Cryptography Reference
In-Depth Information
> SAEPPlusDec := proc(EM::string, k::posint, H::name := 'SHA256', hLen := 32)
local sLen, x, r, h, v, l, M, t;
sLen := iquo(k, 2);
x := StringTools:-Take(EM, k);
r := StringTools:-Drop(EM, k);
h := MGF1(r, sLen);
v := bytestohexstring(BitXor
∼
(hexstringtobytes(x), hexstringtobytes(h)));
l := sLen-hLen;
M := StringTools:-Take(v, 2*l);
t := StringTools:-Drop(v, 2*l);
if t <> MGF1(cat(M, r), hLen) then
return NULL
end if;
while StringTools:-IsPrefix("00", M) do
M := StringTools:-Drop(M, 2)
end do;
StringTools:-Drop(M, 2)
end proc:
Example 8.14
Let us encode and decode a message with default values and letting
the encoding function generate the seed:
> SAEPPlusEnc("0123456789abcdef", 256);
"593b9e4088c813850d8453a14523d4a8c1154dc947ab7adab05eef6775565194e356c9d77791a6d91\
b7db3b7f574472f5e8f0df784b1eeca94239a8dfb7f7781c2d03de5d57ca25181af8c40945b2b6e4\
303d2e60daab6d7cfdd53d1ff6cbb026778d50b430cec1d9fc69b9516851a6d78d4c642667f013fb\
696b70e862bb65fbfaae493cb92c4546ab9a707e2ee6af1feecb8addd71b9fd2cdeedc4ffecfdbef\
d601af38bfd64eeddb59cce7b0fe946d71e6af9c42dc9c77fbdbc71ea7204d5f53aeaff43afbbfaf\
dcbf0eb40dbeceabaef97eb310b76ac3dcfc3d5eb27c683bcc74848ae3bfe637a26cdde83b3ff78c\
528da9705dceb2aa2d2ebcddafb9abe"
> SAEPPlusDec(%, 256);
"0123456789abcdef"
Of course, if the same commands are repeated several times, the encoded message
is different each time due to the different seeds used.
We now have all the ingredients required to implement the Rabin-SAEP
+
scheme. We start with the encryption function whose required input parameters are
publickey
,
message
and
seed
. The first of them is used to specify the public
key, i.e., the modulus which can be given either as a decimal integer or as a hexadec-
imal string. Similarly,
message
is for the message to be encrypted, which can be
given either as a hexadecimal or an ordinary text string. The last parameter is for the
seed, which should be a hexadecimal string of
k
/
2 bytes, assuming that themodulus is
an
-bit integer generated by
RabinKeyGen
(i.e., the key has been generated
with security parameter
k
). As happens with the function
SAEPPlusEnc
, this func-
tion will also work if no seed is provided as input (because it calls
SAEPPlusEnc
,
which will pseudo-randomly generate the seed in that case). We stress once again
that for proper security the seed should be randomly chosen and supplied to this
function.
In addition to these required parameters, there are three input parameters that are
similar to those in
SAEPPlusEnc
with the exception of
messagetype
, which
serves to indicate to the function whether the message to be encrypted is to be
regarded as a hexadecimal string or as an ordinary text string. The admissible values
are 'hex' and 'text', with the former the default. The output is the ciphertext given
as a
(
8
k
+
2
)
(
k
+
1
)
-byte string.
