Professional Documents
Culture Documents
Encinas2006 Chapter MapleImplementationOfTheChor-R PDF
Encinas2006 Chapter MapleImplementationOfTheChor-R PDF
Cryptosystem
1 Introduction
V.N. Alexandrov et al. (Eds.): ICCS 2006, Part II, LNCS 3992, pp. 438–445, 2006.
c Springer-Verlag Berlin Heidelberg 2006
Maple Implementation of the Chor-Rivest Cryptosystem 439
1. Let q be a prime and let h ≤ q be an integer so that the DLP can be efficiently
solved in the finite field GF (q h ). This property is crucial because the user has
to compute discrete logarithms in GF (q h ) to determine his keys. It is known
that the DLP can be efficiently solved if the order of the multiplicative
group considered, GF(q h )∗ , factorizes as a product of small prime factors
([8]). The running time of Pohlig-Hellman algorithm is proportional to the
largest prime factor of the order of the group.
2. A random element T ∈ GF (q h ) is chosen such that T is algebraic of degree
h over GF (q), by considering GF (q h ) ≈ GF (q)[T ]/(f (T )), where f (T ) is a
random irreducible monic polynomial of degree h in GF (q)[T ]. Note that
the elements in GF (q h ) are polynomials of degree ≤ h − 1 with coefficients
in GF (q), and the operations are done modulo q and f (T ).
3. Pick a generator g of the group GF (q h )∗ . To determine such generator, one
can choose a random element g ∈ GF (q h )∗ until it verifies g (q −1)/s = 1 for
h
2.2 Encryption
The sender encrypts the binary message M = (m0 , m1 , . . . , mq−1 ), mi ∈ {0, 1},
i = 0, . . . , q − 1 as follows:
q−1
E= mi · ci (mod(q h − 1)).
i=0
2.3 Decryption
In this section we present the Maple procedures and commands needed to encrypt
and decrypt messages by using the Chor-Rivest system, with real parameters.
In the encryption process, the sender, S, restarts Maple and loads some pro-
cedures and the public key of the receiver.
>restart: with(StringTools): read "C:/CASA2006/ProcsMessT.mpl":
read "C:/CASA2006/Parameters.crc": read "C:/CASA2006/PublicKey.puk":
S writes down the text of his message, computes the length and the number
of blocks of the message, transforms and divides the message into blocks of the
same length, and transforms it in blocks of length q and weight h.
>Text:="Computer Algebra Systems and Their Applications, CASA’2006";
>ltext:=nops(Explode(Text)); lengt:=floor(log[2](binomial(q,h)));
lblock := floor(lengt/8); lmess:=lblock*ceil(ltext/lblock);
nblocks:=lmess/lblock; mascii:=map(Ord,Explode(Text)):
for i from 1 to lmess do
if (i<=ltext) then masciic[i]:=mascii[i]: else masciic[i]:=0: end if:
end do:
>for i from 1 to nblocks do
mess256[i]:=(convert([seq(masciic[j],j=(i-1)*lblock+1..i*lblock)],
base,256,10)):
messblock[i]:=sum(mess256[i][’j’]*10^(’j’-1),’j’=1..nops(mess256[i])):
M[i]:=Transformation(messblock[i],q,h):
end do:
Finally, S encrypts the message and saves it in a file to be sent to R.
>for i from 1 to nblocks do
E[i] := sum(M[i][’j’]*PublicKey[’j’],’j’=1..q) mod ((q^h)-1):
end do:
EncryptedMessage:=[seq(E[j],j=1..nblocks)]:
save EncryptedMessage, "C:/CASA2006/EncryptedMessage.mes":
The encrypted message corresponding to the original one is:
{10855811452733482391430481217627249373290172810833537037,
3202585566164216102458406919307132366444257340079736316,
11323380025066712989876028216475460861617165984770898397,
211917943989265378754649813365968072528466655688931543,
5620567254380493400571633868218080569011665365895027971}.
To recover the original message, the receiver restarts Maple and loads some
Maple procedures, the parameters of the system, his private key, and the en-
crypted message.
>restart: with(StringTools): with(numtheory):
read "C:/CASA2006/Parameters.crc": read "C:/CASA2006/PrivateKey.prk":
read "C:/CASA2006/EncryptedMessage.mes":
read "C:/CASA2006/ProcsMessT.mpl":
Then, R computes the polynomials of degree h over GF (q h ), Qi (T ), and
determines the roots of f (T ) + Qi (T ), by factoring those polynomials. In the
example, some partial results are:
444 L. Hernández Encinas, J. Muñoz Masqué, and A. Queiruga Dios
4 Conclusions
We have presented a Maple implementation of the Chor-Rivest cryptosystem
over finite fields by using commands and procedures. The main problems in this
implementation are to determine discrete logarithms over a finite field GF (q h ),
where q ≈ 200 and h ≈ 25, and to use the arithmetic in these finite fields.
References
1. B. Chor, Two issues in public key cryptography. RSA bit security and a new knap-
sack type system, The MIT Press, Cambridge, MS, 1985.
2. B. Chor and R.L. Rivest, A knapsack-type public key cryptosystem based on arit-
methic in finite fields, IEEE Trans. Inform. Theory 34, 5 (1988), 901–909.
3. T.M. Cover, Enumerative source encoding, IEEE Trans. Inform. Theory 19 (1973),
73–77.
4. W. Diffie and M. E. Hellman, New directions in Cryptography, IEEE Trans. In-
form. Theory 22 (1976), 644–654.
5. T. ElGamal, A public-key cryptosystem and a signature scheme based on discrete
logarithm, IEEE Trans. Inform. Theory 31 (1985), 469–472.
6. A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of applied cryptography,
CRC Press, Boca Raton, FL, 1997.
7. R.A. Mollin, An introduction to cryptography, Chapman & Hall/CRC, Boca Raton,
FL, 2001.
8. R.C. Pohlig and M.E. Hellman, An improved algorithm for computing logarithms
over GF (p) and its cryptographic significance, IEEE Trans. Inform. Theory 24
(1978), 106–110.
9. R.L. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures
and public-key cryptosystems, Commun. ACM 21 (1978), 120–126.
10. A. Shamir, A polynomial-time algorithm for breaking the basic Merkle-Hellman
cryptosystem, IEEE Trans. Inform. Theory 30, 5 (1984), 699–704.
11. O. Schirokauer, D. Weber and T. Denny, Discrete logarithms: the effectiveness
of the index calculus method, Algorithmic Number Theory, LNCS 1122 (1996),
337–361, Springer-Verlag, Berlin.
12. S. Vaudenay, Cryptanalysis of the Chor-Rivest cryptosystem, J. Cryptology 14
(2001), 87-100.