Abstract
The preceding chapter offered a brief glimpse at the origins of public-key cryptography, which was born with the purpose of enabling secure communication between two parties that do not have to share a common secret key. Public-key cryptography started with the realization that it should be possible to design encryption schemes in which it is computationally infeasible to find the decryption algorithm from the encryption one. This, in turn, entails that the same key cannot be used for both encryption and decryption as happens in private-key cryptography, and leads to each user having two keys: a public key which is used for encryption and a private key which is used for decryption. This chapter is devoted to the study of these public-key encryption schemes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A random oracle is an ideal hash function which, on each new input query, will pick uniformly at random some response from its output domain and will always return the same response if asked the same query again.
- 2.
More precisely, the family of functions indexed by the pairs \((n,e)\) generated by Algorithm 8.3.1 and with trapdoor information given by the corresponding private keys is thought to be a family of trapdoor permutations.
- 3.
Alternatively, once we have shown that \(e^{\prime }d_1\equiv 1\;({\text{ mod}}\;{\phi (n)})\), the proof of Proposition 8.1 goes through to show that \(\text{ RSA}_{(n,d_1)}\) is the inverse of \(\text{ RSA}_{(n,e^{\prime })}\) on \(\mathbb Z _n^*\).
- 4.
An alternative term, often preferred by number theorists, is residuacity.
- 5.
Once again, we see the difference between encoding and encrypting: \(\text{ SAEP}^+\) encodes messages into a specific format and \(\mathrm{{Rabin \text{-}SAEP}}^+\) encrypts them.
- 6.
We used this argument to prove the perfect secrecy of the one-time pad, which is obtained from this construction by taking \(G\) equal to the group of binary strings of length \(n\) with the Xor operation.
- 7.
If the group \(G\) is generated by each user by calling \(\mathbf{{Gen}}_{ {G}}\) from the key generation algorithm, then such a specification—for example, the parameters \(p\), \(q\) which describe the group in case \(G = \mathcal{{QR}}_p\) and \(p = 2q+1\)—should be included in both the public and the private key.
- 8.
Recall from the definition of Legendre symbol and from Proposition 2.14 that if \(n = pq\) is the product of two distinct odd primes, then an element \(x\in \mathbb Z _n^*\) is a quadratic residue modulo \(n\) if and only if \(\left(\frac{x}{p}\right) = 1\) and \(\left(\frac{x}{q}\right) = 1\) which, in particular, implies that \(\left(\frac{x}{n}\right) = 1\).
- 9.
This will certainly be the case in any practical situation since, for the scheme to be secure, \(n\) should be hard to factor and hence \(t\) will be much smaller than \(n\).
- 10.
A scheme for distributing a secret among several parties, each of whom is allocated a share of the secret, which can be reconstructed only when a sufficient number of shares are combined together.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Gómez Pardo, J.L. (2013). Public-Key Encryption. In: Introduction to Cryptography with Maple. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32166-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-32166-5_8
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32165-8
Online ISBN: 978-3-642-32166-5
eBook Packages: Computer ScienceComputer Science (R0)