Number Theory in Public Key Cryptography

Meijer, Alko R.

doi:10.1007/978-3-319-30396-3_10

Alko R. Meijer⁵

Part of the book series: Springer Undergraduate Texts in Mathematics and Technology ((SUMAT))

2504 Accesses

Abstract

We have already dealt with two of the most important applications of number theory, namely the difficulty of factoring as used in the RSA public key system, and the difficulty of the discrete logarithm problem in Diffie–Hellman key establishment and ElGamal encryption. It is worthwhile recalling that until as recently as 1976, when Diffie and Hellman’s famous paper appeared, it was generally thought to be impossible to encrypt a message from Alice to Bob, if Alice and Bob had not previously obtained a secret key. Until then number theory was seen as the “Queen of Mathematics”, which is how Gauss described it, and as one would like a queen to be, this could (somewhat rudely) be construed as meaning “beautiful, but of no practical value”.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

eBook: USD 19.99; Price excludes VAT (USA)

Softcover Book: USD 29.99; Price excludes VAT (USA)

Hardcover Book: USD 39.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Shamir, A.: How to share a secret Comm. ACM 22 (1979), pp. 612–613.
2.
Note that we are only dealing with a group homomorphism. We are not concerned with ring properties here.
3.
You thought we weren’t getting anywhere, didn’t you?!
4.
“Residuosity” must be one of the ugliest words in the English language, but this author declines all responsibility for creating it.
5.
This is the technical term used, but it may easily be misinterpreted: the scheme itself is not proved to be secure. What is proved is only that the difficulty of breaking the scheme is the same as the difficulty of some well known mathematical problem, which, with advancing knowledge, may turn out not to be all that difficult after all!
This terminology has its critics, see for example the paper by N. Koblitz and A. Menezes, Another look at “provable security,” J. Cryptology 20 (2007), pp. 3–37 and the reactions it provoked. You may also find interesting the paper by Neal Koblitz: The uneasy relationship between mathematics and cryptography, Notices of the Amer. Math. Soc., 54 (2007), pp. 972–979 and the reactions in the letters to the editor of the AMS notices.
6.
Classical RSA, as should be evident, did not satisfy this requirement. An encryption system may be defined as semantically secure if, given the encryption of one of two messages m ₀ and m ₁, chosen by the adversary, he/she cannot determine (with a probability of success different from \(\frac{1} {2}\)) which plaintext was encrypted. In the asymmetric case, semantic security clearly implies probabilistic (since the adversary can find the encryption of any non-randomised message), but the converse is not true in general.
For example, using the notation of Sect. 4.4.1 for ElGamal encryption and \(\mathbb{Z}_{p}^{{\ast}}\) as our group, the encryption of a message m is the pair < c ₁, c ₂ > where c ₁ = g ^k and c ₂ = my _A ^k. Using our knowledge of the Legendre symbol, and the fact that g cannot be a square, since it is a generator of the group, we see that \((\frac{g} {p}) = -1\). This gives us the parity of the randomly selected k, as we can easily find \(\frac{c_{1}} {p}\). We also compute \((\frac{c_{2}} {p} )\). But then we can find the parity of \(\frac{m} {p}\), so, given a ciphertext, we can determine which of m ₀ and m ₁ was encrypted if these are a quadratic residue and non-residue respectively. Thus ElGamal encryption in this simple form is, although probabilistic, not semantically secure.
7.
And presumably goes back to the lawyer who was handling the divorce. It must be noted here that Alice and Bob, known as the first couple of Cryptology, appear to have gotten together later, since there are numerous later protocols in which they happily communicate.
8.
The loser gets custody of the teenage children.
9.
A spy has two secrets that he is willing to sell to us. But, as we suspect him of being a double agent, we don’t want him to know what matter we are really interested in.
10.
This seems silly, but we are only showing what can be done in principle.
11.
Some previously agreed upon padding is probably required, and if Alice is using RSA, she must have sent the public key to Bob in step 1, and encrypt under the private key.
12.
The same is obviously true for the Modified Rabin generator of Exercise 5 in Sect. 10.6.

Author information

Authors and Affiliations

Tokai, Cape Town, South Africa
Alko R. Meijer

Authors

Alko R. Meijer
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Meijer, A.R. (2016). Number Theory in Public Key Cryptography. In: Algebra for Cryptologists. Springer Undergraduate Texts in Mathematics and Technology. Springer, Cham. https://doi.org/10.1007/978-3-319-30396-3_10

Download citation

DOI: https://doi.org/10.1007/978-3-319-30396-3_10
Published: 02 September 2016
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-30395-6
Online ISBN: 978-3-319-30396-3
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)

Publish with us

Policies and ethics