Public-Key Encryption - Introduction to Cryptography with Maple

Cryptography Reference

In-Depth Information

> RabinSAEPPlusEncrypt := proc(publickey::{posint, string}, message, seed::string,

{messagetype::identical(hex,text):=hex, H::name:='SHA256', hLen::posint:=32})

local n, e, k, M, EM, m, c, C;

if type(publickey, string) then

n := convert(publickey, decimal, hex)

else

n := publickey

end if;

k := iquo(intlog[2](n)-1, 8);

M := messagetohex(message, messagetype);

EM := SAEPPlusEnc(M, k, _params['seed'], ':-H' = H, ':-hLen' = hLen);

m := OS2IP(EM);

c := Power(m, 2) mod n;

C := I2OSP(c, k+1)

end proc:

Next we give the decryption function. The input parameters are similar to those in

the encryption function, except that the seed is not used here. For the security reasons

already stated, a local variable called reject is maintained inside the procedure

to keep track of the different reasons why a ciphertext should be rejected as invalid.

If the message is detected as invalid at the beginning, the computational steps—

which are now meaningless—are completed all the same and the message declaring

the ciphertext as invalid is not returned until the end of the procedure. As already

mentioned, this is necessary for Boneh's security reduction to apply and, specifically,

to prevent CCA attacks in which the adversary uses timing analysis. The output of

the function is, assuming that all goes well, the original message.

> RabinSAEPPlusDecrypt := proc(privatekey::list, C::string,

{messagetype::identical(hex,text):= hex,H::name:='SHA256', hLen::posint:=32})

local sk, n, k, c, cand, reject, y, v;

if type(privatekey[1], string) then

sk := convert ∼ (privatekey, decimal, hex)

else

sk := privatekey

end if;

n := sk[1]*sk[2];

k := iquo(intlog[2](n)-1, 8);

reject := false;

if StringTools:-Length(C) <> 2*k+2 or k < 2*hLen+2 then

reject := true

end if;

c := OS2IP(C);

cand := InvRabin(c, op(sk));

if nops(cand) = 5 then

reject := true

end if;

cand := select(x -> evalb(x < 256ˆk), cand);

y := I2OSP ∼ (cand, k);

v := SAEPPlusDec ∼ (y, k);

if nops(v) <> 1 or reject then

error "invalid ciphertext"

else

hextomessage(op(v), messagetype)

end if;

end proc:

Example 8.15 Let us consider the previously generated Rabin-SAEP + key rk , and

the message and seed defined below:

Introduction to Cryptography with Maple

Search WWH ::

Custom Search

Home