Cryptography Reference
In-Depth Information
3. Chooses hash functions
H
1
and
H
2
. The function
H
1
takes a string of
bits of arbitrary length and outputs a point of order
on
E
(see Exercise
6.8). The function
H
2
inputs an element of order
in
F
p
2
and outputs
a binary string of length
n
,where
n
is the length of the messages that
will be sent.
F
×
4. Chooses a secret random
s
∈
and computes
P
pub
=
sP
.
5. Makes
p, H
1
,H
2
,n,P,P
pub
public, while keeping
s
secret.
If a user with identity
ID
wants a private key, the trusted authority does the
following:
1. Computes
Q
ID
=
H
1
(
ID
). This is a point on
E
.
2. Lets
D
ID
=
sQ
ID
.
3. After verifying that
ID
is the identification for the user with whom he
is communicating, sends
D
ID
to this user.
If Alice wants to send a message
M
to Bob, she does the following:
1. Looks up Bob's identity, for example,
ID
=
bob@ com pu ter.com
(written
as a binary string) and computes
Q
ID
=
H
1
(
ID
).
F
×
2. Chooses a random
r
∈
.
3. Computes
g
ID
=
e
(
Q
ID
,P
pub
).
4. Lets the ciphertext be the pair
H
2
(
g
ID
))
,
c
=(
rP, M
⊕
where
⊕
denotes XOR (= bitwise addition mod 2).
Bob decrypts a ciphertext (
u, v
) as follows:
1. Uses his private key
D
ID
to compute
h
ID
=
e
(
D
ID
,u
).
2. Computes
m
=
v ⊕ H
2
(
h
ID
).
The decryption works because
e
(
D
ID
,u
)=
e
(
sQ
ID
,rP
)=
e
(
Q
ID
,P
)
sr
=
e
(
Q
ID
,P
pub
)
r
=
g
ID
.
Therefore,
m
=
v ⊕ H
2
(
e
(
D
ID
,u
)) = (
M ⊕ H
2
(
g
ID
))
⊕ H
2
(
g
ID
)=
M.
Search WWH ::
Custom Search