|
|
| Line 1: |
Line 1: |
| Note: this is not to be confused with the [[Naccache–Stern knapsack cryptosystem]].
| | Alyson is what my husband loves to call me but I don't like when individuals use my full name. For many years she's been working as a travel agent. What me and my family members adore is bungee jumping but I've been taking on psychic readings [http://findyourflirt.net/index.php?m=member_profile&p=profile&id=117823 online psychic readings] ([http://www.seekavideo.com/playlist/2199/video/ www.seekavideo.com]) new issues lately. My spouse and I reside in Mississippi but now I'm contemplating other options.<br><br>My web-site - accurate psychic readings ([http://www.january-yjm.com/xe/index.php?mid=video&document_srl=158289 made my day]) |
| | |
| The '''Naccache–Stern cryptosystem''' is a [[Homomorphic encryption|homomorphic]] [[public-key cryptosystem]] whose security rests on the [[higher residuosity problem]]. The Naccache–Stern cryptosystem was discovered by [[David Naccache]] and [[Jacques Stern]] in 1998.
| |
| | |
| ==Scheme Definition==
| |
| | |
| Like many [[Public key cryptography|public key cryptosystems]], this scheme works in the group <math>(\mathbb{Z}/n\mathbb{Z})^*</math> where ''n'' is a product of two large [[Prime number|primes]]. This scheme is [[Homomorphic encryption|homomorphic]] and hence [[Malleability (cryptography)|malleable]].
| |
| | |
| ===Key Generation===
| |
| | |
| *Pick a family of ''k'' small distinct [[Prime number|primes]] ''p''<sub>1</sub>,...,''p''<sub>k</sub>.
| |
| *Divide the set in half and set <math>u = \prod_{i=1}^{k/2} p_i</math> and <math>v = \prod_{k/2+1}^k p_i</math>.
| |
| *Set <math>\sigma = uv = \prod_{i=1}^k p_i</math>
| |
| *Choose large primes ''a'' and ''b'' such that both ''p'' = 2''au''+1 and ''q''=2''bv''+1 are prime.
| |
| *Set ''n''=''pq''.
| |
| *Choose a random ''g'' mod ''n'' such that ''g'' has order φ(''n'')/4.
| |
| | |
| The public key is the numbers σ,''n'',''g'' and the private key is the pair ''p'',''q''.
| |
| | |
| When ''k''=1 this is essentially the [[Benaloh cryptosystem]].
| |
| | |
| ===Message Encryption===
| |
| This system allows encryption of a message ''m'' in the group <math>\mathbb{Z}/\sigma\mathbb{Z}</math>.
| |
| | |
| *Pick a random <math>x \in \mathbb{Z}/n\mathbb{Z}</math>.
| |
| *Calculate <math>E(m) = x^\sigma g^m \mod n</math>
| |
| | |
| Then ''E(m)'' is an encryption of the message ''m''.
| |
| | |
| ===Message Decryption===
| |
| | |
| To decrypt, we first find ''m'' mod ''p''<sub>''i''</sub> for each ''i'', and then we apply the [[Chinese remainder theorem]] to calculate ''m'' mod <math>\sigma</math>.
| |
| | |
| Given a ciphertext ''c'', to decrypt, we calculate
| |
| | |
| *<math>c_i \equiv c^{\phi(n)/p_i} \mod n</math>. Thus
| |
| :<math> \begin{matrix} c^{\phi(n)/p_i} &\equiv& x^{\sigma \phi(n)/p_i} g^{m\phi(n)/p_i} \mod n\\ &\equiv& g^{(m_i + y_ip_i)\phi(n)/p_i} \mod n \\ &\equiv& g^{m_i\phi(n)/p_i} \mod n \end{matrix}</math>
| |
| where <math>m_i \equiv m \mod p_i</math>.
| |
| *Since ''p''<sub>''i''</sub> is chosen to be small, ''m''<sub>''i''</sub> can be recovered be exhaustive search, i.e. by comparing <math>c_i</math> to <math>g^{j\phi(n)/p_i}</math> for ''j'' from 1 to ''p''<sub>''i''</sub>-1.
| |
| *Once ''m''<sub>''i''</sub> is known for each ''i'', ''m'' can be recovered by a direct application of the Chinese remainder theorem.
| |
| | |
| ==Security==
| |
| The [[semantic security]] of the Naccache–Stern cryptosystem rests on an extension of the [[quadratic residuosity problem]] known as the [[higher residuosity problem]].
| |
| | |
| ==References==
| |
| [http://citeseer.ist.psu.edu/naccache98new.html Original paper] | |
| {{Cryptography navbox | public-key}}
| |
| | |
| {{DEFAULTSORT:Naccache-Stern cryptosystem}}
| |
| [[Category:Public-key encryption schemes]]
| |
Alyson is what my husband loves to call me but I don't like when individuals use my full name. For many years she's been working as a travel agent. What me and my family members adore is bungee jumping but I've been taking on psychic readings online psychic readings (www.seekavideo.com) new issues lately. My spouse and I reside in Mississippi but now I'm contemplating other options.
My web-site - accurate psychic readings (made my day)