Scribd Logo
Upload

Welcome to Scribd!

  • 121 views

    19.10 Finite Automaton Public-Key Cryptosystems

    Uploaded by

    sappii10
    Some cryptographers have developed generalizations of RSA that use permutation polynomials instead of exponentiation, including the Kravitz-Reed and LUC (Lucas Cryptosystem) variations. LUC uses Lucas numbers to generate the public and private keys: the public key is one Lucas number and n, while the private key is another Lucas number and n. To encrypt a message P, it is transformed using the public Lucas number modulo n, and to decrypt it is transformed using the private Lucas number modulo n. However, LUC provides no more security than RSA and recent results have shown how to break some implementations of LUC.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd

    19.10 Finite Automaton Public-Key Cryptosystems

    Uploaded by

    sappii10
    121 views2 pages
    Some cryptographers have developed generalizations of RSA that use permutation polynomials instead of exponentiation, including the Kravitz-Reed and LUC (Lucas Cryptosystem) variations. LUC uses Lucas numbers to generate the public and private keys: the public key is one Lucas number and n, while the private key is another Lucas number and n. To encrypt a message P, it is transformed using the public Lucas number modulo n, and to decrypt it is transformed using the private Lucas number modulo n. However, LUC provides no more security than RSA and recent results have shown how to break some implementations of LUC.

    Original Title

    LUC

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Some cryptographers have developed generalizations of RSA that use permutation polynomials instead of exponentiation, including the Kravitz-Reed and LUC (Lucas Cryptosystem) variations. LUC uses Lucas numbers to generate the public and private keys: the public key is one Lucas number and n, while the private key is another Lucas number and n. To encrypt a message P, it is transformed using the public Lucas number modulo n, and to decrypt it is transformed using the private Lucas number modulo n. However, LUC provides no more security than RSA and recent results have shown how to break some implementations of LUC.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    121 views2 pages

    19.10 Finite Automaton Public-Key Cryptosystems

    Uploaded by

    sappii10
    Some cryptographers have developed generalizations of RSA that use permutation polynomials instead of exponentiation, including the Kravitz-Reed and LUC (Lucas Cryptosystem) variations. LUC uses Lucas numbers to generate the public and private keys: the public key is one Lucas number and n, while the private key is another Lucas number and n. To encrypt a message P, it is transformed using the public Lucas number modulo n, and to decrypt it is transformed using the private Lucas number modulo n. However, LUC provides no more security than RSA and recent results have shown how to break some implementations of LUC.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    You are on page 1of 2

    LUC

    Some cryptographers have developed generalizations of RSA that use various


    permutation polynomials instead of exponentiation. A variation called
    Kravitz-Reed, using irreducible binary polynomials [898], is insecure [451,
    589]. Winfried MŸller and Wilfried Nöbauer use Dickson polynomials [1127,
    1128, 965]. Rudolph Lidl and MŸller generalized this approach in [966, 1126]
    (a variant is called the Réidi scheme), and Nöbauer looked at its security in
    [1172, 1173]. (Comments on prime generation with Lucas functions are in
    [969, 967, 968, 598].) Despite all of this prior art, a group of researchers from
    New Zealand managed to patent this scheme in 1993, calling it LUC [1486,
    521,1487].
    The nth Lucas number, Vn(P,1), is defined as
    Vn(P, 1) = PVn-1 (P, 1) - Vn- 2 (P,1)
    There’s a lot more theory to Lucas numbers; I’m ignoring all of it. A good
    theoretical treatment of Lucas sequences is in [1307, 1308]. A particularly nice
    description of the mathematics of LUC is in [1494, 708].
    In any case, to generate a public-key/private-key key pair, first choose two
    large primes, p and q. Calculate n, the product of p and q. The encryption key,
    e, is a random number that is relatively prime to p - 1, q - 1, p + 1, and q + 1.
    There are four possible decryption keys,
    d = e-1 mod (lcm((p + 1), (q + 1)))
    d = e-1 mod (lcm((p + 1), (q - 1)))
    d = e-1 mod (lcm((p - 1), (q + 1)))
    d = e-1 mod (lcm((p - 1), (q - 1)))
    where lcm is the least common multiple.
    The public key is d and n; the private key is e and n. Discard p and q.
    To encrypt a message, P (P must be less than n), calculate
    C = Ve(P, 1) (mod n )
    And to decrypt:
    P = Vd P, 1) (mod n), with the proper d
    At best, LUC is no more secure than RSA. And recent, still-unpublished
    results show how to break LUC in at least some implementations. I just don’t
    trust it.
    19.10 Finite Automaton Public-Key Cryptosystems
    Chinese cryptographer Tao Renji has developed a public-key algorithm based
    on finite automata [1301, 1302, 1303, 1300, 1304, 666]. Just as it is hard to
    factor the product of two large primes, it is also hard to factor the composition
    of two finite automata. This is especially so if one or both of them is nonlinear.
    Much of this research took place in China in the 1980s and was published in
    Chinese. Renji is starting to write in English. His main result was that certain
    nonlinear automata (the quasilinear automata) possess weak inverses if, and
    only if, they have a certain echelon matrix structure. This property disappears
    if they are composed with another automaton (even a linear one). In the
    public-key algorithm, the secret key is an invertible quasilinear automaton and
    a linear automaton, and the corresponding public key can be derived by
    multiplying them out term by term. Data is encrypted by passing it through the
    public automaton, and decrypted by passing it through the inverses of its
    components (in some cases provided they have been set to a suitable initial
    state). This scheme works for both encryption and digital signatures.
    The performance of such systems can be summed up by saying that like
    McEliece’s system, they run much faster than RSA, but require longer keys.
    The keylength thought to give similar security to 512-bit RSA is 2792 bits, and
    to 1024-bit RSA is 4152 bits. For the former case, the system encrypts data at
    20, 869 bytes/sec and decrypts data at 17, 117 bytes/sec, running on a 33 Mhz
    80486.
    Renji has published three algorithms. The first is FAPKC0. This is a weak
    system which uses linear components, and is primarily illustrative. Two
    serious systems, FAPKC1 and FAPKC2, use one linear and one nonlinear
    component each. The latter is more complex, and was developed in order to
    support identity-based operation.
    As for their strength, quite a lot of work has been done on them in China
    (where there are now over 30 institutes publishing cryptography and security
    papers). One can see from the considerable Chinese language literature that the
    problem has been studied.
    One possible attraction of FAPKC1 and FAPKC2 is that they are not
    encumbered by any U.S. patents. Thus, once the Diffie-Hellman patent expires
    in 1997, they will unquestionably be in the public domain.

    You might also like