dissertacao.pdf
dissertacao.pdf
dissertacao.pdf
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
not the case regarding RSA as we have defined it. Knowing two different plain<br />
texts (say, ”YES” and ”NO”) and one cypher text, Marvin can easily find out to<br />
what plain text the cypher text corresponds to by simply encrypting it with the<br />
public key. This means that there is no deterministic public key cryptosystem<br />
that is semantically secure.<br />
Because of these properties, it becomes clear that, prior to encryption, a<br />
random padding scheme should be applied to the plain text.<br />
To sum up, there is some mandatory implementation changes we can state<br />
at this moment:<br />
1. The value φ(N) should be kept secret,<br />
2. We cannot use plain texts m : (m, N) = 1,<br />
3. A prior random padding scheme should always be applied to m before<br />
encryption.<br />
1.8 Variants of RSA<br />
In this section we present some of the variants of RSA that have been created<br />
over the years. Although not analysed in this work, we will present some of<br />
their advantages comparing with the original RSA cryptosystem.<br />
1.8.1 CRT-RSA<br />
The encryption and decryption operations take time linear to the bit size of<br />
the encryption and decryption exponents respectively [20]. One simple vari-<br />
ant of RSA consists of, in the decryption process, using all the information<br />
in the private key < p, q, d, N >, that is, to use also the factors p and q.<br />
Knowing them, Bob can compute two partial decryptions mp ∼ = c e (mod p)<br />
and mq ∼ = c e (mod q) and then combine the results using the Chinese Remain-<br />
der Theorem to obtain the plain text m. This is an usual procedure because it<br />
reduces the decryption costs by a factor of 4 [23]. In the literature it is usually<br />
refered to as CRT-RSA.<br />
18