❆♣r✐❧ ✶✽✱ ✷✵✶✼

❖✉t❧✐♥❡

♦✈❡r✈✐❡✇

❖✈❡r✈✐❡✇ ❙②♠♠❡tr✐❝ ❈r②♣t♦ ❇❧♦❝❦ ❈✐♣❤❡r ❊♥❝r②♣t✐♦♥ ▼♦❞❡s ❢♦r ❱❛r✐❛❜❧❡✲s✐③❡ ▼❡ss❛❣❡s ▼❡ss❛❣❡ ❆✉t❤❡♥t✐❝❛t✐♦♥ ❈♦❞❡s ✭▼❆❈s✮ ▼❆❈ ❛♥❞ ❈♦♥✜❞❡♥t✐❛❧✐t② ❆s②♠♠❡tr✐❝ ❈r②♣t♦ ✭❛❦❛ P✉❜❧✐❝✲❑❡② ❈r②♣t♦✮ ■♥tr♦❞✉❝t✐♦♥ ❆ ▲✐tt❧❡ ❇✐t ♦❢ ◆✉♠❜❡r ❚❤❡♦r② ❘❙❆ ❉✐✣❡✲❍❡❧♠❛♥

❖✈❡r✈✐❡✇

♦✈❡r✈✐❡✇

❈r②♣t♦ ✐s ❡✈❡r②✇❤❡r❡ ❝♦♠♠✉♥✐❝❛t✐♦♥s✿ ❤tt♣s✱ ■Ps❡❝✱ ✽✵✷✳✶✶✱ ❲P❆✷✱ ✳✳✳ ✜❧❡s ♦♥ ❞✐s❦✿ ❇✐t❧♦❝❦❡r✱ ❋✐❧❡❱❛✉❧t✱ ✳✳✳ ✉s❡r ❛✉t❤❡♥t✐❝❛t✐♦♥✿ ❑❡r❜❡r♦s✱ ✳✳✳ . . . ❈r②♣t♦ ❡♥❛❜❧❡s s❡❝✉r❡ ❞❛t❛ ❝♦♠♠✉♥✐❝❛t✐♦♥ ❛♥❞ st♦r❛❣❡ ❈♦♥✜❞❡♥t✐❛❧✐t②✿ ♦♥❧② t❤❡ ✐♥t❡♥❞❡❞ r❡❝❡✐✈❡r ❝❛♥ r❡❛❞ t❤❡ ❞❛t❛ ■♥t❡❣r✐t②✿ t❤❡ ✐♥t❡♥❞❡❞ r❡❝❡✐✈❡r ❞❡t❡❝ts ❛♥② ❝❤❛♥❣❡s t♦ t❤❡ ❞❛t❛ ❆✉t❤❡♥t✐❝❛t✐♦♥✿ ❞❛t❛ r❡❝❡✐✈❡❞ ✇❛s s❡♥t ❜② t❤❡ s♣❡❝✐✜❡❞ s❡♥❞❡r ◆♦♥✲r❡♣✉❞✐❛t✐♦♥✿ t❤✐r❞ ♣❛rt② ❝❛♥ ✈❡r✐❢② t❤❛t t❤❡ ❞❛t❛ ✇❛s s❡♥t ❜② t❤❡ s♣❡❝✐✜❡❞ s❡♥❞❡r

❙②♠♠❡tr✐❝ ❛♥❞ ❆s②♠♠❡tr✐❝ ❈r②♣t♦

♦✈❡r✈✐❡✇

❑❡② ❣❡♥❡r❛t✐♦♥✿ ❣❡♥❡r❛t❡ ❡♥❝r②♣t✐♦♥ ❛♥❞ ❞❡❝r②♣t✐♦♥ ❦❡②s ❊♥❝r②♣t✐♦♥ E✿ ♣❧❛✐♥t❡①t ✰ ❡♥❝r②♣t✐♦♥ ❦❡② − → ❝✐♣❤❡rt❡①t ❉❡❝r②♣t✐♦♥ D✿ ♣❧❛✐♥t❡①t ← − ❝✐♣❤❡rt❡①t ✰ ❞❡❝r②♣t✐♦♥ ❦❡② ❙②♠♠❡tr✐❝ ❝r②♣t♦ ❡♥❝r②♣t✐♦♥ ❦❡② = ❞❡❝r②♣t✐♦♥ ❦❡② ❡❣✱ ❆❊❙✱ ▼❉✺✱ ❙❍❆✲✶✱ ❙❍❆✲✷✺✻✱ ✳✳✳ ❢❛st ❆s②♠♠❡tr✐❝ ✭❛❦❛ ♣✉❜❧✐❝✲❦❡②✮ ❝r②♣t♦ ❡♥❝r②♣t✐♦♥ ❦❡② = ❞❡❝r②♣t✐♦♥ ❦❡② ❡❣✱ ❘❙❆✱ ❉❍✱ ❉❙❙✱ ✳✳✳ ✈❡r② s❧♦✇

❉❡s✐r❡❞ ♣r♦♣❡rt✐❡s ♦❢ ❝r②♣t♦ ❢✉♥❝t✐♦♥s

♦✈❡r✈✐❡✇

❈♦rr❡❝t♥❡ss ❋♦r ❛♥② ❡♥❝r②♣t✐♦♥ ❦❡② keyE ❛♥❞ ✐ts ❞❡❝r②♣t✐♦♥ ❦❡② keyD✿ ✐❢ E(keyE, ptxt) r❡t✉r♥s ctxt t❤❡♥ D(keyD, ctxt) r❡t✉r♥s ptxt ❙❡❝✉r✐t②✿ ❆ss✉♠✐♥❣ ❦❡②s ❛r❡ ❝❤♦s❡♥ ✉♥✐❢♦r♠❧② r❛♥❞♦♠❧②

• ✐✈❡♥ ❝②♣❤❡rt❡①t✱ ❤❛r❞ t♦ ❣❡t ♣❧❛✐♥t❡①t✳
• ✐✈❡♥ ♣❧❛✐♥t❡①t ❛♥❞ ❝✐♣❤❡rt❡①t✱ ❤❛r❞ t♦ ❣❡t ❦❡②✳

❍❛r❞✿ r❡q✉✐r❡s ❜r✉t❡✲❢♦r❝❡ s❡❛r❝❤ ♦❢ ❦❡②✲s♣❛❝❡ ✭❡❣✱ ✷✶✷✽ ❦❡②s✮ ❆tt❛❝❦❡r ♠♦❞❡❧s ✭❢r♦♠ ✇❡❛❦❡st t♦ str♦♥❣❡st✮ ❈✐♣❤❡rt❡①t✲♦♥❧② ❛tt❛❝❦ ❑♥♦✇♥ ♣❧❛✐♥t❡①t ❛tt❛❝❦✿ ♦♥❡ ♠❛t❝❤✐♥❣ ♣❛✐r ❈❤♦s❡♥ ♣❧❛✐♥t❡①t ❛tt❛❝❦✿ ❡♥❝r②♣t✐♦♥ ♦r❛❝❧❡ ❈❤♦s❡♥ ❝✐♣❤❡rt❡①t ❛tt❛❝❦✿ ❡♥❝r②♣t✐♦♥ ♦r❛❝❧❡ ✰ ❞❡❝r②♣t✐♦♥ ♦r❛❝❧❡

❆❝❤✐❡✈✐♥❣ s❡❝✉r❡ ❝♦♠♠✉♥✐❝❛t✐♦♥

♦✈❡r✈✐❡✇

A ❛♥❞ B s❡♣❛r❛t❡❞ ❜② ✐♥s❡❝✉r❡ ❝❤❛♥♥❡❧✱ s❤❛r❡ s❡❝r❡t ❦❡② k✳ ❈♦♥✜❞❡♥t✐❛❧✐t②✿ A s❡♥❞s E(k, plaintext) B r❡❝❡✐✈❡s ❛♥❞ ❞♦❡s D(k, ciphertext) ■♥t❡❣r✐t②✿ mac✿ E(k, hash(plaintext)) A s❡♥❞s [plaintext, mac] B r❡❝❡✐✈❡s ❛♥❞ ✈❡r✐✜❡s mac ❆✉t❤❡♥t✐❝❛t✐♦♥✿ A s❡♥❞s ❛ r❛♥❞♦♠ rA t♦ B✱ ❛♥❞ ❡①♣❡❝ts E(k, rA) ❜❛❝❦ B s❡♥❞s ❛ r❛♥❞♦♠ rB t♦ A✱ ❛♥❞ ❡①♣❡❝ts E(k, rB) ❜❛❝❦

❖✉t❧✐♥❡

s②♠♠

❖✈❡r✈✐❡✇ ❙②♠♠❡tr✐❝ ❈r②♣t♦ ❇❧♦❝❦ ❈✐♣❤❡r ❊♥❝r②♣t✐♦♥ ▼♦❞❡s ❢♦r ❱❛r✐❛❜❧❡✲s✐③❡ ▼❡ss❛❣❡s ▼❡ss❛❣❡ ❆✉t❤❡♥t✐❝❛t✐♦♥ ❈♦❞❡s ✭▼❆❈s✮ ▼❆❈ ❛♥❞ ❈♦♥✜❞❡♥t✐❛❧✐t② ❆s②♠♠❡tr✐❝ ❈r②♣t♦ ✭❛❦❛ P✉❜❧✐❝✲❑❡② ❈r②♣t♦✮ ■♥tr♦❞✉❝t✐♦♥ ❆ ▲✐tt❧❡ ❇✐t ♦❢ ◆✉♠❜❡r ❚❤❡♦r② ❘❙❆ ❉✐✣❡✲❍❡❧♠❛♥

❖✉t❧✐♥❡

❜❧♦❝❦ ❝✐♣❤❡r s②♠♠

❖✈❡r✈✐❡✇ ❙②♠♠❡tr✐❝ ❈r②♣t♦ ❇❧♦❝❦ ❈✐♣❤❡r ❊♥❝r②♣t✐♦♥ ▼♦❞❡s ❢♦r ❱❛r✐❛❜❧❡✲s✐③❡ ▼❡ss❛❣❡s ▼❡ss❛❣❡ ❆✉t❤❡♥t✐❝❛t✐♦♥ ❈♦❞❡s ✭▼❆❈s✮ ▼❆❈ ❛♥❞ ❈♦♥✜❞❡♥t✐❛❧✐t② ❆s②♠♠❡tr✐❝ ❈r②♣t♦ ✭❛❦❛ P✉❜❧✐❝✲❑❡② ❈r②♣t♦✮ ■♥tr♦❞✉❝t✐♦♥ ❆ ▲✐tt❧❡ ❇✐t ♦❢ ◆✉♠❜❡r ❚❤❡♦r② ❘❙❆ ❉✐✣❡✲❍❡❧♠❛♥

■❞❡❛❧ ❜❧♦❝❦ ❝✐♣❤❡r

❜❧♦❝❦ ❝✐♣❤❡r s②♠♠

❋✐①❡❞✲s✐③❡ ♠❡ss❛❣❡s ♦❢ d ❜✐ts ✭❡❣✱ ✻✹✱ ✶✷✽✮ ❋✐①❡❞✲s✐③❡ ❦❡②s ♦❢ k ❜✐ts ✭❡❣✱ ✶✷✽✱ ✷✺✻✮ ❛♥② r❛♥❞♦♠ k ❜✐ts ✐s ❛ ✈❛❧✐❞ ❦❡② ❊♥❝r②♣t✐♦♥ E : d✲❜✐t ♠s❣ ✰ k✲❜✐t ❦❡② − → d✲❜✐t ♦✉t♣✉t ❚♦ ❞❡❝r②♣t✱ E ♠✉st ❜❡ ✶✲✶ ♠❛♣♣✐♥❣ ♦❢ ♠s❣s t♦ ♦✉t♣✉ts ❚♦ ❜❡ s❡❝✉r❡✱ E ♠✉st ❜❡ ✏r❛♥❞♦♠✑ E(key, msg) ❣✐✈❡s ♥♦ ✐♥❢♦r♠❛t✐♦♥ ❛❜♦✉t key ♦r msg ▼s❣s ❛♥❞ ❦❡②s t❤❛t ❞✐✛❡r ✭❡✈❡♥ ✐❢ ♦♥❧② s❧✐❣❤t❧②✮ ♠❛♣ t♦ ♦✉t♣✉ts t❤❛t ❞✐✛❡r r❛♥❞♦♠❧② ❑❡② s✐③❡ k ❧❛r❣❡ ❡♥♦✉❣❤ s♦ t❤❛t s❡❛r❝❤✐♥❣ ✷k ✐s ✐♥❢❡❛s✐❜❧❡ ❈❧❡❛r❧②✱ E ❝❛♥♥♦t ❜❡ ❛ ✏s✐♠♣❧❡✑ ❢✉♥❝t✐♦♥✱ ❡❣✱ msg ⊕ key

■♠♣❧❡♠❡♥t❛t✐♦♥✿ d✲❜✐t ❞❛t❛✱ k✲❜✐t ❦❡②

❜❧♦❝❦ ❝✐♣❤❡r s②♠♠

◆❛✐✈❡ ❛♣♣r♦❛❝❤ ❚❛❜❧❡ ♦❢ ❛ r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥ ♦❢ d✲❜✐t str✐♥❣s

/ / ✷d × d ❜✐ts

E(i) ✐s it❤ r♦✇ ♦❢ t❛❜❧❡ ❙❡❝✉r❡ ❜✉t ✐♠♣r❛❝t✐❝❛❧

/ / t❛❜❧❡ ✐ts❡❧❢ ✐s t❤❡ ❦❡②✦

Pr❛❝t✐❝❛❧ ❛♣♣r♦❛❝❤✿ ❧♦❝❛❧✐③❡❞ s❝r❛♠❜❧✐♥❣ ❛♥❞ ❣❧♦❜❛❧ ♣❡r♠✉t❛t✐♦♥s

• ❡♥❡r❛t❡ n ✏r♦✉♥❞ ❦❡②s✑ ❢r♦♠ t❤❡ ❦❡②

/ / n s♠❛❧❧✱ ❡❣✱ ✶✵

❘❡♣❡❛t n t✐♠❡s P❛rt✐t✐♦♥ d✲❜✐t str✐♥❣ ✐♥t♦ p✲❜✐t ❝❤✉♥❦s

/ / ✷p ✐s ♠❛♥❛❣❡❛❜❧❡

❙❝r❛♠❜❧❡ ❡❛❝❤ p✲❜✐t ❝❤✉♥❦ ✉s✐♥❣ ✷p × p t❛❜❧❡s

/ / t❛❜❧❡✬s ♣❡r♠✉t❛t✐♦♥ ❞❡♣❡♥❞s ♦♥ r♦✉♥❞✲n ❦❡②

P❡r♠✉t❡ t❤❡ r❡s✉❧t✐♥❣ d✲❜✐t str✐♥❣ ❉❡❝r②♣t✐♦♥ ✐s s✐♠✐❧❛r

/ / ♦❢t❡♥ r❡✉s❡ s❛♠❡ ❤❛r❞✇❛r❡

❊①❛♠ ❉❊❙✿ ❉❛t❛ ❊♥❝r②♣t✐♦♥ ❙t❛♥❞❛r❞

❜❧♦❝❦ ❝✐♣❤❡r s②♠♠

❖❧❞ st❛♥❞❛r❞ ♥♦ ❧♦♥❣❡r ✉s❡❞✿ ✺✻✲❜✐t ❦❡②s✱ ✻✹✲❜✐t t❡①t

❊①❛♠ ❉❊❙ ❡♥❝r②♣t✐♦♥ ❛♥❞ ❞❡❝r②♣t✐♦♥

❜❧♦❝❦ ❝✐♣❤❡r s②♠♠ ❉❊❙ ❡♥❝r②♣t✐♦♥ ❛✶✿ L✵ | R✵ ← perm(pt) ❛✷✿ ❢♦r n = ✵, ..., ✶✺ ❛✸✿ Ln+✶ ← Rn ❛✹✿ Rn+✶ ← mnglrn(Rn, Kn+✶)⊕Ln

/ / ②✐❡❧❞s L✶✻ | R✶✻

❛✺✿ L✶✼ | R✶✼ ← R✶✻ | L✶✻ ❛✻✿ ct ← perm−✶(R✶✻ | L✶✻)

/ / ❦❡② ♦r❞❡r✿ K✶, · · · , K✶✻

❉❊❙ ❞❡❝r②♣t✐♦♥ ❜✶✿ R✶✻ | L✶✻ ← perm(ct)

/ / ❛✻ ❜✇

❜✷✿ ❢♦r n = ✶✺, ..., ✵

/ / ❛✷ ❜✇

❜✸✿ Rn ← Ln+✶

/ / ❛✸ ❜✇

❜✹✿ Ln ← mnglrn(Rn, Kn)⊕Rn+✶

/ / ❛✹ ❜✇ / / s❡ts Ln t♦ X s✉❝❤ t❤❛t / / Rn+✶ ← mnglrn(Rn, Kn)⊕X / / ②✐❡❧❞s R✵|L✵

❜✺✿ L✵|R✵ ← R✵|L✵

/ / ❛✺ ❜✇

❜✻✿ ♣t ← perm−✶(L✵|R✵)

/ / ❛✶ ❜✇ / / ❦❡② ♦r❞❡r K✶✻, · · · , K✶

❊①❛♠ ▼✉❧t✐♣❧❡ ❉❊❙✿ ❊❉❊ ♦r ✸❉❊❙

❜❧♦❝❦ ❝✐♣❤❡r s②♠♠

▼❛❦❡s ❉❊❙ ♠♦r❡ s❡❝✉r❡ ❊♥❝r②♣t✐♦♥✿ ❡♥❝r②♣t ❦❡②✶ → ❞❡❝r②♣t ❦❡②✷ → ❡♥❝r②♣t ❦❡②✶ ❉❡❝r②♣t✐♦♥✿ ❞❡❝r②♣t ❦❡②✶ → ❡♥❝r②♣t ❦❡②✷ → ❞❡❝r②♣t ❦❡②✶ ❡♥❝r②♣t ❦❡②✶ → ❡♥❝r②♣t ❦❡②✶ ✐s ♥♦t ❡✛❡❝t✐✈❡ ❏✉st ❡q✉✐✈❛❧❡♥t t♦ ✉s✐♥❣ ❛♥♦t❤❡r s✐♥❣❧❡ ❦❡②✳ ❡♥❝r②♣t ❦❡②✶ → ❡♥❝r②♣t ❦❡②✷ ✐s ♥♦t s♦ ❣♦♦❞

❆❊❙✿ ❆❞✈❛♥❝❡❞ ❊♥❝r②♣t✐♦♥ ❙t❛♥❞❛r❞

❜❧♦❝❦ ❝✐♣❤❡r s②♠♠

❈✉rr❡♥t st❛♥❞❛r❞ ❡♥❝r②♣t✐♦♥ ❛❧❣♦r✐t❤♠ ❉✐✛❡r❡♥t ❦❡② s✐③❡s✿ ✶✷✽✱ ✶✾✷✱ ✷✺✻ ❉❛t❛ ❜❧♦❝❦ s✐③❡✿ ✶✷✽ ❜✐ts ❆❧❣♦r✐t❤♠ ♦✈❡r✈✐❡✇ ❊①❛♠ ✶✵✱ ✶✷✱ ♦r ✶✹ r♦✉♥❞s

/ / ❞❡♣❡♥❞✐♥❣ ♦♥ ❦❡② s✐③❡

❘♦✉♥❞ ❦❡②s ❣❡♥❡r❛t❡❞ ❢r♦♠ t❤❡ ❝✐♣❤❡r ❦❡② ❉❛t❛ ❜❧♦❝❦ tr❡❛t❡❞ ❛s ✹ × ✹ ♠❛tr✐① ♦❢ ❜②t❡s ❊❛❝❤ r♦✉♥❞ ✐♥✈♦❧✈❡s ♦♣❡r❛t✐♦♥s ✐♥ ❛ ✜♥✐t❡ ✜❡❧❞ ♣❡r♠✉t❛t✐♦♥ ♦❢ t❤❡ ❜②t❡s

/ / ❧♦♦❦✉♣ t❛❜❧❡

❝②❝❧✐❝ s❤✐❢t✐♥❣ ♦❢ r♦✇s ♠✐①✐♥❣ ❜②t❡s ✐♥ ❡❛❝❤ ❝♦❧✉♠♥

❖✉t❧✐♥❡

♠♦❞❡s s②♠♠

❖✈❡r✈✐❡✇ ❙②♠♠❡tr✐❝ ❈r②♣t♦ ❇❧♦❝❦ ❈✐♣❤❡r ❊♥❝r②♣t✐♦♥ ▼♦❞❡s ❢♦r ❱❛r✐❛❜❧❡✲s✐③❡ ▼❡ss❛❣❡s ▼❡ss❛❣❡ ❆✉t❤❡♥t✐❝❛t✐♦♥ ❈♦❞❡s ✭▼❆❈s✮ ▼❆❈ ❛♥❞ ❈♦♥✜❞❡♥t✐❛❧✐t② ❆s②♠♠❡tr✐❝ ❈r②♣t♦ ✭❛❦❛ P✉❜❧✐❝✲❑❡② ❈r②♣t♦✮ ■♥tr♦❞✉❝t✐♦♥ ❆ ▲✐tt❧❡ ❇✐t ♦❢ ◆✉♠❜❡r ❚❤❡♦r② ❘❙❆ ❉✐✣❡✲❍❡❧♠❛♥

❍❛♥❞❧✐♥❣ ✈❛r✐❛❜❧❡✲s✐③❡ ♠❡ss❛❣❡s

♠♦❞❡s s②♠♠

❊♥❝r②♣t✐♥❣ ✈❛r✐❛❜❧❡✲s✐③❡ ♠s❣ ❣✐✈❡♥ d✲❜✐t ❜❧♦❝❦ ❝✐♣❤❡r P❛❞ ♠❡ss❛❣❡ t♦ ♠✉❧t✐♣❧❡ ♦❢ ❜❧♦❝❦ s✐③❡✿ msg − → m✶, m✷, · · · ❯s❡ ❜❧♦❝❦ ❡♥❝r②♣t✐♦♥ r❡♣❡❛t❡❞❧② t♦ ❣❡t ❝✐♣❤❡rt❡①t m✶, m✷, · · · − → c✶, c✷, · · · ❉❡s✐r❡❞ cj = ck ❡✈❡♥ ✐❢ mj = mk

/ / ❧✐❦❡ ❜❧♦❝❦ ❡♥❝r②♣t✐♦♥

❘❡♣❡❛t❡❞ ❡♥❝r②♣t✐♦♥s ♦❢ msg ②✐❡❧❞ ❞✐✛❡r❡♥t ciphertxt

/ / ✉♥❧✐❦❡ ❜❧♦❝❦ ❡♥❝r②♣t✐♦♥

❱❛r✐♦✉s ♠♦❞❡s✿ ❊❈❇✱ ❈❇❈✱ ❈❋❇✱ ❖❋❇✱ ❈❚❘✱ ♦t❤❡rs

❊❈❇✿ ❊❧❡❝tr♦♥✐❝ ❈♦❞❡ ❇♦♦❦

♠♦❞❡s s②♠♠

❊♥❝r②♣t✐♦♥✿ m✶, m✷, · · · − → c✶, c✷, · · · ◆❛t✉r❛❧ ❛♣♣r♦❛❝❤✿ ❡♥❝r②♣t ❡❛❝❤ ❜❧♦❝❦ ✐♥❞❡♣❡♥❞❡♥t❧② ❊♥❝r②♣t✐♦♥✿ ci = E(key, mi) ❉❡❝r②♣t✐♦♥✿ mi = D(key, ci) ◆♦t ❣♦♦❞✿ r❡♣❡❛t❡❞ ❜❧♦❝❦s ❣❡t s❛♠❡ ❝✐♣❤❡r❜❧♦❝❦ ◆❡✈❡r ✉s❡ ❊❈❇ ❆♠❛③✐♥❣❧②✱ t❤❡ ❞❡❢❛✉❧t ♠♦❞❡ ❢♦r s♦♠❡ ❝r②♣t♦ ❧✐❜r❛r✐❡s

❈❇❈✿ ❈✐♣❤❡r ❇❧♦❝❦ ❈❤❛✐♥✐♥❣

♠♦❞❡s s②♠♠

❊♥❝r②♣t✐♦♥✿ m✶, m✷, · · · − → c✶, c✷, · · · ❯s❡ ci − ✶ ❛s ❛ ✏r❛♥❞♦♠✑ ♣❛❞ t♦ mi ❜❡❢♦r❡ ❡♥❝r②♣t✐♥❣✳ c✵ ← r❛♥❞♦♠ IV ci ← E(key, mi⊕ci −✶) s❡♥❞ IV , c✶, c✷, · · · ❈❛♥ ❜❡ ❛tt❛❝❦❡❞ ✐❢ IV ✐s ♣r❡❞✐❝t❛❜❧❡ ❉❡❝r②♣t✐♦♥✿ c✶, c✷, · · · − → m✶, m✷, · · · mi ← D(key, ci) ⊕ ci −✶ ❢♦r i = ✶, ✷, · · · ❈❛♥ ❜❡ ❞♦♥❡ ✐♥ ♣❛r❛❧❧❡❧

❖❋❇✿ ❖✉t♣✉t ❋❡❡❞❜❛❝❦ ▼♦❞❡

♠♦❞❡s s②♠♠

❊♥❝r②♣t✐♦♥✿ m✶, m✷, · · · − → c✶, c✷, · · ·

• ❡♥❡r❛t❡ ♣❛❞ b✵, b✶, · · · ✿

b✵ ← r❛♥❞♦♠ IV bi ← E(key, bi − ✶) ci ← bi ⊕ mi ❖♥❡✲t✐♠❡ ♣❛❞ t❤❛t ❝❛♥ ❜❡ ❣❡♥❡r❛t❡❞ ✐♥ ❛❞✈❛♥❝❡✳ ❛tt❛❝❦❡r ✇✐t❤ ❁♣❧❛✐♥t①t✱ ❝✐♣❤❡rt①t❃ ❝❛♥ ♦❜t❛✐♥ bi✬s✳

❈❋❇✿ ❈✐♣❤❡r ❋❡❡❞❜❛❝❦ ▼♦❞❡

▲✐❦❡ ❖❋❇ ❡①❝❡♣t t❤❛t ♦✉t♣✉t ci − ✶ ✐s ✉s❡❞ ✐♥st❡❛❞ ♦❢ bi c✵ ✐s ■❱ ci ← mi ⊕ E(key, ci − ✶) ❈❛♥♥♦t ❣❡♥❡r❛t❡ ♦♥❡✲t✐♠❡ ♣❛❞ ✐♥ ❛❞✈❛♥❝❡✳

❈❚❘✿ ❈♦✉♥t❡r ▼♦❞❡

♠♦❞❡s s②♠♠

Counter mode (CTR)

IV c1 c2 c3 c4

⊕

⊕

E E

IV Ciphertext

⊕

E

⊕

E

mi = D(k,IV+i) XOR ci Decrypt?

IV + 1 IV + 2 IV + 3 IV + 4

m1 m2 m4 m3

❈❚❘

♠♦❞❡s s②♠♠

▲✐❦❡ ❖❋❇✱ ❝❛♥ ❡♥❝r②♣t ✐♥ ♣❛r❛❧❧❡❧ ■♥✐t✐❛❧ IV ♠✉st ❜❡ r❛♥❞♦♠ ❉♦♥✬t ✉s❡ IV ❢♦r ♦♥❡ ♠s❣ ❛♥❞ IV + ✶ ❢♦r ❛♥♦t❤❡r ♠s❣

❖✉t❧✐♥❡

♠❛❝ s②♠♠

❖✈❡r✈✐❡✇ ❙②♠♠❡tr✐❝ ❈r②♣t♦ ❇❧♦❝❦ ❈✐♣❤❡r ❊♥❝r②♣t✐♦♥ ▼♦❞❡s ❢♦r ❱❛r✐❛❜❧❡✲s✐③❡ ▼❡ss❛❣❡s ▼❡ss❛❣❡ ❆✉t❤❡♥t✐❝❛t✐♦♥ ❈♦❞❡s ✭▼❆❈s✮ ▼❆❈ ❛♥❞ ❈♦♥✜❞❡♥t✐❛❧✐t② ❆s②♠♠❡tr✐❝ ❈r②♣t♦ ✭❛❦❛ P✉❜❧✐❝✲❑❡② ❈r②♣t♦✮ ■♥tr♦❞✉❝t✐♦♥ ❆ ▲✐tt❧❡ ❇✐t ♦❢ ◆✉♠❜❡r ❚❤❡♦r② ❘❙❆ ❉✐✣❡✲❍❡❧♠❛♥

▼❆❈✿ ▼❡ss❛❣❡ ❆✉t❤❡♥✐❝❛t✐♦♥ ❈♦❞❡

♠❛❝ s②♠♠

❆ ▼❆❈ ❞❡t❡❝ts ❛♥② ❝❤❛♥❣❡ t♦ ❛ ♠s❣

/ / ✐♥t❡❣r✐t②

❙✐❣♥✐♥❣ S✿ msg ✰ key − → tag

/ / s❡♥❞ msg✱ tag

❱❡r✐✜❝❛t✐♦♥ V ✿ msg ✰ tag ✰ key − → YES ♦r NO

YES ✐✛ msg ✇❛s ❡①❛❝t❧② t❤❛t s❡♥t ❜② key ❤♦❧❞❡r

❆ ▼❆❈ ✐s s❡❝✉r❡ ✐❢ ❛♥ ❛tt❛❝❦❡r ✭✇✴♦ key✮ ❝❛♥ ✐ss✉❡ ♠s❣s m✶✱ m✷✱ · · · ❛♥❞ ❣❡t t❤❡✐r t❛❣s t✶✱ t✷✱ · · · ❜✉t st✐❧❧ ❝❛♥♥♦t ♣r♦❞✉❝❡ t❤❡ ✈❛❧✐❞ t❛❣ t ❢♦r ❛♥② ♥❡✇ ♠s❣ m

/ / ❊①✐st❡♥t✐❛❧ ❢♦r❣❡r②

▼❆❈s ❝✉rr❡♥t❧② ✉s❡❞✿ ❊❈❇❈✱ ❙❍❆✱ ❙❍❆✲✸✱ ♦t❤❡rs

▼❆❈s ❢r♦♠ ❇❧♦❝❦ ❈✐♣❤❡rs

▼❆❈s ❢r♦♠ ❇❧♦❝❦ ❈✐♣❤❡rs

♠❛❝ s②♠♠

❊♥❝r②♣t✐♥❣ ♠s❣ ✭❡❣✱ ❈❇❈✱ ❈❋❇✱ ❖❋❇✮ ❞♦❡s ♥♦t ♣r♦✈✐❞❡ ✐♥t❡❣r✐t② ▼♦❞✐✜❡❞ ❝✐♣❤❡rt❡①t st✐❧❧ ❞❡❝r②♣ts t♦ s♦♠❡t❤✐♥❣ ❊♥❝r②♣t❡❞ ❈❇❈ ✭❊❈❇❈✮✿ ②✐❡❧❞s ❛ ▼❆❈ ❢r♦♠ ❛ ❜❧♦❝❦ ❝✐♣❤❡r ❙✐❣♥✐♥❣ S ■♥♣✉t✿ msg✱ key✱ key ′ ❆♣♣❧② ❈❇❈ ♦♥ msg ✉s✐♥❣ key ❛♥❞ ♥♦ IV

/ / IV = ✵

❖♥❧② t❤❡ ❧❛st ❝✐♣❤❡r❜❧♦❝❦✱ s❛② c✱ ✐s ♥❡❡❞❡❞ tag = E(key ′, c) ❱❡r✐❢②✐♥❣ V ■♥♣✉t✿ msg✱ key✱ key ′✱ tag

YES ✐✛ S(msg, key, key ′) ❡q✉❛❧s tag

❊❈❇❈ ✈s ❈❇❈

♠❛❝ s②♠♠

❖✉t♣✉t ♦♥❧② ♦♥❡ ❜❧♦❝❦

/ / ❝♦③ ♥♦t r❡❝♦✈❡r✐♥❣ ♣❧❛✐♥t❡①t

◆❡❡❞ t✇♦ ❦❡②s✱ ♦t❤❡r✇✐s❡ ❛tt❛❝❦❡r ✐ss✉❡s ♠s❣ [m✶, · · · , mn]✱ ❣❡ts t❛❣ t = cn ❝r❡❛t❡s s✐♥❣❧❡✲❜❧♦❝❦ ♠s❣ m′✱ ❣❡ts t❛❣ t′ ❢♦r t ⊕ m′ t′ ✐s ✈❛❧✐❞ t❛❣ ❢♦r m||m′

/ / ✏||✑ ✐s ❝♦♥❝❛t❡♥❛t✐♦♥

❇♦t❤ ❈❇❈ ❛♥❞ ❊❈❇❈ ♠✉st ❜❡ ❝♦♠♣✉t❡❞ s❡q✉❡♥t✐❛❧❧② ❚❤❡r❡ ❛r❡ ❈❚❘✲❧✐❦❡ ▼❆❈s ✇❤✐❝❤ ♣❡r♠✐t ♣❛r❛❧❧❡❧ ❝♦♠♣✉t❛t✐♦♥ ❲♦✉❧❞ ✉s✐♥❣ ♦♥❧② ♦♥❡ ❦❡② ✇✐t❤ ❛ r❛♥❞♦♠ IV ✇♦r❦❄ msg✬s t❛❣ ✐s ❧❛st ❝✐♣❤❡r❜❧♦❝❦ ♦❢ CBC(key, IV ||msg)

▼❆❈s ❢r♦♠ ❍❛s❤ ❋✉♥❝t✐♦♥s

❍❛s❤❡s

♠❛❝ s②♠♠

❍❛s❤ ❢✉♥❝t✐♦♥ H ❛r❜✐tr❛r② ♠❡ss❛❣❡ − → k✲❜✐t ❤❛s❤ ✭♣r❡✲✐♠❛❣❡✮ ✭❞✐❣❡st✮ ♠s❣ s♣❛❝❡ ≫ ❤❛s❤ s♣❛❝❡ ✭= ✷k✮

/ / ♥♦t ✶✲✶

❉♦❡s ♥♦t t❛❦❡ ❛ ❦❡② ❛s ✐♥♣✉t H ✐s ❝r②♣t♦❣r❛♣❤✐❝❛❧❧② s❡❝✉r❡ ✐❢

/ / ✏♦♥❡✲✇❛②✑

Pr❡✲✐♠❛❣❡ r❡s✐st❛♥t✿ ❤❛r❞ t♦ ✜♥❞ m ❣✐✈❡♥ H(m) ❈♦❧❧✐s✐♦♥✲r❡s✐st❛♥t✿ ❤❛r❞ t♦ ✜♥❞ m = m′ s✳t✳ H(m) = H(m′) ■♥ ❢❛❝t✱ ❢♦r ❛♥② m = m′✱ t❤❡ ♣r♦❜❛❜✐❧✐t② t❤❛t H(m) ❛♥❞ H(m′) ❛r❡ ❡q✉❛❧ ❛t ❛♥② ❣✐✈❡♥ ❜✐t ✐♥❞❡① i ✐s ✶/✷

❍♦✇ ❧❛r❣❡ ❢♦r ❝♦❧❧✐s✐♦♥✲r❡s✐st❛♥❝❡

♠❛❝ s②♠♠

❆ss✉♠✐♥❣ H ✐s r❛♥❞♦♠✱ ❤♦✇ ❧❛r❣❡ s❤♦✉❧❞ k ❜❡❄ Pr✭❝♦❧❧✐s✐♦♥ ✐♥ N r❛♥❞♦♠ ♠s❣s m✶, · · · , mN✮ = Pr[H(m✶) = H(m✷) or H(m✶) = H(m✸) or · · · ] ≈ N(N − ✶)/✷ × (✶/✷k) ≈ N✷/✷k Pr s✐❣♥✐✜❝❛♥t ✐❢ N✷ ≈ ✷k✱ ✐❡✱ ✐❢ N ≈

• ✷k

❈❤♦♦s❡ k s♦ t❤❛t s❡❛r❝❤✐♥❣ t❤r♦✉❣❤

• ✷k ♠s❣s ✐s ❤❛r❞

❙♦ k = ✶✷✽ ❛ss✉♠❡s s❡❛r❝❤✐♥❣ t❤r♦✉❣❤ ✷✻✹ ♠s❣s ✐s ❤❛r❞

❙♦♠❡ ❝✉rr❡♥t s❡❝✉r❡ ❤❛s❤ ❢✉♥❝t✐♦♥s

♠❛❝ s②♠♠

▼❉✺ ✭▼❡ss❛❣❡ ❞✐❣❡st ✺✮✿ ✶✷✽✲❜✐t ❞✐❣❡st ❑♥♦✇♥ ❝♦❧❧✐s✐♦♥ ❛tt❛❝❦s✱ st✐❧❧ ❢r❡q✉❡♥t❧② ✉s❡❞ ❙❍❆ ❢❛♠✐❧② ❙❍❆✲✶✿ ✶✻✵✲❜✐t ❤❛s❤

/ / t❤❡♦r❡t✐❝❛❧❧② ❜r♦❦❡♥✱ ❜✉t ✉s❡❞

❙❍❆✲✷✺✻✿ ✷✺✻✲❜✐t ❤❛s❤ ❙❍❆✲✺✶✷ ❡t❝ ❙❍❆✲✸ ✭✷✷✹✱ ✷✺✻✱ ✸✽✺✱ ✺✶✷✮

/ / st❛♥❞❛r❞✐③❡❞ ❆✉❣ ✷✵✶✺

❊①❛♠ ■♥t❡r♥❛❧s ♦❢ ▼❉✹ ✭✶✷✽✲❜✐t ❤❛s❤✮

♠❛❝ s②♠♠

❙t❡♣ ✶✿ P❛❞ msg t♦ ♠✉❧t✐♣❧❡ ♦❢ ✺✶✷ ❜✐ts pmsg ← msg⑤♦♥❡ ✶⑤ p ✵✬s⑤ ✭✻✹✲❜✐t ❡♥❝♦❞♥❣ ♦❢ p✮ /

/ p ✐♥ ✶..✺✶✷

❙t❡♣ ✷✿ Pr♦❝❡ss pmsg ✐♥ ✺✶✷✲❜✐t ❝❤✉♥❦s t♦ ❣❡t ❤❛s❤ md tr❡❛t ✶✷✽✲❜✐t md ❛s ✹ ✇♦r❞s✿ d✵, d✶, d✷, d✸ ✐♥✐t✐❛❧✐③❡ t♦ ✵✶⑤✷✸⑤✳✳✳⑤✽✾⑤❛❜⑤❝❞⑤❡❢⑤❢❡⑤❞❝⑤✳✳✳⑤✶✵ ❋♦r ❡❛❝❤ s✉❝❝❡ss✐✈❡ ✺✶✷✲❜✐t ❝❤✉♥❦ ♦❢ pmsg✿ tr❡❛t ✺✶✷✲❜✐t ❝❤✉♥❦ ❛s ✶✻ ✇♦r❞s✿ m✵, m✶, · · · , m✶✺ e✵..e✸ ← d✵..d✸

/ / s❛✈❡ ❢♦r ❧❛t❡r

♣❛ss ✶ ✉s✐♥❣ ♠❛♥❣❧❡r H✶ ❛♥❞ ♣❡r♠✉t❛t✐♦♥ J

/ / ❢♦r i = ✵, ..., ✶✺✿

dJ(i) ← H✶(i, d✵, d✶, d✷, d✸, mi) ♣❛ss ✷✿ s❛♠❡ ❜✉t ✇✐t❤ ♠❛♥❣❧❡r H✷ ♣❛ss ✸✿ s❛♠❡ ❜✉t ✇✐t❤ ♠❛♥❣❧❡r H✸ d✵..d✸ ← d✵..d✸ ⊕ e✵..e✸ md ← d✵..d✸

▼❆❈s ❢r♦♠ ❤❛s❤ ❢✉♥❝t✐♦♥s

♠❛❝ s②♠♠

▼❆❈ ♦❢ ❛ msg ✐s ❛ ❤❛s❤ ♦❢ s♦♠❡ ❝♦♠❜✐♥❛t✐♦♥ ♦❢ msg ❛♥❞ key MAC(msg) = H(key, msg) ❇✉t ♥❡❡❞ t♦ ❜❡ ❝❛r❡❢✉❧ ✐♥ ❤♦✇ key ❛♥❞ msg ❛r❡ ❝♦♠❜✐♥❡❞ ■♥ ♣❛rt✐❝✉❧❛r✱ key||msg ✐s ♥♦t ❣♦♦❞

/ / ✏||✑ ✐s ❝♦♥❝❛t❡♥❛t✐♦♥

❚❤✐s ✐s ❜❡❝❛✉s❡ ✉s✉❛❧❧② H( m✶ || m✷ ) ✐s H( H(m✶) || m✷ )

• ✐✈❡♥ ❛ ♠s❣ m✶ ❛♥❞ H( key || m✶ )✱ ❛tt❛❝❦❡r ❝❛♥ ❣❡t

H(key || m✶ || m✷) ❜② ❞♦✐♥❣ H( H(key, m✶) || m✷ )

❍▼❆❈✿ ❍❛s❤✲▼❆❈

♠❛❝ s②♠♠

❍▼❆❈✿ st❛♥❞❛r❞ ✇❛② t♦ ❣❡t ▼❆❈s ❢r♦♠ ❍❛s❤❡s ❍▼❆❈ t❛❦❡s ❛♥② ❤❛s❤ ❢✉♥❝t✐♦♥ H ❛♥❞ ❛♥② s✐③❡ key HMAC(key, msg, H) = H( (key ′ ⊕ opad ) || H( (key ′ ⊕ ipad ) || msg) ) key ′ ← key ♣❛❞❞❡❞ ✇✐t❤ ✵✬s t♦ H✬s ✐♥♣✉t ❜❧♦❝❦ s✐③❡ ✐❢ key s✐③❡ > H✬s ❜❧♦❝❦ s✐③❡✱ ✜rst ❤❛s❤ key

• pad = 0x5c5c...5c ♦❢ H✬s ❜❧♦❝❦ s✐③❡

/ / ♦✉t❡r ♣❛❞❞✐♥❣

ipad = 0x3636...36 ♦❢ H✬s ❜❧♦❝❦ s✐③❡

/ / ✐♥♥❡r ♣❛❞❞✐♥❣

❆s✐❞❡✿ ❑❡②❡❞✲❤❛s❤ ≡ ❇❧♦❝❦ ❈✐♣❤❡r

♠❛❝ s②♠♠

❊♥❝r②♣t✐♦♥✿ m✶, m✷, · · · − → c✵, c✶, c✷, · · ·

• ❡♥❡r❛t❡ ♣❛❞✿ bi ← H(key, bi − ✶) ✇❤❡r❡ B✵ ✐s IV

ci ← bi ⊕ mi s❡♥❞ IV , c✶, c✷, · · · ❉❡❝r②♣t✐♦♥ ✐❞❡♥t✐❝❛❧

❖✉t❧✐♥❡

♠❛❝ ✰ ❡♥❝r②♣t s②♠♠

❖✈❡r✈✐❡✇ ❙②♠♠❡tr✐❝ ❈r②♣t♦ ❇❧♦❝❦ ❈✐♣❤❡r ❊♥❝r②♣t✐♦♥ ▼♦❞❡s ❢♦r ❱❛r✐❛❜❧❡✲s✐③❡ ▼❡ss❛❣❡s ▼❡ss❛❣❡ ❆✉t❤❡♥t✐❝❛t✐♦♥ ❈♦❞❡s ✭▼❆❈s✮ ▼❆❈ ❛♥❞ ❈♦♥✜❞❡♥t✐❛❧✐t② ❆s②♠♠❡tr✐❝ ❈r②♣t♦ ✭❛❦❛ P✉❜❧✐❝✲❑❡② ❈r②♣t♦✮ ■♥tr♦❞✉❝t✐♦♥ ❆ ▲✐tt❧❡ ❇✐t ♦❢ ◆✉♠❜❡r ❚❤❡♦r② ❘❙❆ ❉✐✣❡✲❍❡❧♠❛♥

■♥t❡❣r✐t② ❛♥❞ ❝♦♥✜❞❡♥t✐❛❧✐t②

♠❛❝ ✰ ❡♥❝r②♣t s②♠♠

❊♥❝r②♣t ⑤⑤ ▼❆❈✿ s❡♥❞ E(msg) || MAC(msg) MAC(msg) ♠❛② r❡✈❡❛❧ s♦♠❡t❤✐♥❣ ❛❜♦✉t msg ❉♦ ♥♦t ✉s❡ ▼❆❈ t❤❡♥ ❊♥❝r②♣t✿ s❡♥❞ E(msg || MAC(msg)) ❈❛♥ ❜❡ ✐♥s❡❝✉r❡ ❢♦r s♦♠❡ E ❛♥❞ MAC ❝♦♠❜✐♥❛t✐♦♥s ❉♦ ♥♦t ✉s❡ ❊♥❝r②♣t t❤❡♥ ▼❆❈✿ s❡♥❞ E(msg) || MAC(E(msg)) MAC ♠❛② r❡✈❡❛❧ s♦♠❡t❤✐♥❣ ♦❢ ❝✐♣❤❡rt❡①t✱ ❜✉t t❤❛t✬s ♦❦ ❯s❡ t❤✐s

❖✉t❧✐♥❡

❛s②♠♠

❖✈❡r✈✐❡✇ ❙②♠♠❡tr✐❝ ❈r②♣t♦ ❇❧♦❝❦ ❈✐♣❤❡r ❊♥❝r②♣t✐♦♥ ▼♦❞❡s ❢♦r ❱❛r✐❛❜❧❡✲s✐③❡ ▼❡ss❛❣❡s ▼❡ss❛❣❡ ❆✉t❤❡♥t✐❝❛t✐♦♥ ❈♦❞❡s ✭▼❆❈s✮ ▼❆❈ ❛♥❞ ❈♦♥✜❞❡♥t✐❛❧✐t② ❆s②♠♠❡tr✐❝ ❈r②♣t♦ ✭❛❦❛ P✉❜❧✐❝✲❑❡② ❈r②♣t♦✮ ■♥tr♦❞✉❝t✐♦♥ ❆ ▲✐tt❧❡ ❇✐t ♦❢ ◆✉♠❜❡r ❚❤❡♦r② ❘❙❆ ❉✐✣❡✲❍❡❧♠❛♥

❖✉t❧✐♥❡

✐♥tr♦ ❛s②♠♠

❖✈❡r✈✐❡✇ ❙②♠♠❡tr✐❝ ❈r②♣t♦ ❇❧♦❝❦ ❈✐♣❤❡r ❊♥❝r②♣t✐♦♥ ▼♦❞❡s ❢♦r ❱❛r✐❛❜❧❡✲s✐③❡ ▼❡ss❛❣❡s ▼❡ss❛❣❡ ❆✉t❤❡♥t✐❝❛t✐♦♥ ❈♦❞❡s ✭▼❆❈s✮ ▼❆❈ ❛♥❞ ❈♦♥✜❞❡♥t✐❛❧✐t② ❆s②♠♠❡tr✐❝ ❈r②♣t♦ ✭❛❦❛ P✉❜❧✐❝✲❑❡② ❈r②♣t♦✮ ■♥tr♦❞✉❝t✐♦♥ ❆ ▲✐tt❧❡ ❇✐t ♦❢ ◆✉♠❜❡r ❚❤❡♦r② ❘❙❆ ❉✐✣❡✲❍❡❧♠❛♥

❆s②♠♠❡tr✐❝ ❈r②♣t♦✿ ❊♥❝r②♣t✐♦♥

✐♥tr♦ ❛s②♠♠

❑❡② ❣❡♥❡r❛t✐♦♥ ■♥♣✉t✿ s♦✉r❝❡ ♦❢ r❛♥❞♦♠♥❡ss ❛♥❞ ♠❛① ❦❡② ❧❡♥❣t❤ L ❖✉t♣✉t✿ ♣❛✐r ♦❢ ❦❡②s✱ ❡❛❝❤ ♦❢ s✐③❡ ≤ L pk✿ ✏♣✉❜❧✐❝✑ ❦❡②

/ / ♣✉❜❧✐❝❧② ❞✐s❝❧♦s❡❞

sk✿ ✏s❡❝r❡t ✭❛❦❛ ✏♣r✐✈❛t❡✑✮ ❦❡②

/ / s❤❛r❡❞ ✇✐t❤ ♥♦ ♦♥❡

❊♥❝r②♣t✐♦♥ EP(pk, m)

/ / ❡①❡❝✉t❡❞ ❜② ♣✉❜❧✐❝

■♥♣✉t✿ ♣✉❜❧✐❝ ❦❡② pk❀ ♠s❣ m ✭s✐③❡ ≤ L✮ ❆❞❞ r❛♥❞♦♠ ♣❛❞ t♦ m

/ / P❑❈❙✱ ❖❆❊P

❖✉t♣✉t✿ ❝✐♣❤❡rt❡①t c ✭s✐③❡ ≤ L✮ ❉❡❝r②♣t✐♦♥ DP(sk, c)

/ / ❡①❡❝✉t❡❞ ❜② sk ♦✇♥❡r

■♥♣✉t✿ s❡❝r❡t ❦❡② sk❀ ❝✐♣❤❡rt❡①t c ✭s✐③❡ ≤ L✮ ❖✉t♣✉t✿ ♦r✐❣✐♥❛❧ ♠s❣ m

❆s②♠♠❡tr✐❝ ❈r②♣t♦✿ ❊♥❝r②♣t✐♦♥

✐♥tr♦ ❛s②♠♠

❑❡② ♣❛✐r [pk, sk] ❈♦rr❡❝t♥❡ss DP(sk, EP(pk, m)) = m ❙❡❝✉r✐t② EP(pk, m) ❛♣♣❡❛rs r❛♥❞♦♠

/ / ♦♥❡✲✇❛②

❈❛♥ ♦♥❧② ❜❡ ❞❡❝r②♣t❡❞ ✇✐t❤ sk

/ / tr❛♣❞♦♦r

❍❛r❞ t♦ ❣❡t sk ❢r♦♠ pk ❍②❜r✐❞ ❡♥❝r②♣t✐♦♥ ❢♦r ❛r❜✐tr❛r②✲s✐③❡ ♠s❣ m ❣❡♥❡r❛t❡ s②♠♠❡tr✐❝ ❦❡② k s②♠♠❡tr✐❝ ❡♥❝r②♣t m✿ cm = E(k, m) ♣✉❜❧✐❝✲❦❡② ❡♥❝r②♣t k✿ ck = EP(pk, k) s❡♥❞ [cm, ck]

❆s②♠♠❡tr✐❝ ❈r②♣t♦✿ ❙✐❣♥❛t✉r❡s

✐♥tr♦ ❛s②♠♠

❑❡② ❣❡♥❡r❛t✐♦♥✿ ♣✉❜❧✐❝ ❦❡② pk✱ s❡❝r❡t ❦❡② sk

/ / ❛s ❜❡❢♦r❡

❙✐❣♥✐♥❣ Sgn(sk, m)

/ / ❡①❡❝✉t❡❞ ❜② sk ♦✇♥❡r

■♥♣✉t✿ s❡❝r❡t ❦❡② sk❀ ♠s❣ m ✭s✐③❡ ≤ L✮ ❖✉t♣✉t✿ s✐❣♥❛t✉r❡ s ✭s✐③❡ ≤ L✮ ❱❡r✐✜❝❛t✐♦♥ ❢✉♥❝t✐♦♥ Vfy(pk, m, s)

/ / ❡①❡❝✉t❡❞ ❜② ♣✉❜❧✐❝

■♥♣✉t✿ ♣✉❜❧✐❝ ❦❡② pk❀ ♠s❣ m✱ s✐❣♥❛t✉r❡ s ❖✉t♣✉t✿ YES ✐✛ s ✐s ❛ ✈❛❧✐❞ s✐❣♥❛t✉r❡ ♦❢ m ✉s✐♥❣ sk ❈♦rr❡❝t♥❡ss✿ Vfy(pk, m, Sgn(sk, m)) = YES ❙❡❝✉r✐t②✿ ❊✈❡♥ ✇✐t❤ pk ❛♥❞ ♠❛♥② [msg, sgn] ❡①❛♠♣❧❡s✱ ❝❛♥♥♦t ♣r♦❞✉❝❡ ❡①✐st❡♥t✐❛❧ ❢♦r❣❡r②

❆s②♠♠❡tr✐❝ ❈r②♣t♦ ❊①❛♠♣❧❡s

✐♥tr♦ ❛s②♠♠

❘❙❆✱ ❊❈❈✿ ❡♥❝r②♣t✐♦♥ ❛♥❞ s✐❣♥❛t✉r❡s ❊❧●❛♠❛❧✱ ❉❙❙✿ s✐❣♥❛t✉r❡s ❉✐✣❡✲❍❡❧❧♠❛♥✿ ❡st❛❜❧✐s❤♠❡♥t ♦❢ ❛ s❤❛r❡❞ s❡❝r❡t

❖✉t❧✐♥❡

t❤❡♦r② ❛s②♠♠

❖✈❡r✈✐❡✇ ❙②♠♠❡tr✐❝ ❈r②♣t♦ ❇❧♦❝❦ ❈✐♣❤❡r ❊♥❝r②♣t✐♦♥ ▼♦❞❡s ❢♦r ❱❛r✐❛❜❧❡✲s✐③❡ ▼❡ss❛❣❡s ▼❡ss❛❣❡ ❆✉t❤❡♥t✐❝❛t✐♦♥ ❈♦❞❡s ✭▼❆❈s✮ ▼❆❈ ❛♥❞ ❈♦♥✜❞❡♥t✐❛❧✐t② ❆s②♠♠❡tr✐❝ ❈r②♣t♦ ✭❛❦❛ P✉❜❧✐❝✲❑❡② ❈r②♣t♦✮ ■♥tr♦❞✉❝t✐♦♥ ❆ ▲✐tt❧❡ ❇✐t ♦❢ ◆✉♠❜❡r ❚❤❡♦r② ❘❙❆ ❉✐✣❡✲❍❡❧♠❛♥

❉❡✲♠②st✐❢②✐♥❣ ❛s②♠♠❡tr✐❝ ❝r②♣t♦

t❤❡♦r② ❛s②♠♠

❆s②♠♠❡tr✐❝ ❝r②♣t♦ ✐s ❜❛s❡❞ ♦♥ ♠♦❞✉❧♦✲n ❛r✐t❤♠❡t✐❝ ■t s❡❡♠s ♠❛❣✐❝❛❧✳ ❜✉t ✐t ❝❛♥ ❜❡ ❞❡✲♠②st✐✜❡❞ ✇✐t❤ ❛ ❜✐t ♦❢ ❡✛♦rt ❲❤❛t ❢♦❧❧♦✇s ✐s ❜r✐❡❢ ❧♦♦❦ ❛t s♦♠❡ ♥✉♠❜❡r t❤❡♦r② Pr✐♠❡ ♥✉♠❜❡rs ▼♦❞✉❧♦✲n ❛❞❞✐t✐♦♥✱ ♠✉❧t✐♣❧✐❝❛t✐♦♥ ❛♥❞ ❡①♣♦♥❡♥t✐❛t✐♦♥ ❊✉❧❡r✬s t♦t✐❡♥t ❢✉♥❝t✐♦♥ ❛♥❞ ❛ t❤❡♦r❡♠

Pr✐♠❡ ♥✉♠❜❡rs

t❤❡♦r② ❛s②♠♠

■♥t❡❣❡r p ✐s ♣r✐♠❡ ✐✛ ✐t ✐s ❡①❛❝t❧② ❞✐✈✐s✐❜❧❡ ♦♥❧② ❜② ✐ts❡❧❢ ❛♥❞ 1✳ gcd(p, q)✿ ❣r❡❛t❡st ❝♦♠♠♦♥ ❞❡♥♦♠✐♥❛t♦r ♦❢ ✐♥t❡❣❡rs p ❛♥❞ q ▲❛r❣❡st ✐♥t❡❣❡r t❤❛t ❞✐✈✐❞❡s ❜♦t❤ ❡①❛❝t❧②✳ p ❛♥❞ q ❛r❡ r❡❧❛t✐✈❡❧② ♣r✐♠❡ ✐✛ gcd(p, q) = ✶ ■♥✜♥✐t❡❧② ♠❛♥② ♣r✐♠❡s✱ ❜✉t t❤❡② t❤✐♥ ♦✉t ❛s ♥✉♠❜❡rs ❣❡t ❧❛r❣❡r ✷✺ ♣r✐♠❡s ❧❡ss t❤❛♥ ✶✵✵ Pr❬r❛♥❞♦♠ ✶✵✲❞✐❣✐t ♥✉♠❜❡r ✐s ❛ ♣r✐♠❡❪ ≈ ✶/✷✸ Pr❬ r❛♥❞♦♠ ✶✵✵✲❞✐❣✐t ♥✉♠❜❡r ✐s ❛ ♣r✐♠❡❪ ≈ ✶/✷✸✵ Pr❬r❛♥❞♦♠ k✲❞✐❣✐t ♥✉♠❜❡r ✐s ❛ ♣r✐♠❡❪ ≈ ✶/(k· ❧♥ ✶✵)

▼♦❞✉❧♦✲♥ ♦♣❡r❛t♦r

t❤❡♦r② ❛s②♠♠

Zn = {✵, ✶, · · · , n − ✶} ▼♦❞✉❧♦✲n✿ ✐♥t❡❣❡rs − → Zn

/ / ✐♥❝❧✉❞❡s ♥❡❣❛t✐✈❡ ✐♥t❡❣❡rs

x ♠♦❞✲n ❢♦r ❛♥② ✐♥t❡❣❡r x = y ✐♥ Zn st x = y + k·n ❢♦r s♦♠❡ ✐♥t❡❣❡r k = ♥♦♥✲♥❡❣❛t✐✈❡ r❡♠❛✐♥❞❡r ♦❢ x/n ❊①❛♠♣❧❡s ✸ ♠♦❞✲✶✵ = ✸

/ / ✸ = ✸ + ✵·✶✵

✷✸ ♠♦❞✲✶✵ = ✸

/ / ✷✸ = ✸ + ✷·✶✵

−✷✼ ♠♦❞✲✶✵ = ✸

/ / −✷✼ = ✸ + (−✸)·✶✵

◆♦t❡✿ ♠♦❞✲n ♦❢ ♥❡❣❛t✐✈❡ ♥✉♠❜❡r ✐s ♥♦♥✲♥❡❣❛t✐✈❡

▼♦❞✉❧♦✲n ❛❞❞✐t✐♦♥

t❤❡♦r② ❛s②♠♠

(a + b) ♠♦❞✲n ❢♦r ❛♥② ✐♥t❡❣❡rs a ❛♥❞ b ❊①❛♠♣❧❡s (✸ + ✼) ♠♦❞✲✶✵ = ✶✵ ♠♦❞✲✶✵ = ✵ (✸ − ✼) ♠♦❞✲✶✵ = − ✹ ♠♦❞✲✶✵ = ✻ ❆❞❞✐t✐✈❡✲✐♥✈❡rs❡✲♠♦❞✲n ♦❢ x

/ / ❛❦❛

−x ♠♦❞✲n y st (x + y) ♠♦❞✲n = ✵

/ / st✿ s✉❝❤ t❤❛t

❡①✐sts ❢♦r ❡✈❡r② x ❡❛s✐❧② ❝♦♠♣✉t❡❞✿ (n − x) ♠♦❞✲n

▼♦❞✉❧♦✲n ♠✉❧t✐♣❧✐❝❛t✐♦♥

t❤❡♦r② ❛s②♠♠

(a·b) ♠♦❞✲n ❢♦r ❛♥② ✐♥t❡❣❡rs a ❛♥❞ b ❊①❛♠♣❧❡s (✸·✼) ♠♦❞✲✶✵ = ✷✶ ♠♦❞✲✶✵ = ✶

/ / ✏·✑ ✐s ♠✉❧t✐♣❧✐❝❛t✐♦♥

✽·(−✼) ♠♦❞✲✶✵ = − ✺✻ ♠♦❞✲✶✵ = ✹ ▼✉❧t✐♣❧✐❝❛t✐✈❡✲✐♥✈❡rs❡✲♠♦❞✲n ♦❢ x

/ / ❛❦❛

x−✶ ♠♦❞✲n y st (x·y) ♠♦❞✲n = ✶ ❡①✐sts ✐✛ gcd(x, n) = ✶

/ / x r❡❧❛t✐✈❡❧② ♣r✐♠❡ t♦ n

❊❛s✐❧② ❝♦♠♣✉t❡❞ ❜② ❊✉❝❧✐❞✬s ❛❧❣♦r✐t❤♠

/ / ❊①❛♠

Euclid(x, n) r❡t✉r♥s u✱ v st gcd(x, n) = u·x + v·n ✐❢ gcd(x, n) = ✶✿ u = x−✶ ♠♦❞✲n ❛♥❞ v = n−✶ ♠♦❞✲x

▼♦❞✉❧♦✲n ❡①♣♦♥❡♥t✐❛t✐♦♥

t❤❡♦r② ❛s②♠♠

(ab) ♠♦❞✲n ❢♦r ❛♥② ✐♥t❡❣❡r a ❛♥❞ ✐♥t❡❣❡r b > ✵ ❊①❛♠♣❧❡s ✸✷ ♠♦❞✲✶✵ = ✾ ✸✸ ♠♦❞✲✶✵ = ✷✼ ♠♦❞✲✶✵ = ✼ (−✸)✸ ♠♦❞✲✶✵ = − ✷✼ ♠♦❞✲✶✵ = ✸ ❊①♣♦♥❡♥t✐❛t✐✈❡✲✐♥✈❡rs❡✲♠♦❞✲n ♦❢ x y st (xy) ♠♦❞✲n = ✶ ❡①✐sts ✐✛ gcd(x, n) = ✶ ❡❛s✐❧② ❝♦♠♣✉t❡❞ ❣✐✈❡♥ ♣r✐♠❡ ❢❛❝t♦rs ♦❢ n

/ / ♦♥❧② ✇❛② ❦♥♦✇♥

❊✉❧❡r✬s ❚♦t✐❡♥t ❋✉♥❝t✐♦♥

t❤❡♦r② ❛s②♠♠

Zn

∗ = {x ✐♥ Zn, gcd(x, n) = ✶}

/ / Z ∗

✶✵ = {✶, ✸, ✼, ✾}

φ(n)✿ ♥✉♠❜❡r ♦❢ ❡❧❡♠❡♥ts ✐♥ Zn

∗

/ / φ(✶✵) = ✹

❊✉❧❡r✬s ❚♦t✐❡♥t ❋✉♥❝t✐♦♥

/ / ❊①❛♠

φ(n) =          n − ✶ ✐❢ n ♣r✐♠❡ φ(p) · φ(q) ✐❢ n = p · q ❛♥❞ gcd(p, q) = ✶ (p − ✶)·pa − ✶ ✐❢ n = pa, p ♣r✐♠❡✱ a > ✵ φ(p✶a✶) · · · φ(pKaK) ✐❢ n = p✶a✶ · · · pKaK ■❢ p✱ q ❞✐st✐♥❝t ♣r✐♠❡s✿ φ(p · q) = (p − ✶) · (q − ✶)

❊✉❧❡r✬s ❚❤❡♦r❡♠

t❤❡♦r② ❛s②♠♠

❊✉❧❡r✬s ❚❤❡♦r❡♠✿ ■❢ n = p · q ❢♦r ❞✐st✐♥❝t ♣r✐♠❡s p ❛♥❞ q✱ t❤❡♥ a(k·φ(n) + ✶) ♠♦❞✲n = a ♠♦❞✲n ❢♦r ❛♥② a ❛♥❞ k > ✵

❖✉t❧✐♥❡

❘❙❆ ❛s②♠♠

❖✈❡r✈✐❡✇ ❙②♠♠❡tr✐❝ ❈r②♣t♦ ❇❧♦❝❦ ❈✐♣❤❡r ❊♥❝r②♣t✐♦♥ ▼♦❞❡s ❢♦r ❱❛r✐❛❜❧❡✲s✐③❡ ▼❡ss❛❣❡s ▼❡ss❛❣❡ ❆✉t❤❡♥t✐❝❛t✐♦♥ ❈♦❞❡s ✭▼❆❈s✮ ▼❆❈ ❛♥❞ ❈♦♥✜❞❡♥t✐❛❧✐t② ❆s②♠♠❡tr✐❝ ❈r②♣t♦ ✭❛❦❛ P✉❜❧✐❝✲❑❡② ❈r②♣t♦✮ ■♥tr♦❞✉❝t✐♦♥ ❆ ▲✐tt❧❡ ❇✐t ♦❢ ◆✉♠❜❡r ❚❤❡♦r② ❘❙❆ ❉✐✣❡✲❍❡❧♠❛♥

❘❙❆

❘❙❆ ❛s②♠♠

❘❙❆✿ ❘✐✈❡st✱ ❙❤❛♠✐r✱ ❆❞❧❡♠❛♥ ❑❡② s✐③❡ ✈❛r✐❛❜❧❡ ❛♥❞ ♠✉❝❤ ❧♦♥❣❡r t❤❛♥ s❡❝r❡t ❦❡②s ❛t ❧❡❛st ✶✵✷✹ ❜✐ts ✭✷✺✵ ❞❡❝✐♠❛❧ ❞✐❣✐ts✮ ❉❛t❛ ❜❧♦❝❦ s✐③❡ ✐s ✈❛r✐❛❜❧❡ ❜✉t s♠❛❧❧❡r t❤❛♥ ❦❡② s✐③❡ ❈✐♣❤❡rt❡①t ❜❧♦❝❦ ✐s s❛♠❡ s✐③❡ ❛s ❦❡② s✐③❡✳ ❖r❞❡rs s❧♦✇❡r t❤❛♥ s②♠♠❡tr✐❝ ❝r②♣t♦ ❛❧❣♦r✐t❤♠s ✭❡❣✱ ❆❊❙✮ ❙♦ ✉s❡ ❤②❜r✐❞ ❡♥❝r②♣t✐♦♥ ❢♦r ❧❛r❣❡ ♠❡ss❛❣❡s

❘❙❆✿ ●❡♥❡r❛t✐♥❣ ❬♣✉❜❧✐❝ ❦❡②✱ ♣r✐✈❛t❡ ❦❡②❪ ♣❛✐r

❘❙❆ ❛s②♠♠

❈❤♦♦s❡ t✇♦ ❧❛r❣❡ ♣r✐♠❡s✱ p ❛♥❞ q

/ / ❦❡❡♣ p ❛♥❞ q s❡❝r❡t

▲❡t n = p·q ❈❤♦♦s❡ e r❡❧❛t✐✈❡❧② ♣r✐♠❡ t♦ φ(n)

/ / φ(n) = (p − ✶)·(q − ✶)

P✉❜❧✐❝ ❦❡② ❂ [e, n]

/ / ♠❛❦❡ t❤✐s ♣✉❜❧✐❝

▲❡t d = ♠✉❧t✲✐♥✈❡rs❡✲♠♦❞✲φ(n) ♦❢ e

/ / e·d ♠♦❞✲φ(n) = ✶

Pr✐✈❛t❡ ❦❡② ❂ [d, n]

/ / ❦❡❡♣ d s❡❝r❡t

❘❙❆✿ ❊♥❝r②♣t✐♦♥ ❛♥❞ ❉❡❝r②♣t✐♦♥

❘❙❆ ❛s②♠♠

❊♥❝r②♣t✐♦♥ ♦❢ ♠❡ss❛❣❡ msg ✉s✐♥❣ ♣✉❜❧✐❝ ❦❡② m ← ❛❞❞ r❛♥❞♦♠ ♣❛❞ t♦ msg

/ / P❑❈❙✱ ❖❆❙P

❝✐♣❤❡rt❡①t c ← me ♠♦❞✲n ◆♦t❡✿ P❑❈❙ ❛♥❞ ❖❆❙P ❛r❡ ♣❛❞❞✐♥❣ st❛♥❞❛r❞s m ♠✉st ❜❡ ❧❡ss t❤❛♥ n ❉❡❝r②♣t✐♦♥ ♦❢ ❝✐♣❤❡rt❡①t c ✉s✐♥❣ ♣r✐✈❛t❡ ❦❡② ♣❧❛✐♥t❡①t m ← cd ♠♦❞✲n

/ / ❝♦③ me·d ♠♦❞✲n = m

msg ← r❡♠♦✈❡ ♣❛❞ ❢r♦♠ m

❲❤② ✐s m e·d ❡q✉❛❧ t♦ m ( ♠♦❞✲n)

❘❙❆ ❛s②♠♠

me·d ♠♦❞✲n = m✶+k·φ(n) ♠♦❞✲n ❢♦r s♦♠❡ k

/ / e·d ♠♦❞✲φ(n) = ✶

= m ♠♦❞✲n

/ / ❊✉❧❡r✬s t❤❡♦r❡♠

= m

/ / m ✐♥ Zn

❘❙❆✿ ❙✐❣♥✐♥❣ ❛♥❞ ❱❡r✐❢②✐♥❣

❘❙❆ ❛s②♠♠

❙✐❣♥✐♥❣ ♠❡ss❛❣❡ msg ✉s✐♥❣ ♣r✐✈❛t❡ ❦❡② m ← ❛❞❞ ♣❛❞ t♦ msg

/ / P❑❈❙

s✐❣♥❛t✉r❡ s ← md ♠♦❞✲n ❱❡r✐❢②✐♥❣ s✐❣♥❛t✉r❡ s ✉s✐♥❣ ♣✉❜❧✐❝ ❦❡② m ← se ♠♦❞✲n

/ / ❝♦③ me·d ♠♦❞✲n = m

❨❊❙ ✐✛ m ❡q✉❛❧s msg ✇✐t❤ ♣❛❞

❲❤② ❘❙❆ ✐s ❜❡❧✐❡✈❡❞ t♦ ❜❡ s❡❝✉r❡

❘❙❆ ❛s②♠♠

❖♥❧② ❦♥♦✇♥ ✇❛② t♦ ♦❜t❛✐♥ m ❢r♦♠ x = me ♠♦❞✲n ✐s ❜② xd ♠♦❞✲n ✇❤❡r❡ d = e−✶ ♠♦❞✲φ(n) ❖♥❧② ❦♥♦✇♥ ✇❛② t♦ ♦❜t❛✐♥ φ(n) ✐s ✇✐t❤ p ❛♥❞ q ❋❛❝t♦r✐♥❣ ♥✉♠❜❡r ✐s ❜❡❧✐❡✈❡❞ t♦ ❜❡ ❤❛r❞✱ s♦ ❤❛r❞ t♦ ♦❜t❛✐♥ p ❛♥❞ q ❣✐✈❡♥ n ❇❡st ❝✉rr❡♥t ❛❧❣♦r✐t❤♠s✿ ❡①♣(n.len✶/✸) ❈✉rr❡♥t❧② n.len ♦❢ ✶✵✷✹ ❢♦r ❖❑ s❡❝✉r✐t② ❯s❡ n.len ♦❢ ✷✵✹✽ t♦ ❜❡ s✉r❡ ❉❡❝❛❞❡✿ n.len ♦❢ ✸✵✼✷ t♦ ❜❡ s✉r❡

❘❙❆ r❡q✉✐r❡s ❡✣❝✐❡♥t ♠♦❞✉❧♦ ❡①♣♦♥❡♥t❛t✐♦♥

❘❙❆ ❛s②♠♠

❘❙❆ ♦♣❡r❛t✐♦♥s ✭❡♥❝r②♣t✱ ❞❡❝r②♣t✱ ❡t❝✮ r❡q✉✐r❡ ❝♦♠♣✉t✐♥❣ me ♠♦❞✲n ❢♦r ❧❛r❣❡ ✭❡❣✱ ✷✵✵✲❞✐❣✐t✮ ♥✉♠❜❡rs m✱ e✱ n ❙✐♠♣❧❡ ❛♣♣r♦❛❝❤ ✐s ♥♦t ❢❡❛s✐❜❧❡ ▼✉❧t✐♣❧② m ✇✐t❤ ✐ts❡❧❢✱ t❛❦❡ ♠♦❞ n❀ r❡♣❡❛t e t✐♠❡s✳ e ♠✉❧t✐♣❧✐❝❛t✐♦♥s ❛♥❞ ❞✐✈✐s✐♦♥s ♦❢ ❧❛r❣❡ ♥✉♠❜❡rs✳ ▼✉❝❤ ❜❡tt❡r✿ ❊①♣❧♦✐t m✷x = mx·mx ❛♥❞ m✷x + ✶ = m✷x · m ❧♦❣ e ♠✉❧t✐♣❧✐❝❛t✐♦♥s ❛♥❞ ❞✐✈✐s✐♦♥s

❊①❛♠ ▼♦❞✉❧♦❴❊①♣♦♥❡♥t✐❛t✐♦♥✭m, e, n✮

❘❙❆ ❛s②♠♠

(x✵, x✶, · · · , xk) ← e ✐♥ ❜✐♥❛r②

/ / x✵ = ✶

✐♥✐t✐❛❧❧② y ← m❀ j ← ✵

/ / y = mx✵

✇❤✐❧❡ j < k

/ / ❧♦♦♣ ✐♥✈❛r✐❛♥t✿ y = m(x✵, · · · , xj) ♠♦❞✲n

y ← y · y ♠♦❞✲n❀

/ / y = m(x✵, · · · , xj, ✵) ♠♦❞✲n

✐❢ xj + ✶ = ✶ y ← y · m ♠♦❞✲n

/ / y = m(x✵, · · · , xj, ✶) ♠♦❞✲n

j ← j + ✶

/ / y = m(x✵, · · · , xj) ♠♦❞✲n / / y = me ♠♦❞✲n

❊①❛♠ ❊①❛♠♣❧❡✿ ✶✷✸✺✹ ♠♦❞✲✻✼✽

❘❙❆ ❛s②♠♠

✺✹ ✐♥ ❜✐♥❛r② ✐s (✶✶✵✶✶✶✵)✷ ✶✷✸(✶) ♠♦❞✲✻✼✽ = ✶✷✸ ✶✷✸(✶✵) ♠♦❞✲✻✼✽ = ✶✷✸·✶✷✸ ♠♦❞✲✻✼✽ = ✶✺✶✷✾ ♠♦❞✲✻✼✽ = ✷✶✸ ✶✷✸(✶✶) ♠♦❞✲✻✼✽ = ✷✶✸·✶✷✸ ♠♦❞✲✻✼✽ = ✷✻✶✾✾ ♠♦❞✲✻✼✽ = ✹✸✺ ✶✷✸(✶✶✵) ♠♦❞✲✻✼✽ = ✹✸✺·✹✸✺ ♠♦❞✲✻✼✽ = ✶✽✽✾✷✷✺ ♠♦❞✲✻✼✽ = ✻✸ ✶✷✸(✶✶✵✵) ♠♦❞✲✻✼✽ = ✻✸·✻✸ ♠♦❞✲✻✼✽ = ✸✾✻✾ ♠♦❞✲✻✼✽ = ✺✼✾ ✶✷✸(✶✶✵✶) ♠♦❞✲✻✼✽ = ✺✼✾·✶✷✸ ♠♦❞✲✻✼✽ = ✼✶✷✶✼ ♠♦❞✲✻✼✽ = ✷✼ ✶✷✸(✶✶✵✶✵) ♠♦❞✲✻✼✽ = ✷✼·✷✼ ♠♦❞✲✻✼✽ = ✼✷✾ ♠♦❞✲✻✼✽ = ✺✶ ✶✷✸(✶✶✵✶✶) ♠♦❞✲✻✼✽ = ✺✶·✶✷✸ ♠♦❞✲✻✼✽ = ✻✷✼✸ ♠♦❞✲✻✼✽ = ✶✼✶ ✶✷✸(✶✶✵✶✶✵) ♠♦❞✲✻✼✽ = ✶✼✶·✶✼✶ ♠♦❞✲✻✼✽ = ✷✾✷✹✶ ♠♦❞✲✻✼✽ = ✽✼

❘❙❆ ❦❡② ❣❡♥❡r❛t✐♦♥ ✐s ✈❡r② ❡①♣❡♥s✐✈❡

❘❙❆ ❛s②♠♠

❚❤❡r❡ ❛r❡ t✇♦ ♣❛rts t♦ ❘❙❆ ❦❡② ❣❡♥❡r❛t✐♦♥ ❋✐♥❞✐♥❣ ❜✐❣ ♣r✐♠❡s p ❛♥❞ q ❋✐♥❞✐♥❣ e r❡❧❛t✐✈❡❧② ♣r✐♠❡ t♦ φ(p·q)

/ / = (p − ✶)·(q − ✶)

◆♦t❡✿ ❣✐✈❡♥ e✱ ❡❛s② t♦ ♦❜t❛✐♥ d = e−✶ ♠♦❞✲φ(n)

❋✐♥❞✐♥❣ ❛ ❜✐❣ ♣r✐♠❡ n

❘❙❆ ❛s②♠♠

❈❤♦♦s❡ r❛♥❞♦♠ n ❛♥❞ t❡st ❢♦r ♣r✐♠❡✳ ■❢ ♥♦t ♣r✐♠❡✱ r❡tr②✳ ◆♦ ♣r❛❝t✐❝❛❧ ❞❡t❡r♠✐♥✐st✐❝ t❡st✳ ❙✐♠♣❧❡ ♣r♦❜❛❜✐❧✐st✐❝ t❡st

• ❡♥❡r❛t❡ r❛♥❞♦♠ n ❛♥❞ r❛♥❞♦♠ a ✐♥ ✶..n

P❛ss ✐❢ an−✶ ♠♦❞✲n = ✶

/ / ❝♦♥✈❡rs❡ t♦ ❊✉❧❡r✬s t❤❡♦r❡♠

Pr♦❜ ❢❛✐❧✉r❡ ✐s ❧♦✇

/ / ≈ ✶✵−✶✸ ❢♦r ✶✵✵✲❞✐❣✐t n

❈❛♥ ✐♠♣r♦✈❡ ❜② tr②✐♥❣ ❞✐✛❡r❡♥t a✬s✳ ❇✉t ❈❛r♠✐❝❤❛❡❧ ♥✉♠❜❡rs✿ ✺✻✶, ✶✶✵✺, ✶✼✷✾, ✷✹✻✺, ✷✽✷✶, ✻✻✵✶, · · · ▼✐❧❧❡r✲❘❛❜✐♥ ♣r♦❜❛❜✐❧✐st✐❝ t❡st ❇❡tt❡r ❛♥❞ ❤❛♥❞❧❡s ❈❛r♠✐❝❤❛❡❧ ♥✉♠❜❡rs

❋✐♥❞✐♥❣ e r❡❧❛t✐✈❡❧② ♣r✐♠❡ t♦ p · q

❘❙❆ ❛s②♠♠

❆♣♣r♦❛❝❤ ✶ ❈❤♦♦s❡ r❛♥❞♦♠ ♣r✐♠❡s p ❛♥❞ q ❛s ❞❡s❝r✐❜❡❞ ❛❜♦✈❡ ❈❤♦♦s❡ e ❛t r❛♥❞♦♠ ✉♥t✐❧ e r❡❧❛t✐✈❡❧② ♣r✐♠❡ t♦ φ(p.q) ❆♣♣r♦❛❝❤ ✷ ❋✐① e st me ❡❛s② t♦ ❝♦♠♣✉t❡ ✭✐✳❡✳✱ ❢❡✇ ✶✬s ✐♥ ❜✐♥❛r②✮ ❈❤♦♦s❡ r❛♥❞♦♠ ♣r✐♠❡s p ❛♥❞ q st e r❡❧❛t✐✈❡❧② ♣r✐♠❡ t♦ φ(p.q) ❈♦♠♠♦♥ ❝❤♦✐❝❡s e = ✷✶ + ✶ = ✸

/ / m✸ r❡q✉✐r❡s ✷ ♠✉❧t✐♣❧✐❝❛t✐♦♥s

e = ✷✶✻ + ✶ = ✻✺✺✸✼

/ / me r❡q✉✐r❡s ✶✼ ♠✉❧t✐♣❧✐❝❛t✐♦♥s

P❑❈❙✿ P✉❜❧✐❝ ❑❡② ❈r②♣t♦❣r❛♣❤② ❙t❛♥❞❛r❞

❘❙❆ ❛s②♠♠

P❑❈❙ ★✶ ✈✶✳✺ ❉❡✜♥❡s ♣❛❞❞✐♥❣ ♦❢ ♠s❣ ❜❡✐♥❣ ❡♥❝r②♣t❡❞✴s✐❣♥❡❞ ✐♥ ❘❙❆ P❛❞❞❡❞ ♠s❣ ✐s ✶✵✷✹ ❜✐ts ❊♥❝r②♣t✐♦♥ ✭✜❡❧❞s ❛r❡ ♦❝t❡ts✮ ✵ ✷ ≥ ❡✐❣❤t r❛♥❞♦♠ ♥♦♥✲③❡r♦ ♦❝t❡ts ✵ ❞❛t❛ ❙✐❣♥✐♥❣ ✭✜❡❧❞s ❛r❡ ♦❝t❡ts✮ ✵ ✶ ≥ ❡✐❣❤t ✾F✶✻ ♦❝t❡ts ✵ ❞✐❣❡st t②♣❡ ❛♥❞ ❞✐❣❡st

❖✉t❧✐♥❡

❉❍ ❛s②♠♠

❖✈❡r✈✐❡✇ ❙②♠♠❡tr✐❝ ❈r②♣t♦ ❇❧♦❝❦ ❈✐♣❤❡r ❊♥❝r②♣t✐♦♥ ▼♦❞❡s ❢♦r ❱❛r✐❛❜❧❡✲s✐③❡ ▼❡ss❛❣❡s ▼❡ss❛❣❡ ❆✉t❤❡♥t✐❝❛t✐♦♥ ❈♦❞❡s ✭▼❆❈s✮ ▼❆❈ ❛♥❞ ❈♦♥✜❞❡♥t✐❛❧✐t② ❆s②♠♠❡tr✐❝ ❈r②♣t♦ ✭❛❦❛ P✉❜❧✐❝✲❑❡② ❈r②♣t♦✮ ■♥tr♦❞✉❝t✐♦♥ ❆ ▲✐tt❧❡ ❇✐t ♦❢ ◆✉♠❜❡r ❚❤❡♦r② ❘❙❆ ❉✐✣❡✲❍❡❧♠❛♥

❉❍✿ ❉✐✣❡✲❍❡❧♠❛♥

❉❍ ❛s②♠♠

❊st❛❜❧✐s❤❡s ❛ ❦❡② ♦✈❡r ♦♣❡♥ ❝❤❛♥♥❡❧ ✇✐t❤♦✉t ❛ ♣r❡✲s❤❛r❡❞ s❡❝r❡t ■♥♣✉ts ✭♣✉❜❧✐❝✮✿ ♣r✐♠❡ p ❛♥❞ ❣❡♥❡r❛t♦r g ❢♦r p ✶ < g < p st gi ♠♦❞✲p r❛♥❣❡s ♦✈❡r ✶, · · · , p − ✶ Pr♦t♦❝♦❧ ❆❧✐❝❡ ❇♦❜ ❝❤♦♦s❡ r❛♥❞♦♠ x A ← gx ♠♦❞✲p s❡♥❞ A ❝❤♦♦s❡ r❛♥❞♦♠ y B ← gy ♠♦❞✲p s❡♥❞ B K ← A y ♠♦❞✲p K ← B x ♠♦❞✲p ❆❧✐❝❡✳K = ❇♦❜✳K = gx · y ♠♦❞✲p

/ / s❤❛r❡❞ ❦❡②

❲❤② ✐s ❉❍ s❡❝✉r❡

❉❍ ❛s②♠♠

❍❛r❞ t♦ ❣❡t gx·y ♠♦❞✲p ❢r♦♠ p✱ g✱ gx ❛♥❞ gy ▼✉❧t✐♣❧②✐♥❣ gx ❛♥❞ gy ②✐❡❧❞s gx+y

/ / ♥♦t ✉s❡❢✉❧

❍❛r❞ t♦ ❣❡t x ❢r♦♠ gx ♠♦❞✲p

/ / ❉✐s❝r❡t❡✲❧♦❣ ♣r♦❜❧❡♠

❍❛r❞ t♦ ❣❡t y ❢r♦♠ gy ♠♦❞✲p

❉❍ ❞♦❡s ♥♦t ❛✉t❤❡♥t✐❝❛t❡

❉❍ ❛s②♠♠

❉❍ ❛❧❧♦✇s t✇♦ ♣r✐♥❝✐♣❛❧s ✇❤♦ s❤❛r❡ ♥♦t❤✐♥❣ t♦ ❡st❛❜❧✐s❤ ❛ s❤❛r❡❞ s❡❝r❡t ♦✈❡r ❛♥ ✐♥s❡❝✉r❡ ❝❤❛♥♥❡❧ ❉❍ ❞♦❡s ♥♦t ❛✉t❤❡♥t✐❝❛t❡ t❤❡ ♣r✐♥❝✐♣❛❧s t♦ ❡❛❝❤ ♦t❤❡r ❆❧✐❝❡ ♠❛② ❜❡ t❛❧❦✐♥❣ t♦ ❚r❡♥t ❝❧❛✐♠✐♥❣ t♦ ❜❡ ❇♦❜ ❋♦r ❛✉t❤❡♥t✐❝❛t✐♦♥✱ ♣r✐♥❝✐♣❛❧s ♠✉st ❛❧r❡❛❞② s❤❛r❡ s♦♠❡t❤✐♥❣✱ ❡❣✿ ❆❧✐❝❡ ❛♥❞ ❇♦❜ s❤❛r❡ ❛ s❡❝r❡t s②♠♠❡tr✐❝ ❦❡② ❆❧✐❝❡ ❛♥❞ ❇♦❜ ❡❛❝❤ ❤❛✈❡ t❤❡ ♦t❤❡r✬s ♣✉❜❧✐❝ ❦❡② ❆❧✐❝❡ ❛♥❞ ❇♦❜ ❡❛❝❤ s❤❛r❡ ❛ ❦❡② ✇✐t❤ ❛ tr✉st❡❞ t❤✐r❞ ♣❛rt② ✐t ❣❡♥❡r❛t❡s ❛ ♥❡✇ ❦❡② ❛♥❞ s❡♥❞s ✐t s❡❝✉r❡❧② t♦ ❆❧✐❝❡ ❛♥❞ ❇♦❜ ✐t s❡❝✉r❡❧② s❡♥❞s t❤❡ ♣✉❜❧✐❝ ❦❡②s ♦❢ ❆❧✐❝❡ ❛♥❞ ❇♦❜ t♦ t❤❡ ♦t❤❡r

❆✉t❤❡♥t✐❝❛t❡❞ ❉❍ ✉s✐♥❣ ♣r❡✲s❤❛r❡❞ ❦❡②s

❉❍ ❛s②♠♠

❉❍ t❤❛t ✐♥❝♦r♣♦r❛t❡s ❛ ♣r❡✲s❤❛r❡❞ ❦❡② t♦ ♣r♦✈✐❞❡ ❛✉t❤❡♥t✐❝❛t✐♦♥ ❙✉♣♣♦s❡ ❆❧✐❝❡ ❛♥❞ ❇♦❜ s❤❛r❡ ❛ s❡❝r❡t s②♠♠❡tr✐❝✲❝r②♣t♦ ❦❡② k ❈❛♥ ❞♦ ❛✉t❤❡♥t✐❝❛t❡❞ ❉❍ ❜② ✉s✐♥❣ k t♦ ❡♥❝r②♣t t❤❡ ❉❍ ♠s❣s ❆❧✐❝❡ s❡♥❞s E(k, gx ♠♦❞✲p) ❇♦❜ s❡♥❞s E(k, gy ♠♦❞✲p) ■❢ ♣r✐♥❝✐♣❛❧s ❛r❡ ❆❧✐❝❡ ❛♥❞ ❇♦❜✿ ❣❡t s❤❛r❡❞ ❦❡② ✭gx·y ♠♦❞✲p✮ ❖t❤❡r✇✐s❡ t❤❡ ♣r✐♥❝✐♣❛❧s ✇♦✉❧❞ ♥♦t ❛❝❤✐❡✈❡ ❛ s❤❛r❡❞ ❦❡②✱ s♦ ♦❦ ❈❛♥ ❞♦ s✐♠✐❧❛r ❛✉t❤❡♥t✐❝❛t❡❞ ❉❍ ✐❢ ❆❧✐❝❡ ❛♥❞ ❇♦❜ ❤❛✈❡ ❡❛❝❤ ♦t❤❡r✬s ♣✉❜❧✐❝ ❦❡②

❲❤② ❞♦ ❉❍ ❣✐✈❡♥ ♣r❡✲s❤❛r❡❞ s❡❝r❡t

❉❍ ❛s②♠♠

■❢ ❆❧✐❝❡ ❛♥❞ ❇♦❜ s❤❛r❡ ❛ s❡❝r❡t ❦❡② k✱ t❤❡② ❝❛♥ ❛❝❤✐❡✈❡ s❡❝✉r❡ ❝♦♠♠✉♥✐❝❛t✐♦♥ s✐♠♣❧② ❜② ❡♥❝r②♣t✐♥❣ ♠s❣s ✇✐t❤ k ❲❤❛t ✐s ❣❛✐♥❡❞ ❜② ✉s✐♥❣ k t♦ ❞♦ ❛✉t❤❡♥t✐❝❛t❡❞ ❉❍ ❚❤❡ ❉❍ ❦❡② ✇♦✉❧❞ ❜❡ str♦♥❣ ✇❤❡r❡❛s k ♠❛② ❜❡ ✇❡❛❦ ✭❡❣✱ ♦❜t❛✐♥❡❞ ❢r♦♠ ❛ ♣❛ss✇♦r❞✮ P❡r❢❡❝t✲❢♦r✇❛r❞ s❡❝r❡❝②✿ ■❢ t❤❡② ❢♦r❣❡t t❤❡✐r ❉❍ ♣r✐✈❛t❡ ❦❡②s ❛❢t❡r t❤❡✐r s❡ss✐♦♥✱ t❤❡♥ t❤❡ s❡ss✐♦♥ ❞❛t❛ r❡♠❛✐♥s s❡❝✉r❡ ❡✈❡♥ ✐❢ k ✐s ❧❛t❡r ❡①♣♦s❡❞