Translated from Malay to English - www.onlinedoctranslator.com JQMA14(2) 2018, 81-89 Journal of Quality Measurement and Analysis Journal of Quality Measurement and Analysis ESF: A SIMPLE SIMPLE BASED CRYPTOSYSTEM FACTORING PROBLEMS (ESF: An Easy Simple Factoring-based Cryptosystem) EDDIE SHAHRIL ISMAIL, MUHAMMAD ZAFREE ZAHARIDAN & FAIEZA SAMAT ABSTRACT In this paper, a new simple and simple ESF public key cryptosystem based on the factorization problem is introduced. This system is a variation of the famous cryptosystem RSA (Rivest, Shamir, Adleman) which is still practiced today. This new cryptosystem has three main advantages compared to RSA. First, it does not require a very expensive inverse modular operation when generating the secret key. Second, smaller secret key size and value if the public key and modulus in ESF and RSA are set. Third, the size of the hidden message is always smaller if the secret key and modulus in ESF and RSA are fixed. This in turn makes the encryption and decryption process in the ESF cryptosystem more efficient compared to RSA. Keywords: cryptography; RSA; factoring problem ABSTRACT This paper introduces a new easy and simple ESF public key cryptosystem based on factoring problem. It is a variation from the novel RSA (Rivest, Shamir, Adleman) cryptosystem which is until now still practicable. The new proposed cryptosystem possesses three main advantages over RSA. Firstly, it requires no expensive inverse modular operation during secret key generation. Secondly, the size and value of the secret key is smaller if one fixes the public key and modulus in ESF and RSA. Thirdly, the size and value of the ciphertext is always smaller if the secret key and modulus in ESF and RSA are fixed. Hence, the encryption and decryption processes in ESF are more efficient compared to RSA. Keywords: cryptography; RSA; factoring problem 1. Introduction In this paper, a new public key cryptosystem based on the factorization problem is introduced. This cryptosystem is a variation of the famous RSA cryptosystem (Rivestet al. 1978) which is still immune and widely practiced. This new cryptosystem is abbreviated ESF cryptosystem which refers to the English abbreviationEasy Simple Factoring-based Cryptosystem.The ESF cryptosystem has three main advantages compared to the original version of RSA. First, it does not require any modular inversion operations during secret key generation; both, the size of the hidden message (ciphertext) which is smaller and the third, the encryption process (encryption) and decrypt (decryption) which is faster compared to RSA. With this heuristically, the ESF cryptosystem is more efficient than the original version of RSA if developed on any hardware or software platform. Since the creation of RSA, many variant versions have appeared with various claims of their respective advantages (Williams 1980; Fiat 1990; Quisquater & Couvreur 1982; Takagi 1997). This paper only compares the ESF cryptosystem with RSA only because the original version of RSA still has its security and immunity features intact. This paper begins with a description of the RSA cryptosystem and Eddie Shahril Ismail, Muhammad Zafree Zaharidan & Faieza Samat followed by the proposed ESF cryptosystem. After that the efficiency and immunity analysis of ESF will be given and then the comparison with RSA will be done. This paper ends with a discussion and conclusion. 2. RSA cryptosystem The RSA public key system was the first of its kind created in 1978 and solved the problem of key storage by the previous secret key system which was stated by Diffie and Hellman (1976). RSA was developed with its immune core fully dependent on the problem of factoring large compositional integers which has not been solved until now because no researcher has succeeded in finding a polynomial time alkhwarizm even though many efforts have been made in that direction. But the effort did not seriously impact the integrity of the RSA (Montgomery 1994; Peralta & Okamoto 1996; Lenstra 2000). This factorization problem is one of the oldest problems in the field of number theory. Now the Alkhwarizmi RSA is shown. 2.1.System parameters (1) Choose two primespandQ1024-bit in size. (2) Calculate the modulusn-pqand fi-Euler functions-(n) - (p-1)(Q-1). Parametersnand-p,Q,-(n)-are called public parameters and secret parameters respectively. Public parameters will be stored in a public directory for anyone to access while secret parameters need to be stored neatly without public knowledge. 2.2.Key generation (1) Choose a public keye--x:1-x--(n), st-x,-(n)--1-. (2) Compute the secret keyd-e-1mode-(n). The symbol 'pst' denotes the greatest common divisor. Integerecalled public keys and stored in a shared public directorynwhile integersdcalled the secret key and must be carefully kept for the recipient's knowledge only. 2.3.Difficult phase For example a secret messagem--y:1-y-n, ppt-y,n--1-want to send The sender counts c-memoden. Hidden messagecwill be sent directly to the recipient. 2.4.Decryption phase Now the recipient gets the hidden messagecsent. To retrieve the encrypted message, the receiver calculates cd-mmoden. 82 ESF: A simple simple cryptosystem based on the factorization problem Confidential messagemwill be recovered. Proposal 2.1.Consider an RSA system. If all parameters-p,Q,n,-(n)-and key-e,d-is selected and conditionally generated in RSA, then the encrypted message will be recovered in the RSA decryption phase. Proof.Note that, since d-e-1mode-(n) then there exists an integerksuch that de-1-k-(n). Next, cd--m --dm e -m-m-(n)--m-1- 1-k-(n) k k -mmoden whichm-(n)-1 modncoincides with Euler's Theorem (Rosen 2000). - Hastad (1986) in his paper proved that the use of public key exponentsewhich is low along with other conditions will cause confidential messages to be obtained by the enemy. He used lattice theory (Durfee 2002) as the main tool in his proof which is now the basis for the development of post-quantum cryptography today. Wiener (1990) in his article proves the use of secret exponentsd-n0.25 a low one also results in a secret message being easily obtained by the enemy. He used a continued fraction attack (Rosen 2000) by exploiting the mathematical relationship between exponentsebyd. Coppersmithet al. (1996) further introduced a new class of attacks by proving that if there is a polynomial relationship between the secret messages with the exponential condition of the public keyeand the same RSA modulus is used then the secret messages can be calculated algebraically. Coppersmith (1997) also proved with a low RSA exponent, the RSA modulusn-pqcan factored if (1/ 4) log2n-prime bitpknown. Boneh and Durfee (1999) show the limitd-n0.25not strong and prove ifd-n0.292then the system not safe and conjecture that limitd-n0.5can be achieved. Boneh (1999) commented and concluded RSA attacks starting in 1979 and stated that all the attacks can be avoided and are not dangerous if the implementation of RSA is done neatly and carefully. 3. Cryptosystem ESF Introduced the ESF cryptosystem whose construction base relies heavily on the problem of factoring large compositional integers like the original version of RSA. 83 Eddie Shahril Ismail, Muhammad Zafree Zaharidan & Faieza Samat 3.1.System parameters (1) Choose two primespandQ1024-bit in size and assumep-Q. (2) Calculate the modulusn-pq. (3) Find integersrandswhichRsis the simplest form of the fraction (p-1) (Q-1). (4) Calculate-which--s(p-1) -1-r(Q-1) -1. Parametersnand-p,Q,r,s,--are called public parameters and secret parameters respectively. Public parameters will be stored in a public directory for anyone to access while secret parameters need to be stored neatly without public knowledge. 3.2.Key generation (1) Find integersuwhichudivide-. (2) Count integersvwhichuv--. Integerucalled public keys and stored in a shared public directorynwhile integersvcalled the secret key and must be carefully kept for the recipient's knowledge only. 3.3.Difficult phase For example a secret messagem--y:1-y-n, ppt-y,n--1-want to send, then the following process is done: Calculate c-mumoden. Hidden messagecwill be sent directly to the recipient. 3.4.Decryption phase Now the recipient gets the hidden messagecsent. To retrieve the encrypted message, the recipient performs the following process: Compute cv-mmoden. Confidential messagemwill be recovered. Evidence towards validitycv-mmodenis the brainchild of a function that defined by Lin and Chen (1999) and Linet al. (1998) and has been used by Aunet al. (2001) who proposed a development variation of the RSA cryptographic scheme. Proposal 3.1.Consider the ESF system. If all parameters-p,Q,n,r,s,--and keys -u,v-is selected and generated according to the conditions in the ESF, then the encrypted message will be recovered in the decryption phase of the ESF. Proof.Note that, since--s(p-1) -1-r(Q-1) -1 then 84 ESF: A simple simple cryptosystem based on the factorization problem p-1 andQ-1 divide--1. From Fermat's Theorem (Rosen 2000) there exists an integersandrsuch that m--ms(p-1)-1--mp-1-m-1sm-mmodep s and m--mr(Q-1)-1--mQ-1-m-1rm-mmodeQ r whichmdo not dividepandQ. Next becausepandQrelatively prime, then m--mmodepq or equivalent tocv-m--mmodepq-mmoden. 4. Efficiency and Immunity Analysis In both RSA and ESF systems, the only public parameter that can be accessed by civilians or even adversaries is the modulusn-pqand the recipient's public key, ieeandu.As long as there is no a polynomial time algorithm that can factor large integersninto prime divisorspandQ then the secret keydandvstill remains difficult to obtain though with knowledgeeandu,further guaranteeing the integrity and immunity of these two systems. Note that to calculate the secret keydin RSA systems, modular inversion is required. However, it has been known that this operation is very expensive and demands a long period of time to implement. Compared to the ESF system, the secret key calculationvonly requires division operations that are very efficient to implement. However, integer searchesuthat itself needs to be refined. To determine the valueu,one of the ways is to find factors or divisors-. Also note the integersalways odd. Search for divisors-if--fgwhich f,g1024-bit sized primes are bound to be difficult because they revert to problems that intractable factoring by size-is now 2048-bit. However, the modulus--r(Q-1) -1-s( p-1) -1 is only around 1024-bits in size if rqorsp.Hence the divisor-easy to find. In addition,--uv whichu,vis not prime then finding the divisor is not as difficult a problem factorization which is one of the oldest problems in number theory. In the decryption process to recover the original message, the recipient in RSA and Each ESF needs to calculatemedmodenandm-moden.Assumingm,n the same is used in both systems, it can be shown that the calculation in ESF is faster. This is true when--edas shown in the following theorem. 85 Eddie Shahril Ismail, Muhammad Zafree Zaharidan & Faieza Samat Theorem 4.1.Consider the RSA and ESF systems. If-e,d-and-u,v-are each public- secret key pair then uv---ed. Proof.Note that the public-secret key pair in RSA satisfies ed-1-k-(n) -1-k(p-1)(Q-1) whichkpositive integer,n-pqandp,Qprime withp-Qas well as-is the fi-Euler function. The public-secret key pair in the ESF satisfies uv---r(Q-1) -1-s(p-1) -1 whichp,Qprime andRsis the simplest fraction of (p-1) (Q-1). Thus obtained r-p-1 andsQ-1. Next, foundr(Q-1) - (p-1)(Q-1) -k(p-1)(Q-1) becausek a positive integer which in turn givesr(Q-1) -1-k(p-1)(Q-1) -1 and finally obtained that--ed. - Now given a numerical comparison of the product of public key and secret key between RSA and ESF as in Table 1 whenu-e. Table 1: Numerical comparison of public and secret key product between RSA and ESF for some prime number pairspandQ RSA Prime number p Q e d 27449 17389 9178189 357949381 48611 37813 70693897 53441 42073 58237 ESF ed uv-- u v 3285327071251009 9178189 13 119316457 919020673 64969152797932681 70693897 13 919020661 380299 1405205539 534398261276161 380299 739 281040961 3413 2922077 149025941 435465274599457 2922077 17 49675309 59359 3581 44587 106253203 4737511562161 44587 2383 106250821 64453 52919 59 1705335469 70549 3571 281 41976061 28903991 1705335527 49291002724388257 28903991 149381 41976341 6270467794921 149381 Based on Table 1, it is evident that the valueuv--is always smaller than the valueed. In the encryption process, the sender calculatesmemodenandmumodenrespectively in RSA and ESF. From Theorem 4.1, it is obtained thatuv-edand if set u-eorv-dthen obtainedv-doru-e.Mathematically, if this happens then the process of encrypting or decrypting in ESF is faster compared to RSA. Meanwhile the message size is hidden,cdepends on the sizemeormu. Ifme,mu-n then the sizecin ESF is smaller compared to RSA and this true if takenv-dand hence the decryption process in ESF is more efficient compared to RSA. Notice whenv-dthene-u.This gives me-mu,i.e. RSA hidden message size is larger than ESF. The ratio of RSA and ESF hidden message sizes is given by 86 ESF: A simple simple cryptosystem based on the factorization problem me -md mu -1 1-k(p-1)(Q-1)-- -1-k(p1)(Q- 1)-v-1- ---m d -mk(p-1)-r, - --mk(Q-1)-s, d-v-Q-1 d-v-p-1. Therefore the ratio of hidden message size between RSA and ESF is given bymk(p-1)-r:1 ormk(Q-1)-s:1 ifd-Q-1 ord-p-1. Table 2 shows a comparison of the decryption time between the RSA and ESF systems and found that the decryption time of ESF is faster (using the platform Python 3.7 Intel Core i5-6200U 2.3GHz 8GB RAM)from RSA by setting the public key valuee-uin RSA and ESF. Table 2: Numerical comparison of decryption time (in seconds) between RSA and ESF for several pairs Prime numberpandQ p Q Time Time e=u message,m 23154364635423 0.01696 0.01565 0.01396 0.01548 3 decrypt (RSA) decrypt (ESF) 10000002403 99999999947 10000004039 99999999977 54225323643641 536947 99999999769 100000000003 178757776758779 402090 0.01562 0.01544 69999994741 20000000089 69999999997 20000003767 434908456335809 16667059 12423145 55635234 0.01562 0.01495 0.01545 0.01217 29999999993 30000000001 32634708817173109 93565 0.01401 0.01067 451346952449 451346953807 180277939908872862493 0.01411 0.01319 851346952429 571346952353 851346955379 571346954771 224796937887937931 54406223557239248186507 7654 3 3563254232553 0.01496 0.01496 0.01096 0.01181 381346952381 381346957919 8931292883 94762452 0.01302 0.01169 5. Discussion and Conclusion In this study, a new version of RSA named ESF is introduced. The significant difference between ESF and other RSA variations is that ESF is very similar to RSA with the only difference being in the method of generating public and secret keys while other RSA variations are significantly different in the encryption and decryption process. However, the algorithmic structure of the encryption and decryption process in ESF is similar to that in RSA and this is the reason why the comparison of ESF is only done with RSA and not with other RSA variants. The RSA public key and secret key are generated through the relationshiped-1-k(p-1)(Q-1) which p,Qis a 1024-bit prime number andkis an integer. For implementation practically, the prime size must be at least 512-bit so that the adversary's attack strategy always fails. In this equation, only valuesewhich is known to the enemy while the prime valuep,Qcan only be known if there is a polynomial time alkhwarizmi for solve the modulus factorizationn-pq.Cost to find valuedneed surgery modular inversion is expensive when implemented in computer hardware. In ESF, the public key and the secret key are related through an equation uv---r(Q1) -1-s(p-1) -1 whichr,sis an integer withr/s- (p-1) / (Q-1) is in the simplest form of fractions and only valuesuknown to the enemy. To determine the valuev,modular inverse operation is not required but only through decomposition-to its prime factorization only. 87 Eddie Shahril Ismail, Muhammad Zafree Zaharidan & Faieza Samat It is further proved thatuv-ed.If setu-ethen obtainedv-dand this clearly shows the process of decrypting ESF takes less time than RSA while ifv-dthen obtainedu-eand this clearly shows again that the encryption process time of ESF is faster compared to RSA. In this case, size ESF hidden message is also smaller than RSA by a ratio of 1:mk(p-1)-r or 1:mk(Q-1)-s.In conclusion, the ESF scheme is more efficient compared to RSA or in other words ESF is simpler and simpler referring to the key size, the size of the secret message or the hidden message which is much smaller and the encryption or decryption time is shorter. The proposed ESF system can only be extended using two secret keysvand-which is generated through the Diophantine equation,uv-----byu,-is the corresponding public key. The encryption process then produces a hidden message -c -m moden,c -m moden-and the decryption process produces the original message,mthrough 1 u 2 - c1vc-2-mmodenwhichnis the modulus of the ESF system. This expansion has advantages and its shortcomings, among which the key generation will be more efficient but the size of the hidden message will be doubled from the previous system. However, this extension has many other benefits that can be explored as future research. Appreciation The authors express their gratitude to Universiti Kebangsaan Malaysia for their support and grant of research fund GUP-2017-089 for this research. Reference Aun HG, Abu-Hasan Y. & Ismail ES 2001. A multi-RSA cryptosystem.Journal of Technology35(C): 61-70. Boneh D. 1999. Twenty years of attacks on the RSA cryptosystem.Notices of the American Mathematical Society (AMS)46(2): 203-213. Boneh D. & Durfee G. 1999. Cryptanalysis of RSA with private keydless thann0.292.Proceedings Advances in Cryptology-EUROCRYPT'99, LNCS 1592,Springer-Verlag, Berlin, pp. 1-11. Coppersmith D. 1997. Small solutions to polynomial equations and low exponent RSA vulnerabilities.Journal of Cryptology10: 233-260. Coppersmith D., Franklin M., Patarin J. & Reiter M. 1996. Low exponent RSA with related messages. Proceedings Advances in Cryptology-EUROCRYPT'96, LNCS 1070Springer-Verlag, Berlin, pp. 1-9. Diffie W. & Hellman M. 1976. New directions in cryptography.IEEE Transactions on Information Theory22(6): 644-654. Durfee G. 2002. Cryptanalysis of RSA using algebraic and lattice methods. PhD Thesis. Stanford University. Fiat A. 1990. Batch RSA.Proceedings Advances in Cryptology-CRYPT0'89, LNCS 435Springer-Verlag, Berlin, pp. 175-185. Hastad J. 1986. On using RSA with low exponent in a public key network.Proceedings Advances in Cryptology- CRYPTO'85, LNCS 218Springer-Verlag, Berlin, pp. 403-408. Lenstra AK 2000. Integer factoring.Design, Codes and Cryptography19: 101-128. Lin HF & Chen CY 1999. An extended RSA based generalized group oriented signature scheme. Unpublished. Lin HF, Hu CY, Chang CC & Chen CY 1998. Sharing a secret using RSA cryptosystem.Proceedings ICS98 Taipei, pp. 1490-1493. Montgomery PL 1994. A survey of modern integer factorization algorithms.Quarterly7(4): 337-365. Peralta R. & Okamoto E. 1996. Faster factoring of integers of a special form.IEEE Trans. FundamentalsE79-A (4): 489-493. Quisquater J.-J. & Couvreur C. 1982. Fast decipherment algorithm for RSA public-key cryptosystem.Electronics Letters18: 905-907. Rivest RL, Shamir A. & Adleman L. 1978. A method for obtaining digital signatures and public-key cryptosystems.Communications of the ACM21(2): 120-126. Rosen KH 2000.Elementary Number Theory. Ed. the 4th. New York: Addison Wesley Longman. 88 ESF: A simple simple cryptosystem based on the factorization problem Takagi T. 1997. Fast RSA-type cryptosystem usingn-adic expansion.Proceedings Advances in CryptologyCRYPTO'97, LNCS 1294 Springer-Verlag, Berlin, pp. 372-384. Williams HC 1980. A modification of the RSA public-key encryption procedure.IEEE Transactions on Information Theory26(6): 726-729. Wiener MJ 1990. Cryptanalysis of short RSA secret exponents.IEEE Transactions on Information Theory36(3): 553-558. School of Mathematical Sciences Faculty of Science and Technology Universiti Kebangsaan Malaysia 43600 UKM Bangi Selangor DE, MALAYSIA Email: esbi@ukm.edu.my* * Author to contact 89