Professional Documents
Culture Documents
, University of Windsor
Step 2 – Key Generation – Alice selects a private key XA<Q and calculate
a public key YA as in Diffie_hellman
YA= XA
Independently, Bob also generates his public key YB and private key.
a) Compute:
K=(YB)k mod q
C1=k mod q
C2=KM mod q
(a) Compute
K= (C1 ) X B mod q
Which is
1
S. Erfani, ECE Dept., University of Windsor
(b) Compute
M=(C2K-1) mod q
Therefore:
(C2K-1) mod q=(KMK-1) mod q
=MKK-1 mod q
=M mod q
Note 1 – This scheme is sometimes referred to as DSA stands for Digital Signature
Algorithm.
Note 2 – The plaintext M is usually a digest of a message. It is seen that DSS does not
encrypt the digest. The input to the algorithm is the digest of the data to sign, M,
the key, YB and a random number, k. The output is a pair of numbers C 1, and C2,
as shown in Fig. 1. There will be many ciphertexts that are encryptions of the same
digest, since the output depends on both the digest M and on the random value k
chosen by Alice.
Data to
sign DSS
M Algorithm
C1 :
Key, YB
C2 :
Random "k"
Fig. 1 DSS takes in three inputs and gives two numbers as a result
2
S. Erfani, ECE Dept., University of Windsor
Note 3 – To defeat this scheme and infer the values of XB and k givenC1, C2 and
M, the intrude, Oscar, could find a means of computing a discrete logarithm to
solve
(b) If Alice now chooses a different value of k, so that the encoding of M=30
is C=(59, C2), what is the integer C2?
Solution
We need to solve a discrete logarithm to find k. It can be shown that k=3 because:
=27
Note 4 – Informally, this is how the El Gamal algorithm works: The plaintext M is
“masked” by multiplying it by YB k , yielding C2. The value C1=k is also transmitted
as past of the ciphertext. Bob who knows the private key, XB, can compute YB k
from C1. Then he can “remove the mask” by dividing C2 by YB k to obtain M.
3
S. Erfani, ECE Dept., University of Windsor
El Gamal Cryptosystem
Let q be a prime such that the discrete logarithm problem in (Zq,.) is infeasible
and let Zq be a primitive element. Let P=Zq, C=Zq×Zq, and define
The values q, and YB are the public key and XB is the private key.
For K=(q, , XB, YB), and for a (secret) random number kZq-1, define
where
C1=k mod q
C2=x YB k mod q
Solution
4
S. Erfani, ECE Dept., University of Windsor
The U.S. Digital Signature Algorithm is the El Gamal algorithm with a few
restrictions:
(a) The size of q is specifically fixed at 2511<q<2512 (so that q is roughly 170
decimal digits long).
(c) The algorithm uses a hash value instead of the full message plaintext M.