Misplaced Pages

CEILIDH

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Cryptosystem This article is about the cryptosystem. For traditional Scottish and Irish social gathering, see Cèilidh.

CEILIDH is a public key cryptosystem based on the discrete logarithm problem in algebraic torus. This idea was first introduced by Alice Silverberg and Karl Rubin in 2003; Silverberg named CEILIDH after her cat. The main advantage of the system is the reduced size of the keys for the same security over basic schemes.

Algorithms

Parameters

  • Let q {\displaystyle q} be a prime power.
  • An integer n {\displaystyle n} is chosen such that :
    • The torus T n {\displaystyle T_{n}} has an explicit rational parametrization.
    • Φ n ( q ) {\displaystyle \Phi _{n}(q)} is divisible by a big prime l {\displaystyle l} where Φ n {\displaystyle \Phi _{n}} is the n t h {\displaystyle n^{th}} Cyclotomic polynomial.
  • Let m = ϕ ( n ) {\displaystyle m=\phi (n)} where ϕ {\displaystyle \phi } is the Euler function.
  • Let ρ : T n ( F q ) F q m {\displaystyle \rho :T_{n}(\mathbb {F} _{q})\rightarrow {\mathbb {F} _{q}}^{m}} a birational map and its inverse ψ {\displaystyle \psi } .
  • Choose α T n {\displaystyle \alpha \in T_{n}} of order l {\displaystyle l} and let g = ρ ( α ) {\displaystyle g=\rho (\alpha )} .

Key agreement scheme

This Scheme is based on the Diffie-Hellman key agreement.

  • Alice chooses a random number a   ( mod Φ n ( q ) ) {\displaystyle a\ {\pmod {\Phi _{n}(q)}}} .
  • She computes P A = ρ ( ψ ( g ) a ) F q m {\displaystyle P_{A}=\rho (\psi (g)^{a})\in \mathbb {F} _{q}^{m}} and sends it to Bob.
  • Bob chooses a random number b   ( mod Φ n ( q ) ) {\displaystyle b\ {\pmod {\Phi _{n}(q)}}} .
  • He computes P B = ρ ( ψ ( g ) b ) F q m {\displaystyle P_{B}=\rho (\psi (g)^{b})\in \mathbb {F} _{q}^{m}} and sends it to Alice.
  • Alice computes ρ ( ψ ( P B ) ) a ) F q m {\displaystyle \rho (\psi (P_{B}))^{a})\in \mathbb {F} _{q}^{m}}
  • Bob computes ρ ( ψ ( P A ) ) b ) F q m {\displaystyle \rho (\psi (P_{A}))^{b})\in \mathbb {F} _{q}^{m}}

ψ ρ {\displaystyle \psi \circ \rho } is the identity, thus we have : ρ ( ψ ( P B ) ) a ) = ρ ( ψ ( P A ) ) b ) = ρ ( ψ ( g ) a b ) {\displaystyle \rho (\psi (P_{B}))^{a})=\rho (\psi (P_{A}))^{b})=\rho (\psi (g)^{ab})} which is the shared secret of Alice and Bob.

Encryption scheme

This scheme is based on the ElGamal encryption.

  • Key Generation
    • Alice chooses a random number a   ( mod Φ n ( q ) ) {\displaystyle a\ {\pmod {\Phi _{n}(q)}}} as her private key.
    • The resulting public key is P A = ρ ( ψ ( g ) a ) F q m {\displaystyle P_{A}=\rho (\psi (g)^{a})\in \mathbb {F} _{q}^{m}} .
  • Encryption
    • The message M {\displaystyle M} is an element of F q m {\displaystyle \mathbb {F} _{q}^{m}} .
    • Bob chooses a random integer k {\displaystyle k} in the range 1 k l 1 {\displaystyle 1\leq k\leq l-1} .
    • Bob computes γ = ρ ( ψ ( g ) k ) F q m {\displaystyle \gamma =\rho (\psi (g)^{k})\in \mathbb {F} _{q}^{m}} and δ = ρ ( ψ ( M ) ψ ( P A ) k ) F q m {\displaystyle \delta =\rho (\psi (M)\psi (P_{A})^{k})\in \mathbb {F} _{q}^{m}} .
    • Bob sends the ciphertext ( γ , δ ) {\displaystyle (\gamma ,\delta )} to Alice.
  • Decryption
    • Alice computes M = ρ ( ψ ( δ ) ψ ( γ ) a ) {\displaystyle M=\rho (\psi (\delta )\psi (\gamma )^{-a})} .

Security

The CEILIDH scheme is based on the ElGamal scheme and thus has similar security properties.

If the computational Diffie-Hellman assumption holds the underlying cyclic group G {\displaystyle G} , then the encryption function is one-way. If the decisional Diffie-Hellman assumption (DDH) holds in G {\displaystyle G} , then CEILIDH achieves semantic security. Semantic security is not implied by the computational Diffie-Hellman assumption alone. See decisional Diffie-Hellman assumption for a discussion of groups where the assumption is believed to hold.

CEILIDH encryption is unconditionally malleable, and therefore is not secure under chosen ciphertext attack. For example, given an encryption ( c 1 , c 2 ) {\displaystyle (c_{1},c_{2})} of some (possibly unknown) message m {\displaystyle m} , one can easily construct a valid encryption ( c 1 , 2 c 2 ) {\displaystyle (c_{1},2c_{2})} of the message 2 m {\displaystyle 2m} .

References

  1. Silverberg, Alice (November 2006). "Alice in NUMB3Rland" (PDF). Focus. Mathematical Association of America. Retrieved 12 July 2018.
  2. Kirsch, Rachel (December 2010). "Cryptography: How to Keep a Secret". Mathematical Association of America. Retrieved 12 July 2018.
  3. ^ "El-gamal Encryption Scheme". CRYPTUTOR. Archived from the original on 2009-04-21. Retrieved 2009-04-21.
  4. Abdalla, M.; Bellare, M.; Rogaway, P. (September 1998). "DHIES: An encryption scheme based on the Diffie-Hellman Problem (Appendix A)" (PDF).
  • Rubin, K.; Silverberg, A. (2003). "Torus-Based Cryptography". In Boneh, D. (ed.). Advances in Cryptology - CRYPTO 2003. Lecture Notes in Computer Science. Vol. 2729. Springer, Berlin, Heidelberg. pp. 349–365. doi:10.1007/978-3-540-45146-4_21. ISBN 9783540406747.

External links

Public-key cryptography
Algorithms
Integer factorization
Discrete logarithm
Lattice/SVP/CVP/LWE/SIS
Others
Theory
Standardization
Topics
Cryptography
General
Mathematics
Categories: