#### DMCA

## Public-key cryptosystem design based on factoring and discrete logarithms,” (1994)

Venue: | IEE Proc. Comput. Digit. Tech., vol.141, No.3, |

Citations: | 13 - 0 self |

### Citations

3528 | New directions in cryptography - Diffie, Hellman - 2003 |

361 | Digitalized signatures and public key functions as intractable as factoring - Rabin - 1979 |

294 | A public-key cryptosystem based on algebraic coding theory - McEliece - 1978 |

105 | Discrete logarithms in finite fields and their cryptographic significance - Odlyzko - 1985 |

73 | Analysis and comparison of some integer factoring algorithms’, - POMERANCE - 1982 |

42 |
An Interactive Identification Scheme Based on Discrete Logarithms and Factoring.
- Brickell, McCurley
- 1992
(Show Context)
Citation Context ...ty for these two assumptions. For example, if we select two large primes p and q with 512 bits each, in order to ensure the difficulty of the discrete logarithm problem in subgroups of Z: and Z t , the resulting composite modulus n = p x q of the factoring problem will become 1024 bits long. This results in two disadvantages: (1) the public-key size will become two times longer than that of the original Diffie-Hellman scheme; (2) the time to compute a 1024-bit exponentiation is almost eight times longer than the time to compute a 512-bit exponentiation. In 1992 E.F. Brickell and K.S. McCurley [14] proposed an interactive identification scheme also based on discrete logarithms and fsxtoring, but these two assumptions are not as general as the two assumptions stated previously. The object of this paper is to develop a cryptosystem based on two different cryptographic assumptions to enhance the security, while maintaining the efficiency of I93 Authorized licensed use limited to: University of Missouri System. Downloaded on March 23, 2009 at 14:44 from IEEE Xplore. Restrictions apply. the implementation. In other words, one must break the RSA and the ElGamal systems simultaneously to break... |

18 | Cryptography and data security’ (AddisonWesley, - DENNING - 1982 |

14 |
Elementary number theory and its applications’’, Addison-Wesley Publishing Co.,
- Rosen
- 1986
(Show Context)
Citation Context ... Suppose A wants to send some secret information to E . First, A obtains and authenticates B’s public keys (p, a,, y,). Then A randomly selects a number k from [l, p B - 11 with gcd(k, 4(pB)) = 1. According to the public-key distribution scheme described previously, a common secret key K , , can be obtained by A as Public-key cryptosystem and signature scheme based on factoring and discrete logarithms K A B = Y i mod PE Note here that this common secret key K, , shared between A and E is also a primitive element mod p , according to the following corollary based on the K. H. Rosen theorem 8.4 [16]. Corollary I ; K , , is a primitive element mod p , . k will serve as A’s ‘secret session key’, and the corresponding K , , will become the ‘common secret session key’ shared by A and E . Then A computes z A = a; mod pB and U = y: mod ( p , - 1) and sends U to B. 3.1.2 Phase 2: Encryption. For each message block mi in a sequence of message blocks {m,, m,, ..., mi, ...), A computes two encryption keys K i , I and Ki, iteratively as Ki, = Ki. . l , , K,, mod p , = K:, mod p , and K i , = ~ 2 . I mod PE where K O , I = 1. The corresponding ciphertext block Ci is computed as Ci = mi3 mod p , - 1 ... |

2 |
A public-key cryptosystem and a signature scheme based on discrete logarithms
- ElGamel
- 1985
(Show Context)
Citation Context ...ntiation is required for enciphering each message block (the time required for modular exponentiation with exponent 3 can be ignored) and two modular exponentiations are required for deciphering each ciphertext block. This performance is very similar to the original ElGamal scheme. However, the ElGamal scheme requires two modular exponentiations for enciphering one message block and one modular exponentiation for deciphering one cipher text block. (2) In our proposed cryptosystem, for every message block m i , there is a corresponding ciphertext block Ci. The transmission efficiency is 1 : 1. (3) In our system, the unique secret session key k chosen by A, and the unique common secret session key K,, shared by A and B, are used throughout the session to generate the encryption keys Ki, and Ki. for i = 1,2, . . . . These keys K,, , K i . and Ki. will differ from one session to the next if the value of k is different. Hence, k should be selected randomly to ensure security. Note that since K,, is a primitive element of GF(p,), we can obtain a period of length p , - 1 for the encryption keys Ki, and K i . 2 . So, for all practical applications, the period length is as long as we want. In ... |

1 | Computation of discrete locarithms in prime finite fields’. - LAMACCHIA, ODLYZKO - 1991 |