Presentation is loading. Please wait.

Presentation is loading. Please wait.

ElGamal Public-Key Systems over GF(p) & GF(2m)

Published byAfonso di Azevedo de Vieira Modified over 6 years ago

Similar presentations

Presentation on theme: "ElGamal Public-Key Systems over GF(p) & GF(2m)"— Presentation transcript:

1 ElGamal Public-Key Systems over GF(p) & GF(2m)
Network Security Design Fundamentals ET-IDA-082 Tutorial-9 ElGamal Public-Key Systems over GF(p) & GF(2m) , v28 Prof. W. Adi

2 ElGamal Secrecy-System
Over GF (p) 2

3  primitive element in GF(p)
ElGamal Secrecy-System (1985) User A sends M to B User B receives  primitive element in GF(p) Xa = secret key of A  Xa Xb = secret key of B  Xb ya =  Xa public key of A yb =  Xb public key of B C M X X C = M .  Xb . R / m M yb Z =  Xb. R Z-1 =  - Xb. R (yb)R r =  R r / m-bits  R (r)-Xb = - Xb. R - Xb R m = log2 p - Xb = (p-1) - Xb Random Generator : R = p-1 a new R is needed for every message Notice: The scheme applies similarly over GF(2m) with  as a primitive element in that field. 3

4  = 2 = primitive element in GF(11)
Example 1: Setup ElGamal Encryption System using GF(11). Send the message M=10 from user A to B. The secret key of B is 9 and for A is 7 Solution 1 : Computing order of  =2: 22=41, 23=8, 24=5, 25=10 1, 26=9, 27=7, 28=3, 29=6, 210=1 => order of 2 is 10 => 2 is a primitive element !. p = 11= , Possible orders = divisors of p-1=2x5, that is 1,2,5,10. User A sends M to B User B receives  = 2 = primitive element in GF(11) Xa = secret key of A=7  7 = 7 Xb =9= secret key of B Yb= Xb= 2 9 = 6 ya =  Xa public key of A = 7 yb =  Xb public key of B = 6 C=7 M =21 mod 11 =10 M=10 X X C = M . Xb . R = =7 / m (3) yb 6 8 = (2 9)8 = 272 mod 10 =22 =4 (6)R r =2 8 =3 r=3 (3)-Xb = (3)1 / m-bits - Xb = -9  R R=8 Xb = (p-1) – Xb -9= (11-1)-9=1 m = log2 p=4 Random Generator : R = P-1 , we select R= 8 4

5  = 3 = primitive element in GF(29)
Example 2: Setup El Gamal Encryption System using GF(29). Send the message M=17 from user A to B. The secret key of B is 4 and for A is 7 Solution 2 : Computing order of  =3: 31=3, 32=9 1, 34=92=81=231, 37=34.33 =23.27= 12 1, 314 =(37) 2 =(12)2= 28 1 => 3 is a primitive element !. p=29= , Possible orders = divisors of p-1=2x2x7, that is 1,2,4,7,14,28. User A sends M to B User B receives  = 3 = primitive element in GF(29) Xb = 4 = secret key of B Yb =  Xb = 3 4 = 23 Xa = secret key of A=7 Ya =  Xa = 3 7 = 12 ya =  Xa = 3 7 =12 public key of A yb =  Xb = 3 4 =23 public key of B C=17 = M ! X X M=17 C = M . Xb . R = 17.(384) = 17 / m M =17 The selected R is not reasonable ! C=M no encryption ! 4 .21 mod 28 =1 = mod 28 =30=1 Y b (3 4 ) 21 r = 3 R = 3 21 r = 3 21 (3 21) -4 = 3 21 / m-bits - Xb R=21 Xb = (p-1) – Xb 4= (29-1)- 4 = 24 m = log2 29 Random Generator : R = P-1 , we select R= 21 5

6  = 3 = primitive element in GF(29)
Example 3 (alternative solution for 2): Setup El Gamal Encryption System using GF(29). Send the message M=17 from user A to B. The secret key of B is 4 and for A is 7 Solution 3: The fact that selecting R=21 results with a cipher text C=M. This is an teresting bad selection which can happen in real implementations!!!. Therefore another random integer R=25 is selected and the solution is repeated as follows: User A sends M to B User B receives  = 3 = primitive element in GF(29) Xb = 4 = secret key of B Yb =  Xb = 3 4 = 23 Xa = secret key of A=7  7 = 12 ya =  Xa = 3 7 public key of A = 12 yb =  Xb = 3 4 public key of B = 23 C=21 X M =17 X C = M .  Xb . R = =21 / m M =17  Xb . R =(3 4) 25 mod 28 = = 3 16 = 20 yb 3 12 = 16 (yb).R r =3 25 =3 -3 r = 3 -3 (3 -3)-4 = 312 mod 28 3 25 / m-bits - Xb = - 4 (3 -3)24 = 3-72 mod 28 R=25 Xb = (p-1) – Xb -4= (29-1)- 4 = 24 m = log2 29 Random Generator : R = P-1 , we select R= 25 6

7 ElGamal Secrecy-System
Over GF (2m) 7

8 Example 4: Set up ElGamal public-key encryption system using GF(24), which is generated by the irreducible polynomial P(x) = ( x4+ x +1 ). The secret keys for users A and B are 7 and 12 respectively. Check if you can take  = 1011 as a primitive element. Send the message M = 0101 from user A to B and use the random value R=13 for this message. Notice: Many real systems use ElGamal secrecy system over GF(2m). Solution 4: If P(x)= x4+ x +1 is the modulus then x4 + x +1 = 0, thus x4 = x +1. the exponents of x in GF(24) are: x = x x2= x x3= x x4= x4 = x x5= x x4 = x2 +x x6= x (x2 +x)= x3 +x x7= x (x3 +x2) = ( x4 +x3 ) = x +1+x x8= x4 + x2 +x = 1+x + x2 +x = 1+x x9 = x3 + x x10 = x4 + x2 = x+1 + x x11 = x3 + x2 +x x12= x4 + x3 + x2 = x +1+ x3 + x x13= x4 + x3 + x2 +x = x3 + x x14= x4 + x3 + x= x+1+x3 + x = x x15= x4 + x = x x = The order of any element is a divisor of 24-1=15 = 3 x 5, that is 1,3,5 or 15 Check if =x7= 1011 is a primitive element Order =x7: 3= (x7)3 = x21 mod 15 = x6=1100 1 5= (x7)5 = x35 mod 15 = x35-2x15= x51 =>  is a primitive element Ya= Xa= (x7)7= x49 mod 15 = x4 = 0011 Yb= Xb= (x7)12= x84 mod 15 = x9= 1010 Modulus in the exponent is 24-1=15 Is this a primitive element ? Another proof: as x is primitive, xi is also primitive iff gcd(i,15)=1 => x7 is primitive 8

9 Solution 4: Public directory User A sends M to B User B receives
GF(24) generated by P(x)= x4+ x +1  = x7=1+x +x3 = 1011 (primitive element) Ya= Xa = 7 = (x7)7= x49 mod 15 = x4 = 0011 Yb= Xb= 12 =(x7)12= x84 mod 15 = x9= 1010 Xa = secret key of A=7 Xb =12 secret key of B C = M . Xb . R = x8 x 12 =x 20 mod 15 C = = x 5 C=0110= x 5 M = x 5 x3 = x8 = 0101 M=0101=x8 X X / m  Xb . R = x 9x13=117 mod 15 = x 12 x3 Yb = x9 Modulus in the exponent in GF(2m) is 2m-1 (x9)13 r =x 7x13 =x r=x=0010 (x)-Xb = (x)3 - Xb = -12  R R=13 Cryptogram sent to B: [ C=0110, r=0010 ] Xb = 15 – 12 = 3 Random Generator : R = , 9

10 Example 5: Set up ElGamal public-key encryption system using GF(26), which is generated by the irreducible polynomial P(x) = ( x6 + x3 + 1 ). The secret keys for users A and B are 22 and 10 respectively. Check if you can take  = 1+x as a primitive element. Send the message M = = x5+x2 from user A to B and use the random value R = 20 for this message. Solution 5:  primitive. Another primitive element is 2 as: Probability of picking up a primitive element: Ya= Xa= (x+1)22= (x+1)21.(x+1) = (1+x3 ) .(x+1) = =x+x4+1+x3= 1+x+x3+x4 = Yb= Xb= (x+1)10= (x + 1)9.(x+1) = (x+x2+x5).(x+1) = =x2+x3+x6+x+x2+x5 = x3+(1+x3)+x+x5 = 1+x+x5 = If P(x) = ( x6 + x3 + 1 ) is the modulus then x6 + x3 +1 = 0, thus x6 = x3 +1. x7 = x6.x = (x3+1).x = x4 + x x8 = x6.x2 = (x3+1).x2 = x5 + x2 x9 = x6.x3 = (x3+1).x3 = 1 ( notice that x is not a primitive element) The order of any element is a divisor of 26-1 = 63, that is 1, 3, 7, 9, 21 or 63 Check the exponents 3, 7, 9, 21 of  = x+1 in GF(26) : (x +1)3 = (x+1)2.(x+1) = (x2+1).(x+1) = 1+x+x2+x3  1 (x +1)7 = (x+1)6.(x+1) =(x2+x3+x4)(x+1) = x3+ x4+x5+x2+x3+x4 = x2+x5  1 (x+1)6 = ((x+1) 3)2 = (1+x+x2+x3 )2 = 1+x2+x4+x6 = 1+x2+x4 + x3 +1. = x2+x3+x4 (x + 1)9 = (x+1)7.(x+1)2 = (x2+x5).(x2+1) = x4+(x4+x)+x2+x5 = x+x2+x5  1 (x + 1)21 = (x+1)12.(x+1)9 = (1+ x2+x3+x4+x5).(x+x2+x5) = 1+x3  1 (x+1)12 =((x+1)6)2 = (x2+x3+x4)2 = x4+x6+x8 = x4+ x3+1+x5+x2 =1+ x2+x3+x4+x5 As the order of =(x+1) is not 3 or 7 or 9 or 21 => it is 63 =>  is primitive! Choosing R = 20 and sending a massage M = x5+x2 = (x+1)7 =7 = Encryption: Z = (Yb)R = (10)20 = 200 mod 63 = 11= x2+x3+x5=101100 r = R = (x+1)20 = 20 = (10 )2= 1+ x2+x = C = Z . M = 11 . 7 = 18 mod 63= 18 = x + x2 + x4 Decryption Z-1 = (r)-Xb = (20 )-10 = -200 mod 63 = -11 = 52 M = Z-1.C = 52.18= 70 mod 63 = 7 Modulus in the exponent is 26-1 = 63

11 Or [ (x+1)20 ]-10+63 = (x+1)1060 mod 63 =  52
Solution 5: Public directory User A sends M to B User B receives GF(26) generated by P(x)= x6+ x3 +1  = (x+1) (primitive element) Ya= Xa = (x+1)22 = 1+x+x3+x4 = Yb= Xb= (x+1)10 = 1+x+x5 = Xa = 22 secret key of A Xb =10 secret key of B C= = (x+1)18 M=100100=x5+x2=(x+1)7=7 C = M . Xb . R = 7 10.20 = = 7 11= 18 C = 1+x2+x4 = X X M = 52.18 = 70 mod 63 = 7 = (x+1)7 = x5 + x2 = / m  -11 = 52 Yb = 1+x+x5  Xb . R = (x+1)10.20 mod63 = (x+1)11 (1+x+x5)20 r =  20 =(x+1)20 [ (x+1)20 ]-Xb = [ (x+1)20 ]53 =(x+1)1060 mod 63 =  52 Z= R r =(x+1)20= 1 + x + x2 = R=20 - Xb = =53 Cryptogram sent to B: [ C = , r = ] Modulus in the exponent in GF(2m) is 2m-1 = 63 Random Generator : R = Or [ (x+1)20 ] = (x+1)1060 mod 63 =  52

12 List of all irreducible Polynomials over GF(2 ) up to degree 11

13 Factorization of 2n-1

Download ppt "ElGamal Public-Key Systems over GF(p) & GF(2m)"

Similar presentations

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )
1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’

1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’
ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, A Public-Key Cryptosystem and a Signature Scheme.

ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, "A Public-Key Cryptosystem and a Signature Scheme.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the order Teams mostly.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the order Teams mostly.
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 離散對數密碼系統 交通大學資訊工程系 陳榮傑. 2 Outline 離散對數問題 (Discrete Logarithm Problem) 離散對數演算法 (DL Algorithms) –A trivial algorithm –Shanks’ algorithm –Pollard’s algorithm.

1 離散對數密碼系統 交通大學資訊工程系 陳榮傑. 2 Outline 離散對數問題 (Discrete Logarithm Problem) 離散對數演算法 (DL Algorithms) –A trivial algorithm –Shanks’ algorithm –Pollard’s algorithm.
CSE 331: Introduction to Networks and Security Fall 2001 Instructor: Carl A. Gunter Encrypted Knock Knock.

CSE 331: Introduction to Networks and Security Fall 2001 Instructor: Carl A. Gunter Encrypted Knock Knock.
@Yuan Xue 285: Network Security CS 285 Network Security Digital Signature Yuan Xue Fall 2012.

@Yuan Xue 285: Network Security CS 285 Network Security Digital Signature Yuan Xue Fall 2012.
Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-9 Public-Key Cryptography.

Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-9 Public-Key Cryptography.
Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-5 Mathematical Background:

Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-5 Mathematical Background:
Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-12 Public-Key Cryptography.

Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-12 Public-Key Cryptography.
Page : 1 Date : 31.08. 2013 Duration : 90 Minutes Maximum marks 70% Vorname ……………………………………….. Nachname ……………………………………….. Matrikel-Nr. ………………………………………..

Page : 1 Date : Duration : 90 Minutes Maximum marks 70% Vorname ……………………………………….. Nachname ……………………………………….. Matrikel-Nr. ………………………………………..
Public-Key Cryptography ElGamal Public-Key Crypto-System

Public-Key Cryptography ElGamal Public-Key Crypto-System
Cryptographic Protocols Secret sharing, Threshold Security

Cryptographic Protocols Secret sharing, Threshold Security
Mathematical Background: Groups, Rings, Finite Fields (GF)

Mathematical Background: Groups, Rings, Finite Fields (GF)
Asymmetric-Key Cryptography

Asymmetric-Key Cryptography
Rabin Lock and Public-Key Systems

Rabin Lock and Public-Key Systems
Mathematical Background: Extension Fields

Mathematical Background: Extension Fields
Network Security Design Fundamentals Lecture-13

Network Security Design Fundamentals Lecture-13
Advanced Information Security 5 ECC Cryptography

Advanced Information Security 5 ECC Cryptography

Similar presentations

Ads by Google