x - Faculty of Computer Science - Technische Universität Dresden

Faculty of Computer Science - Technische Universität Dresden

secret area plaintext with signature and test result m, s(m) “pass” or “fail” Test M-signature R-signature and K-signatures GMR signature system n,n‘,r � key for testing of signature; publicly known plaintext with signature m, s(m) MSig = F präf(m) -1 (Ri), RSig = F präf(Ri ) -1 (r i), KSig = F präf(ri |�) -1 (r i-1), ... F präf(ri |r 1 ) -1 (r � ) key generation: p,p‘� 3 mod 8 q,q‘� 7 mod 8 r � n:=p�q n‘:=p‘�q‘ p, q p‘, q‘ r � generate tree of references once and for all or for each message one “branch” random number key for signing; kept secret m random number‘ z‘ 207

Key generation 1) Choose two prime numbers p and q at random as well as stochastically independent, with |p| � |q| = l , p � q 2) Calculate n := p • q 3) Choose c with 3 ≤ c < (p-1)(q-1) and gcd(c, (p-1)(q-1)) = 1 �(n) 4) Calculate d using p, q, c as multiplicative inverse of c mod �(n) c • d � 1 (mod �(n)) 5) Publish c and n. En- / decryption RSA - asymmetric cryptosystem R. Rivest, A. Shamir, L. Adleman: A Method for obtaining Digital Signatures and Public-Key Cryptosystems; Communications of the ACM 21/2 (Feb. 1978) 120-126. exponentiation with c respectively d in Z n Proposition: �m� Z n holds: (m c ) d � m c • d � (m d ) c � m (mod n) 208

