# LUC Public-Key Cryptosystem anc Digital Signature

Document Sample

```					   r

LUG Public-Key        Grvptosvstem    & Diaital Sianature

9.1 ISO Entry Name

is ~ sbO-f"\j(S.("J'lc;,q

9.2 Proprietary Entry Name

anc
LUC Public-KeyCryptosystem Digital Signature

9.3 Intended Range of Applications

a)      confidentiality
b)      authentication
c)      dataintegrity
d)      digital signatures
e)      digital envelopes
f)      ElectronicData Interchange(ED!)

9.4 Cryptographic Interface Parameters

These are discussed in the accompanying document "LUC Encryption Standard".

9.5 Test Words

Two examplesof encryption/decryption are given. It should be noted that making and
verifying a LUC digital signature is the same as below, except that the decryption stage
is done before the encryption.

=                                             to
Let N = pq = 1949x2089 4071461and let P = 11111be the message encryptand
decrypt.The public keyswill be e andN; the particular private key for 11111hasfour
possiblevalues:d1, d2, d3, & d4.

First, calculate the Lehmer totient function ofF with respect to N. To do this we need
to calculate the Legendre function (as explained in books on elementary number
theory) ofp and q with respect to D (= p2 -4). This also takes four values,
depending on the message.

Let D = p2 -4; then (D/1949) = -1 and (D/2089) = -1 are the two Legendre values.
Hence the Lehmer totient is the Least Common Multiple of(1949 + 1) and (2089 + 1).

(D/1949)       (D/2089)       Lehmer totient value(r)

+              +1             LCM(1949-1, 2089-1)

{
,'fj;~:
+1             -1
LCM(1949':'1,2089+1)
-1            +1               LCM(1949+1,2089-1)
-1             -1              LCM(1949+1,2089+1)
Choosing e = 1103 for our public key, we use the Extended Euclidean Algorithm (see
Knuth's book) to find the secret key d, to solve the modular equation ed = 1 modulo r.
d turns out to equal 24017. To encrypt the message11111, we make the calculation:

VIIO3(11111,I)     mod N = 3975392

To decrypt(or decipher)the encrypted       we
message, calculate:

V24017(3975392,1)     mod N ==11111

For a second example, let message= P = 22222. D = p2 -4 = 1170499 mod 4071461
Now calculate the Legendres ofD with respectto p & q: (D/1949) = -+ I; (D/2089) =
-I. This means that the Lehmer totient to choose is the second in the above list, =
LCM(1948, 2090) = 2035660. As above, we solve the modular equation ed ==        1
modulo r. d turns out to equal 55367.
To encrypt 22222, calculate VI 103(22222,1) mod N ==3055262.
To decrypt, calculate V 55367(3055262,.1)mod N ==22222.

StandardsNew Zealand
PrivateBag 2439
Wellington6020
New Zealand

9.7 Dates of Registration and Modifications

9.8 Whether the Subject of a National Standard

9.9 Patent Licence      Restrictions

LUC is the subject of U.S. Patent Application #07/953,832 "Cryptographic
Communication Method and Apparatus" in the name of Peter John smith; and of New
Zealand Patent Application 240019 "Cryptographic Communication method and
Apparatus".

9.10 References

Referencesare contained in the second section of the accompanying document "LUC
Encryption Standard". .

9.11 Description of Algorithm
,

..

in
The LUC algorithmis described the accompanying document "LUC Encryption
Standard".

9.12 Modes of Operation

in
The modesof operatio~ofLUC are described the accompanying document "LUC
Encryption Standard".

9.13 Other Information

Unsure of what to put here: one could write a book.
LUC Encryption Standard

Ltd.
LUC Encryption Technology,
25 LawrenceSt, Herne Bay,
Auckland,NewZealand

..Version1.0

1. Scope

This standard        a                       (or
describes methodfor enciphering encrypting-the wordsare used
data                                       (or
interchangeably) usingthe LUC public-keycryptosystem cipher)[1]. The primary
althoughit canalso
usesofLUC will beto makeeitherdigital signaturesor digital envelopes,
shortmessages.
be usedto encipher

the          (or        is           to
For long digital signatures, message content) first hashed a smaller
string with a one-way hashing(message-digesting)  algorithm(suchas MD5 [2]).
The hashed  message  stringis then encrypted                secretLUC key.
with the sender's
is               to           to
The signature thenappended the message give a digital signature.

the         is           with a fast symmetriccipher
For digital envelopes, message first enciphered
(suchas DEA or mEAL), the symmetriccipher'skey is encrypted with the LUC
message keycomprise digital
public keyof the receiver.The enciphered     and              the
envelope.

also          a
This document describes syntaxfor LUC public and privatekeys.The public key synta.x
is the sameas that in X.509 [3].

2. References

[1]    P. J. Smith, M. J. J. Lennon, "LUC: ANew Public Key System", IFIP/Sec '93,
Proceedingsof the Ninth IFIP International Symposium on Computer Security,
Ontario, Canada, May 1993, Elsevier Science Publications, Netherlands, pp 97-111

[2]                                                 Message
RSA Data Security,mc. PKCS #7: Cry.Dtographic             Standard,
S;,'ntax       version
1.4,June1991.

[3]                         X
CCITf. Recommendations 509: Thedirectory-AuthenticationFramework.1988

[4]                         X
CCI1T. Recommendation 208: Specification ofAbstract SyntaxNotation One
(ASNI). 1988.

[5]                           X                                       for
CCI1T. Recommendation 209: Specification ofBasic EncodingRules Abstract
SyntaxNotation One (ASN]). 1988.
LUC ENCRYPTION STANDARD Version 1.0                                                         2

3. Definitions

of
For the purposes this standardtherearethe following definitions.

Algori thmldentifier:       A type that identifiesan algorithm(by object identifier)and
parameters, laid out in X.509 [3].
any associated         as

ASN.l: Abstract SyntaxNotationOne,as definedin X.208 [4].

BER: Basic EncodingRules for ASN.l, as laid out in X.209 [5].

as
modulus: Integerconstructed the productof two prime numbers.

private key: Modulusand four private subscripts.

public key: Modulusandpublic subscript.

4. Symbolsand abbreviations

Upper-case italic symbols(e.g.LUC) denote   octetstringsand bit strings(in the caseof the
5);
signature lower-case   italic symbols(e.g. b) denoteintegers.

ab                                octetvalue

BT                       block type

D                       data

block
enciphering

data
enciphered

M                       message

~-.~       --

s                       signature (a bit string)

subscript(private or public)

dl, d2, d3, d4          private subscripts

e                       public subscript

k                        length of modulusin octets

n                       modulus

prime factors of modulus

x                                          block
integerenciphennent
LUC ENCRYPTION STANDARD Version1.0                                                          3

y                                       data
integerenciphered

moon                                        modulon
arithmeticComputation

of
concatenation octetstrings X andY

lengthin octetsof octet string X

5. General overview

(6                                      key
The following four sections through9) specifyLUC key generation, syntax,the
enciphering         and
process, the deciphering                             and
a
generate pair of matchingpublic andprivate keys.The enciphering  processshall be donewith
onekey andthe deciphering                                     can
donewith the other.The enciphering be donewith eitherof the
is
keysas longas deciphering donewith the other. In otherwords,LUC is symmetricwith
to           and
respect enciphering deciphering                                 inverseof the other. Both
sinceoneis the mathematical
processes  transfonnan octetstringto anotlleroctetstring.

6. Key generation

Eachentity shall selectan odd positive integere as its public exponent.

Privatelyeachshall selecttwo differentodd prime numbersp and q suchthat (p-l) ande shall
haveno commondivisor apart from 1, and suchthat (q-l) and e shall haveno commondivisor
apartfrom 1.

The public modulusn shall be the product of the privateprime numbersp andq.

n=pq
The private subscripts,dl, d2, d3, and d4 are calculatedin the following InaIUler:

dl = e-1 mod (LCM(p -1), (q -1»

d2 = e-l m~~~M(P.-l),       (q + 1»

d3 = e-1 mod (LCM(p + I), (q -I»

d4 = e-l mod (LCM(p + 1), (q + 1»

the         multiple of a and b.
whereLCM(a,b) denotes leastcommon

The lengthof the modulusn in octetsis the integerk satisfying

28(k-l) ~n < 28k

the
For this standard, lengthk of the modulusmustbe at leasttwelve octets.

Notes.
LUC ENCRYPnON STANDARD Version1.0

1.           The public subscript, e, may, be standardised in specific applications. The
Fennat primes 3, 5, 17, 257,1and 65537 are commonly chosenbecause they
minimise the amount of calculation.

2.           Additional conditions on the choice of primes should be taken into account.
Neither of(p + 1) and (p -1) nor (q + 1) and (q -1) should be made up of
small prime numbers. As well as guarding against various methods of
factorisation, this constraint tends to maximise the messagespace.

7. Key syntax

This sectiongivesthe syntaxfor LUC public andprivate keys.

syntax
7.1 Public-key

A LUC public key shall haveASN.I typeLUCPublicKey:

LUCPublicKey     ::= SEQUENCE{
modulus INTEGER, --n
publicSubscript     INTEGER --e                 }

The fields of type LUCPublicKey         havethe following meanings:

modul us is the modulusn

publicSubscript                                   e.
is the public exponent

syntax
7.2 Private-key

A LUC private key shallhaveASN.l type LUCPrivateKey:

LUCPrivateKey        ::= SEQUENCE{
version      Version,
modulus INTEGER, --n
publicSubscript          INTEGER, --e
privateSubscriptl          INTEGER, --dl
privateSubscript2           INTEGE~j ---d2
privateSubscript3          INTEGER, --d3
privatesubscript4          INTEGER, --d4
primel    INTEGER, --P
prime2 INTEGER, --q
coefficientl         INTEGER, --qi      (inverse               of q mod p)
coefficient2          INTEGER --pi    (inverse                of p mod q)

Version       ::=     INTEGER

The fields of LUCPri vateKey         have the following meanings:

version is the versionnumber,whichis set at 0 for this versionof the LUC
Standard.

modulus is themodulusn.

publicsubscript          is the public subscript e.
,~~-"            000.,3
LUC ENCRYPTION STANDARD Version 1.0                                                           5

pr i va teSubs cript    1 is the private subscriptdl.

pri vateSubscript2                               d2.
is the private subscript

pri vateSubscript3                               d3.
is the private subscript

pri vateSubscript4        is the private subscript d4.

primel   is the prime factor p ofn.

primel   is the prime factor p ofn.

coefficient!      is the Chinese        Theoremcoefficientqi, the multiplicative
Remainder
inverseof q modp.                .

coefficient2      is the Chinese        Theoremcoefficientpi, the multiplicative
Remainder
inverseof p mod q.

Note.

the
As far as the LUC algorithmis concerned. only valuesneeded thefor
dl,
privatekey arethe modulusn andthe four private subscripts d2, d3, and
d4. The additionalvalues-p, q, qi, andpi -can beusedto makethe deciphering
processmoreefficient.Given only the modulusn, the four private subscriptsdl, d2,
d3, and d4, andthe public subscripte,theseadditionalvaluescan be derived.

process
8. Enciphering

the             method.
This sectiondescribes LUC enciphering

is
Enciphering donein four steps:enciphering    block formatting, octet-stringto integer
conversion,                    and
LUC computation, finally, integerto octet-stringconversion.      The input to thew
enciphering processshall bethe octet stringD,the data; and integern, the modulus;and an
the
integerc, the subscript.For a public-keyoperation, integerc shall be the entity'spublic
if
subscripte; for a private-keyoperation, shalfbe one of dl, d2, d3, or d4, the entity's private
subscripts.The output from the enciphering process shall be an octet string ED, the enciphered
data.

8.1 Enciphering block formatting

into
A block type BT, a paddingstringPS,andthe dataD shallbe forn1atted an octet string
EB, the encryptionblock.

(1)

block. It
The block type BT shallbe a singleoctetindicatingthe structureof the enciphering
hasvalue 00, 01 or 02. For a private-key  operation,the block type shallbe 00 or 01. For
a public-keyoperation,it shallbe 02.

The padding string PS shall be made up of k -3 -IIDII octets. For block type 00, the octets
for
shall have value OO~ block type 01 they shall have value FF~ and for block type 02 they
LUC ENCRYPll0N STANDARD Version 1.0                                                                6

block EB equalto
shouldbe random,non-zerovalues.This makesthe lengthof the enciphering
k.

Notes.

1      For block type 00, the data D mustbeginwith a non-zero octet or elsebe of
known lengthso that the encipheringblockcan beparsed  unambiguously.   For
block types Oland 02, the enciphering blockcanbe parsedunambiguously
no
from the dataD by an octetwith value 00.
string is separated

2.                                 for
Block type 01 is recommended private-keyoperations.  Block type 01 bas
that          of
the characteristic the magnitude the integerinputto the LUC
is                  certaincryptanalyticattacks.
computation large, which prevents

3                                         that
For blocktype 02, it is recommended the random,non-zerooctetsbe
generated                for
independently eachenciphering           especiallyif the same
operation,
operation.
datais input to more thanone enciphering

8.2 Octet string to integer conversion

The enciphering block EB shall be converted to an integer x, the integer enciphering block. Let
EB],..., EBk be the k octets of EB. Then x should satisfy the following equality:

k

x=L28(k-j)EBj                             (2)
j=1
the
Consequently. first octetof EB is the most significantin the integerandthe last octetof EB
is the leastsignificant.

Note.

The integer enciphering block x satisfies the inequalities 0 ~ x < n, since EB 1
= 00 and 28(k -1) ~ n.

8.3 LUC computation

The integer enciphering block x shall give the integer y by calculating the cth Lucas function
modulo n.

y = Vc(x,l) mod n, 0 ~y < n

This is the canonicalLUC computation.

8.4 Integer to octet string conversion

The integer enciphered data y shall be converted to an octet string ED of length k. The
encrypted data shall satisfy

k
ED
Y = L 28(k-j) j                           (3)
j=1
LUC ENCRYPTION STANDARD Version 1.0                                                                 7

whereEDl,"" EDk are the octetsof ED from mostsignificantto leastsignificant.

9. Decipheringprocess

the             process.
This sectiondescribes LUC deciphering

is
Deciphering madeup of four steps:octet stringto integerconversion,    LUC computation,
and
integerto octet string conversion, enciphering                 The inputto the deciphering
block parsing.
process                                           data;an integern, the modulus;andan
shall be an octet string ED, the enciphered
integerc, the subscript.

For a public-key operation, the integer c shall be an entity's public subscript e; for a private-
-4)
key operation, it shall be chosen by the following process: If <-v2 is a quadratic residue of .
prime p and a quadratic residue of prime q then the deciphering subscript is dl; if <-v2 -4) is a
quadratic residue of .{'rime p and a quadratic non-residue of prime q then the deciphering
subscript is d2; if (y.L -4) is a quadratic non-residue of prime p and a quadratic residue of
-4)
prime q then the deciphering subscript is d3; and if <-v2 is a quadratic non-residue of prime
p and a quadratic non-residue of prime q then the deciphering subscript is d4.

processshallbe an octetstring D, the data.
The output from the deciphering

9.1 Octet string to integer conversion

dataED shallbe converted an integer the integer
The enciphered                      to         y,                   data,
enciphered
to
according Equation(3).

9.2 LUC computation

data y shallgive the integerx by calculating cth Lucas function
The integerenciphered                                          the
modulon.

x = Vc(Y,I) mod n, 0 ~x < n

This is the canonicalLUC computation.

9.3 Integer to octet string conversion

to
The integerencryptionblock x shall be converted an octetstring EB of length k, the
encryptionblock, accordingto Equation(2).

9.4 Encryption block parsing

The encryptionblock EB shallbe parsedinto a blocktype BT, a paddingstring PS,andthe
to

It is an error if any of the following conditio~ occurs:

The encryptionblock EB cannotbe parsedunambiguously;

with the
The paddingstring PS consistsof fewerthan eightoctets,or is inconsistent
block type BT: or
00°3
LUC ENCRYPTION STANDARD Version1.0                                                   8

The deciphering         is                    and
process a public-keyoperation the blocktype BT is not a a or
process a private-keyoperation the blocktype is not 02
a 1, or the deciphering     is                      and

```
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
 views: 26 posted: 6/7/2010 language: Italian pages: 11
How are you planning on using Docstoc?