The Rabin
Cryptosystem
Ha Noi - 2019
1
Contents
1 Introduction 3
3 Example 6
3.1 Exemple 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2 Example 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Conclusion 13
References 14
2
Chapter 1
Introduction
3
Chapter 2
2.2 Encryption
• Bob encrypts a message m for Alice:
4
2.3 Decryption
• To recover plaintext m from c, Alice should do:
2.4 Evaluate
• Rabin is essentially RSA with the optimal choice of e, namely e = 2
5
Chapter 3
Example
3.1 Exemple 1
Question: Let p = 331, q = 311
1. Generate key
3. Use private key (p, q) to decrypts the text obtained from sentence (2).
Solution
1. Generate key
2. Encryption
3. Decryption
6
Q A1 A2 A3 B1 B2 B3
1 0 331 0 1 311
1 0 1 311 1 -1 20
15 1 -1 20 -15 16 11
1 -15 16 11 16 -17 9
1 16 -17 9 -31 33 2
4 -31 33 2 140 -149 1
• Computes:
r = c(p+1)/4 mod p = 23053(331+1)/4 mod 331 = 144
s = c(q+1)/4 mod q = 23023(311+1)/4 mod 311 = 139
x = (aps + bqr) mod n = (6441260 − 6672816) mod 102941 =
77267
y = (aps − bqr) mod n = (6441260 + 6672816) mod 102941 =
40569
7
3.2 Example 2
Question: Let p = 7, q = 19
1. Generate key
3. Use private key (p, q) to decrypts the text obtained from sentence (2).
Solution
2. The ciphertext c = 56
4. r = 4(7+1)/4 mod 7 = 2
s = 4(19+1)/4 mod 19 = 17
x = −838 mod 133 = 93
y = −1093 mod 133 = 131
5. m1 = x = 93
m2 = −x mod n = 40
m3 = y = 131
m4 = −y mod n = 2
8
Chapter 4
Characteristics of Rabin
cryptosystem
4.1 Security
• It has been proven that any algorithm which decrypts a Rabin-encrypted
value can be used to factor the modulus n. Thus, Rabin decryption is
at least as hard as the integer factorization problem, something that
has not been proven for RSA. It is generally believed that there is no
polynomial-time algorithm for factoring, which implies that there is
no efficient algorithm for decrypting a Rabin-encrypted value without
the private key (p, q).
9
4.2 Excess data usage
• One drawback of the Rabin public coding system is that the recipi-
ent is tasked with selecting the correct plaintext from the four possi-
bilities.The confusion in decoding can be easily overcome by adding
redundant data to the original plaintext in a defined way before cod-
ing(example the last 6 bits of the message can be repeated).
4.3 Effectiveness
• Decrypting produces three false results in addition to the correct one,
so that the correct result must be guessed. This is the major disad-
vantage of the Rabin cryptosystem and one of the factors which have
prevented it from finding widespread practical use.
10
and Williams: the two primes used are restricted to primes congruent
to 3 modulo 4 and the domain of the squaring is restricted to the set
of quadratic residues. These restrictions make the squaring function
into a trapdoor permutation, eliminating the ambiguity.
• Disadvantages
11
Chapter 5
Applications of Rabin
cryptosystem
• Key generation
• Signing
12
– If there is no solution S picks a new pad U and tries again. If H
is truly random the expected number of tries is 4
– The signature on m is the pair (U, x)
• Verification
Moderm terminology
In modern presentations, the algorithm is often simplified as follows. The
hash function H is assumed to be a random oracle and the algorithm works
as follows
• Key generation
• Signing
–
– To sign a message m’ the signer S picks random padding U and
calculates H(m, U )
– If H(mU) is not a square modulo n, S picks a new pad U
– Ssolves the equation x2 = H(m, U ) mod n
– The signature on m is the pair (U, x)
• Verification
The signature is easy to compute if the prime factors of n are known, but
probably difficult otherwise, anyone who can forge the signature can also
find factor n. The provable security has the side-effect that the prime fac-
tor can be recovered under a chosen message attack. This attack can be
countered by padding a given message with random bits or modifying the
message randomly, at the loss of provable security.
13
Conclusion
14
References
[3] https://www.slideshare.net/hoaikhong/h-mt-m-rabin-62248865
[5] Arpit, K.S. and A. Mathur, 2013. The rabin cryptosystem and analysis
in measure of chinese reminder theorem. Int. J. Sci. Res. Public.
15