Cryptography Reference
In-Depth Information
ifq<xthen
x:=p-x
end if;
s := I2OSP(x);
if StringTools:-Take(s, 2) <> "01" then
error "incorrect encoding"
else
StringTools:-Drop(s, 2)
end if
end proc:
The encryption function is given next. The required input parameters are
publickey
,
message
and
seed
, where the first one is used to specify a public
key in the format produced by
CSKeyGen
, the second to specify the message, given
either as a hexadecimal string or an ordinary text string, and the last to specify a
random seed, either as a string or as a positive integer.
The optional keyword parameters are
messagetype
, used to tell the function
whether the message is a hexadecimal or an ordinary text string, and
bbslength
which selects the length of the primes used by Maple's Blum-Blum-Shub PRG. In
addition to these, one could also set up additional parameters
H
and
hLen
(exactly
as in
MGF1
) which would allow specification of the hash function on which
MGF1
is based and its output length but we are not including them as we will only use
SHA-256—which is the default—for this purpose. The output is the ciphertext in
hexadecimal format. A Cramer-Shoup ciphertext is a 4-tuple
of ele-
ments of
G
and we could give it as a Maple list containing the four elements but, in
order to make it look more like other ciphertexts, we will give it as a unique hexadec-
imal string obtained by concatenating, in order, the hexadecimal representations of
the four elements, each of which is represented by a
k
-byte string, where
k
is the
byte length of the Sophie Germain prime
q
.
> CSEncrypt:=proc(publickey::list, message::string, seed::{posint, string},
{messagetype::identical(hex, text):=hex, bbslength::{512, 768, 1024}:=1024})
local pk, q, p, qbitLen, maskLen, k, M, EM, s, B, r, u1, u2, e, alpha, ra, v;
if type(publickey[1],string) then
pk := OS2IP
∼
(publickey)
else
pk := publickey
end if;
q := pk[1];
p := 2*q+1;
qbitLen := intlog[2](q) + 1;
maskLen := intlog[256](q);
k := maskLen + 1;
M := messagetohex(message, messagetype);
EM := QREnc(M, q);
s := stringposint(seed);
B := RandomTools:-BlumBlumShub:-NewBitGenerator(s, primes = bbslength);
r:=q;
while q <= r do
r := convert(cat(seq(B(), i=1..qbitLen)), decimal, binary)
end do;
u1 := Power(pk[2], r) mod p;
u2 := Power(pk[3], r) mod p;
e := (Power(pk[6], r) mod p)*EM mod p;
alpha :=
OS2IP(cat("01", MGF1(cat(I2OSP(u1,k), I2OSP(u2,k), I2OSP(e,k)), maskLen)));
ra := r*alpha mod q;
v := (Power(pk[4], r) mod p)*(Power(pk[5], ra) mod p) mod p;
cat(I2OSP(u1, k), I2OSP(u2, k), I2OSP(e, k), I2OSP(v, k))
end proc:
(
u
1
,
u
2
,
e
,
v
)
