WO2002015455A2 - Public key generation method and apparatus - Google Patents

Public key generation method and apparatus Download PDF

Info

Publication number
WO2002015455A2
WO2002015455A2 PCT/US2001/024642 US0124642W WO0215455A2 WO 2002015455 A2 WO2002015455 A2 WO 2002015455A2 US 0124642 W US0124642 W US 0124642W WO 0215455 A2 WO0215455 A2 WO 0215455A2
Authority
WO
WIPO (PCT)
Prior art keywords
polynomial
polynomials
vector
public key
variables
Prior art date
Application number
PCT/US2001/024642
Other languages
French (fr)
Other versions
WO2002015455A3 (en
Inventor
James P. Hughes
Allen R. Tannenbaum
Original Assignee
Storage Technology Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Storage Technology Corporation filed Critical Storage Technology Corporation
Priority to AU2001288234A priority Critical patent/AU2001288234A1/en
Publication of WO2002015455A2 publication Critical patent/WO2002015455A2/en
Publication of WO2002015455A3 publication Critical patent/WO2002015455A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3093Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving Lattices or polynomial equations, e.g. NTRU scheme

Definitions

  • the present invention is related to the field of public key generation for cryptography.
  • a message receiver In basic operation, a message receiver generates a public key/private key pair. The public key is then transmitted to a message sender, usually through unsecured channels or posted on a public bulletin board. The message sender uses the public key to encrypt a message to produce a cipher text (encrypted message). Unsecured channels may then be used to transmit the encrypted message to the message receiver. Finally, the message receiver uses their private key to decrypt the encrypted message to recover the original message.
  • public key/private key methods include RSA (Rivest, Shamir and Adleman), Diffie-Hellman, DSA (Digital Signature Algorithm) and PGP (Pretty).
  • the present invention is a method of generating a public key from a private key for cryptography purposes, an information recording medium containing a computer program that implements the method, an apparatus that implements the method, and a public key /private key pair generated by the method.
  • Generation of the public key in accordance with the present invention requires a relatively small amount of computational power as compared with many existing public key generation methods.
  • generation of a public key begins with providing a first set of one or more polynomials that may be evaluated on the vector.
  • a second set of polynomials is then constructed from the first set of polynomials such that each polynomial of the second set vanishes on the vector.
  • the second set of polynomials is inserted into a record to create the public key in a tangible form.
  • the first set of polynomials may be selected to generate an ideal with a doubly exponentially complex Gr ⁇ bner basis in a given number of variables.
  • Sets of polynomials having a complex Grobner basis are very difficult to solve for one or more vectors that cause all of the polynomials to vanish to zero simultaneously. This makes the resulting public key very difficult to break.
  • a doubly exponentially complex Gr ⁇ bner basis may be achieved where there the number of variables are lOn variables s (m) , fi m) , C ; ( ) , and b j (m) defined by 10n-6 generators s ( m ) _ s ( m-i ) C ⁇ ( m-i ) f or 2 ⁇ m ⁇ n, m) - s ⁇ m -p 4 ⁇ mA) for 2 ⁇ m ⁇ n,
  • Another object of the present invention is to provide an information recording medium and an apparatus that implement the method of the present invention.
  • Yet another object of the present invention is to provide a public key /private key pair generated by the method of the present invention.
  • FIG 1 is a flow diagram of a method for generating a public key
  • FIG. 2 is a block diagram of an apparatus that implements the method for generating the public key
  • FIG. 3 is a flow diagram of a method for encrypting and decrypting a message using the public key and private key
  • FIG. 4 is a flow diagram of a method for encrypting and decrypting a message using the public key, private key and a conventional key.
  • a field is any set of elements that satisfy the standard properties of addition, subtraction, multiplication, and division. Real numbers are an example of a field.
  • a ring is a set of elements that satisfy additive associativity, additive commutativity, additive identity, additive inverse, multiplicative associativity and left and right distributivity. Integers are an example of a ring.
  • An ideal is a subset of elements of a ring that form an additive group and has the property that wherever x belongs to the ring, and y belongs to the ideal, then xy and yx belong to the ideal. Even integers are an example of an ideal for a ring of integers.
  • a Gr ⁇ bner basis for a set of polynomials is an equivalence set of polynomials that possess useful properties.
  • One useful property is that the set of polynomials in a Grobner basis have the same collection of roots as the original set of polynomials.
  • Another useful property is that a Gr ⁇ bner basis provides a measure of complexity of the original set of polynomials.
  • An affine space has a coordinate system such that every point within that space can be represented by an n-tuple of the coordinates.
  • FIG. 1 is a flow diagram for a method of generating a public key from a private key.
  • the method begins by selecting a finite field k and a polynomial ring k ⁇ x,, ... ,x n ⁇ in n variables to work within, as shown in block 100.
  • An element r is selected from affine space k n (r e k n ) as the private key, as shown in block 102.
  • Affine space k n contains field k.
  • This private key r is a vector from the coordinate origin of k n and has n variables. In the preferred embodiment, the private key r is chosen at random. In alternative embodiments, the private key r may be a specifically selected element of affine space k n .
  • a first set G ⁇ g 1 ,... ,g m ⁇ having m polynomials, where m ⁇ l, is provided as shown in block 104.
  • Each first polynomial g ( of G has the same n variables as the private key r such that each first polynomial g s may be evaluated on the private key r.
  • First polynomials g j through g m may be selected at random, or established with specific generators to generate a high degree of interdependency between the variables of the polynomials. The higher the degree of interdependency between the variables, the more difficult it is to solve all for roots of the polynomials so that all of the polynomials vanish to zero simultaneously.
  • the public key is constructed from the first set G of polynomials and the private key r, as shown in block 106.
  • each second polynomial is defined by equation 1 as:
  • One advantage of the preferred embodiment for constructing the second set H is that a limited amount of computational power is required. Once the first set G and private key r have been established, construction of the second set H only requires calculating each first polynomial g j at the private key r, and then subtracting the results from the respective first polynomial gj. Doubling the number of variables n in the first polynomials g ⁇ doubles the number of calculations. Tripling the number of variables n triples the number of calculations. The computational power required to generate the second set H grows linearly with the desired number of variables n, instead of growing exponentially.
  • the second polynomials h ⁇ are written into a record, as shown in block 108.
  • This record is the public key for the private key r.
  • the record may be copied into portable media and physically transported to other people for their use in encrypting messages. For example, a person wishing to receive an encrypted message may copy their public key record into a floppy disk and then give that floppy disk to the person they want to send the encrypted message. The record may also be read into transmission channels and transmitted to others.
  • An example of this approach is for the person wishing to receive the encrypted message to attach or embed a copy of the public key record in an e-mail message addressed to the person that will send the encrypted message. Copies of the record may be posted on public and/or private bulletin boards making it available for other people to copy.
  • the public key record need only contain the coefficient for the second polynomials h ; .
  • the person sending an encoded message may generate the second set H by inserting the coefficients recorded in the public key into the second polynomials h s in the predetermined sequence.
  • the first set G can be constructed as follows. Let I n be an ideal in lOn variables s (m , m Cj (ra) , and bi (m) defined by the following 10n-6 generators: s (m) _ s (m-i) C ⁇ (m-i) f or 2 ⁇ m ⁇ n, f ⁇ m ) _ s ( m-i ) C4 ( m,i ) f or 2 ⁇ m ⁇ n,
  • R be a polynomial ring in n variables over a field K.
  • I be an ideal of R generated by polynomials u, , ... ,u z of degree at most d.
  • the complexity of the Gr ⁇ bner basis for the public key increases as two to the power of two to the power of n.
  • FIG. 2 is a block diagram of an example apparatus that implements the present invention.
  • the method described above will be implemented in a computer program 200 stored in an information recording medium 202.
  • the information recording medium 202 may be any conventional media such as magnetic disk, magnetic tape, optical disk, optical tape, solid state media, and the like.
  • a microprocessor 204 reads the computer program 200 from the information recording medium 202 and executes the computer program 200.
  • Inputs for the first set G of polynomials may be provided from any of several sources.
  • FIG. 2 shows one embodiment where the first polynomials & are entered through an input device 206 such as a keyboard.
  • the first polynomials g, of the first set G may be stored as part of the computer program 200, generated by the computer program 200, chosen from a super set of first polynomials g j , and the like.
  • Inputs for the private key r may also be provided from any of several sources.
  • FIG. 2 shows one embodiment where the private key is generated by a random element generator 208.
  • the private key r may be entered through the input device 206, be selected based upon a tick of a clock 210 at some event (e.g. , a key being struck), calculated from a password entered through the input device 206, and so on.
  • Microprocessor 204 executes the computer program 200 along with the various inputs to generate the public key 212 that is then stored in second information recording medium 214, usually a hard drive.
  • the microprocessor will also store the private key 216 in the second information recording medium 214 so that it is available for decrypting messages at a later time, and for generating a new public key 212 if desired.
  • An output device 218 is used to transmit the public key 212 to the public (not shown).
  • the output device may be a media drive where the public key
  • FIG. 3 is a flow diagram of a method for encrypting and decrypting a message using the public key and private key. A person desiring to receive the encrypted message first generates a public key /private key pair, as shown in block
  • the person sending the encrypted message uses the public key to encrypt an original message, as shown in block 306.
  • the original message q to be encrypted is an element selected from field k (q e k).
  • Encryption may be accomplished by selecting m number of arbitrary polynomials a ; .
  • the encrypted message p may be defined by equation 2 as: m
  • the encrypted message p is transmitted from the message sender to the message receiver, as shown in block 306.
  • the entire polynomial of the encrypted message is transmitted including all variables and coefficients of p, which is a polynomial.
  • the ordering of the variables may be in accordance with a predetermined sequence. Here, it is only necessary to transmit the coefficients of p in the same predetermined sequence.
  • the person receiving the encrypted message deciphers the original message, as shown in block 308. This may be accomplished by evaluating the encrypted message on the private key r, as shown in equation 3: m m
  • a hybrid method of encryption/decryption may be used when dealing with other types of messages that are not elements of the field k. Examples of these other types of messages include, but are not limited to text, graphics, audio, video, and databases. Referring to FIG. 4, the hybrid approach to encryption/decryption involves the generation of the public key /private key pair and transmission of the public key, as shown in block 400 and 402. These are the same steps as shown in FIG. 3, blocks 300 and 302 respectively.
  • Hybrid encryption involves selection or random generation of a convention encryption key q' that is an element of field k (q' 6 k), as shown in block 404.
  • This conventional key q' is then be used to encrypt the message using any conventional method, as shown in block 406.
  • the conventional key q' is then encrypted using the public key to create an encrypted conventional key p', as shown in block 408.
  • the encryption method is the same as shown in equation 2 with p' substituted for p and q' substituted for q.
  • Both the encrypted message and encrypted conventional key p' may be transmitted together as a single item, or transmitted separately.
  • the person receiving the encrypted message and encrypted conventional key p' first decrypts the encrypted conventional key p' using the private key r to produce the conventional key q', as shown in block 412.
  • decryption is performed as shown in equation 3 with p' substituted for p and q' substituted for q.
  • Decryption of the original message is then performed using the conventional key q', as shown in block 414.

Abstract

A method, apparatus, and computer program for generating a public key from a private for cryptography purposes, and a public key/private key pair produced by the method are disclosed. Given a private key that defines a vector, generation of a public key begins with providing a first set of one or more polynomials that may be evaluated on the vector. A second set of polynomials is then constructed from the first set of polynomials such that each polynomial of the second set vanishes on the vector. The second set of polynomials is inserted into a record to create the public key in a tangible form. The private key may be expressed in a tangible form by inserting the vector into a record. In one embodiment, the polynomials of the public key generate an ideal with a doubly exponentially complex Gröbner basis in the number of variables.

Description

ASYMMETRIC ENCRYPTION METHOD AND APPARATUS
TECHNICAL FIELD
The present invention is related to the field of public key generation for cryptography.
BACKGROUND ART
The development of public key/private key cryptography has eliminated the expense of distribution and safeguarding conventional cryptography keys. As a result, people can encrypt, transmit, and decrypt messages with a high level of security .at a minimal cost. In basic operation, a message receiver generates a public key/private key pair. The public key is then transmitted to a message sender, usually through unsecured channels or posted on a public bulletin board. The message sender uses the public key to encrypt a message to produce a cipher text (encrypted message). Unsecured channels may then be used to transmit the encrypted message to the message receiver. Finally, the message receiver uses their private key to decrypt the encrypted message to recover the original message.
Use of unsecured channels and bulletin boards to transmit and post public keys makes public key /private key cryptography inexpensive to distribute the public keys. Here, anyone obtaining a copy of the public key can only use it to encrypt messages intended for the message receiver. Public key construction is designed to make reverse engineering of the private key from the public key extremely difficult, although possible. Consequently, possession of the public key makes decryption of any message encrypted with that public key extremely unlikely.
Several public key/private key methods have been developed over the years. Examples of public key /private key methods include RSA (Rivest, Shamir and Adleman), Diffie-Hellman, DSA (Digital Signature Algorithm) and PGP (Pretty
Good Privacy ®, from Network Associates, Inc. of Santa Clara, California). Most of these methods have evolved in recent years to produce larger and larger public keys. This evolution has been made necessary by improved computational power that makes public keys more vulnerable to brute force attacks. Modern supercomputers can be used to break simple pubic keys in a modest amount of time. As a result, more computational power is required to generate and use large public keys that are still unrealistic to break. For example, the RSA encryption method currently requires approximately one million integer operations to compute a public key. What is desired is an efficient approach for generating public keys/private keys that are simple to generate, that can be used to encrypt, and to decrypt messages.
DISCLOSURE OF INVENTION
The present invention is a method of generating a public key from a private key for cryptography purposes, an information recording medium containing a computer program that implements the method, an apparatus that implements the method, and a public key /private key pair generated by the method. Generation of the public key in accordance with the present invention requires a relatively small amount of computational power as compared with many existing public key generation methods.
Given a private key that defines a vector, generation of a public key begins with providing a first set of one or more polynomials that may be evaluated on the vector. A second set of polynomials is then constructed from the first set of polynomials such that each polynomial of the second set vanishes on the vector. The second set of polynomials is inserted into a record to create the public key in a tangible form.
The first set of polynomials may be selected to generate an ideal with a doubly exponentially complex Grδbner basis in a given number of variables. Sets of polynomials having a complex Grobner basis are very difficult to solve for one or more vectors that cause all of the polynomials to vanish to zero simultaneously. This makes the resulting public key very difficult to break. A doubly exponentially complex Grδbner basis may be achieved where there the number of variables are lOn variables s(m), fim), C; ( ), and bj (m) defined by 10n-6 generators s (m) _ s (m-i) (m-i) for 2 < m < n, m) - s {m-p4 {mA) for 2 < m < n,
Ci (m)f (m-i) b2 (m-i) _ for 2 ≤ HI ≤ n a d 1 < i < 4,
Figure imgf000004_0001
f m)(m) (m) _ S(m)- W fOT 1 < m ≤ n-1 , fm)c2 (m) - fm)c3 (m) for 1 ≤ m ≤ n-1, s(m)c3 (m)b1 (m) - s(m)c2 (m)b4 (m) for 1 ≤ m ≤ n-1, and s(m)c3 (m) - m)c4 (m)b4 (m) for 1 ≤ m ≤ n-1, where l < i < 4, l < m < n, and superscripts (m) and (m-1) are indexing numbers
2n of the variables s, f, ci5 and b This produces a 2 + 1 lower bound for the degrees of all higher order relationships of the ideal.
Accordingly, it is an object of the present invention to provide a method for generating a public key from a private key defining a vector wherein the public key is a set of polynomials that vanish on the vector.
Another object of the present invention is to provide an information recording medium and an apparatus that implement the method of the present invention.
Yet another object of the present invention is to provide a public key /private key pair generated by the method of the present invention.
These and other objects, features and advantages will be readily apparent upon consideration of the following detailed description in conjunction with the accompanying drawings. BRIEF DESCRIPTION OF DRAWINGS
FIG 1 is a flow diagram of a method for generating a public key;
FIG. 2 is a block diagram of an apparatus that implements the method for generating the public key;
FIG. 3 is a flow diagram of a method for encrypting and decrypting a message using the public key and private key; and
FIG. 4 is a flow diagram of a method for encrypting and decrypting a message using the public key, private key and a conventional key.
BEST MODE FOR CARRYING OUT THE INVENTION
The following definitions are used in this document:
A field is any set of elements that satisfy the standard properties of addition, subtraction, multiplication, and division. Real numbers are an example of a field.
A ring is a set of elements that satisfy additive associativity, additive commutativity, additive identity, additive inverse, multiplicative associativity and left and right distributivity. Integers are an example of a ring.
An ideal is a subset of elements of a ring that form an additive group and has the property that wherever x belongs to the ring, and y belongs to the ideal, then xy and yx belong to the ideal. Even integers are an example of an ideal for a ring of integers.
A Grδbner basis for a set of polynomials is an equivalence set of polynomials that possess useful properties. One useful property is that the set of polynomials in a Grobner basis have the same collection of roots as the original set of polynomials. Another useful property is that a Grδbner basis provides a measure of complexity of the original set of polynomials.
An affine space has a coordinate system such that every point within that space can be represented by an n-tuple of the coordinates.
FIG. 1 is a flow diagram for a method of generating a public key from a private key. The method begins by selecting a finite field k and a polynomial ring k{x,, ... ,xn} in n variables to work within, as shown in block 100. An element r is selected from affine space kn (r e kn) as the private key, as shown in block 102. Affine space kn contains field k. This private key r is a vector from the coordinate origin of kn and has n variables. In the preferred embodiment, the private key r is chosen at random. In alternative embodiments, the private key r may be a specifically selected element of affine space kn.
A first set G= {g1,... ,gm} having m polynomials, where m≥ l, is provided as shown in block 104. Each first polynomial g( of G has the same n variables as the private key r such that each first polynomial gs may be evaluated on the private key r. First polynomials gj through gm may be selected at random, or established with specific generators to generate a high degree of interdependency between the variables of the polynomials. The higher the degree of interdependency between the variables, the more difficult it is to solve all for roots of the polynomials so that all of the polynomials vanish to zero simultaneously.
The public key is defined as a second set H = {hj,... ,hm} having m polynomials, where m≥l . The public key is constructed from the first set G of polynomials and the private key r, as shown in block 106. In the preferred embodiment, each second polynomial is defined by equation 1 as:
Figure imgf000006_0001
In alternative embodiments, other constructions may be used to produce the second polynomials S; from the first polynomials fj and the private key r. What is required is that each of the second polynomials Sj vanish when evaluated on the private key r.
One advantage of the preferred embodiment for constructing the second set H is that a limited amount of computational power is required. Once the first set G and private key r have been established, construction of the second set H only requires calculating each first polynomial gj at the private key r, and then subtracting the results from the respective first polynomial gj. Doubling the number of variables n in the first polynomials g{ doubles the number of calculations. Tripling the number of variables n triples the number of calculations. The computational power required to generate the second set H grows linearly with the desired number of variables n, instead of growing exponentially.
As each second polynomial h; is constructed, or after all of the second set H is constructed, the second polynomials h{ are written into a record, as shown in block 108. This record is the public key for the private key r. Once created, the record may be copied into portable media and physically transported to other people for their use in encrypting messages. For example, a person wishing to receive an encrypted message may copy their public key record into a floppy disk and then give that floppy disk to the person they want to send the encrypted message. The record may also be read into transmission channels and transmitted to others. An example of this approach is for the person wishing to receive the encrypted message to attach or embed a copy of the public key record in an e-mail message addressed to the person that will send the encrypted message. Copies of the record may be posted on public and/or private bulletin boards making it available for other people to copy. In an alternative embodiment, where the ordering of the variables for the second polynomials b^ is per a predetermined sequence, then the public key record need only contain the coefficient for the second polynomials h;. Here, the person sending an encoded message may generate the second set H by inserting the coefficients recorded in the public key into the second polynomials hs in the predetermined sequence. For the public key to be effective, it must be impractical to reverse engineer the private key r or any other vector, if one exists, for which all of the second polynomials h; vanish simultaneously. As stated earlier, solutions for the public record can be made very difficult to find when there is a high degree of interdependency among the relationships (also referred to as "syzgies") between the variables of the polynomials. In particular, polynomials that have a complex Grόbner basis are extremely difficult to solve. Remember that one useful property of a Grόbner basis is that it shares the same roots as the original set of polynomials.
Ernst W. Mayer and Albert R. Meyer have shown in their paper "The Complexity of the Word Problems for Commutative Semigroups and Polynomial
Ideals", Advances in Mathematics 46, (1982), pages 305-329, that the amount of computational storage space grows doubly exponentially with the size of the problem instance. Their paper is incorporated herein in its entirety.
Based upon E. W. Mayer and A. R. Meyer's paper, the first set G can be constructed as follows. Let In be an ideal in lOn variables s(m , m Cj(ra), and bi(m) defined by the following 10n-6 generators: s(m) _ s(m-i)(m-i) for 2 ≤ m < n, f<m) _ s (m-i) C4 (m,i) for 2 ≤ m < n,
Ci(m)f(m-i)b2(m-i) _ for 2 ≤ HI ≤ n and 1 < i __ 4,
Figure imgf000008_0001
fm>Cl (ra)b,(m) - s(m)c2 (m) for 1 ≤ m ≤ n-1 , m)c2 (m) - f<m)c3 (m) for 1 ≤ m ≤ n-1 , s(m)c3 (m)b1 (ra) - s(m)c2 (m)b4 (m) for 1 < m < n-1 , and s(m)C3(m) _ f,m)c Mb m for 1 < m < n-1 , where 1 < i < 4, 1 < m < n, and superscripts (m) and (m-1) are indexing numbers for variables s, f, ci; and b,. Note that this is only the preferred embodiment of many sets of generators that can be used to create the first set G of polynomials.
In general, let R be a polynomial ring in n variables over a field K.
Let I be an ideal of R generated by polynomials u, , ... ,uz of degree at most d. Two integers are considered: Ideal membership IM(I), the least integer such that any element u in I of degree at most d may be written as u= v^ + - + vzu2 with degree (U;)<IM(I) for each i (ideal membership problem), and syzygies SYZ(I) (if I is homogeneous), the least integer such that the module of syzygies (relations between the Uj) may be generated by syzygies of degree at most SYZ(I). E. W. Mayer and A. R. Meyer's paper give a construction that IM(I) may be doubly exponential in n. In fact, they show that IM(I) and SYZ(I) may be greater than de with e=2n 1°.
The idea in the construction is as follows: Set N = d for d≥2. Then one can construct a polynomial ring R in lOn variables, and an ideal which effectively counts to N. As pointed out by D. Bayer and M. Stillman in their paper "On the Complexity of Computing Syzygies" , J. Symbolic Computation (1988) 6, pages 135-147, incorporated herein in its entirety, this type of construction realizes the halting problem for a bounded 3-counter machine as an example of the decision problem for ideal membership. Hence the ideal membership problem is exponential space complete over an arbitrary field. There are problems in exponential space which require exponential space, which leads to the aforementioned type of double exponential complexity result for syzygies.
Using the preferred embodiment generators to create the first set G and thus a second set H results in a very complex Grόbner basis that is extremely difficult to solve for even one root. Furthermore, based upon Mayer and Meyer, if 1^ is the homogenization of ideal In by adding an extra variable, and we define the homogeneous ideal Jn=(s(n), n), 1^) then the maximum degree of polynomial in a minimum set of generators for Jn is 4. Also, a lower bound for the degrees of all the higher order relations (syzygies) of the ideal is doubly exponential in the number of variables n as denoted by 2 2n + 1 . In other words, as the number of variables n increases, the complexity of the Grόbner basis for the public key increases as two to the power of two to the power of n. Enlargement of a public key by doubling the number of variables n results in an increase in the complexity of the Grόbner basis by a factor of 24 = 16. Tripling the number of variables n increases the complexity of the Grόbner basis by a factor of 28=256.
FIG. 2 is a block diagram of an example apparatus that implements the present invention. In a practical application, the method described above will be implemented in a computer program 200 stored in an information recording medium 202. The information recording medium 202 may be any conventional media such as magnetic disk, magnetic tape, optical disk, optical tape, solid state media, and the like. A microprocessor 204 reads the computer program 200 from the information recording medium 202 and executes the computer program 200.
Inputs for the first set G of polynomials may be provided from any of several sources. FIG. 2 shows one embodiment where the first polynomials & are entered through an input device 206 such as a keyboard. In other embodiments, the first polynomials g, of the first set G may be stored as part of the computer program 200, generated by the computer program 200, chosen from a super set of first polynomials gj, and the like.
Inputs for the private key r may also be provided from any of several sources. FIG. 2 shows one embodiment where the private key is generated by a random element generator 208. In other embodiments, the private key r may be entered through the input device 206, be selected based upon a tick of a clock 210 at some event (e.g. , a key being struck), calculated from a password entered through the input device 206, and so on.
Microprocessor 204 executes the computer program 200 along with the various inputs to generate the public key 212 that is then stored in second information recording medium 214, usually a hard drive. The microprocessor will also store the private key 216 in the second information recording medium 214 so that it is available for decrypting messages at a later time, and for generating a new public key 212 if desired.
An output device 218 is used to transmit the public key 212 to the public (not shown). The output device may be a media drive where the public key
212 is to be distributed on a moveable information recording medium. The output device may also be a network interface where the public key 212 is to be distributed via e-mail or posted to a network-based bulletin board. FIG. 3 is a flow diagram of a method for encrypting and decrypting a message using the public key and private key. A person desiring to receive the encrypted message first generates a public key /private key pair, as shown in block
300. The public key is then transmitted to the person that is sending the encrypted message, as shown in block 302.
The person sending the encrypted message uses the public key to encrypt an original message, as shown in block 306. In this example, the original message q to be encrypted is an element selected from field k (q e k). Encryption may be accomplished by selecting m number of arbitrary polynomials a;. Using the second polynomials S; of the pubic key and the arbitrary polynomials ai selected by the message sender, the encrypted message p may be defined by equation 2 as: m
P = (∑ a,h,) + q (2) i=l
The encrypted message p is transmitted from the message sender to the message receiver, as shown in block 306. In one embodiment, the entire polynomial of the encrypted message is transmitted including all variables and coefficients of p, which is a polynomial. In other embodiments, the ordering of the variables may be in accordance with a predetermined sequence. Here, it is only necessary to transmit the coefficients of p in the same predetermined sequence.
The person receiving the encrypted message deciphers the original message, as shown in block 308. This may be accomplished by evaluating the encrypted message on the private key r, as shown in equation 3: m m
P(r) = (∑ ai(r)hi(r)) + q = (∑ a,(r) . 0) + q = q (3) i=l i=l
Since each second polynomial S; of the public key vanishes to zero on the private key r (hs(r) = 0), then the evaluation of the arbitrary polynomials a; on the private key r is not important. A hybrid method of encryption/decryption may be used when dealing with other types of messages that are not elements of the field k. Examples of these other types of messages include, but are not limited to text, graphics, audio, video, and databases. Referring to FIG. 4, the hybrid approach to encryption/decryption involves the generation of the public key /private key pair and transmission of the public key, as shown in block 400 and 402. These are the same steps as shown in FIG. 3, blocks 300 and 302 respectively.
Hybrid encryption involves selection or random generation of a convention encryption key q' that is an element of field k (q' 6 k), as shown in block 404. This conventional key q' is then be used to encrypt the message using any conventional method, as shown in block 406. The conventional key q' is then encrypted using the public key to create an encrypted conventional key p', as shown in block 408. The encryption method is the same as shown in equation 2 with p' substituted for p and q' substituted for q.
Transmission now involves sending both the encrypted message and the encrypted conventional key p' to the person receiving the message, as shown in block 410. Both the encrypted message and encrypted conventional key p' may be transmitted together as a single item, or transmitted separately.
The person receiving the encrypted message and encrypted conventional key p' first decrypts the encrypted conventional key p' using the private key r to produce the conventional key q', as shown in block 412. Here, decryption is performed as shown in equation 3 with p' substituted for p and q' substituted for q. Decryption of the original message is then performed using the conventional key q', as shown in block 414.
While embodiments of the invention have been illustrated and described, it is not intended that these embodiments illustrate and describe all possible forms of the invention. Rather, the words used in the specification are words of description rather than limitation, and it is understood that various changes may be made without departing from the spirit and scope of the invention.

Claims

WHAT IS CLAIMED IS:
L A method of creating a public key for use with a private key defining a vector, the public key and the private key being used for cryptography, the method comprising:
providing at least one first polynomial that may be evaluated on the vector;
constructing at least one second polynomial from the at least one first polynomial and the vector such that the at least one second polynomial vanishes on the vector; and
inserting the at least one second polynomial into a record.
2. The method of claim 1 wherein the at least one first polynomial is a first plurality of polynomials, and the at least one second polynomial is a second plurality of polynomials .
3. The method of claim 2 wherein the first plurality of polynomials generate an ideal with a doubly exponentially complex Grόbner basis in a number of variables.
4. The method of claim 3 wherein the number of variables are lOn variables s(m), fm), c,(m>, and bi(m) defined by lOn-6 generators: s(m) - s^c "1"1' for 2 < m < n, m) - s{m- imΛ) for 2 < m ≤ n, Ci(m)f<m-i)b2(m-i) . for 2 < m < n and 1 __ i < 4,
Figure imgf000013_0001
fWc ^b - s(m)c2 (m) for 1 ≤ m < n-1, f<m)c2 (m> - m)c3 (m) for 1 ≤ m ≤ n-1, s(m)c3 (m)b1 (m) - s(m)c2 (m)b4 (ra) for 1 < m < n-1, and s(m)c3 (m) - m)c4 (m)b4 (m> for 1 ≤ m ≤ n-1, where 1 < i < 4, and 1 < m < n.
1 5. An information recording medium for use in a computer to create a public key for use with a private key defining a vector, the public key and the private key being used for cryptography, the information recording medium recording a computer program that is readable and executable by the computer, the computer program comprising:
providing at least one first polynomial that may be evaluated on the ' • vector;
constructing at least one second polynomial from the at least one first polynomial and the vector such that the at least one second polynomial vanishes on the vector; and
1 inserting the at least one second polynomial into a record.
1 6. The information recording medium of claim 5 wherein the at least one first polynomial is a first plurality of polynomials,) and the at least one second polynomial is a second plurality of polynomials.
1 7. The information recording medium of claim 6 wherein the first plurality of polynomials generate an ideal with a doubly exponentially complex Grόbner basis in a number of variables.
1. 8. The information recording medium of claim 7 wherein the number of variables are lOn variables s(m), ), Ci(m), and b;(m) defined by 10n-6
3 generators : s(m) - s^c "1^ for 2 < m < n,
5 fm) - s^V""15 for 2 m < n,
6 Ci(m)f(m-l)b2(n.-l) _ ^(m^m^m-l^m-l) for,2 ≤ HI < n and 1 __ i __ 4, f<m)C](m)(m) _ -(^w for 1 < m < n-1,
8 f<m)c2 (m) - fm)c3 (rn) for 1 ≤ m ≤ n-1,
9 s(m)c3 (mVm) - s(m)c2 (m)b4 (m) for 1 ≤ m ≤ n-1, and 0 s(m)c3 (m) - m)c4 (m)b4 (m) for 1 < m < n-1, where 1 __ i < 4, and 1 < m < n.
9. An apparatus for creating a public key for use with a private key defining a vector, the public key and the private key being used for cryptography, the apparatus comprising:
an input device for receiving the vector;
a memory for storing at least one first polynomial that may be evaluated on the vector;
a circuit connected to the input and the memory, the circuit being operational to construct at least one second polynomial from the at least one first polynomial and the vector such that the at least one second polynomial vanishes on the vector; and
an output device connected to the circuit for inserting the at least one second polynomial into a record.
10. The apparatus of claim 9 wherein the at least one first polynomial is a first plurality of polynomials, and the at least one second polynomial is a second plurality of polynomials.
11. The apparatus of claim 10 wherein the first plurality of polynomials generate an ideal with a doubly exponentially complex Grόbner basis in a number of variables.
12. The apparatus of claim 11 wherein the number of variables are lOn variables s(m), fm), c " , and b "0 defined by 10n-6 generators: s(π . s(m-i)(m-i) for 2 < m < n, m) - s^V""" for 2 < m < n, C|(m)f(m-i)b2(n.-i) _ ^(m^m^m-i^m-i) for 2 < m < n and 1 < i < 4, f(m)(m)(m) _ jW-^m) for 1 < m < n-1 , fm)c2 (m) - fm)c3 (m) for 1 ≤ m ≤ n-1, s(m)c3 (m)b1 (m) - s(m)c2 (m)b4 (m) for 1 ≤ m < n-1, and s(m)c3 (m) - f<m)c4 (ra)b4 (m) for 1 < m < n-1, " where 1 < i < 4, and 1 ≤ m < n.
13. A key pair for use in encrypting and decrypting, the key pair comprising:
a first record;
a vector disposed in the first record to establish a private key of the key pair;
a second record; and
at least one polynomial disposed in the second record, theat least one polynomial vanishing on the vector to establish a public key of the key pair.
14. The key pair of claim 13 wherein the at least one polynomial is a plurality of polynomials.
15. The key pair of claim 14 wherein the plurality of polynomials generate an ideal with a doubly exponentially complex Grόbner basis in a number of variables.
16. The key pair of claim 15 wherein the number of variables are lOn variables s(m), m c{m), and b,*"0 defined by 10n-6 generators: s(m) - slm- {mrl) for 2 ≤ m ≤ n, fra) - s(m-1)c4 (m'1) for 2 < m __ n, Cj(m)f<m-i)b2(m-i) _ ^(m^ M^m-D^m-i) for 2 < m < n and 1 < i < 4, <m)c1 (m)b1 <,n) - s(m)c2 (m) for 1 < m < n-1, f<m)c2 (m) - fm)c3 (m) for 1 < m < n-1, s(m)c3 (mVm) - s(m)c2 (m)b4 (m) for 1 < m < n-1, and s(m)c3 (m) - fm)c4 (m)b4 (m) for 1 < m < n-1, where 1 < i < 4, and 1 < m ≤ n.
PCT/US2001/024642 2000-08-11 2001-08-06 Public key generation method and apparatus WO2002015455A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001288234A AU2001288234A1 (en) 2000-08-11 2001-08-06 Public key generation method and apparatus

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US63949900A 2000-08-11 2000-08-11
US09/639,499 2000-08-11

Publications (2)

Publication Number Publication Date
WO2002015455A2 true WO2002015455A2 (en) 2002-02-21
WO2002015455A3 WO2002015455A3 (en) 2002-10-17

Family

ID=24564349

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/024642 WO2002015455A2 (en) 2000-08-11 2001-08-06 Public key generation method and apparatus

Country Status (2)

Country Link
AU (1) AU2001288234A1 (en)
WO (1) WO2002015455A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103401676A (en) * 2013-07-16 2013-11-20 中国人民解放军海军工程大学 Two-dimensional barcode-based logistics industry personal information privacy protection system and method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998008323A1 (en) * 1996-08-19 1998-02-26 Ntru Cryptosystems, Inc. Public key cryptosystem method and apparatus

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998008323A1 (en) * 1996-08-19 1998-02-26 Ntru Cryptosystems, Inc. Public key cryptosystem method and apparatus

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
KIPNIS A ET AL: "UNBALANCED OIL AND VINEGAR SIGNATURE SCHEMES" , ADVANCES IN CRYPTOLOGY - EUROCRYPT '99. INTERNATIONAL CONF. ON THE THEORY AND APPLICATION OF CRYPTOGRAPHIC TECHNIQUES. PRAGUE, CZ, MAY 2 - 6, 1999 PROCEEDINGS, LECTURE NOTES IN COMPUTER SCIENCE, BERLIN: SPRINGER, DE, VOL. VOL. 1592, PAGE(S) 206-222 XP000830709 ISBN: 3-540-65889-0 page 206, line 1 -page 208, line 12 page 218, line 19 -page 220, line 21 *
PATARIN J ET AL: "Trapdoor one-way permutations and multivariate polynomials (Extended Version)" INFORMATION AND COMMUNICATIONS SECURITY. FIRST INTERNATIONAL CONFERENCE, ICIS '97. PROCEEDINGS, INFORMATION AND COMMUNICATIONS SECURITY. FIRST INTERNATIONAL CONFERENCE, ICICS '97, BEIJING, CHINA, 11-14 NOV. 1997, [Online] pages 356-368, XP002205292 1997, Berlin, Germany, Springer-Verlag, Germany ISBN: 3-540-63696-X Retrieved from the Internet: <URL:http://citeseer.nj.nec.com/patarin97t rapdoor.html> [retrieved on 2002-07-09] *
TSUTOMU MATSUMOTO ET AL: "PUBLIC QUADRATIC POLYNOMIAL-TUPLES FOR EFFICIENT SIGNATURE-VERIFICATION AND MESSAGE-ENCRYPTION" , ADVANCES IN CRYPTOLOGY- EUROCRYPT. INTERNATIONAL CONFERENCE ON THE THEORY AND APPLICATION OF CRYPTOGRAPHIC TECHNIQUES, SPRINGER VERLAG, DE, PAGE(S) 419-453 XP000568374 abstract page 419, line 1 -page 420, last line page 431, line 24 -page 433, last line page 434 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103401676A (en) * 2013-07-16 2013-11-20 中国人民解放军海军工程大学 Two-dimensional barcode-based logistics industry personal information privacy protection system and method

Also Published As

Publication number Publication date
AU2001288234A1 (en) 2002-02-25
WO2002015455A3 (en) 2002-10-17

Similar Documents

Publication Publication Date Title
Mallouli et al. A survey on cryptography: comparative study between RSA vs ECC algorithms, and RSA vs El-Gamal algorithms
Singh et al. Implementation of text encryption using elliptic curve cryptography
Yi et al. Single-database private information retrieval from fully homomorphic encryption
Chow et al. Efficient unidirectional proxy re-encryption
Iyer et al. A novel idea on multimedia encryption using hybrid crypto approach
Touil et al. Text encryption: Hybrid cryptographic method using vigenere and hill ciphers
Wu Fully homomorphic encryption: Cryptography's holy grail
Lin et al. Comments on Saeednia's improved scheme for the Hill cipher
Bellafqira et al. Proxy re-encryption based on homomorphic encryption
Singh et al. Improvement of image transmission using chaotic system and elliptic curve cryptography
US20060251248A1 (en) Public key cryptographic methods and systems with preprocessing
Asaduzzaman et al. A promising parallel algorithm to manage the RSA decryption complexity
Joshi An efficient Paillier cryptographic technique for secure data storage on the cloud
US20080019508A1 (en) Public key cryptographic methods and systems with rebalancing
Parenreng et al. The E-mail security system using El-Gamal hybrid algorithm and AES (advanced encryption standard) algorithm
Shirur et al. Design and Implementation of Synthesizable Two-Level Cryptosystem for High-Security enabled Applications
WO2002015455A2 (en) Public key generation method and apparatus
Balasubramanian et al. Problems in cryptography and cryptanalysis
Ogiela et al. Comparison of selected homomorphic encryption techniques
Eseyin et al. An overview of public key cryptosysems and application of residue number system
AlDerai et al. A Study of Image Encryption/Decryption by Using Elliptic Curve Cryptography ECC
Rajarama et al. Diffie-Hellman Type Key Exchange, ElGamal Like Encryption/Decryption and Proxy Re-encryption Using Circulant Matrices.
Azam Cryptanalysis of the Encryption Scheme Based on Advanced Hill Cipher Algorithm
Li et al. Toward proxy re-encryption from learning with errors in the exponent
Verma et al. Cryptography: A Comparative Analysis of AES and RSA Algorithms

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP