Cryptography Reference
In-Depth Information
3. Chooses hash functions H 1 and H 2 . The function H 1 takes a string of
bits of arbitrary length and outputs a point of order on E (see Exercise
6.8). The function H 2 inputs an element of order in F p 2 and outputs
a binary string of length n ,where n is the length of the messages that
will be sent.
F ×
4. Chooses a secret random s
and computes P pub = sP .
5. Makes p, H 1 ,H 2 ,n,P,P pub public, while keeping s secret.
If a user with identity ID wants a private key, the trusted authority does the
following:
1. Computes Q ID = H 1 ( ID ). This is a point on E .
2. Lets D ID = sQ ID .
3. After verifying that ID is the identification for the user with whom he
is communicating, sends D ID to this user.
If Alice wants to send a message M to Bob, she does the following:
1. Looks up Bob's identity, for example, ID = bob@ com pu ter.com (written
as a binary string) and computes Q ID = H 1 ( ID ).
F ×
2. Chooses a random r
.
3. Computes g ID = e ( Q ID ,P pub ).
4. Lets the ciphertext be the pair
H 2 ( g ID )) ,
c =( rP, M
where
denotes XOR (= bitwise addition mod 2).
Bob decrypts a ciphertext ( u, v ) as follows:
1. Uses his private key D ID to compute h ID = e ( D ID ,u ).
2. Computes m = v ⊕ H 2 ( h ID ).
The decryption works because
e ( D ID ,u )= e ( sQ ID ,rP )= e ( Q ID ,P ) sr = e ( Q ID ,P pub ) r = g ID .
Therefore,
m = v ⊕ H 2 ( e ( D ID ,u )) = ( M ⊕ H 2 ( g ID )) ⊕ H 2 ( g ID )= M.
Search WWH ::




Custom Search