1 / 21

Paillier cryptosystem

Paillier cryptosystem. By: Amir Zhumatov Yelnar Tulepbergenov. Agenda. Overview DCRA Key Components Description Encryption/Decryption Properties Profiling Demo What we learned Future work. Overview. Was invented in 1999 by French mathematician Pascal Paillier

marilu
Télécharger la présentation

Paillier cryptosystem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Paillier cryptosystem By: Amir Zhumatov Yelnar Tulepbergenov

  2. Agenda • Overview • DCRA • Key Components • Description • Encryption/Decryption • Properties • Profiling • Demo • What we learned • Future work

  3. Overview Was invented in 1999 by French mathematician Pascal Paillier This primitive is asymmetric, public – key cryptography Cryptosystem is based on decisional composite residuosity assumption (DCRA) Additive homomorphic primitive

  4. DCRA -Decisional Composite Residuosity Assumption: Given a composite n (n = p × q for primes p and q) and an integer z, it is hard to decide whether z is a n - residue modulo n2 or not. It is hard to find out whether there exists y such that z = ynmod n2.

  5. Key components: Set n = p×q, p and q are primes Φ(n) = (p-1)(q-1) – Euler’s Totient λ(n) = lcm(p-1, q-1) – Carmichael’s function

  6. Description (cont.) Take 2 large primes: p and q randomly and independently of each other. p and q must satisfy condition gcd ( p × q , (p − 1)(q − 1) ) = 1. Compute n = p × q and λ = lcm ( p -1, q -1); Select random integer g where Ensure n divides the order of g. Check the existence of the μ – the modular multiplicative inverse :

  7. Description (Cont.) • Modular multiplicative inverse of an integer a module m is some integer x such that . • This is equivalent to • For our function

  8. Encryption/ Decryption

  9. Properties The scheme is an additive homomorphic cryptosystem. Given the public-key and the encryption of messages m1 and m2, one can compute the encryption of m1 + m2.

  10. Digital Signatures

  11. Reaching Almost Auadratic Decryption Complexity

  12. Design One class: PaillierCrypto public PaillierCrypto() public long getLambda() public BigInteger getRandomG( long num ) public BigInteger getRandomR( long num ) public void generatePrimes() public long gcdSimple (long ax, long bx) public long lcmSimple( long ax, long bx ) public BigInteger getL( BigInteger arg, long n ) public BigInteger ModuloExp( BigInteger num, BigInteger deg, BigInteger mod ) public BigInteger encrypt( int message ) public BigInteger decrypt(BigInteger cipher)

  13. Profiling Original java -Xint -Xprof TimePaillier PaillierCrypto 20000 143917 msec encryption + overhead 1 msec overhead 143916 msec encryption 20000 repetitions 7.20e-03 sec/encryption java -Xint TimePaillier PaillierCrypto 20000 152154 msec encryption + overhead 1 msec overhead 152153 msec encryption 20000 repetitions 7.61e-03 sec/encryption java -Xint TimePaillier –Xprof PaillierCrypto 20000 55.8% 0 + 8024 java.io.FileOutputStream.open 13.3% 0 + 1913 java.io.FileInputStream.open 12.1% 1742 + 0 PaillierCrypto.gcdSimple

  14. Profiling • public long gcdSimple (long ax, long bx){ • long large = Math.max(ax, bx); • long small = Math.min(ax, bx); • long division = 0; • long result=1; • long quo; • while (true){ • division++; • quo = small/division; • if (quo < division) • break; • if ( ((large%quo) == 0) && ((small%quo) == 0) ) • return quo; • if ( ((large%division) == 0) && ((small%division) == 0) ) • result = division; • } • return result; • } • Complexity Time – O(small)

  15. Profiling Redesign • public long gcdEuclidian(long ax, long bx){ • long a = ax; • long b = bx; • while ( b != 0 ){ • long t = b; • b = a % b; • a = t; • } • return a; • } • Complexity time: O(log b)

  16. Profiling Redesigned Program java -Xint TimePaillier PaillierCryptoV2 20000 97752 msec encryption + overhead 1 msec overhead 97751 msec encryption 20000 repetitions 4.89e-03 sec/encryption java -Xint -Xprof TimePaillier PaillierCryptoV2 20000 116919 msec encryption + overhead 1 msec overhead 116918 msec encryption 20000 repetitions 5.85e-03 sec/encryption

  17. Summary of Profiling and Redesigning

  18. Demo

  19. What we learned Paillier’s cryptosystem Implementation of public key cryptosystems Algorithm manipulation and comparison Profiling Identify weakness of the program Use different measurements: JIT on/off

  20. Future work Separate one class into several classes Generate keys Keep the private key Pass the public key for encryption GUI Re-implement the algorithm for decryption as Paillier described in his paper to reach almost quadratic complexity to decrease the runtime Digital signature Compare to other Public – Key systems: RSA, Okamoto- Uchiyama cryptosystem and Damgård-Jurik cryptosystem

  21. References • 1. Paillier, Pascal. "Public-Key Cryptosystems Based on Composite Degree Residuosity Classes." Advances in Cryptology. 99. Web. 20 Oct. 09. <http://www.gemplus.com/smart/rd/publications/pdf/Pai99pai.pdf>. • 2. Paillier, Pascal. "Cryptographie A Cle Publique Basee Sur La Resudiosite De Degree Composite." N. pag. PhD thesis. Gemplus Research Publications, 31 May 2001. Web. 10 Oct. 2009. <http://www.gemplus.com/smart/rd/publications/pdf/Pai99phd.pdf>. • 3. Paillier, Pascal, and David Pointcheval. "Efficient Public-Key Cryptosystems Provably Secure Against Active Adversaries." N. pag. Gemplus Research Publications, R & D activities. Gemplus Card International, Cryptography Departme, 1999. Web. 10 Oct. 2009. <http://www.gemplus.com/smart/rd/publications/pdf/PP99cca2.pdf>. • 4. Pascal, Paillier. CryptoBytes 1st ser. 5 (2002): 20-25. RSA Laboratories. Winter 2002. Web. 10 Oct. 2009. <http://www.rsa.com/rsalabs/cryptobytes/CryptoBytes_January_2002_final.pdf>.

More Related