Commutative encryption and decryption

Commutative encoding and decryptionEl Gamal Public name Crypto dodgeThe El Gamal public- bring up enrollion plot sewer be viewed as Diffie-Hellman key agreement in key transfer stylishe. Its credential is based on the intractability of the discrete logarithm problem and the Diffie-Hellman problem.Diffie-Hellman Key step inThe first system to make expenditure of public-key or lopsided cryptographic keys was the Diffie-Hellman algorithm (by Whitfield Diffie and Martin Hellman, 1976). These systems overcome the difficulties of private-key or symmetric key systems because asymmetric key management is much easier. In the symmetric key system its important for twain sides of the communication to have identical keys the secure switch over of the keys has ever so been a huge concern. This concern is alleviated using asymmetric key systems because they use 2 keys one called the private key that in secret belongs to the user and another called the public key that can be sh bed with the world and thus is distri barelyed without difficulty. Regrettably, the pros of asymmetric key systems are overshadowed by fixture they are very s small for any type of bulk encryption. Presently, the regular(prenominal) practice is to use a symmetric system to encrypt the entropy and thusly encrypt the symmetric keys used for distribution with an asymmetric system. And this is what Diffie-Hellman key exchange does.Basic El Gamal encryptionComplete Diffie-Hellman Key Exchange ProcessThe Game moral fire hookPlaying the game of poker without any cards over a telecommunications device (phone or more than realistically internet) is known as Mental poker. The game usually doesnt let in a trusted third party dealer or a source of randomness and as such it chew the fatms that someone (the dealer) lead always know what cards have been tending(p) out or alternatively, that players will be able to lie about the cards they have.The first ripe attempt at the problem was by Adi Shamir, Ronald Rivest and Leonard Adleman in 1979 in SRA. Its this scheme, which relies on commutative encryption. The authors first proved, in an information theoretic sense, that the problem is unsolvable and then went on to offer a solution. Their protocol worked for 2 players and didnt ask a trusted third party. However, it did not offer confidentiality of strategy, requiring the players to reveal their reach at the end of each game.We assume two players and fifty-two cards. fivesome cards are dealt then one round of betting then all cards shown. Players have disjoint hands, any player can have any possible hand, no player can undo another players hand and any collusion has minimal effect.The SRA protocol was shown to divulge at least one bit of information whether the card was a quadratic equation equation eternal rest or not. There were suggestions to overcome this problem but there was still no guarantee that other information was not leaked.The SRA protocolT he protocol relies on a commutative encryption scheme i.e.EA(EB(M)) = EB(EA(M))Where EX denotes encryption using Xs public key. Likewise, we use DX to denote decryption using Xs private key.StepsTwo players Alice and give chase together train a large prime crook n, then Alice chooses her key A s.t. gcd(A,n-1) = 1 and Bob chooses B similarly.Encode the 52 cards as whole numbers. encoding EA(M) = MA (mod n)Decryption DA(M) = Minv(A) (mod n)Bob permutes the cards to x1, x2, , x52 encrypts them then sends to Alice EB(xi).Alice chooses 5 cards for herself, encrypts them and sends to Bob EA(EB(xi)). Also chooses 5 cards for Bob and sends them to him (without encrypting) EB(xi).Bob can now decrypt his cards to see his hand DB(EB(xi) = xi. He also decrypts Alices cards then sends them back to her. Here is where we need commutativity so DB(EA(EB(xi))) = EA(xi)Alice receives her cards and decrypt them seeing her hand DA(EA(xi)) = xi.Implementation of Game protocol SecurityEfficiency of El Gamal encryptionThe encryption process requires two modular exponentiations, namely ak mod p and (aa)k mod p. These exponentiations can be sped up by selecting random exponents k having some additional structure, for example, having low Hamming weights. Care must be taken that the possible number of exponents is large enough to preclude a search via a baby-step giant-step algorithm.A drawback of El Gamal encryption is that there is message expansion by a factor of 2, i.e., the ciphertext is double the length of the corresponding plaintext.Randomized EncryptionAmong some other encryption schemes, El Gamal encryption utilizes randomization in the encryption process, an example of others include McEliece encryption, and Goldwasser-Micali, and Blum-Goldwasser probabilistic encryption. Deterministic encryption schemes such as RSA may also utilize randomization in an effort to subdue some attacks. The basic idea behind randomized encryption techniques is to use randomization to increase the cryptographic security of an encryption process by dint of one or more of the following methodsincreasing the effective coat of the plaintext message spaceprecluding or decreasing the effectiveness of chosen-plaintext attacks by integrity of a one-to-many mapping of plaintext to ciphertext andprecluding or decreasing the effectiveness of statistical attacks by leveling the a priori probability distribution of inputs.Security of El Gamal EncryptionThe problem of breaking the El Gamal encryption scheme, specifically, recovering m given p, a, aa, ?, and d, is equivalent to solving the Diffie-Hellman problem. In reality, the ElGamal encryption scheme can be seen as merely comprising a Diffie-Hellman key exchange to verify a school term key aak, and then encrypting the message by multiplication with that session key. Hence, the security of the El-Gamal encryption scheme is said to be based on the discrete logarithm problem in mathbbZ_p ,*, although such an par hasnt been verifi ed.It is vital that different random integers k be used to encrypt different messages. Assume the same k is used to encrypt two messages m1 and m2 and the resultant ciphertext pairs are (?1,d1) and (?2,d2). Then d1/ d2 = m1/m2, and m2 could be easily computed if m1 were known.Analysis of Mental PokerUpon receiving the shuffled and encrypted pack of cards she cant tell which is which, therefore, she picks randomly, that is, she is unable to see Bobs hand. When Bob receives Alices double encrypted hand he would be unable to designate it even when he partially decrypts it. But is there information leaked by the encryption process? Yes Its known as Quadratic Residues.Quadratic ResiduesAn integer a, not divisible by an odd prime p, is a quadratic residue modulo p if there is a b in 1, 2,, p-1 s.t. a = b2 (mod p). differentwise a is a quadratic no residue.So for p = 11, 1=12, 3=52, 4=22, 5=42, 9=32 are the quadratic residues and 2, 6, 7, 8, 10 are the quadratic no residues.This works in general. For a prime p there are (p-1)/2 of both residues and no residues. castingIn 1981 R. Lipton showed for odd k, xk is a quadratic residue mod p if x is a quadratic residue mod p.So the cards whose faceations are quadratic residues are still quadratic residues when they are encrypted.This allows Alice to find the cards that are residues and no residues, for the particular p used, and then choose (on average) high cards for herself and low cards for Bob.Cheat PreventionThe easiest way to prevent the attack we have discussed is to only represent cards with quadratic residues. However other, more general attacks have been shown to be effective so SRA isnt a good protocol.Other protocols for the Mental Poker problem have been considered with the most successful ones using probabilistic encryption and zero knowledge proof. Crepeau solved the problem in 1987 although his protocol is not computationally feasible. Research is still going on.ConclusionMental Poker is an important prob lem, both for use in the large internet poker business and as a metaphor for other multi-party computations were secrets need to be kept. It is possible to implement the SRA protocol efficiently and securely, however it has a major(ip) flaw in that it leaks one bit of information about the cards. Other protocols have been suggested with Crepeau solving the problem in 1987 although with a computationally impossible algorithm.Bibliographyhttp//www.ics.uci.edu/goodrich/teach/ics247/W03/notes/poker.pdfhttp//www.netip.com/articles/keith/diffie-helman.htmhttp//www.ics.uci.edu/goodrich/teach/ics247/W03/notes/elgamal.pdfHandbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996.