Deterministic Algorithm Computing All Generators: Application in Cryptographic Systems Design

Primitive elements play important roles in the Diffie-Hellman protocol for establishment of secret communication keys, in the design of the ElGamal cryptographic system and as generators of pseudo-random numbers. In general, a deterministic algorithm that searches for primitive elements is currently unknown. In information-hiding schemes, where a primitive element is the key factor, there is the freedom in selection of a modulus. This paper provides a fast deterministic algorithm, which computes every primitive element in modular arithmetic with special moduli. The algorithm requires at most digital operations for computation of a generator. In addition, the accelerated-descend algorithm that computes small generators is described in this paper. Several numeric examples and tables illustrate the algorithms and their properties.


Introduction and Basic Definitions
To ensure a high level of crypto-immunity of some cryptographic systems, it is necessary to select a system parameter g (called a primitive element) that satisfies certain conditions.
The primitive elements are used in the Diffie-Hellman secret key establishment (DHKE) protocol [1] and in the ElGamal algorithm [2] for secure exchange of information via open channels.They are also used in the design of generators of pseudo-random numbers [3].
In modular arithmetic, a primitive element g modulo p is an integer having the property that every integer h coprime with p can be expressed as a power of g modulo p.
Therefore, powers of g generate all non-zero elements of the multiplicative group of integers modulo p. Definition 1.1:If an integer g has a property that for every integer there exists a corresponding integer x such that then g is called a primitive element (generator, in short) and x is called the discrete logarithm of h to the base g modulo p.
Leonhard Euler discovered the primitive elements, and Carl F. Gauss described their properties in [4].A mathematically-oriented reader can find further results in [5,6].
The elliptic curve cryptography (ECC), initially described in [7,8], is an analogue of the ElGamal protocol.As a result, the ECC also requires selection of a point G on the elliptic curve, which is an analogue of the generators in cyclic groups based on real integers.However, an efficient algorithm that computes G is an open problem.

Verification Procedure
In order to verify whether g is a generator for prime p, consider all factors of 1 p  .Proposition 2.1:

  
Since g = 7 satisfies every condition in (2.3), therefore, after fifteen exponentiations we find that it is the generator for p = 71.
Although the conditions (2.2) are straight-forward to verify, if m is large, then (2.2) requires factorization of [10] and m exponentiations for each potential candidate.Also, if at least one of these conditions does not hold, it is necessary to consider the next candidate.In general, non-deterministic algorithms are typical for various problems in modular arithmetic.

Two Deterministic Algorithms
In information-hiding schemes, where a primitive element is necessary, there are alternatives for selecting a prime modulus.
Indeed, Proofs of both propositions are provided in the next section.
Table 2 provides fifteen examples of safe primes and three corresponding generators for each of them.For every safe prime, the procedures (3.1), (3.3) as well as (6.4), described in the sixth section, are deterministic and require at most one integer multiplication.As a result, in the ElGamal algorithm, the generator can be periodically renewed for enhancement of communication security.Notice that in where q is an odd prime.Therefore, g is a generator because by Fermat's Little Theorem [3,4] which implies that does not have a square root modulo p.In other words, z in (4.7) has no real integer solution.Q.E.D.
Proof of Proposition 3.2: It is easy to verify that (3.3) is a special case of (4.2) for z = q.Indeed, consider Since for every safe prime p mod 4 = 3 holds, then Because the last term in (4.9) is an integer, therefore, (4.9)-(4.11)imply (3.3).Q.E.D.

Algorithm for a "Small" Generator
This algorith m computes a small generator for every safe prime .

   
Therefore, (6.3) implies that for 1, 2, , As a result, we derive a monotone decreasing sequence of generators The procedure described above finds small generators.In some cases, it even provides the smallest generators; {as in Example 6.1}.However, it does not find the smallest generator for every safe prime p.In that case select

Results of Computer Experiments
Several hundred computer experiments with the safe prime p randomly-selected on interval (10 7 , 10 10 ) confirm that for every p there exists a monotone-decreasing subset S of generators g(0), g (1), g(2),

Table 3
for z = 23 and 24; or for z = 22 and 25.

Table 3 . p = 47 and corresponding generators g(z).
•••, g(m) that satisfy the inequalities (6.3).For instance, if p = 9622580663, then the number m of generators in the subset S is equal 84952.The experiments also indicate that