Public-Key Cryptosystems with Secret Encryptor and Digital Signature

This paper describes and compares a variety of algorithms for secure transmission of information via open communication channels based on the discrete logarithm problem that do not require search for a generator (primitive element). Modifications that simplify the cryptosystem are proposed, and, as a result, accelerate its performance. It is shown that hiding information via exponentiation is more efficient than other seemingly simpler protocols. Some of these protocols also provide digital signature/sender identification. Numeric illustrations are provided.


Introduction and Basic Definition
This paper describes and compares special cases of several protocols for secure transmission of information: secret key establishment [1], poly-alphabetic analogue of affine protocol [2], El Gamal cryptographic protocol [3] and an analogue of the RSA algorithm [4], which cryptoimmunity is not based on the difficulty of factorization {see EvESE algorithm in Sections 7 and 8}.The latter protocol {as well as all other protocols} is exclusively based on the difficulty of solving a discrete logarithm problem (DLP) [5,6] where the base g is a generator in modular arithmetic with a modulus p that is a safe prime.Definition1.1:A prime integer p is called a safe prime if 2 2 1 (mod ); (1.1) is also a prime.Therefore, for every q is odd.Moreover, if p is a safe prime and , then or 7 or 19.

p 
As it is demonstrated in [7], if p is a safe prime, then the algorithm finding a generator g is a computationally fast procedure.Some simplifications and innovations in this paper are based on the observation that is the generator for every safe prime 7. p  The major innovation {Encryption via Exponentiation with a secret encryptor} is provided in Section 7 and demonstrated in Section 8.

System Parameters
If p is a safe prime greater than or equal 7, then (2.1) is a generator for every p.Indeed, (1.1) and the Fermat Little Theorem (FLT) [5]    which is an equivalent of the ElGamal scheme [3]; or consider

Several Ways to Hide Information
which is a poly-alphabetic shift cipher [8,9]; or she can split the secret key e into two parts and and then consider The encryption (4.4) is an equivalent of the poly-alphabetic affine algorithm [2].Yet another option is described in Section 6.
In Furthermore, there are several ways {see (4.5) and (4.7)} to compute the decryptors d and D respectively.One requires exponentiation p−1−a and another a.In the following Example4, a=35 and p-1-a=837 have binary "weights" 3 and 7 respectively.Therefore, D requires fewer multiplications than d.Hence, it is faster to compute D than d.In general, it is computationally advantageous if both Alice and Bob select their secret keys a and b with "smaller" binary "weights".However, these additional constraints provide clues for a potential intruder/ cryptanalyst.
Yet, there is an alternative algorithm for modular multiplicative inverse (AAMMI) proposed by the author of this paper in [10] and analyzed in [11].Extensive computer experiments demonstrated that the AAMMI algorithm is computationally more efficient than (4.5); {see Tables 1-3 below}.
In spite of computational simplicity, applications of the encryptor e either in (4.2) or in (4.3) have negative sides: if at least one plaintext block, i , becomes known, an intruder can deduce every plaintext .Indeed, since (4.2) implies Analogously, the encryption (4.3) is vulnerable for cryptanalysis if at least one plaintext block, i becomes known, the intruder can compute every plaintext Indeed, since (4.In order to overcome these deficiencies, the sender must compute dedicated encryptor e(m) for every plaintext block m, and respectively, the receiver must compute dedicated decryptor d(m) to recover this plaintext.Needless to say that this requires additional computational efforts, i.e., it slows the transmission of information.

Dynamic Establishment of Secret Key between Sender and Receiver
Step5

Numeric Illustrations-1
In the Examples 1 and 2 modifications that simplify the computation are introduced, and as a result, accelerate the secure transmission of information.
First of all, notice that there is no necessity to search for a generator in order to compute the hints and public keys.

Encryption via Exponentiation with Secret Encryptor (EvESE)
The following encryption/decryption scheme requires fewer exponentiations than the schemes described above.System design: a).Users Alice and Bob select their private keys a and b respectively and then compute their public keys: , i.e., e is odd and distinct from q, then (7.5) implies the existence of an integer k such that (7.10)Therefore, (7.8) and the FLT imply that Remark7.2:Although (7.8) and (7.9) resemble the RSA protocol [4], there are three distinct features: 1). the encryptor e is a secret (not public!)key; 2).modulo reduction is executed with the public prime p rather than with the product of two secret primes individually selected for each user; 3).this scheme does not require additional computations for sender identification; in other words, it automatically provides the digital signature.

Numeric Illustrations-2
Example3: Let p=107; g=4; a=33; b=28; and m=42.System design: {either a or b must be selected in such a way that   gcd , 1 e q  otherwise the MMI of e mo- dulo q does not exist}; Remark8.1:If q is a very large integer, the computation of the multiplicative inverse in (8.1) requires many multiplications even if the "square-and-multiply" algorithm is used.Yet, computation of the MMI is much simpler using the algorithm described in [10] as it is shown in the

Algorithm for MMIazmodt=1
In this section, Table 3 briefly describes the algorithm for the MMI.For more details, see [10] and [11].
In the following Table 3 both integers a and t are the inputs and integer z is the output.
Assign : iterate and store in a stack the quotients : , then the MMI does not exist; , then assign n  ; and b for k from n−1 down to 1 iterate

Complexity Analysis of EvESE Cryptosystem
On the system design level, each user performs two exponentiations to compute their public key (7.1) and (7.2), and the secret encryptor (7.3).
For the encryption, it is necessary to perform only one exponentiation (7.5).Analogously, for decryption, every receiver performs only one exponentiation (7.7).Although for the purpose of maintaining a high security level we need periodically select new private keys and re-compute the encryptor and decryptor, we do not need to send the hints with every block of transmitted message like it is done in the ElGamal algorithm.Since this algorithm is based on the difficulty of the DLP, it has certain advantages over the RSA algorithm based on factorization.One of them is that the encryptor and decryptor provide a digital signature (sender identification) since they are computed for communication between the specific pair of users (Alice and Bob).On the other hand, in the described form the algorithm cannot be applied for broadcasting of secret messages to several users.How-ever, using the "carrousel" DHKE, we can generalize the proposed algorithm for communication among several users.

Algorithm EvESE Modification
If e is a power of 2, or where and s is a small integer, then the algorithm does not work, since the decryptor either does not exist or the encryptor is too small.One option is to select new private keys a and b in hope that new e will be more suitable.However, this is a non-deterministic procedure.Besides it requires many multiplications of multidigit-long integers.
There are other simple options if p>11, e is even and   

Conclusions
Notice that the ElGamal algorithm is just one of several constructive demonstrations how to dynamically apply a secret key for secure communication.Indeed, the inverse value of the decryptor is the same as encryptor.Therefore, both parties are dynamically establishing the common secret key (encryptor e) and then use it to hide the message m by multiplying it on the encryptor.Another possibility: instead of multiplying, they add the encryptor e to m or can consider exponentiation Therefore, in the case of addition in (4.3), they eliminate two multiplications for every plaintext since D=e.
However, both protocols require twice more exponentiations than the EvESE algorithm described in the Section 7 and demonstrated in Section 8.As the analysis shows, the most efficient is to use the exponentiation (7.5) for the encryption.
I wish to express my appreciation to Dr. Roberto Rubino for his comments that improved the style of this paper.

Step3. 1 : 4 : 2 Step3. 5 : 1 :
The sender (Alice) selects a large safe prime p and transmits it to the receiver (Bob) via an open channel; Step3.2:Respectively, Alice and Bob randomly select large integers a and b as their private keys; Step3.3:Alice and Bob independently compute their public keysUsing the public key of the receiver, Alice computes (3.3) B. VERKHOVSKY Using the public key of the sender, e is their mutual secret encryptor.Remark3.Parameters a, b and e must be distinct from q.

Table 2 . Computation of MMI of 195 modulo p-1=862.
{Alice sends message m to Bob}: If the plaintext is intelligible, Alice accepts it as legitimate, i.e. this protocol also provides a digital signature.

Table 1 :
Since the number of columns in theTable 1 is even, then d:=z.

Table 2 :
Since the number of columns in theTable 2 is odd,