MINISTRY OF EDUCATION AND TRAINING MINISTRY OF NATIONAL DEFENCE ACADEMY OF MILITARY SCIENCE AND TECHNOLOGY HOANG THI MAI DEVELOPING SEVERAL DIGITAL SIGNATURE SCHEMES BASED ON THE RABIN C
Trang 1MINISTRY OF EDUCATION AND TRAINING MINISTRY OF NATIONAL DEFENCE
ACADEMY OF MILITARY SCIENCE AND TECHNOLOGY
HOANG THI MAI
DEVELOPING SEVERAL DIGITAL SIGNATURE SCHEMES BASED ON THE RABIN CRYPTOSYSTEM
AND THE RSA CRYPTOSYSTEM
Speciality: Mathematical Foundation for Informatics
Code: 9 46 01 10
SUMMARY OF PhD THESIS IN MATHEMATICS
HA NOI – 2019
Trang 2This thesis has been completed at:
ACADEMY OF MILITARY SCIENCE AND TECHNOLOGY
Scientific Supervisors:
1 Dr Nguyen Huu Mong
2 Dr Ngo Trong Mai
Reviewer 1: Assos Prof Dr Le My Tu
Academy of Cryptography Techniques
Reviewer 2: Assos Prof Dr Nguyen Linh Giang
Hanoi University of Science and Technology
Reviewer 3: Dr Thai Trung Kien
Academy of Military Science and Technology
The thesis was defended in front of the Doctoral Evaluating Council at Academy level held Academy of Military Science and Technology at on
The thesis can be found at:
- Library of Academy of Military Science and Technology
- Vietnam National library
Trang 3INTRODUCTION
1 The necessity of the topic
Recently, the application of digital signature in digital transaction in Vietnam
is in development This great progress is the result of improving infrastructure facilitation and legal corridor On infrastructure facilitation, according to the white paper Information Technology and Media of Vietnam 2017, the fixed bandwidth of Internet subscription in Vietnam is the lowest worldwide at 1/139 countries [1] The number of Internet users was 50 million until 2016 On legal corridor, the digital transaction law validated from 2015 legalized digital transaction, just like those conducted with hard document and ordinary signature
In the field of digital signature, the system of law document is improving, alongside with the increasing number of Certificate Authority After the establishment of National Electronic Authentication Center in 2008, there were 9 enterprises licensed to provide public signature-verifying service to organizations and individuals Although the developing progress is quick recently, but the practicability is great and digital signature plays an indispensable role in digital trade
in Vietnam
In such situation, researching and improving the effectiveness of signature scheme and constructing new scheme is necessary and meaningful academically and practically
2 Research target
− The target of this thesis is to construct a public key system for application using digital trade, such a profile admission of public administration service These activities include information sent from many to one; therefore, authentication
of signature validity in a great deal is required As a result, signature-verifying algorithm consuming little time needs to be applied
− The base for developing new signature schemes in this thesis is RSA cryptosystem and Rabin cryptosystem This thesis proves that the suggested scheme have security and time cot that meet the practicability requirement the target of the thesis
Trang 43 Object and domain of the research
Researching object
− The researching object and domain of the thesis is of security system and basic cryptosystem; scheme that have little verifying cost: RSA, Rabin, DSA, ECDSA,
Researching domain
The thesis focus in problems related to developing signature scheme based on RSA cryptosystem and Rabin cryptosystem
4 Researching content
This thesis focus in researching the signature schemes suggested based on RSA
cryptosystem, of which actually is based on difficult problems of digital theory
Researching results is presented in four publications The main result is:
− Studying basic digital signature system based on difficult problems of digital theory: number factorization problem, discrete logarithm problem, elliptic curve discrete logarithm problem
− Propose signature schemes on developing the Rabin digital signature
− Propose a signature scheme as a combination of RSA and Rabin
5 Researching method
The research will be conducted as followed:
− Referring to scientific publications, books, documents; scientific report of cryptography, especially of digital signature
− Using mathematics tools of digital theory to construct the algorithm for proposed schemes
− Using the theory of algorithm complication to rate the security and time cost of the signature schemes proposed
6 Scientific and practical value
Scientifically, the thesis proposed some new signature schemes on developing the Rabin cryptosystem, as well as combining the RSA cryptosystem and Rabin cryptosystem The new ones improve the blemishes of the old ones, have security guaranteed by the difficult problems of number theory and low time cost of verifying signature
Trang 5Practically, the new signature schemes proposed the thesis can be applied in transaction of “many-one” type of digital signature applications of digital government and digital trade
7 Structure of the thesis
The thesis includes an introduction, 04 chapters, the conclusion and developing strategies, scientific publications and references
CHAPTER 1 OVERVIEW OF DIGITAL SIGNATURE AND
DEVELOPING STRATEGIES 1.1 Digital signature schemes
This part gives some definitions
1.2 Several signatures schemes
Among public signature scheme, with each chosen pair of keys, the calculation
of secret key from public one is guaranteed by a factorization problem These are:
− Factorization Problem, of which difficulty guarantees security for RSA cryptosystem and RSA digital signature
− Discrete Logarithm Problem The difficulty of this problem guarantee security for the public key system and digital signature ElGamal as well as other signature system, such as DSA (Digital Signature Algorithm)
− Elliptic Curve Discrete Logarithm Problem, of which difficulty guarantee the security of crypto
In this chapter, the thesis present four basic signature schemes that directly affect the researching topic of the thesis - RSA scheme, Rabin scheme and Rabin William scheme, DSA scheme and ECDSA scheme
1.3 Time cost of arithmetic operations of Z n
In this chapter, the thesis presents the time cost of several algorithms which
operate arithmetic calculations
1.4 Evaluating the time cost of verifying several signature schemes
This section gives the evaluation of the verifying cost of the RSA scheme, the Rabin scheme and Rabin-William scheme, DSA scheme and ECDSA scheme Finally, the conclusion is given:
Trang 6Clause 1.1 Among the standardized signature schemes with the input parameter
given in table 1.3, the Rabin schemes has the lowest signature-verifying cost
1.5 Practicability and researching strategy of the topic
In section 1.4, clause 1.1, we conclude: “Among the standardized signature
schemes with the input parameter given in table 1.3, the Rabin schemes has the lowest signature-verifying cost.”
The target of this thesis is to develop signature schemes that have small time cost for verifying, which are to be used in digital trade with “many-one” type The conclusion of the researching strategy of the thesis focus in developing the Rabin scheme and RSA scheme with small exponent e
Studying the Rabin scheme, we may realize that since its birth, this scheme have had countless developing researches: extending the usable modulo, developing the signature algorithm, extending the cases of exponent e (e=3),
On extending usable modulo in the Rabin scheme, several publications can be named such as those of L Harn and T Kiesler [14], of Kaoru Kurosawa and Wakaha Ogata [15], of M Ela - M Piva - D Schipani [16], among of which shines the contribution of M Ela, M Piva and D Schipani given in 2013 which construct a Rabin-styled cryptosystem with modulo n as multiplication of two random primes for using Dedekind sum instead of Jacobi symbol
On improving the signature algorithm of the Rabin scheme, William has publicized the Rabin-Williams scheme[4] This scheme only requires a single Jacobi symbol operation in signature algorithm while the Rabin scheme requires four In the publication in 1989, L Harn and T Kiesler [14] combined the square root and Jacobi symbol to develop the signature algorithm in Rabin M Ela - M Piva - D Schipani [16] used Dedekin sum instead of Jacobi symbol in signature algorithm
On extending exponent e, specifically replacing the exponent with 3 instead of
2, there are publications of Williams [17], J H Loxton, David S P Khoo, Gregory
J Bird and Jennifer Seberry in 1992 [18], R Scheidler [19] in 1998,…
On researching the relevant scientific publications, the thesis determines two researching strategies:
Trang 7● The first strategy: improving and developing the Rabin scheme The thesis improve the calculating cost for signing without calculating the value of Jacobi symbol, as well as developing Rabin digital signature with exponent e=3
● The second strategy: Combining the design principle of Rabin and RSA schemes to propose several schemes with small exponent, e=3 particularly With exponent e, the RSA schemes can be divided into three types:
● Type one: signature scheme with modulo n=p.q and 𝑔𝑐𝑑𝑔𝑐𝑑 (𝑒, 𝜙(𝑛)) = 1, which means e is coprime with both (p-1) and (q-1)
● Type 2: signature scheme with modulo n=p.q in which (p-1) and (q-1) are both multiplicities of e
● Type 3: signature scheme with modulo n=p.q and (p-1) is multiplicity of e, while (q-1) is coprime with e
Clearly, the RSA scheme is he first type as exponent e satisfies 𝑔𝑐𝑑(𝑒, 𝜙(𝑛)) =
1 The Rabin scheme is the second type as e=2 is the divisor of both (p-1) and (q-1) The thesis proposes new schemes of type 2 and 3 above in case of small exponent
e In chapter 2, the thesis propose a type-2 scheme, in which both (p-1) and (q-1) are multiplicities of either e=2 or e=3 In chapter 3, the thesis propose a type-3 scheme,
a combination of Rabin and RSA, which means e satisfies (p-1) being the
multiplicity of e, while (q-1) is coprime with e=3 particularly
of RSA and Rabin cryptosystem
Trang 8CHAPTER 2 IMPROVEMENT AND DEVELOPMENT OF RABIN
SIGNATURE SCHEME 2.1 Introduction
In this chapter, the thesis proposed two signature schemes improved from the Rabin and a scheme developed from the Rabin scheme with e=3 The first improved scheme, denoted as RW0, improves signing algorithm without calculating Jacobi symbol The second improved scheme, denoted as R0, is a brand-new scheme, in which the modulo are used half as much as the Rabin scheme with verifying cost no higher than the original, while signing algorithm is without calculating Jacobi symbol The scheme developed from the Rabin, denoted as PCRS, has exponent e=3 and e is divisor of both p-1 and q-1 This scheme has verifying algorithm which requires a single modulo cubic exponentiation and signing algorithm is without calculating Jacobi symbol
𝑑𝑝 = 2𝑝+14 mod p và 𝑑𝑞 = 2𝑞+14 mod q (2.23)
Secret key is (n, p, q, c, d) and public key is n
Hash Function: Hash: {0,1} ∞ → {0,1}ℎ
Trang 9Function of message format f: {𝟎, 𝟏}𝒌{𝟎, 𝟏}𝒉 𝒁𝒏∗: ∀ R ∈ {𝟎, 𝟏}𝒌 and H ∈
{𝟎, 𝟏}𝒉:
𝑓(𝑅, 𝐻) = 𝐶𝑜𝑑𝑒(𝐻) + 𝐶𝑜𝑑𝑒(𝐻𝑎𝑠ℎ(𝑅||𝐻)) 2ℎ + 𝐶𝑜𝑑𝑒(𝑅) 22ℎ + 2⌈𝑙𝑜𝑔2 𝑛⌉−1 (2.24) with
k + 2.h < 𝑙𝑜𝑔2𝑛 −8 (2.25) and
𝐶𝑜𝑑𝑒(𝑥0𝑥1… 𝑥𝑡−1) = 𝑥02𝑡−1+ 𝑥12𝑡−2 + ⋯ + 𝑥𝑡−1 (2.26)
b) RW0 signing algorithm:
Algorithm 2.3 – Signing Algorithm RW0
INPUT: m, (n, p, q, c, d):
m ∈{0,1} ∞is the message to be signed
(n, p, q, c, d) is the signer's secret key
OUTPUT: (R,s) ∈ {0,1}𝑘 × 𝑍𝑛∗ with 0 ≤ s < n/2 is signature of the holder (n, p,
Trang 10OUTPUT: Accept ∈ {0,1} only accept the validity of the signature (R,s) if
and only if Accept = 1.
2.3.2 The correctness of the RW0 signature scheme
Result 2.1 Integer n = p.q with p, q are two primes
(1.a) Then for each value x ∈𝑍𝑛∗ is corresponding only to pair (𝑥𝑝, 𝑥𝑞) ∈
𝑍𝑝∗ × 𝑍𝑞∗ with:
𝑥𝑝= x mod p and 𝑥𝑞= x mod q (2.27)
Moreover, according to the Garner algorithm [11, p 88] x also can be
calculated from (𝑥𝑝, 𝑥𝑞) by the following formula:
x = (q.( 𝑞−1 mod p).( 𝑥𝑝 − 𝑥𝑞) + 𝑥𝑞) mod n (2.28)
So, x = (𝑥𝑝, 𝑥𝑞)
(1.b) If x = (𝑥𝑝, 𝑥𝑞) and y = (𝑦𝑝, 𝑦𝑞) then we have the following equation:
x.y mod n = (𝑥𝑝𝑦𝑝 𝑚𝑜𝑑 𝑝, 𝑥𝑞𝑦𝑞 𝑚𝑜𝑑 𝑞) (2.29) With the above results, we get the following lemma
Lemma 2.3 Give the number blum n = pq With v ∈𝑍𝑛∗, denoted as:
s = (q.( 𝑞−1 mod p).( 𝑠𝑝 − 𝑠𝑞) + 𝑠𝑞) mod n (2.30) with
𝑠𝑝 = 𝑣𝑝+14 mod p and 𝑠𝑞 = 𝑣𝑞+14 mod q (2.31)
We have
𝑠2𝑚𝑜𝑑 𝑛 ∈ {𝑣, 𝑛 – 𝑣} if and only if (𝑣𝑛)= 1 (2.32)
Proof: This proof is presented on the thesis
Clause 2.1 The RW0 scheme is correct
Proof: This proof is presented on the thesis
Trang 112.3.3 The effectiveness of the RW0 scheme
Corollary 2.1 The cost of the RW and RW0 signature algorithms are denoted as
𝑇𝑅𝑊 and 𝑇𝑅𝑊0; 𝑡𝐽 and 𝑡𝑚 are the time to perform the calculation of Jacobi symbol and multiplication on 𝑍𝑛∗ then:
𝑇𝑅𝑊− 𝑇𝑅𝑊0 = 𝑡𝐽 − 2𝑡𝑚 (2.33)
The effectiveness of RW0 scheme compared to some other schemes
Conclusion: "The time cost of the RW0 signature scheme is less than the
improvement scheme of Kaoru Kurosawa and Wakaha Ogata which is 0.16 time of multiplication on 𝑍𝑛∗"
2.4 R0 Signature Scheme
2.4.1 R0 signature scheme
a) Systematic parameters:
Integer n = p.q with p, q ≡ 3 (mod 4) are two primes
b is the smallest integer so that:
(𝑏𝑛)= −1 (2.34)
c is calculated by the following formula (similar to the RW scheme):
c = 𝑞 (𝑞−1 mod p) (2.35) Also, there is parameter d determined by the following formula:
d = (c.( 𝑑𝑝 − 𝑑𝑞) + 𝑑𝑞) mod n (2.36) with
𝑑𝑝 = 𝑏𝑝+14 mod p and 𝑑𝑞 = 𝑏𝑞+14 mod q (2.37)
The secret key kept by the signer is the set (n, p, q, c, d) and the public key for the signature authenticator is (n, b)
Hash function and f message format function are the same as RW0
b) R0 signing algorithm:
Algorithm 2.5 – R0 Signing Algorithm
INPUT: m, (n, p, q, c, d) with:
𝑚 ∈ {0,1}∞is the message to be signed
(n, p, q, c, d) is the signer's secret key
Trang 12OUTPUT: (𝑅, 𝑠) ∈ {0,1}𝑘 × 𝑍𝑛∗ sao cho 0 ≤ s < n/2 is signature of the holder
𝑚 ∈ {0,1}∞is the message to be signed
(R,s) is the signature onto m
(n,b) is the signer’s public key
OUTPUT: Accept ∈ {0,1} only accept the validity of the signature (R,s) if
and only if Accept = 1.
Trang 132.4.2 The correctness of the R0 signature scheme
Clause 2.2 R0 scheme is correct
Proof: This proof is presented on the thesis
2.4.3 Security of R0 signature scheme
The security of R0 is presented on the thesis
2.4.4 The effectiveness of the R0 scheme
The effectiveness of R0 compared to Rabin scheme
Compare two signature algorithms: Analysis and comparison of two signature
algorithms are presented in detail on the thesis
that of R0 scheme
Compare two signature verifying algorithms: Analysis and comparison of two
signature verifying algorithms are presented in detail on the thesis
R0 scheme is approximately the same
The effectiveness of R0 scheme compared to some other schemes
In this section, the thesis compares R0 with some general determinations style schemes (with parameters p, q ≡ 3 (mod 4)), which is typically the best of L Harn and T Kiesler [14]
Rabin-2.5 PCRS Signature Scheme
2.5.1 PCRS signature scheme
Similar to the Rabin signature scheme, in the direction of expanding parameter e
= 3, the PCRS scheme which is presented in this section has parameters p and q satisfying 𝑝 ≡ 𝑞 ≡ 1 (𝑚𝑜𝑑 3) On improving Rabin scheme, PCRS has a verifying signature algorithm which only needs a power exponent of three modulo n
a) Systematic parameters:
Systematic parameters for signature schemes includes:
− Integer n = p.q with p, q are two primes so that:
p = 3.t + 1 with gcd(t,3) = 1 (2.38)