Texts in Theoretical Computer Science An EATCS Series Editors: W. Brauer G. Rozenberg A. Salomaa Advisory Board: G. Ausiello M. Broy S. Even J. Hartmanis N. Jones T. Leighton M. Nivat C. Papadimitriou D. Scott
Springer-Verlag Berlin Heidelberg GmbH
Arto Salomaa Public-Key Cryptography Second, Enlarged Edition With 22 Figures 'Springer
Author Prof. Dr. Arto Salomaa Data City Turku Centre for Computer Studies FIN-20520 Turku, Finland Series Editors Prof. Dr. Wilfried Brauer Institut fiir Informatik, Technische Universitat Mtinchen Arcisstrasse 21, D-80333 Mtinchen, Germany Prof. Dr. Grzegorz Rozenberg Institute of Applied Mathematics and Computer Science University of Leiden, Niels-Bohr-Weg 1, P.O. Box 9512 2300 RA Leiden, The Netherlands Prof. Dr. Arto Salomaa (see above) Library of Congress Cataloging-in-Publication Data Sa l omaa. Arto. Public-key cryptography 1 Arto Salomaa. --2nd. enl. ed. p. em. -- <Texts in theoretical computer science) Includes bibliographical references and index. ISBN 978-3-642-08254-2 ISBN 978-3-662-03269-5 (ebook) DOI 10.1007/978-3-662-032695 1. Computers--Access control. 2. Crypt ography. I. Title. II. Ser i es. QA76.9.A25S26 1996 005.8"2--dc20 96-31537 CIP This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer-Verlag Berlin Heidelberg GmbH. Violations are liable for prosecution under the German Copyright Law. Springer-Verlag Berlin Heidelberg 1990, 1996 Originally published by Springer-Verlag Berlin Heidelberg New York in 1996 Softcover reprint of the hardcover 2nd edition 1996 The use of registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and therefore free for general use. Cover Design: design & production GmbH Heidelberg SPIN: 10849286 45/3111-5 4 3 2 - Printed on acid-free paper
To the Memory of My Sister Sirkka Salomaa 1919-1989
Preface to the Second, Enlarged Edition There has been considerable progress on many fronts during the past five years. However, the main parts of the book remain unaffected by these developments. Of the wealth of new topics possible, I have chosen some aspects of cryptographic protocols: elections over a computer network and protocols without computers. Furthermore, the references have been updated and errors and inaccuracies, most of which were brought to my attention by Jukka Koskinen and Lucian Ilie, have been corrected. Many useful discussions with Valtteri Niemi and Ari Renvall are gratefully acknowledged, as well as the continued excellent cooperation with Springer-Verlag and especially Dr. Hans Wossner and Mrs. Ingeborg Mayer. Turku, September 1996 Arto Salomaa
Preface to the First Edition Cryptography, secret writing, is probably as old as writing in general. Only recently it has become the object of extensive scientific studies. Vast new applications to data security constitute one explanation for this. Perhaps a still more important reason for the huge growth of scientific research on cryptography is the seminal idea of public-key cryptography and the resulting new vistas on the possibilities of communication. This book presents a view on public-key cryptography with classical cryptography as the starting point. An attempt has been made to cover some of the most recent developments and present novel features. The plaintext examples constitute a package of basic sauna knowledge. Acknowledgements. Hermann Maurer revived in the late 70's my dormant interest in cryptography. I have used some versions of this book since 1983 for courses on cryptography at the Universities of Turku and Leiden, as well as at the Technical University of Wien. The observations of the participants in these courses were useful. Juha Honkala, Jarkko Kari, Valtteri Niemi, Lila Santean, Mika Niemi and Ari Renvall have commented on various parts of the manuscripts, and the first four have contributed in numerous discussions as well. I have also benefited from discussions with Ron Book, Wilfried Brauer. Karel Culik, Ferenc Gecseg, Jozef Gruska, Tero Harju, Iiro Honkala, Helmut Jurgensen, Juhani Karhumaki, Werner Kuich, Hannu Nurmi, Kaisa Nyberg, Azaria Paz, Grzegorz Rozenberg, Kai Salomaa, Aimo Tietavainen, Emo Welzl, Derick Wood and Sheng Yu. Special thanks are due to Elisa Mikkola for excellent typing, as well as assistance in many practical matters. Anu Heinimaki has drawn the pictures. The Academy of Finland has provided me excellent working conditions. The good cooperation with the Academy, in particular with Marjatta Naatanen, is gratefully acknowledged. The scientific organization MA TINE has supported my cryptographic research. Finally, I want to thank Springer-Verlag and especially Dr. Hans Wossner and Mrs. Ingeborg Mayer for good cooperation and timely production. Turku, May 1990 Arto Salomaa
Contents Chapter 1. Classical Two-Way Cryptography........ 1.1 Cryptosystems and Cryptanalysis........................... 1 1.2 Monoalphabetic Systems.................................. 10 1.3 Polyalphabetic and Other Systems.......................... 22 1.4 Rotors and DES........................................ 39 Chapter 2. The Idea of Public Keys.............................. 55 2.1 Some Streets Are One-Way................................ 55 2.2 How to Realize the Idea.................................. 64 2.3 Obvious Advantages of Public Keys......................... 71 Chapter 3. Knapsack Systems.................................. 77 3.1 A Trapdoor is Built...................................... 77 3.2 How to Find the Trapdoor................................ 87 3.3 Theory of Reachability.................................... 96 3.4 Trying to Hide the Trapdoor Again......................... 108 3.5 Dense Knapsacks........................................ 117 Chapter 4. RSA............................................. 125 4.1 Legal World............................................ 125 4.2 Attack and Defense...................................... 134 4.3 Primality.............................................. 137 4.4 Cryptanalysis and Factoring............................... 143 4.5 Partial Information on RSA............................... 147 4.6 Discrete Logarithms and Key Exchange...................... 154 Chapter 5. Other Bases of Cryptosystems......................... 159 5.1 Exponentiation in Quadratic Fields.......................... 159 5.2 Iteration of Morphisms................................... 166 5.3 Automata and Language Theory............................ 174 5.4 Coding Theory.......................................... 178 Chapter 6. Cryptographic Protocols: Surprising Vistas for Communication 181 6.1 More Than Etiquette..................................... 181 6.2 Coin Flipping by Telephone. Poker Revisited.................. 184 6.3 How to Share a Secret.................................... 187 6.4 Partial Disclosure of Secrets............................... 190 6.5 Oblivious Transfer....................................... 194 6.6 Applications: Banking and Ballots........................... 200
X Contents 6.7 Convincing Proofs with No Details... 202 6.8 Zero-Knowledge Proofs....................................... 208 6.9 Zero-Knowledge Proofs of Identity... 213 6.10 Secret Balloting Systems Revisited... 218 6.11 Cryptographic Protocols Without Computers...................... 234 Appendix A. Tutorial in Complexity Theory............................. 245 Appendix B. Tutorial in Number Theory............................... 249 Problems........................................................ 255 Historical and Bibliographical Remarks................................. 263 References....................................................... 265 Index... 269