CC BY
55
МАТЕМАТИКА
Вестн. Ом. ун-та. 2016. № 2. С. 14-15.
UDK 512.4 V.A. Roman'kov
AN IMPROVEMENT OF THE RABIN CRYPTOSYSTEM
Основной целью статьи является улучшение криптографической системы Рабина, делающее ее определенной. В оригинальной версии при расшифровании требуется дополнительно определять, какой из четырех возможных исходных текстов был зашифрован. Предлагаемая версия исключает указанный недостаток.
Ключевые слова: криптографическая система Рабина, шифрование с открытым ключом, модулярное кольцо, квадратичный вычет, теорема Лагранжа о четырех квадратах.
1. Introduction
The Rabin cryptosystem is an asymmetric cryptographic technique, whose security, like that of RSA, is related to the difficulty of factorization. It has the disadvantage that each output of the Rabin function can be generated by any of four possible inputs; if each output is a ciphertext, extra complexity is required on decryption to identify which of the four possible inputs was the true plaintext.
We introduce a new variant of the Rabin cryptosystem. Now each output of the Rabin function can be generated by only one input. In fact, we don't use some extra tools, we just restrict space of messages and apply the Lagrange's four square theorem to represent any message.
2. Preliminaries
Quadratic Residues
Let p be an odd prime. An integer ais called a quadratic residue mod pif there exists x such that x2 = a (mod p). We denote the set of all quadraticresidues module pby Qp. We can use Euler's criterion to determine a e Qpor not (see [1]).
Let n = pq, where p and q are distinct prime numbers. Let Zn be the modular ring with module n. Let Z* be the multiplicative group of Zn. Its order is given by the Euler function 9(n) = (p - 1)(q - 1). We denote the set of all invertible quadratic residues module n by Qn. Obviously, Qn is subgroup of Z*n.
Any element f e Z* belongs to Qn if and only if f e Qp and f e Qq. Hence one can effectively determine f e Qn or not if he knows p and q.
The Quadratic residuosity problem - given an element f e determine if f e Qn with unknown p and q, is one of the most known decision problems in number theory and cryptography. This problem is considered by many authors as intractable. Many of cryptographic schemes are based on this intractability. The famous Rabin cryptosystem is one of them.
Rabin cryptosystem
The Rabin cryptosystem (see [2]) is a public key system based on the factorization difficulty of n = pq, where pand qare large and distinct primes. The module n is its public key, and primes pand qare its private keys. We assume that p = 4k + 3, and q = 4l + 3 for some positive integers k and l, respectively. This assumption guarantees the quadratic map v : Qn ^ Qn, v(x) = x2, is bijective.
In the Rabin cryptosystem, to encrypt m e Zn the sender (Alice) computesits square mod n: c = m2 (mod n).To decrypt the ciphertextc, the receiver (Bob)computes its square roots in Zn using pand qas follows. First, he computes cp such that c2 = c (mod p), andthen he computes cq such that c2 = c (mod q).Second, using the Chinese Remainder Theorem, the four roots are computed:
Vc = {c1,c2,c3,c4}. Finally, Bob recognizes the valid plaintext based on its format, such asredundancy and structure.
Универсальные элементы группунитреугольных матриц над кольцом целых чисел
15
© Roman 'kov V.A., 2016
The Rabin cryptosystem is popular because it imposes a small computational burden, has relatively lightweight implementation, and requires only a single squaring and modular reduction for encryption.
Lagrange's four-square theorem
Lagrange's four-square theorem states that every natural number can be represented as the sum of four integer squares m = xf + xJ +
+ + Xj .
M. O. Rabin and J. O. Shallit [3] have found randomized polynomial-time algorithm for computing a single representation m = xJ + + xJ + xJ + x|, in expected time O((logn)2).
3. An improved Rabin cryptosystem
Alice chooses large distinct primes p and q of the form 4k + 3, that are her private parameters.The modular ring Z„, where n = pq, is used as platform for encryption and decryption processes. The chosen form provides bijectivity of the the quadratic map v
Public parameters:
modular ring Zn.
the module n and
:Qn
Q„,v(x) = x2.
Encryption and decryption procedure:
1. Let m e Znbe a message, that Bob wants to send to Alice. Bob represents it in the form m = mf + mf+mf+mf. He uses the Rabin-Shallit'seffective algorithm mentioned above. Then he computes ct = mj for i = 1, ..., 4. Then hesends vector c = (c1(..., c4) to Alice.
2. Alice computes for every ct its unique square root m? that lies in Qn. As Alice knows p and q, she can do it effectively. Then Alice recovers m = ml + m^ + m^ + mj.
Acknowledgment: The investigation was supported by RFBR, project 15-41-04312.
LITERATURE
[1] Nagell T. Introduction to number theory. New York: Wiley. 1951.
[2] Smart N. Cryptography: An Introduction. New York: McGraw-Hill. 2003.
[3] Rabin M. O., Shallit J. O. Randomized algorithms in number theory // Comm. Pure Appl. Math. 1986. Vol. 33. No. S1. P. S239-S256.
—>
