The Okamoto–Uchiyama cryptosystem is a
public key cryptosystem
Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...
proposed in 1998 by
Tatsuaki Okamoto
Tatsuaki (written: , or ) is a masculine Japanese given name. Notable people with the name include:
*, Japanese judoka
*, Japanese Go player
*, Japanese woodworker and lacquerware artist
See also
*TATSUAKI, a fashion label by Dan Liu
Dan Liu ...
and
Shigenori Uchiyama. The system works in the
multiplicative group of integers modulo n
In modular arithmetic, the integers coprime (relatively prime) to ''n'' from the set \ of ''n'' non-negative integers form a group under multiplication modulo ''n'', called the multiplicative group of integers modulo ''n''. Equivalently, the ele ...
,
, where ''n'' is of the form ''p''
2''q'' and ''p'' and ''q'' are large
primes
A prime number (or a prime) is a natural number greater than 1 that is not a product of two smaller natural numbers. A natural number greater than 1 that is not prime is called a composite number. For example, 5 is prime because the only ways ...
.
Operation
Like many
public key cryptosystems, this scheme works in the group
. This scheme is
homomorphic and hence
malleable
Ductility is a mechanical property commonly described as a material's amenability to drawing (e.g. into wire). In materials science, ductility is defined by the degree to which a material can sustain plastic deformation under tensile stres ...
.
Key generation
A public/private key pair is generated as follows:
# Generate two large primes
and
.
# Compute
.
# Choose a random integer
such that
.
# Compute
.
The public key is then
and the private key is
.
Encryption
A message
can be encrypted with the public key
as follows.
# Choose a random integer
.
# Compute
.
The value
is the encryption of
.
Decryption
An encrypted message
can be decrypted with the private key
as follows.
# Compute
.
# Compute
.
and
will be integers.
# Using the
Extended Euclidean Algorithm
In arithmetic and computer programming, the extended Euclidean algorithm is an extension to the Euclidean algorithm, and computes, in addition to the greatest common divisor (gcd) of integers ''a'' and ''b'', also the coefficients of Bézout's ide ...
, compute the inverse of
modulo
:
#:
.
# Compute
.
The value
is the decryption of
.
Example
Let
and
. Then
. Select
. Then
.
Now to encrypt a message
, we pick a random
and compute
.
To decrypt the message 43, we compute
:
.
:
.
:
.
And finally
.
Proof of correctness
We wish to prove that the value computed in the last decryption step,
, is equal to the original message
. We have
:
So to recover
we need to take the
discrete logarithm
In mathematics, for given real numbers ''a'' and ''b'', the logarithm log''b'' ''a'' is a number ''x'' such that . Analogously, in any group ''G'', powers ''b'k'' can be defined for all integers ''k'', and the discrete logarithm log''b' ...
with base
.
The group
:
.
We define ''H'' which is subgroup of
and its cardinality is ''p-1''
:
.
For any element ''x'' in
, we have ''x''
''p''−1 mod ''p''
2 is in ''H'', since ''p'' divides ''x''
''p''−1 − 1.
The map
should be thought of as a logarithm from the cyclic group ''H'' to the additive group
, and it is easy to check that ''L''(''ab'') = ''L''(''a'') + ''L''(''b''), and that the ''L'' is an isomorphism between these two groups. As is the case with the usual logarithm, ''L''(''x'')/''L''(''g'') is, in a sense, the logarithm of ''x'' with base ''g''.
which is accomplished by
:
Security
The security of the ''entire'' message can be shown to be equivalent to factoring ''n''. The
semantic security rests on the ''p''-subgroup assumption, which assumes that it is difficult to determine whether an element ''x'' in
is in the subgroup of order ''p''. This is very similar to the
quadratic residuosity problem The quadratic residuosity problem (QRP) in computational number theory is to decide, given integers a and N, whether a is a quadratic residue modulo N or not.
Here N = p_1 p_2 for two unknown primes p_1 and p_2, and a is among the numbers which are ...
and the
higher residuosity problem
In cryptography, most public key cryptosystems are founded on problems that are believed to be intractable. The higher residuosity problem (also called the n th-residuosity problem) is one such problem. This problem is ''easier'' to solve than ...
.
References
*
{{DEFAULTSORT:Okamoto-Uchiyama cryptosystem
Public-key encryption schemes