• Table of Contents Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company Publisher : Prentice Hall PTR Pub Date : July 25, 2003 ISBN : 0-13-066943-1 Pages : 648 Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography. Equation 6.5.2 Euler's Criterion provides a criterion to test whether or not an element in is a quadratic residue: if congruence ( 6.5.1 ) is satisfied, then x QR p ; otherwise ( 6.5.2 ) is satisfied and x QNR p . Let n be a composite natural number with its prime factorization as Equation 6.5.3 Then by Theorem 6.8 , is isomorphic to . Since isomorphism preserves arithmetic, we have: . Theorem 6.14 Let n be a composite integer with complete factorization in ( 6.5.3 ). Then x QR n if and only if and hence if and only if x (mod p i ) QR pi for prime p i with i = 1, 2, …, k . Therefore, if the factorization of n is known, given the quadratic residuosity of x modulo n can be decided by deciding the residuosity of x (mod p ) for each prime p|n . The latter task can be done by testing Euler's criterion. However, if the factorization of n is unknown, deciding quardratic residuosity modulo n is a non- trivial task. Definition 6.2 : Quadratic Residuosity (QR) Problem INPUT n: a composite number ; OUTPUT YES if x QR n . The QRP is a well-known hard problem in number theory and is one of the main four algorithmic problems discussed by Gauss in his "Disquisitiones Arithmeticae" [ 119 ]. An efficient solution for it would imply an efficient solution to some other open problems in number theory. In Chapter 14 we will study a well-known public-key cryptosystem named the Goldwasser-Micali cryptosystem ; that cryptosystem has its security based on the difficult for deciding the QRP. • Table of Contents Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company Publisher : Prentice Hall PTR Pub Date : July 25, 2003 ISBN : 0-13-066943-1 Pages : 648 Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography. Combining Theorem 6.12 and Theorem 6.14 we can obtain: . Theorem 6.15 Let n be a composite integer with k > 1 distinct prime factors. Then exactly fraction of elements in are quadratic residues modulo n . Thus, for a composite number n , an efficient algorithm for deciding quadratic residuosity modulo n will provide an efficient statistic test on the proportion of quadratic residues in , and hence by Theorem 6.15, provide an efficient algorithm for answering the question whether n has two or three distinct prime factors. This is because, by Theorem 6.15, in the former case ( n has two distinct prime factors), exactly a quarter of elements in are quadratic residues, and in the latter case, exactly one-eighth of them are. Consequently, ensembles E 2–Prime and E 3–Prime (see § 4.7 ) can be distinguished. To date, for a composite n of unknown factorization, no algorithm is known to be able to decide quadratic residuosity modulo n in time polynomial in the size of n . 6.5.2 Legendre-Jacobi Symbols Testing quadratic residuosity modulo a prime using Euler's criterion ( 6.5.1 ) involves evaluating modulo exponentiation which is quite computation intensive. However, quadratic residuosity can be tested by a much faster algorithm. Such an algorithm is based on the notion of Legendre- Jacobi symbol. Definition 6.3: Legendre-Jacobi Symbol For each prime number p and for any let is called Legendre symbol of x modulo p . Let n = p 1 p 2 … p k be the prime factorization of n (some of these prime factors may repeat). Then is called Jacobi symbol of x modulo n . In the rest of this book will always be referred to as Jacobi symbol whether or not b is prime. • Table of Contents Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company Publisher : Prentice Hall PTR Pub Date : July 25, 2003 ISBN : 0-13-066943-1 Pages : 648 Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography. For p being prime, comparing ( 6.5.1 ), ( 6.5.2 ) with Definition 6.3 , we know Equation 6.5.4 Moreover, Jacobi symbol has the following properties. . Theorem 6.16 Jacobi symbol has the following properties : ; i. ; ii. ; iii. if x y (mod n ) then ; ( below m, n are odd numbers ) iv. ; v. ; vi. if gcd( m, n ) = 1 and m, n > 2 then . vii. In Theorem 6.16, (i–iv) are immediate from the definition of Jacobi symbol. A proof for (v–vii) uses no special technique either. However, due to the lengthiness and lack of immediate relevance to the topic of this book, we shall not include a proof but refer the reader to the standard textbooks for number theory (e.g., [ 170 , 176]). Theorem 6.16(vii) is known as the Gauss' Law of Quadratic Reciprocity. Thanks to this law, it is not hard to see that the evaluation of for gcd ( x, n ) = 1 has a fashion and hence the same • Table of Contents Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company Publisher : Prentice Hall PTR Pub Date : July 25, 2003 ISBN : 0-13-066943-1 Pages : 648 Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography. computational complexity of computing the greatest common divisor. . Remark 6.1 When we evaluate Jacobi symbol by applying Theorem 6.16 , the evaluation of the right-hand sides of (v–vii) must not be done via exponentiations. Since ord(–1) = 2 (in multiplication), all we need is the parity of these exponents. In Alg 6.2 we realize the evaluation by testing whether 2 divides these exponents . Alg 6.2 provides a recursive specification of the properties of Jacobi symbol listed in Theorem 6.2 . Algorithm 6.2: Legendre/Jacobi Symbol INPUT odd integer n > 2, integer . OUTPUT . Jacobi( x, n ) if ( x == 1 ) return ( 1 ); 1. if ( 2| x ) if ( 2|( n 2 –1)/8 return ( Jacobi( x /2, n ) ); a. return( –Jacobi( x /2, n ) ); b. (* now x is odd *) 2. if ( 2| ( x – 1)( n – 1)/4 ) return( Jacobi( n mod x, x ) ); 3. return( –Jacobi( n mod x, x ) ). 4. In Alg 6.2 , each recursive call of the function Jacobi(,) will cause either the first input value being divided by 2, or the second input value being reduced modulo the first. Therefore there can be at most log 2 n calls and the first input value is reduced to 1, reaching the terminating condition. So rigorously expressed, because each modulo operation costs O B ((log n ) 2 ) time, Alg 6.2 computes can be computed in O B ((log n ) 3 ) time. • Table of Contents Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company Publisher : Prentice Hall PTR Pub Date : July 25, 2003 ISBN : 0-13-066943-1 Pages : 648 Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography. However we should notice that, in order to present the algorithm with ease of understanding, we have again chosen to sacrifice efficiency! Instead of bounding each modulo operation with O B ((log n ) 2 ), via a careful realization, total modulo operations in steps 3, 4 can be bounded by O B ((log n ) 2 ). This situation is exactly the same as that for computing greatest common divisor with a carefully designed algorithm: to exploit the fact expressed in ( 4.3.12 ). Consequently, for , can be computed in O B ((log n ) 2 ) time. A careful realization of the counterpart for Alg 6.2 can be found in Chapter 1 of [ 79]. Compared with the complexity of evaluating Euler's criterion ( 5.4.5 ), which is O B ((log p ) 3 ) due to modulo exponentiation, testing quadratic residuosity modulo prime p using Alg 6.2 is log p times faster. Example 6.5. Let us show that 384 QNR 443 . Going through Alg 6.2 step by step, we have Therefore 384 QNR 443 . Finally, we should notice that evaluation of Jacobi symbol using Alg 6.2 does not need to know the factorization of n . This is a very important property which has a wide application in public-key cryptography, e.g., in Goldwasser-Micali cryptosystem (§ 14.3.3 ) and in Blum's coin- flipping protocol ( Chapter 19 ). • Table of Contents Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company Publisher : Prentice Hall PTR Pub Date : July 25, 2003 ISBN : 0-13-066943-1 Pages : 648 Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography. 6.6 Square Roots Modulo Integer In Example 6.2 we have had an experience of "computing a square root modulo an integer." However the "algorithm" used there should not qualify as an algorithm because we were lucky to have managed to map, using the isomorphism in Theorem 6.8, a seemingly difficult task to two trivially easy ones: computing square roots of 1 and 4, which happen to be square numbers in and the "rooting algorithm" is known even to primary school pupils. In general, the isomorphism in Theorem 6.8 will not be so kind to us: for overwhelming cases the image should not be a square number in . Now we introduce algorithmic methods for computing square roots of a quadratic residue element modulo a positive integer. We start by considering prime modulus. By Corollary 6.2 , the two roots of a quadratic residue complements to one another modulo the prime modulus; so it suffices for us to consider computing one square root of a quadratic residue element. For most of the odd prime numbers, the task is very easy. These cases include primes p such that p 3, 5, 7 (mod 8). 6.6.1 Computing Square Roots Modulo Prime Case p 3, 7 (mod 8) In this case, p + 1 is divisible by 4. For a QR p , let Then because a ( p –1)/2 1 (mod p ), we have So indeed, x is a square root of a modulo p . Case p 5 (mod 8) In this case, p + 3 is divisible by 8; also because ( p – 1)/2 is even, –1 meets Euler's criterion as a quadratic residue. For a QR p , let Equation 6.6.1 From a ( p –1)/2 1 (mod p ) we know a ( p –1)/4 ±1 (mod p ); this is because in field 1 has only two square roots: 1 and –1. Consequently • Table of Contents Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company Publisher : Prentice Hall PTR Pub Date : July 25, 2003 ISBN : 0-13-066943-1 Pages : 648 Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography. That is, we have found that x computed in ( 6.6.1 ) is a square root of either a or – a . If the sign is + we are done. If the sign is –, then we have Therefore Equation 6.6.2 will be the solution. So the task boils down to computing (mod p ). Let b be any quadratic non-residue mod p . Then by Euler's criterion so b ( p –1)/4 (mod p ) can be used in place of . By the way, since and the right-hand side is 8 times an odd number; so by Theorem 6.16 (vi) 2 QNR p . That is, for this case of p we can use 2 ( p –1)/4 in place of . Then, one may check that ( 6.6.2 ) becomes Equation 6.6.3 We can save one modulo exponentiation by using the right-hand-side of ( 6.6.3 ). • Table of Contents Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company Publisher : Prentice Hall PTR Pub Date : July 25, 2003 ISBN : 0-13-066943-1 Pages : 648 Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography. Algorithm 6.3: Square Root Modulo p 3, 5, 7 (mod 8) INPUT prime p satisfying p 3, 5, 7 (mod 8); integer a QR p . OUTPUT a square root of a modulo p . if ( p 3, 7 (mod 8) ) return( a ( p +1)/4 (mod p ) ); (* below p 5 (mod 8) *) 1. if ( a ( p –1)/4 1 (mod p ) ) return( a ( p +3)/8 (mod p ) ); 2. return( (4 a )( ( p +3)/8 /2). 3. The time complexity of Alg 6.3 is O B ((log p ) 3 ). Computing Square Roots Modulo Prime in General Case The method described here is due to Shanks (see §1.5.1 of [ 79 ]). For general case of prime p , we can write with q odd and e 1. By Theorem 5.2 (in § 5.2.3 ), cyclic group has a unique cyclic subgroup G of order 2 e . Clearly, quadratic residues in G have orders as powers of 2 since they divide 2 e –1 . For a QR p , since so a q (mod p ) is in G and is of course a quadratic residue. So there exists an even integer k with 0 k > 2 e such that Equation 6.6.4 where g is a generator of G . Suppose that we have found the generator g and the even integer k . • Table of Contents Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company Publisher : Prentice Hall PTR Pub Date : July 25, 2003 ISBN : 0-13-066943-1 Pages : 648 Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography. Then setting it is easy to check that x 2 a (mod p ). Thus, the task boils down to two sub-tasks: (i) finding a generator g of group G , and (ii) finding the least non-negative even integer k , such that ( 6.6.4 ) is satisfied. Sub-task (i) is rather easy. For any f QNR p , because q is odd, f q QNR p and ord p ( f q ) = 2 e ; hence f q is a generator of G . Finding f is rather easy: picking a random element and testing (using Alg 6.2 ). Since half the elements in are quadratic non-residues, the probability of finding a correct f in one go is one-half. Sub-task (ii) is not too difficult either. The search of k from ( 6.6.4 ) is fast by utilizing the fact that non-unity quadratic-residue elements in G have orders as powers of 2. Thus, letting initially Equation 6.6.5 then b G . We can search the least integer m for 0 m < e such that Equation 6.6.6 and then modify b into Equation 6.6.7 Notice that b , after the modification in ( 6.6.7 ), has its order been reduced from that in ( 6.6.5 ) while remaining a quadratic residue in G and so the reduced order should remain being a power of 2. Therefore, the reduction must be in terms of a power of 2, and consequently, repeating ( 6.6.6 ) and ( 6.6.7 ), m in (6.6.6 ) will strictly decrease. Upon m = 0, ( 6.6.6 ) shows b = 1, and thereby ( 6.6.7 ) becomes ( 6.6.4 ) and so k can be found by accumulating 2 m in each loop of repetition. The search will terminate in at most e loops. It is now straightforward to put our descriptions into Alg 6.4 . • Table of Contents Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company Publisher : Prentice Hall PTR Pub Date : July 25, 2003 ISBN : 0-13-066943-1 Pages : 648 Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography. Since e < log 2 p , the time complexity of Alg 6.4 is O B ((log p ) 4 ). . Remark 6.2 For the purpose of better exposition, we have presented Alg 6.4 by following our explanation on the working principle of Shanks' algorithm; in particular, we have followed precisely the explanation on Sub-task (ii) for searching the even exponent k. In so doing, our presentation of Shanks' algorithm sacrifices a little bit of efficiency: explicitly finding k, while is unnecessary since g k/2 can be obtained as a byproduct in step 3, costs an additional modulo exponentiation in step 4. For the optimized version of Shanks' algorithm, see Algorithm 1.5.1 in [ 79 ]. Finally we should point out that Alg 6.4 contains Alg 6.3 as three special cases. Algorithm 6.4: Square Root Modulo Prime INPUT prime p ; integer a QR p . OUTPUT a square root of a modulo p . (*initialize*) set p – 1 = 2 e q with q odd; b a q (mod p ); r e ; k 0; 1. (* sub-task (i), using Alg 6.2 *) find f QNR p ; g f q (mod p ); 2. (* sub-task (ii), searching even exponent k *) while ( b 1) do 3.1 find the least non-negative integer m such that b 2 m 1 (mod p ); 3.2 b bg 2 r–m (mod p ); k k + 2 r–m ; r m ; 3. return( a ( q +1)/2 g k /2 (mod p ) ). 4. 6.6.2 Computing Square Roots Modulo Composite Thanks to Theorem 6.8, we know that, for n = pq with p, q primes is isomorphic to . Since isomorphism preserves the arithmetic, relation [...]... public-key cryptography Definition 6 .4: Blum IntegerA composite integer n is called a Blum integer if n = pq where p • Table prime numbers satisfying p and q are distinct of Contents q 3 (mod 4) Modern Cryptography: Theory and Practice A Wenbo integer has many interesting properties The following are some of them which are very Blum Mao Hewlett-Packard Company By useful in public-key cryptography and cryptographic... substitution and transposition, are still the most important kernel techniques in the construction of modern symmetric encryption algorithms We will clearly see combinations of substitution and • transpositionTable of Contents important modern symmetric encryption algorithms: DES and AES, ciphers in two Modern we shall introduce in §7.6 and §7.7 which Cryptography: Theory and Practice ByWenbo Mao Hewlett-Packard... relationship between and Modern Cryptography: Theory and Practice (Theorem 6.8), we know that y QRn has exactly four Hewlett-Packard in square roots Company Alg 6.5, these four roots are By ByWenbo Mao Publisher: Prentice Hall Equation 6.6.8 PTR Pub Date: July 25, 2003 ISBN: 0-13-066 943 -1 Pages: 648 Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic... Contents Modern Cryptography: Theory and Practice ByWenbo Mao Hewlett-Packard Company Publisher: Prentice Hall PTR Pub Date: July 25, 2003 cqkzyyr jyyowft vl vtqyyr ISBN: 0-13-066 943 -1 Pages: 648 Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. .. message space Therefore for such k and for m, c < N • Equation Table of Contents 7.3.2 Modern Cryptography: Theory and Practice ByWenbo Mao Hewlett-Packard Company Publisher: Prentice Hall PTR Pub Date: July 25, 2003 ISBN: 0-13-066 943 -1 Pages: 648 provide a simple substitution cipher Similarly, Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called... Table of Contents Modern Cryptography: Theory and Practice ByWenbo Mao Hewlett-Packard Company Publisher: Prentice Hall PTR Pub Date: July 25, 2003 ISBN: 0-13-066 943 -1 Pages: 648 Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography This... background material that is the foundation for modern cryptography 6.8 Chapter Summary In this chapter we have conducted a study in the following topics of elementary number theory: • Linear congruences Table of Contents Modern Cryptography: Theory and Practice Chinese Remainder Theorem (with algorithm) ByWenbo Mao Hewlett-Packard Company Lagrange's, Euler's and Fermat's theorems Publisher: Prentice Hall... Factor 35 using the square roots computed in Exercise 6 .4 6.12 Show that QRn is a subgroup of Jn(1) and the latter is a subgroup of 6.13 Letn = pq with p and q being distinct primes Under what condition –1 QRn? Under what condition • Table of Contents 6. 14 Letn be a Blum integer Construct Modern Cryptography: Theory and Practice over QRn ByWenbo Mao Hewlett-Packard Company the inversion of the function... confidentiality and data integrity Chapter 7 introduces symmetric encryption techniques,Chapter 8 introduces asymmetric encryption techniques, Chapter 9 considers • Table of Contents an important Theory and Practice Modern Cryptography: security quality possessed by the basic and popular asymmetric cryptographic functions when they are used in an ideal world (where data are random), and finally, ByWenbo Mao Hewlett-Packard... in a space and transform them between a • Table of Contents region of "meaningful messages" and a region of "unintelligible messages" A messages in the Modern Cryptography: and input to an encryption algorithm is called cleartext and the unintelligible meaningful region Theory and Practice output Mao the encryption algorithm is called ciphertext If we disregard the intelligibility of a ByWenbofrom Hewlett-Packard . of Contents Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company Publisher : Prentice Hall PTR Pub Date : July 25, 2003 ISBN : 0-13-066 943 -1 Pages : 648 Many cryptographic. of Contents Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company Publisher : Prentice Hall PTR Pub Date : July 25, 2003 ISBN : 0-13-066 943 -1 Pages : 648 Many cryptographic. of Contents Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company Publisher : Prentice Hall PTR Pub Date : July 25, 2003 ISBN : 0-13-066 943 -1 Pages : 648 Many cryptographic