by Yernar






Background
Key generation
Encryption
Decryption
Preset Bits
Example

Asymmetric cryptographic technique, whose
security, like that of RSA, is related to the difficulty
of factorization.

Public-key encryption.

January 1979 by Michael O. Rabin.

1. Alice generates two large random and distinct
primes p and q, roughly the same size.

2. Computes n=pq.

3. n is public key, (p,q) is private key.

Bob encrypts a message m for Alice:
1. Obtains Alice’s authentic public key n.
2. Represents the message as an integer m in the
range {0,1,…,n-1}.
3. Computes c = m2 mod n.
4. Sends the ciphertext c to Alice.

To recover plaintext m from c, Alice should do:
1. Given ciphertext c Alice computes 4 square roots
of c mod n using private keys p and q:
a) take 𝑐 mod p = x1 and x2, where x2 = p - x1
b) take 𝑐 mod q = y1 and y2, where y2 = q - y1
c) Get 4 square roots of c (mod n) using Chinese
Remainder Theorem (CRT)
m1= x1*q*(q-1 mod p)+y1*p*(p-1 mod q) (mod n)
m2=-r1 (mod n)
m3=x1*q*(q-1 mod p)-y1*p*(p-1 mod q) (mod n)
m4=-r3 (mod n)
2. The message sent was either m1, m2, m3 or m4.
Alice decides which one of these is m.
Usually done with the help of preset bits.

string of bits added to every message

mechanism to distinguish the “correct” square root

usually appended to the message



Key generation: p=23, q=31, n=713, m=87,
preset bits: “000”
Encryption: 8710= 10101112
m = 10101110002=69610
Bob computes c=m2 mod n = 6962 mod 713 = 289
and sends this to Alice.

Decryption: Alice uses algo for finding square roots
modulo n given its prime factors p and q:
289 mod 23 = x1 = 6, q-1 mod 23 = 3
289 mod 31 = y1 = 14, p-1 mod 31 = 27
m1= x1*q*(q-1 mod p)+y1*p*(p-1 mod q) (mod n) =
6*31*3+14*23*27 mod 713 = 696 = 1010111000
m2=-r1 (mod n) = -696 mod 713 = 17 = 10001
m3=x1*q*(q-1 mod p)-y1*p*(p-1 mod q) (mod n) =
6*31*3-14*23*27 mod 713 = 420 = 110100100
m4=-r3 (mod n) = -420 mod 713 = 293 = 10111


m1=1010111000, m2=10001,
m3=110100100, m4=10111
Only m1 has required redundancy, original message
is m=10101112=8710.





Background
Key generation
Encryption
Decryption
Example


Asymmetric key encryption algorithm by Manuel
Blum and Shafi Goldwasser in 1984.
Probabilistic, semantically secure cryptosystem
with a constant-size ciphertext expansion.



1. Alice selects two large random (and distinct)
primes p, q, each congruent to 3 modulo 4.
2. Computes n=pq – public key.
3. Computes integers a and b, such that ap+bq=1.
(p, q, a, b) – private key.

Bob wants to send message to Alice:
1. Obtains Alice’s authentic public key n.
2. Let k = lg n and h = lg 𝑘 . Represent the
message m as a string m = m1m2…mt of length t,
where each mi is a binary string of length h.


3. Select as a seed x0, a random quadratic residue
modulo n (r 𝜖 𝑍n, x ←r2 mod n)
4. For i from 1 to t do the following:
2
a) compute 𝑥𝑖 = 𝑥𝑖−1
mod n
b) let 𝑝𝑖 be the h least significant bits of 𝑥𝑖
c) compute 𝑐𝑖 = 𝑝𝑖 ⊕ 𝑚𝑖

5. Compute 𝑥𝑡+1 = 𝑥𝑡2 mod n

6. Send the ciphertext c = (c1, c2…ct, xt+1 ) to Alice.

To recover plaintext m from c, Alice should:
1. Compute d1 = ((p + 1)/4)t+1 mod (p - 1)
2. Compute d2 = ((q + 1)/4)t+1 mod (q - 1)
𝑑1
3. Compute u = 𝑥𝑡+1
mod p
𝑑2
4. Compute v = 𝑥𝑡+1
mod q
5. Compute x0 = vap + ubq mod n
6. For i from 1 to t do the following:
2
a) compute xi = 𝑥𝑖−1
mod n.
b) let pi be the h least significant bits of xi.
c) compute xi = 𝑝𝑖 ⊕ 𝑐𝑖



Key generation:
p=499, q=547, n=pq=272953. Alice computes the
integers a=-57 and b=52 satisfying ap+bq=1.
Alice’s public key is n=272953 and private key is
(p,q,a,b)


Encryption: k= lg n =18 and h= lg 𝑘 =4.
Bob represents the message m as a string
m1m2m3m4m5 (t=5) where m1=1001, m2=1100,
m3=0001, m4=0000, m5=1100.


Bob then selects a random quadratic residue
x0=159201 (=3992 mod n), and computes:
i
xi = 𝒙𝟐𝒊−𝟏 mod n
pi
𝒄𝒊 = 𝒑𝒊 ⊕ 𝒎𝒊
1
180539
1011
0010
2
193932
1100
0000
3
245613
1101
1100
4
130286
1110
1110
5
40632
1000
0100
and x6= 𝑥52 mod n = 139680. Bob sends c = (0010,
0000, 1100, 1110, 0100, 139680) to Alice.

Decryption: To decrypt c Alice computes:
d1 = ((p + 1)/4)6 mod (p - 1) = 463
d2 = ((q + 1)/4)6 mod (q - 1) = 337
u = 𝑥6463 mod p = 20
v = 𝑥6337 mod q = 24
x0 = vap + ubq mod n = 159201
Finally, Alice uses x0 to construct the xi and
pi just as Bob did for encryption, and
recovers the plaintext mi by XORing the pi
with the ciphertext blocks ci.
i
xi = 𝒙𝟐𝒊−𝟏 mod n
pi
𝒎𝒊 = 𝒑𝒊 ⊕ 𝒄𝒊
1
180539
1011
1001
2
193932
1100
1100
3
245613
1101
0001
4
130286
1110
0000
5
40632
1000
1100


A. Menezes, P. van Oorschot, S. Vanstone, “Handbook of
Applied Cryptography”, retrieved from
http://cacr.uwaterloo.ca/hac/
M. Blum, S. Goldwasser, “An Efficient Probabilistic Public-Key
Encryption Scheme Which Hides All Partial Information”,
Proceedings of Advances in Cryptology - CRYPTO '84,
pp. 289-299, Springer Verlag, 1985.
1. What are the preset bits?
2. How many possible inputs can generate each output of the Rabin
function?
3. What theorem is used in Rabin cryptosystem to get the square roots
of c (mod n)?
4. True or False. Blum-Goldwasser cryptosystem uses Inclusive or
function when computing the ciphertext.
5. Briefly explain how the keys are generated in Rabin Cryptosystem?
(What is public key and what is private key).
1. String of bits added to every message to distinguish the “correct”
square root.
2. Four.
3. Chinese Remainder Theorem.
4. False.
5. Alice generates two large random and distinct primes p and q,
roughly the same size. Computes n=pq. n is public key, (p,q) is private
key.