WO2003007539A1 - Public key cryptosystem using finite non abelian groups - Google Patents

Public key cryptosystem using finite non abelian groups Download PDF

Info

Publication number
WO2003007539A1
WO2003007539A1 PCT/KR2001/001747 KR0101747W WO03007539A1 WO 2003007539 A1 WO2003007539 A1 WO 2003007539A1 KR 0101747 W KR0101747 W KR 0101747W WO 03007539 A1 WO03007539 A1 WO 03007539A1
Authority
WO
WIPO (PCT)
Prior art keywords
automoφhism
inn
public key
group
computing
Prior art date
Application number
PCT/KR2001/001747
Other languages
French (fr)
Inventor
Seong-Hun Paeng
Kil-Chan Ha
Jae-Heon Kim
Original Assignee
Electronics And Telecommunications Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electronics And Telecommunications Research Institute filed Critical Electronics And Telecommunications Research Institute
Priority to EP01976924A priority Critical patent/EP1413084A4/en
Priority to CA002453234A priority patent/CA2453234A1/en
Priority to US10/483,187 priority patent/US7251325B2/en
Priority to JP2003513179A priority patent/JP3955567B2/en
Priority to GB0400477A priority patent/GB2392806B/en
Publication of WO2003007539A1 publication Critical patent/WO2003007539A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3013Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the discrete logarithm problem, e.g. ElGamal or Diffie-Hellman systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise

Definitions

  • the present invention relates to a public key cryptosystem using finite non abelian groups and, in particular, to a method of generating finite non abelian groups, an implementation of efficient public key cryptosystem using the non abelian groups and an application method thereof.
  • a conventional or symmetric cryptosystem is a system for encrypting and decrypting a document by using a secret key and has disadvantages that there is difficulty in administration of the secret key and a digital signature can not be appended to a message to be transmitted since each of users must have identical secret key.
  • a public key cryptosystem introduced by Diffie and Hellman in 1976 to provide a new adventure in modem cryptology is a system using a public key and a secret key, in which the public key is publicly known so as to be used by anyone and the secret key is kept by users so that non-public exchange of message is enabled between users having the public key.
  • an object of the present invention is to provide a method of encrypting and decrypting a message using finite non abelian groups which can eliminate the disadvantages described above by using the Discrete Logarithm Problem using automorphism of finite non abelian groups.
  • An encryption/decryption process of the present invention comprises the steps of: selecting a generator and a first element of a first non abelian group, respectively, computing a first inner automorphism which is used as a first public key, and generating a second public key by using a secret key being a first integer and the first public key; expressing a plain text by a product of generator of a second non abelian group, computing a second inner automorphism by using an arbitrary second integer and the first public key, computing a third inner automorphism by using the second integer and the second public key, and generating a ciphertext by using the third inner autmorphism; and generating a fourth inner automorphism by using the secret key and the second inner automorphism, and decrypting the ciphertext by using the fourth inner automorphism.
  • a generalized encryption/decryption process of the present invention comprises the steps of: selecting a first element of a first group, computing a first automorphism of a second group which is used as a first public key, and generating a second public key by using a secret key being a first integer and the first public key; expressing a plain text by a product of generator of the second group, computing a second automorphism by using an arbitrary second integer and the first public key, computing a third automorphism by using the second integer and the second public key, and generating a ciphertext by using the third automo him; and generating a fourth automorphism by using the secret key and the second automorphism by using the secret key and the second automorphism, and decrypting the ciphertext by using the fourth antomorphism.
  • a signature scheme of the present invention comprises the steps of: selecting generators and an element of non abelian group, respectively, computing a first inner automorphism which is used as a first public key, and generating a second public key by using a secret key being an integer and the first public key; computing a second inner automorphism by using the first public key and an arbitrary random number, generating a symmetric key by using the second inner automorphism, computing a ciphertext by encrypting a plain text containg an agreed upon type of redundancy by using the symmetric key, computing a hash function by using the ciphertext, and signing by using the random number and hash function; and checking whether the signature exists in a predetermined range, computing the hash function, computing a third inner automo ⁇ hism by using the signature, the integer and the hash function, recovering the symmetric key by using the third inner automo ⁇ hism, obtaining a deciphertext by using the symmetric key, and checking whether the signature is valid signature by checking an agreed
  • a method of key exchanging of the present invention comprises the steps of: selecting generators and an element of non abelian group, respectively, and computing a first inner automo ⁇ hism which is used as a first public key; a first user computing a second inner automo ⁇ hism by using an arbitrary first random number and the public key and providing the second inner automo ⁇ hism to a second user; the second user generating a symmetric key by computing a third inner automo ⁇ hism by using an arbitrary second random number and the second inner automo ⁇ hism; and the first user computing the third inner automo ⁇ hism by using the fourth inner automo ⁇ hism and the first random number, and obtaining the symmetric key by using the third inner automo ⁇ hism.
  • Fig.1 is a flow chart illustrating a method of generating a public key using finite non abelian groups according to the present invention
  • Fig.2 is a flow chart illustrating a method of encrypting and decrypting a message using the public key shown in Fig.l
  • Fig.3 is a flow chart illustrating an electronic signing method using the public key shown in Fig.1 ;
  • Fig.4 is a flow chart illustrating a digital signature confirming method using the public key shown in Fig. 1;
  • Fig.5 is a flow chart illustrating a key exchanging method using the public key shown in Fig.1.
  • Figs. 1 to 5 are flow chart illustrating a public key cryptosystem using finite non abelian groups according to an embodiment of the present invention, where the contents in the square brackets relates to a cryptosystem of generalized finite non abelian groups which will be described later.
  • the present invention suggests a new encrypting method based on a special conjugacy problem and a Discrete Logarithm Problem.
  • p be a big prime number
  • G be a non abelian group of which the number of central elements is not one
  • a first element g be an element of G, an order p and be not in the center of G
  • ⁇ e be a generator set of G.
  • step SI The prime number p is selected (step SI) and the finite non abelian group G having the characteristics described above is selected (step S2).
  • the generator ⁇ j ⁇ of the element of the finite non abelian group G is selected, and the element g which is not a central element and has an order being a large prime number p is selected (step S3).
  • an inner automo ⁇ hism Inn(g) for g given above is computed by the following equation 1 (step S4).
  • an arbitrary first integer a which is smaller than the prime number p is set as a secret key and the public key is set as Inn(g ) (referred to as "a second pubic key” herein below) using the inner automo ⁇ hism Inn(g) (referred to as "a first public key” herein below) and the secret key a (steps S5 and S6).
  • the plain text M is transformed to the element m of the non abelian group G (that is, msG ), and the element m is represented as a product of the generator ⁇ t ⁇ (steps S7 and S8).
  • a second inner automo ⁇ hism Inn(g ) and a third inner automo ⁇ hism Inn(g a ) are computed respectively using the first public key and the second public key and b (steps S9 and S10).
  • a ciphertext E is computed by an equation 2 given below by using the second inner automo ⁇ hism Inn(g ) and the third inner automo ⁇ hism Inn(g ab ) and transmitted to a receiver side (step SI 1).
  • the second inner automo ⁇ hism Inn(g b ) is transmitted to the receiver side together with the ciphertext E.
  • the transmitted ciphertext E is decrypted as follows.
  • the transmitted ciphertext E is expressed as a product of the generator (step S12).
  • m Inn(g- ab )E (3)
  • the non abelian G for implementation of the message encryption/decryption method described above can be generated by a semi-direct product by an equation 4.
  • SL(2,Z P ) is a subgroup of the non abelian group G.
  • the number ⁇ S ⁇ of elements of S is 2p.
  • m is chosen from SL(2,Z P ) which is a subgroup of G.
  • a method of choosing the element g of non abelian group G in Inn(g) is as follows.
  • x ⁇ 1 (y) we can choose g whose order is p and we can know that the order of Inn(g) is p according to Theorem 2. If we choose g arbitrarily and the order of g is not fixed, then we can increase the security since we should know the order of a given cyclic group to apply a known algorithm for Discrete Logarithm Problem (DLP). That is, we should solve DLP under the assumption that the order of g is p for each d ⁇ (p+l)(p-l) .
  • DLP Discrete Logarithm Problem
  • the second method of obtaining the secret key is as follows.
  • the special conjugacy problem in G is not a hard problem and the DLP in G is not a hard problem too as seen in equation 14.
  • the security of the present invention becomes similar to 1024 bit RSA. (That is, an expected run time for solving DLP in Inn(g) and for factorization in 1024-bit RSA is about 2 87 and 2 S0 , respectively.) Also, Inn(g) is contained in Aut(G)cEnd(G)cG G , where End(G) is the endomo ⁇ hism group of G and G G is the set of all functions from G to G. We cannot apply the index calculus to any of them since they are not even expressed as matrix groups.
  • the present invention has the following advantage. That is, in RSA and XTR, an expected run time to find the secret key from the public key is sub- exponential, while an exponential run time o p is taken in the present invention.
  • RSA log 2 «) 3 C ⁇ (1024) 3 ⁇ 10 9 C -bit operations. If the public exponent in RSA encryption scheme is 32-bit number, then it takes 3.2 x 10 7 C- bit operations.
  • 'A' computes Inn(g a ) b and Inn(g b ) only at the first communication and send
  • 'B' computes Inn(g b ) "a by using the received Inn(g b ).
  • 'A' sends the ciphertext E to 'B'.
  • 'B' can decrypt E by computing Inn(g b ) "a (E).
  • decryption we need the same number of multiplications as the encryption. In decryption of RSA, it takes about 2.5 x 10 8 C-bit operations even if we use the "Chinese Remainder Theorem. Thus, the decryption according to the present invention is 200 times faster than that of RSA.
  • ECC since b is not fixed, precomputations of g is impossible. Then, the number of multiplications for decryption in 170-bit ECC are 1900, respectively. Then, the decryption according to the present invention is about 40 times faster than ECC.
  • Inn(g a ) if p is a 160-bit prime number, then it takes 960-bit to express Inn(g ). So we can express the public key with smaller size than RSA.
  • the secret key size is log jps; 160 -bit so it is much smaller than 1024-bit RSA.
  • the present invention described above provides a new public key cryptosystem using finite non abelian groups and suggests an example of finite non abelian groups which can be used in the encryption scheme described above.
  • the encryption scheme described above can be applied to other non abelian groups. However, we must be careful in choosing the non abelian groups for the security of encryption.
  • FIG. 3 A digital signature scheme using the public key cryptosystem is illustrated in Figs. 3 and 4. For example, let us assume that 'A' signs while sending a plain text M to 'B'.
  • the digital signature scheme is effected by using the public keys Inn(g), Inn(g a ) and the secret key a generated through the steps illustrated in Fig. 1.
  • the singing procedure is as shown in Fig. 3.
  • step S31 selects a random number b (an integer random sampled from arbitrary integer) (step S31) and then computes Inn(g b ) by using the random number b (step S32).
  • a symmetric key K is generated using the Inn(g b ) (step S31).
  • a plain text (message) M containg an agreed upon type of redundancy is encrypted to obtain a ciphertext E by using the symmetric key K (step S34).
  • a hash function IH (E) is computed by using the ciphertext E (step
  • 'A' sends the ciphertext E and the signature s to 'B'.
  • step S44 the symmetric key K is recovered using the Inn(g s ) Inn(g "ha ) (step S44), and the ciphertext E containg an agreed upon type of redundancy is decrypted by using the symmetric key K and checks whether agreed is appropriate to check the validity of the signature (steps S45 and steps 46). If the signature is valid, the plain text (meesage) M is accepted as the valid message.
  • the encryption can be effected using Inn(g ab )(m) instead of the symmetric key K. Then, there is no problem in encryption and decryption using even with the random number b fixed.
  • the key exchange is effected using the public key Inn(g) generated through the steps illustrated in Fig. 1.
  • Procedure of the key exchange is as shown in Fig.5.
  • 'A' selects the random number a (step S51), and then computes Inn(g a ) using the random number a (step S52). Then, 'A' sends Inn(g a ) to 'B'. 'B' selects the random number b (step S53), computes Inn(g ab ) using the random number b (step S54), and generates the symmetric key K using the Inn(g ab ) (step S55).
  • 'B' computes Inn(g b ) and sends it to 'A' (step S56), and computes Inn(g ab ) using Inn(g b ) and the random number a (step S57). Then, 'A' obtains the symmetric key K from Inn (g ab ) (step58).
  • the cryptosystem described above can be generalized as follows. The reason why the inner automo ⁇ hism group is used is that although in general it is not easy to know the automo ⁇ hism group, it is easy to know the inner automouphism group which is a subgroup of the automo ⁇ hism group. However, if we know another subgroup of the automo ⁇ hism group the generalization of the cryptosystem can be made.
  • the generalized cryptosytem described above is a big system including ElGamal-type encryption.
  • H Z l ⁇ ⁇ Z m .
  • the order at Z of a be ⁇ d[ .
  • Q 2 (Y)(x,y) (sx,ty) for s, t which satisfy (s,
  • the basic system using the Discrete Logarithm in Inn(G) for G defined thus has a weak point due to the existence of abelian normal group.
  • an element of arbitrary Inn(G) can be easily expressed by a product of generators. Since the special conjugacy problem of G is easily solved by taking ]t
  • r ⁇
  • we select ⁇ ⁇ , m, t which satisfy lcm(m/t-l, r ⁇ ) » m/t-l.
  • the present invention described above can provide the following effects by using the Discrete Logarithm Problem in the inner automo ⁇ hism of finite non abelian groups.
  • the application of exponential run time algorithm to solve the DLP quickly can be avoided, second, the security can be maintained without depending on the DLP by using non abelian groups which have large centers, third, the high speed of encryption/decryption can be achieved since there is no necessity of encrypting by generating different random numbers each time of encrypting the message by applying the deformed ElGamal method, and fourth, the public key encrypting method can be easily used to the signature different from the situation in which there was difficulty when the public key encryption method using the existing non abelian groups is used in signature.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a method of encryption and decryption comprises the steps of: selecting a generator and a first element of a first non abelian group, respectively, computing a first inner automorphism which is used as a first public key, and generating a second public key by using a secret key being a first integer and the first public key; expressing a plain text by a product of generator of a second non abelian group, computing a second inner automorphism by using an arbitrary second integer and the first public key, computing a third inner automorphism by using the second integer and the second public key, and generating a ciphertext by using the third inner automorphism; and generating a fourth inner automorphism by using the secret key and the second inner automorphism, and decrypting the ciphertext by using the fourth inner automorphism.

Description

PUBLIC KEY CRYPTOSYSTEM USING FINITE NON ABELIAN GROUPS
BACKGROUND OF THE INVENTION
Technical Field
The present invention relates to a public key cryptosystem using finite non abelian groups and, in particular, to a method of generating finite non abelian groups, an implementation of efficient public key cryptosystem using the non abelian groups and an application method thereof.
Background Art
A conventional or symmetric cryptosystem is a system for encrypting and decrypting a document by using a secret key and has disadvantages that there is difficulty in administration of the secret key and a digital signature can not be appended to a message to be transmitted since each of users must have identical secret key.
A public key cryptosystem introduced by Diffie and Hellman in 1976 to provide a new adventure in modem cryptology is a system using a public key and a secret key, in which the public key is publicly known so as to be used by anyone and the secret key is kept by users so that non-public exchange of message is enabled between users having the public key.
Conventionally, RSA encryption scheme using difficult factorization problem of a composite number and ElGamal-type cryptosystem using Discrete Logarithm Problem (DLP) were used. Recently, a braid operation cryptosystem using difficult conjugacy problem in non abelian groups is developed.
A public key cryptosystem using elliptic curve is disclosed in "Public key cryptosystem with an elliptic curve" of USPN 5,272,755 registered on December
21, 1993, and a braid operation cryptosystem using conjugacy problem is disclosed in "New public key cryptosystem using braid group" published on an article book of Advances in Cryptology Crypto 2000 by K.H.Ko, et al. on August of 2000.
In case of using the Discrete Logarithm Problem such as ElGamal cipher in Zp, the size of group and key is increased in finite field, which is an abelian group, due to the development of efficient algorithm such as index calculus. Therefore, to solve these problems, a public key cryptosystem must be suggested which can avoid the conventional algorithm for solving the Discrete Logarithm Problem and sufficiently stably maintain the group and key.
SUMMARY OF THE INVENTION
In addition, the problem in using the non abelian groups is that since if the representation of a given element is not pre-established, a plain text and a deciphertext may be recognized to be different, therefore, a selected arbitrary element must be represented in a given way of representation. Therefore, in a cryptosystem using non abelian groups, the problem of whether an arbitrary element can be efficiently represented in a given way of representation is very important. Therefore, an object of the present invention is to provide a method of encrypting and decrypting a message using finite non abelian groups which can eliminate the disadvantages described above by using the Discrete Logarithm Problem using automorphism of finite non abelian groups.
An encryption/decryption process of the present invention comprises the steps of: selecting a generator and a first element of a first non abelian group, respectively, computing a first inner automorphism which is used as a first public key, and generating a second public key by using a secret key being a first integer and the first public key; expressing a plain text by a product of generator of a second non abelian group, computing a second inner automorphism by using an arbitrary second integer and the first public key, computing a third inner automorphism by using the second integer and the second public key, and generating a ciphertext by using the third inner autmorphism; and generating a fourth inner automorphism by using the secret key and the second inner automorphism, and decrypting the ciphertext by using the fourth inner automorphism.
A generalized encryption/decryption process of the present invention comprises the steps of: selecting a first element of a first group, computing a first automorphism of a second group which is used as a first public key, and generating a second public key by using a secret key being a first integer and the first public key; expressing a plain text by a product of generator of the second group, computing a second automorphism by using an arbitrary second integer and the first public key, computing a third automorphism by using the second integer and the second public key, and generating a ciphertext by using the third automo him; and generating a fourth automorphism by using the secret key and the second automorphism by using the secret key and the second automorphism, and decrypting the ciphertext by using the fourth antomorphism.
A signature scheme of the present invention comprises the steps of: selecting generators and an element of non abelian group, respectively, computing a first inner automorphism which is used as a first public key, and generating a second public key by using a secret key being an integer and the first public key; computing a second inner automorphism by using the first public key and an arbitrary random number, generating a symmetric key by using the second inner automorphism, computing a ciphertext by encrypting a plain text containg an agreed upon type of redundancy by using the symmetric key, computing a hash function by using the ciphertext, and signing by using the random number and hash function; and checking whether the signature exists in a predetermined range, computing the hash function, computing a third inner automoφhism by using the signature, the integer and the hash function, recovering the symmetric key by using the third inner automoφhism, obtaining a deciphertext by using the symmetric key, and checking whether the signature is valid signature by checking an agreed upon redundancy in the deciphertext. A method of key exchanging of the present invention comprises the steps of: selecting generators and an element of non abelian group, respectively, and computing a first inner automoφhism which is used as a first public key; a first user computing a second inner automoφhism by using an arbitrary first random number and the public key and providing the second inner automoφhism to a second user; the second user generating a symmetric key by computing a third inner automoφhism by using an arbitrary second random number and the second inner automoφhism; and the first user computing the third inner automoφhism by using the fourth inner automoφhism and the first random number, and obtaining the symmetric key by using the third inner automoφhism.
BRIEF DESCRIPTION OF THE DRAWINGS
The above and other objects, effects, features and advantages of the present invention will become more apparent by describing in detail the preferred embodiment of the present invention with reference to the attached drawings in which: Fig.1 is a flow chart illustrating a method of generating a public key using finite non abelian groups according to the present invention;
Fig.2 is a flow chart illustrating a method of encrypting and decrypting a message using the public key shown in Fig.l; Fig.3 is a flow chart illustrating an electronic signing method using the public key shown in Fig.1 ;
Fig.4 is a flow chart illustrating a digital signature confirming method using the public key shown in Fig. 1; and
Fig.5 is a flow chart illustrating a key exchanging method using the public key shown in Fig.1.
Similar reference characters refer to similar parts in the several views of the drawings.
DETAILED DESCRIPTION OF THE INVENTION
A detailed description of the present invention is given below with reference to the accompany drawings.
Figs. 1 to 5 are flow chart illustrating a public key cryptosystem using finite non abelian groups according to an embodiment of the present invention, where the contents in the square brackets relates to a cryptosystem of generalized finite non abelian groups which will be described later.
The present invention suggests a new encrypting method based on a special conjugacy problem and a Discrete Logarithm Problem. Let p be a big prime number, G be a non abelian group of which the number of central elements is not one, a first element g be an element of G, an order p and be not in the center of G, and {e;} be a generator set of G.
Here, when Inn(g)(x)=gx gΛ , if {Inn(g)( e^} is known, an isomoφhism Inn(g) can be obtained. That is, if m is represented as e ... e - , then Inn(g)(m)=Inn(g)( e ) . . . . Inn(g)( e . ) . Therefore, Inn(g) can be represented as {Inn(g)( e } .
Then, the procedure of generating a public key used in encrypting a plain text M as shown in Fig.l is as follows.
The prime number p is selected (step SI) and the finite non abelian group G having the characteristics described above is selected (step S2). The generator {βj} of the element of the finite non abelian group G is selected, and the element g which is not a central element and has an order being a large prime number p is selected (step S3). Then, an inner automoφhism Inn(g) for g given above is computed by the following equation 1 (step S4).
Inn(g)={Inn(g)( ei)} = {ge! gΛ} (1)
Next, an arbitrary first integer a which is smaller than the prime number p is set as a secret key and the public key is set as Inn(g ) (referred to as "a second pubic key" herein below) using the inner automoφhism Inn(g) (referred to as "a first public key" herein below) and the secret key a (steps S5 and S6). Next, the procedure of encrypting and decrypting the plain text M using the secret key and the public key is described below with reference to Fig.2.
The plain text M is transformed to the element m of the non abelian group G (that is, msG ), and the element m is represented as a product of the generator { t} (steps S7 and S8). If an arbitrary second integer b is selected, a second inner automoφhism Inn(g ) and a third inner automoφhism Inn(ga ) are computed respectively using the first public key and the second public key and b (steps S9 and S10). A ciphertext E is computed by an equation 2 given below by using the second inner automoφhism Inn(g ) and the third inner automoφhism Inn(gab) and transmitted to a receiver side (step SI 1). In addition, the second inner automoφhism Inn(gb) is transmitted to the receiver side together with the ciphertext E.
E=Innf gab)(m)=(Inn( ga) h)(m) (2)
The transmitted ciphertext E is decrypted as follows. The transmitted ciphertext E is expressed as a product of the generator (step S12). Next, a fourth inner automoφhism Inn(g"ab)=Inn(gb)"a is computed using the secret key a and the second inner automoφhism Inn(gb)(step SI 3). If the computed value is used, since m is computed by equation 3, the decryption is effected (step SI 4). m=Inn(g-ab)E (3)
The non abelian G for implementation of the message encryption/decryption method described above can be generated by a semi-direct product by an equation 4.
G=SL(2,Zp)XiZp (4)
Here, SL(2,ZP) is a subgroup of the non abelian group G. A cyclic subgroup a having an order p of SL(2, Zp) exists in G, and Q is defined as equation 5.
Figure imgf000008_0001
θ :Zp→Aut(SL(2, Zp)) (5)
Here, θt is an isomoφhism from Zp to the cyclic subgroup. Then θ i ( )x θ i (y)'1 • Using this equation, the conjugate of (a,b) is computed by equation 6. Here, let g=(x,y).
(x,y)(a,b)(x,yyH^(y)(a)(b)(χ-λ),b) (6)
Here, fixing b=0, equation 7 can be obtained. (x,y)(a,0) (x,y) '1=(xθ()(«) *"',0)=(( θ , (y))a (x θ , (y)) ^,0) -(7) Here, if we solve the special conjugacy problem of SL(2,ZP), we can obtain x θ i (y) . The special conjugacy problem is a problem of obtaining x' which satisfies Inn(x')=Inn(x) when Inn(x) is given.
In addition, if we assume that (xvy^) G satisfies λ § (y ^=x % x(y) , then for b≠O, we can easily obtain equation 8 by using the fact that Zp is an abelian group and Θ i is a homomoφhis .
Figure imgf000008_0002
=(^ιθι(^!))αθι (j>1)"1θι(δ)θι:>'ιθι y)"1^"^! (b)'1 =(x e j (y))a θ ! (- y {+b+y χ) θ λ (y) Λ x θ x (b) Λ =*Θ (y) ι ) ι(y)_1 _1Θ ι( ) _1
= θι()«θι ( )'1 B ι(b) x'1 β i (b)~l
=xo(y)(a)%(b)(xΛ) (8)
That is, the set of solutions for the special conjugacy problem can be expressed as equation 9.
Figure imgf000009_0001
Here, the number \S\ of elements of S is 2p.
If Inn(g)=Inn(gl), Inn(g g^)=Id. This means that g_1g! is an element of the center of G. Also for any central element g0, Inn(gg0)::Inn(g). So we know that the number of the central element of G is 2p.
Note that the probability to choose m and g in the center is 2plp
Figure imgf000009_0002
3 ~ 0 In addition, m is chosen from SL(2,ZP) which is a subgroup of G.
If the non abelian group G is generated by equation 4, a generator set of SL(2,Zp)is{T,S}.
This can be expressed as follows.
Figure imgf000009_0003
There exists an algorithm which find a decomposition of each element g G SL(2,ZP) of SL(2,ZP). That is, an arbitrary element g of SL(2,ZP) is computed by equation 10. g=Sl° τ STJl ... STJ" S '"" (10)
Where i0, in+1 may be '0' or ' 1' and j„= ± 1, ± 2, . • ■ .
If me;SL(2,Zp), then m can be expressed as equation 11 (Herein below, referred to as "Theorem 1"). m= TJ!S T s τh (11)
To prove this, if we compute τ ST ST , we obtain equation 12.
Figure imgf000010_0001
From equation 12 and a fact that Zp is a field, we can find j j2, j3 which satisfies m=TJlST ST for any given meSL(2, Zp). That is, if the three values jlsj2,j3 are determined, all elements of SL(2, Zp) are determined.
Since {(T,0), (S,0),(I,1)} is a generator set of G, if we know gTg"1, gSg"1 and g(I,l)g"1, we can obtain Inn(g). In addition, since meSL(2,Zp) and SL(2,ZP) is a normal subgroup of G, Inn(g) can be restricted to SL(2,Zp) and Inn(g) I sn2,zp) becomes an automoφhism of SL(2,Zp). Hence, the public key is
Inn(g) I su2,z„) and Inn(ga) \ SL{%Zp) . Therefore, if {gTg1, gSg l} is known, we can express Inn(g) \ SL{ Z).
We choose e 1 (1) among elements of SL(2,ZP) whose order is p, e.g. I + δ 12-
A method of choosing the element g of non abelian group G in Inn(g) is as follows.
For (x,y)EG, (x,y)n=((x^ x(y))' x(y)'n ,ny) (Herein after referred to as
"Theorem 2"). To prove this, an induction method and equation 13 below are used.
(x,y) *"= (x,y) k (x,y)=( (x^(y))k Ql (b) -k,ky)(x,y)
Figure imgf000010_0002
= ( Ql(y))kQl(yyk^ )k βl yk, )y =((xs .(y))^ !(v))θ yy{k"x)^+iy)
Figure imgf000010_0003
Here, if we determine x θ 1 (y) to be A(I+c 512) A ~l for some fixed cεZp and AeSL(2,Zp), then we can choose g whose order is p and we can know that the order of Inn(g) is p according to Theorem 2. If we choose g arbitrarily and the order of g is not fixed, then we can increase the security since we should know the order of a given cyclic group to apply a known algorithm for Discrete Logarithm Problem (DLP). That is, we should solve DLP under the assumption that the order of g is p for each d \ (p+l)(p-l) .
The present invention described above maintains the security since DLP can not be solved in Inn(g) easily. This will be described below in detail.
In case that we solve DLP to obtain the secret key a from the public key Inn(g) and Inn(ga), it seems that the fastest algorithm (e.g., index calculus) to solve DLP can not be applied. So, if the order of g is p, then an expected run time for solving DLP is 0(- P) - group operations.
In addition, the second method of obtaining the secret key is as follows. The special conjugacy problem in G is not a hard problem and the DLP in G is not a hard problem too as seen in equation 14.
(x,y)a=( (x ^W t i (yy ay)=(X,Y) (14)
We need to solve ay-Y for solving DLP for g and ga. However, in case only Inn(ga) is given, since the number of elements of S={g1|Inn(g1)= Inn(ga)} is 2p, we need O(p) times of trials to find g in S. So this method is less efficient than finding a from Inn(g) and Inn(ga) directly.
If we choose 160-bit prime p, the security of the present invention becomes similar to 1024 bit RSA. (That is, an expected run time for solving DLP in Inn(g) and for factorization in 1024-bit RSA is about 287 and 2S0, respectively.) Also, Inn(g) is contained in Aut(G)cEnd(G)cGG, where End(G) is the endomoφhism group of G and GG is the set of all functions from G to G. We cannot apply the index calculus to any of them since they are not even expressed as matrix groups.
Here, if we compare the present invention with RSA and XTR, we can note that the present invention has the following advantage. That is, in RSA and XTR, an expected run time to find the secret key from the public key is sub- exponential, while an exponential run time o p is taken in the present invention.
Now, a method of calculating Inn(gb) from Inn(g) will be described. The calculation of Inn(g2) is as equations 15 and 16. Inn( g2)(S)=Inn(g)( T S T S T )
= (Inn(g) (T)) (Inn(g)(S)) (Inn(g)(T)) (Inn(g)(S)) (Inn(g)(T)) -(15)
Inn(g2)(T)=Inn(g)( T liS T !*S T )
= (Inn(g)(T)) (Inn(g)(S)) (Inn(g)(T)) Hlnn(g)(S)) (Inn(g)(T)) -(16) In addition, we can obtain (Inn(g)(T))' from Inn(g)(T) using 4 times of multiplications by equation 17.
Figure imgf000012_0001
It takes 92 multiplications for computing Inn(g2)(S) and Inn(g2)(T). So it takes about 921og2p multiplications for computing Inn(gb) from Inn(g) and it takes about 921og2p multiplications for computing Inn(gab) from Inn(ga). So number of multiplications for encryption is 1841og2p. Since one multiplication needs 0((log2p)2)-bit operations, the encryption needs about 184(
Figure imgf000012_0002
108C-bit operations for some constant C. In 1024-bit
RSA, it takes ( log 2«)3C~ (1024) 3 ^ 109C -bit operations. If the public exponent in RSA encryption scheme is 32-bit number, then it takes 3.2 x 107C- bit operations.
According to the present invention, a modification is possible to facilitate a fast encryption and decryption. This will be described in detail below.
For example, in case where 'A' want to send an encrypted message to Ε', 'A' computes Inn(ga)b and Inn(gb) only at the first communication and send
Inn(gb) to 'B'. 'B' computes Inn(gb)"a by using the received Inn(gb). After 'A' encrypts a message m as a ciphertext E=Inn(ga) (m) for a fixed b after first communication of message m, 'A' sends the ciphertext E to 'B'. 'B' can decrypt E by computing Inn(gb)"a (E).
That is, in order to compute Inn(ga) (m) from given Inn(ga)b and m, it takes 46 multiplications so it takes about 1.2 x 106C-bit operations in encryption. Even if 32-bit public exponent is used in RSA, 3.2 x 107C-bit operations are needed in encryption. Encryption using the present invention is about 30 times faster than 1024-bit RSA.
In decryption, we need the same number of multiplications as the encryption. In decryption of RSA, it takes about 2.5 x 108C-bit operations even if we use the "Chinese Remainder Theorem. Thus, the decryption according to the present invention is 200 times faster than that of RSA.
In ECC, since b is not fixed, precomputations of g is impossible. Then, the number of multiplications for decryption in 170-bit ECC are 1900, respectively. Then, the decryption according to the present invention is about 40 times faster than ECC.
In addition, in ECC, it need O(log2p) multiplications in decryption, so the number of multiplications will increase linearly with respect to the number of bits log2p. In contrast, the decryption of the present invention needs 46 multiplications independent of the size of p. Table 1 below shows comparison of decryption between the present invention and ECC.
[Table 1]
Figure imgf000013_0001
Note that the cryptosystems in the same row have the roughly same securities.
Now, the present invention will be described in view of key expression and key size. In the present invention, since Inn(ga)(T) and Inn(ga)(S) can be considered as elements of SL(2,Zp), we can express them by three entries.
Since Inn(g )(T) can be expressed by 31og2p-bit, 61og2p-bit are needed to express
Inn(ga), if p is a 160-bit prime number, then it takes 960-bit to express Inn(g ). So we can express the public key with smaller size than RSA. The secret key size is log jps; 160 -bit so it is much smaller than 1024-bit RSA.
The present invention described above provides a new public key cryptosystem using finite non abelian groups and suggests an example of finite non abelian groups which can be used in the encryption scheme described above. The encryption scheme described above can be applied to other non abelian groups. However, we must be careful in choosing the non abelian groups for the security of encryption.
That is, the existence of abelian normal subgroup which is not center reduces the security of the cryptosystems. So any abelian normal subgroup must be of small order, and the algorithm to express an element of G by a product of generators must be efficient. In addition, since Inn(g) is expressed as
{Inn(g)(eι) eG I βj is a generator} , the number of generators must be small.
Further, we can use other, homomoφhisms from G to Aut(G) instead of the inner automoφhism. On the other hand, the public key described above is applicable to various fields such as digital signature, key exchange, etc,. The digital signature scheme and key exchange method using the public key cryptosystem will be described below.
A digital signature scheme using the public key cryptosystem is illustrated in Figs. 3 and 4. For example, let us assume that 'A' signs while sending a plain text M to 'B'. The digital signature scheme is effected by using the public keys Inn(g), Inn(ga) and the secret key a generated through the steps illustrated in Fig. 1. The singing procedure is as shown in Fig. 3.
'A' selects a random number b (an integer random sampled from arbitrary integer) (step S31) and then computes Inn(gb) by using the random number b (step S32). A symmetric key K is generated using the Inn(gb) (step
S33), and a plain text (message) M containg an agreed upon type of redundancy is encrypted to obtain a ciphertext E by using the symmetric key K (step S34). Next, a hash function IH (E) is computed by using the ciphertext E (step
S35) and a signature s is computed by equation 18 (step S36). s=ah+b(modp) ( 18)
'A' sends the ciphertext E and the signature s to 'B'.
A procedure of confirming the signature described above is as shown in Fig. 4. 'B' checks whether the transmitted signature s exists in a range of 0 < s
< p (step S41). 'A' computes the hash function h=h(E) (step S42) and computes mn(gs) Inn(g"ha) (step S43). Next, the symmetric key K is recovered using the Inn(gs) Inn(g"ha) (step S44), and the ciphertext E containg an agreed upon type of redundancy is decrypted by using the symmetric key K and checks whether agreed is appropriate to check the validity of the signature (steps S45 and steps 46). If the signature is valid, the plain text (meesage) M is accepted as the valid message.
In the digital signature scheme, the encryption can be effected using Inn(gab)(m) instead of the symmetric key K. Then, there is no problem in encryption and decryption using even with the random number b fixed.
A key exchange method using the public key cryptosystem described above is described in Fig. 5. For example, in case of exchanging keys between
'A' and 'B', the key exchange is effected using the public key Inn(g) generated through the steps illustrated in Fig. 1. Procedure of the key exchange is as shown in Fig.5.
'A' selects the random number a (step S51), and then computes Inn(ga) using the random number a (step S52). Then, 'A' sends Inn(ga) to 'B'. 'B' selects the random number b (step S53), computes Inn(gab) using the random number b (step S54), and generates the symmetric key K using the Inn(gab) (step S55).
Next, 'B' computes Inn(gb) and sends it to 'A' (step S56), and computes Inn(gab) using Inn(gb) and the random number a (step S57). Then, 'A' obtains the symmetric key K from Inn (gab) (step58). The cryptosystem described above can be generalized as follows. The reason why the inner automoφhism group is used is that although in general it is not easy to know the automoφhism group, it is easy to know the inner automouphism group which is a subgroup of the automoφhism group. However, if we know another subgroup of the automoφhism group the generalization of the cryptosystem can be made. It can be described in detail as follows. When a homomoφhism φ : G → Aut(G') for groups G and G' is given, the cryptosystem using the DLP in φ (G) is made in the same way as the cryptosystem using the DLP in Inn(G). That is, φ is applied instead of Inn which is used in the above description. In this case, the message m is selected from G', and ϊ=φ (g)ab(m) . The security in this case is closely related to the size of Ker( ) in the same way as that the security in case of using the inner automoφhism group Inn(G) is closely related to the size of center which is Ker(Inn).
The generalized cryptosytem described above is a big system including ElGamal-type encryption. ElGamal-type is a special case described above when Q=Z t G'=Zp . We can consider the following example.
Figure imgf000016_0001
H=Zlχ θι Zm . Here, let the order at Z of a be \d[ . We can define an isomoφhism which is θ 2' Zn→Aut(H) , Q 2(Y)(x,y)=(sx,ty) for s, t which satisfy (s,
1)=1, (t, m)=l, |α| 1 1-\ , and then we can make a solvable group G=( Z,χ θ ι Zmβ2 Z„ therefrom.
The basic system using the Discrete Logarithm in Inn(G) for G defined thus has a weak point due to the existence of abelian normal group. However, the weak point can be complemented by letting =Inn » Inn:G→Inn(Inn(G)) , G'=Inn(G) , and using the generalized system. In addition, by solving the special conjugacy problem of G, an element of arbitrary Inn(G) can be easily expressed by a product of generators. Since the special conjugacy problem of G is easily solved by taking ]t| and |s| sufficiently small, an arbitrary element can be easily expressed by a product of generators. In addition, when rι=|α|, we select τ\, m, t which satisfy lcm(m/t-l, rι) » m/t-l.
The present invention described above can provide the following effects by using the Discrete Logarithm Problem in the inner automoφhism of finite non abelian groups.
First, the application of exponential run time algorithm to solve the DLP quickly can be avoided, second, the security can be maintained without depending on the DLP by using non abelian groups which have large centers, third, the high speed of encryption/decryption can be achieved since there is no necessity of encrypting by generating different random numbers each time of encrypting the message by applying the deformed ElGamal method, and fourth, the public key encrypting method can be easily used to the signature different from the situation in which there was difficulty when the public key encryption method using the existing non abelian groups is used in signature.
Since those having ordinary knowledge and skill in the art of the present invention will recognize additional modifications and applications within the scope thereof, the present invention is not limited to the embodiments and drawings described above.

Claims

WHAT IS CLAIMED IS:
1. A method of encryption and decryption of public key cryptosystem using finite non abelian groups, comprising the steps of: selecting a first generator and a first element of a first non abelian group, respectively, computing a first inner automoφhism which is used as a first public key, and generating a second public key by using a secret key being a first integer and said first public key; expressing a plain text by a product of a second generator of a second non abelian group, computing a second inner automoφhism by using an arbitrary second integer and said first public key, computing a third inner automoφhism by using said second integer and said second public key, and generating a ciphertext by using said third inner automoφhism; and generating a fourth inner automoφhism by using said secret key and said second inner automoφhism, and decrypting said ciphertext by using said fourth inner automoφhism.
2. The method of claim 1, wherein said first non abelian group G is expressed as following equation; G=SL(2, Zp) Zp
Where SL(2,ZP) is a non abelian group, and Q is a homomoφhism to automoφhism group of SL(2,ZP) at Zp.
3. The method of claim 1, wherein said second non abelian group is identical to said first non abelian group or is a partial set of said first non abelian group.
4. The method of claim 1, wherein said second non abelian group is expressed as SL(2,Zp).
5. The method of claim 1, wherein said first element is not a central element of said first non abelian group but a prime number having a large order.
6. The method of claim 1, wherein said first inner automoφhism Inn(g) is computed by following equation;
Inn(g)={Inn(g)(T)=gTgΛ,Inn(g)(S)=gSgΛ}
Where T and S are generators of said second non abelian group SL(2, Zp), and g is said first element.
7. The method of claim 1, wherein said secret key is a first integer smaller than a predetermined prime number.
8. The method of claim 1, wherein said second element m is expressed as the product of generators T and S as expressed by following equation; m= TJlS T S T Where Jπ= ±1, ±2 . . . , and n is an integer, and
Figure imgf000019_0001
9. The method of claim 8, wherein if an inner automoφhism Inn(g)(T) of said generator T is expressed as equation A, Inn(g)(TJ) is calculated by equation B;
Inn(g)(T)=( X y) (A)
(MHgXT))^ 1^1-^ y ) (B)
\ -jz 1+ w-ι where j is an integer.
10. The method of claim 1, wherein said second integer b varies, whenever said ciphertext E is generated, so as to enable high speed encryption and decryption.
5 11. The method of claim 1, wherein said second integer b is fixed, whenever said ciphertext E is generated, so as to enable high speed encryption and decryption.
12. The method of claim 1, wherein said third inner automoφhism is ° expressed as Inn(gb).
13. The method of claim 1, wherein said third inner automoφhism is expressed as Inn(gab).
5 14. The method of claim 1, wherein said ciphertext E is computed by following equation;
E=Inn( gab)(m)=(lnn( ga) b)(m)
Where Inn(gab) is said third inner automoφhism and m is said second element. 0
15. The method of claim 1, wherein said fourth inner automoφhism is expressed as following equation;
Im (g-αh)^(Inn( gb)yα
Where Inn(gb) is said second inner automoφhism, and a is said first 5 integer.
16. The method of claim 1, wherein said ciphertext is decrypted by following equation; m=Inn(g-αb)(E) Where m is said second element and Inn(g"ab) is said fourth inner automoφhism.
17. A signature scheme in a public key cryptosystem using finite non abelian 5 groups, comprising the steps of: selecting generators and an element of non abelian group, respectively, computing a first inner automoφhism which is used as a first public key, and generating a second public key by using a secret key being an integer and said first public key; ° computing a second inner automoφhism by using said first public key and an arbitrary random number, generating a symmetric key by using said second inner automoφhism, computing a ciphertext by encrypting a plain text containg an agreed upon type of redundancy by using said symmetric key, computing a hash function by using said ciphertext, and signing by using said 5 random number and hash function; and checking whether said signature exists in a predetermined range, computing said hash function, computing a third inner automoφhism by using said signature, said integer and said hash function, recovering said symmetric key by using said third inner automoφhism, obtaining a deciphertext by using said 0 symmetric key, and checking whether said signature is valid signature by checking an agreed upon redundancy in the deciphertext.
18. The method of claim 17, wherein said non abelian group G is expressed as following equation; 5 G^SL(2, Z Zp
Where SL(2,Z„) is a non abelian group, and ø is a homomoφhism to automoφhism group of SL(2, Zp) at Zp.
19. The method of claim 17, wherein said element is not a central element of said non abelian group but a prime number having a large order.
20. The method of claim 17, wherein said first inner automoφhism Inn(g) is computed by following equation;
Figure imgf000022_0001
Where T and S are generators of said non abelian group SL(2, Zp), and g is said element.
21. The method of claim 17, wherein said second inner automoφhism is expressed as Inn(gb), and b is a random number.
22. The method of claim 17, wherein said hash function h goes from SL(2, Zp) to Zp as shown in following equation, and SL(2, Zp) is a non abelian group;
A=Λ(£) Where E is a ciphertext.
23. The method of claim 17, wherein said signature s is computed by following equation; s=ah+b(modp) Where a is a secret key, h is a hash function, b is a random number, and p is a prime number.
24. The method of claim 17, wherein said signature exists in the range of 0 < s < p.
25. The method of claim 17, said third inner automoφhism is expressed as Inn(gs) Inn(g"ha), and a is a secret key and h is a hash function.
26. A method of key exchanging in a public key cryptosystem using finite non abelian groups, comprising the steps of: selecting generators and an element of non abelian group, respectively, and computing a first inner automoφhism which is used as a first public key; a first user computing a second inner automoφhism by using an arbitrary first random number and said public key and providing said second inner automoφhism to a second user; said second user generating a symmetric key by computing a third inner automoφhism by using an arbitrary second random number and said second inner automoφhism; and said first user computing said third inner automoφhism by using said fourth inner automoφhism and said first random number, and obtaining said symmetric key by using said third inner automoφhism.
27. The method of claim 26, wherein said non abelian group G is expressed as following equation;
G=SL(2,Zp) ^Zp
Where SL(2, Zp) is a non abelian group, and 9 is a homomoφhism to automoφhism group of SL(2, Zp)at Zp.
28. The method of claim 26, wherein said element is not a central element of said first non abelian group but a prime number having a large order.
29. The method of claim 26, wherein said first inner automoφhism Inn(g) is computed by following equation; Inn{g)={Inn(g)(T)=gTg- lnn(g)(S)=gSg 1}
Where T and S are generators of said non abelian group SL(2, Zp), and g is said element.
30. The method of claim 26, wherein said second inner automoφhism is expressed as Inn(ga), and a is first random number.
31. The method of claim 26, wherein said third inner automoφhism is expressed as Inn(gab), and a is first random number and b is second random number.
32. The method of claim 26, wherein said fourth inner automoφhism is expressed as Inn(g ), and b is second random number.
33. A method of encryption and decryption of public key cryptosystem using finite non abelian groups, comprising the steps of: selecting a first element of a first group, computing a first automoφhism of a second group which is used as a first public key, and generating a second public key by using a secret key being a first integer and said first public key; expressing a plain text by a product of generator of said second group, computing a second automoφhism by using an arbitrary second integer and said first public key, computing a third automoφhism by using said second integer and said second public key, and generating a ciphertext by using said third automoφhism; and generating a fourth automoφhism by using said secret key and said second automoφhism by using said secret key and said second automoφhism, and decrypting said ciphertext by using said fourth antomoφhism.
34. The method of claim 33, wherein said first group G is expressed as following equation;
G=(Z;x 9 | Z x β2 Zn
Where homomoφhism which is § λ: Zm→Z*=Aut( Z^ , θ ι(l)=α ,
Figure imgf000024_0001
about s, t satisfying (s, 1)=1, (t, m)=l, |oj μ-1 .
35. The method of claim 34, wherein when rHα) in equation 21, rl5 m and t satisfying lcm(m/t-l, τ ) »m/t-l are selected to raise the stability , and |s| and |t| are selected to be small to make the special conjugacy problem of G to be easily solved, so that element of Inn(G) can be easily expressed as the product of generator.
36. The method of claim 33, wherein said second group is expressed as Inn(G).
PCT/KR2001/001747 2001-07-12 2001-10-17 Public key cryptosystem using finite non abelian groups WO2003007539A1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
EP01976924A EP1413084A4 (en) 2001-07-12 2001-10-17 Public key cryptosystem using finite non abelian groups
CA002453234A CA2453234A1 (en) 2001-07-12 2001-10-17 Public key cryptosystem using finite non abelian groups
US10/483,187 US7251325B2 (en) 2001-07-12 2001-10-17 Public key cryptosystem using finite non abelian groups
JP2003513179A JP3955567B2 (en) 2001-07-12 2001-10-17 Public key cryptosystem using finite noncommutative groups
GB0400477A GB2392806B (en) 2001-07-12 2001-10-17 Public key cryptosystem using finite non abelian groups

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2001-0041839A KR100395158B1 (en) 2001-07-12 2001-07-12 Public key cryptosystem using finite non abelian groups
KR2001/41839 2001-07-12

Publications (1)

Publication Number Publication Date
WO2003007539A1 true WO2003007539A1 (en) 2003-01-23

Family

ID=19712086

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2001/001747 WO2003007539A1 (en) 2001-07-12 2001-10-17 Public key cryptosystem using finite non abelian groups

Country Status (7)

Country Link
US (1) US7251325B2 (en)
EP (1) EP1413084A4 (en)
JP (1) JP3955567B2 (en)
KR (1) KR100395158B1 (en)
CA (1) CA2453234A1 (en)
GB (1) GB2392806B (en)
WO (1) WO2003007539A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009009871A1 (en) * 2007-07-17 2009-01-22 Certicom Corp. Method of providing text representation of a cryptographic value

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2358048A1 (en) 2001-09-25 2003-03-25 Luis Rueda A cryptosystem for data security
US20040105546A1 (en) * 2002-11-19 2004-06-03 Leon Chernyak Geometry-Based Symmetric Cryptosystem Method
US8127140B2 (en) * 2005-01-21 2012-02-28 Nec Corporation Group signature scheme
WO2009008069A1 (en) * 2007-07-11 2009-01-15 Kabushiki Kaisha Toshiba Group signature system, device, and program
US8401179B2 (en) * 2008-01-18 2013-03-19 Mitsubishi Electric Corporation Encryption parameter setting apparatus, key generation apparatus, cryptographic system, program, encryption parameter setting method, and key generation method
EP2715968A4 (en) * 2011-05-26 2015-08-12 Certicom Corp Randomness for encryption operations
JP6019453B2 (en) 2012-07-05 2016-11-02 株式会社クリプト・ベーシック ENCRYPTION DEVICE, DECRYPTION DEVICE, AND PROGRAM
US10148285B1 (en) 2012-07-25 2018-12-04 Erich Schmitt Abstraction and de-abstraction of a digital data stream
US10795858B1 (en) 2014-02-18 2020-10-06 Erich Schmitt Universal abstraction and de-abstraction of a digital data stream
BR112019012368A2 (en) * 2016-12-20 2020-02-27 Koninklijke Philips N.V. ELECTRONIC CALCULATION DEVICE, ELECTRONIC CALCULATION METHOD, AND MEDIA LEGIBLE BY COMPUTER
US11764940B2 (en) 2019-01-10 2023-09-19 Duality Technologies, Inc. Secure search of secret data in a semi-trusted environment using homomorphic encryption
RU2719634C1 (en) * 2019-03-19 2020-04-21 Общество с ограниченной ответственностью "Код Безопасности" Method of generating shared secret key in group of subscribers

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20010046704A (en) * 1999-11-15 2001-06-15 오길록 Key generating method, and encryption and decryption system and its method by using the braid operation

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2716058B1 (en) * 1994-02-04 1996-04-12 France Telecom Method of digital signature and authentication of messages using a discrete logarithm.
US5740250A (en) * 1995-12-15 1998-04-14 Moh; Tzuong-Tsieng Tame automorphism public key system
EP0924895B1 (en) * 1997-12-17 2009-07-08 Nippon Telegraph and Telephone Corporation Encryption and decryption devices for public-key cryptosystems and recording medium with their processing programs recorded thereon
US6038317A (en) * 1997-12-24 2000-03-14 Magliveras; Spyros S. Secret key cryptosystem and method utilizing factorizations of permutation groups of arbitrary order 2l
US6493449B2 (en) * 1998-02-26 2002-12-10 Arithmetica, Inc. Method and apparatus for cryptographically secure algebraic key establishment protocols based on monoids
JP2000098886A (en) * 1998-09-21 2000-04-07 Matsushita Electric Ind Co Ltd Public key cryptosystem
KR100370786B1 (en) * 1999-07-06 2003-02-05 한국전자통신연구원 Cryptographic method of using an elliptic curve over a ring
US7069287B2 (en) * 2000-09-19 2006-06-27 Worcester Polytechnic Institute Method for efficient computation of odd characteristic extension fields
KR100396740B1 (en) * 2000-10-17 2003-09-02 학교법인 한국정보통신학원 Provably secure public key encryption scheme based on computational diffie-hellman assumption
KR100340102B1 (en) * 2000-11-30 2002-06-10 조휘갑 High speed rsa public key cryptographic apparatus and method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20010046704A (en) * 1999-11-15 2001-06-15 오길록 Key generating method, and encryption and decryption system and its method by using the braid operation

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MENG YUAN HUANG: "Investigation of the efficiency of the elliptic curve cryptosystem for multi-applications smart card (knowdledge-based intelligent electronic systems)", SECOND INTERNATIONAL CONFERENCE ON PROCEEDINGS KES'98, vol. 1, 21 April 1998 (1998-04-21) - 23 April 1998 (1998-04-23), pages 318 - 323, XP010310133 *
See also references of EP1413084A4 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009009871A1 (en) * 2007-07-17 2009-01-22 Certicom Corp. Method of providing text representation of a cryptographic value
US8964971B2 (en) 2007-07-17 2015-02-24 Certicom Corp. Method of providing text representation of a cryptographic value

Also Published As

Publication number Publication date
US7251325B2 (en) 2007-07-31
JP2004534971A (en) 2004-11-18
KR100395158B1 (en) 2003-08-19
EP1413084A4 (en) 2009-12-09
GB2392806A (en) 2004-03-10
US20040156498A1 (en) 2004-08-12
KR20030008037A (en) 2003-01-24
GB0400477D0 (en) 2004-02-11
GB2392806B (en) 2004-09-01
JP3955567B2 (en) 2007-08-08
EP1413084A1 (en) 2004-04-28
CA2453234A1 (en) 2003-01-23

Similar Documents

Publication Publication Date Title
EP0503119B1 (en) Public key cryptographic system using elliptic curves over rings
US10243734B2 (en) Elliptic curve random number generation
US6490352B1 (en) Cryptographic elliptic curve apparatus and method
Boneh Twenty years of attacks on the RSA cryptosystem
US5220606A (en) Cryptographic system and method
EP1687931B1 (en) Method and apparatus for verifiable generation of public keys
US6307938B1 (en) Method, system and apparatus for generating self-validating prime numbers
US20130236012A1 (en) Public Key Cryptographic Methods and Systems
US20020041684A1 (en) Public-key encryption and key-sharing methods
EP1413084A1 (en) Public key cryptosystem using finite non abelian groups
US6345098B1 (en) Method, system and apparatus for improved reliability in generating secret cryptographic variables
EP0952697B1 (en) Elliptic curve encryption method and system
US7248692B2 (en) Method of and apparatus for determining a key pair and for generating RSA keys
US20050089173A1 (en) Trusted authority for identifier-based cryptography
US7177423B2 (en) Method and apparatus for exponentiation in an RSA cryptosystem
KR100396740B1 (en) Provably secure public key encryption scheme based on computational diffie-hellman assumption
JP4875686B2 (en) Accelerating finite field operations on elliptic curves
US20060251248A1 (en) Public key cryptographic methods and systems with preprocessing
US7519178B1 (en) Method, system and apparatus for ensuring a uniform distribution in key generation
US20080019508A1 (en) Public key cryptographic methods and systems with rebalancing
JP3396693B2 (en) Encryption / decryption device and public key encryption system
Andreevich et al. On Using Mersenne Primes in Designing Cryptoschemes
WO2003013052A1 (en) Cryptosystems based on non-commutatity
EP1148675A1 (en) Public key cryptograph and key sharing method
Shores The Evolution of Cryptography Through Number Theory

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

ENP Entry into the national phase

Ref document number: 0400477

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20011017

Format of ref document f/p: F

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2453234

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 2003513179

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 2001976924

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 10483187

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 2001976924

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642