US RE40530 E1 Abstract A method and apparatus are disclosed for improving public key encryption and decryption schemes that employ a composite number formed from three or more distinct primes. The encryption or decryption tasks may be broken down into sub-tasks to obtain encrypted or decrypted sub-parts that are then combined using a form of the Chinese Remainder Theorem to obtain the encrypted or decrypted value. A parallel encryption/decryption architecture is disclosed to take advantage of the inventive method.
REEXAMINATION RESULTS
The questions raised in reexamination request No.
90/005,733, filed May 18, 2000 and reexamination request No. 90/005,776, filed on Jul. 28, 2000, have been considered and the results thereof are reflected in this reissue patent which constitutes the reexamination certificate required by 35 U.S.C. 307 as provided in 37 CFR 1.570(e). Claims(56) 1. A method for establishing cryptographic communications of a message cryptographically processed with RSA (
Rivest, Shamir & Adleman) public key encryption, comprising the step steps of:
developing k distinct random prime numbers p
_{1} , p _{2} , . . . , p _{k} , wherein k is an integer greater than 2; providing a number e relatively prime to (p _{1} −)·(1 p _{2} −)· . . . ·(1 p _{k} −); 1 providing a composite number n equaling the product p _{1} ·p _{2} · . . . ·p _{k} ; receiving a ciphertext word signal C which is formed by encoding a plaintext message word signal M to a ciphertext word signal C, where M corresponds to a number representative of athe message and
0≦M≦n−1 n being a composite number formed from the product of p
_{1}·p_{2}·. . . ·p_{k }where k is an integer greater than 2, p_{1}, p_{2}, . . . p_{k }are distinct prime numbers, and where C is a number representative of an encoded form of the plaintext message word signal M such that
C≡M ^{e}(mod n) and where e is associated with an intended recipient of the ciphertext word signal C; and, wherein said encoding step comprises the step of: transforming said message word signal M to said ciphertext word signal C whereby
C=M ^{e}(mod n) where e is a number relatively prime to (p
_{1}−1)·(p_{2}−1). deciphering the received ciphertext word signal C at the intended recipient having available to it the k distinct random prime number p
_{1} , p _{2} , . . . p _{k} ; wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n; wherein the deciphering step is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the deciphering step if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a deciphering step if the pair of prime numbers p and q is used instead. 2. The method according to
establishing a number, d, as a multiplicative inverse of e(mod(lcm((p _{1} −)1 , ( p _{2} −)1 , . . . (p _{k} −))))1 , and decoding the ciphertext word signal C to the plaintext message word signal M, wherein said decoding step comprises the step of: transforming said ciphertext word signal C, whereby:
M=C ^{d}(mod n)M≡C^{d}(mod n). where d is a multiplicative inverse of e(mod(lcm((p
_{1}−1), (p_{2}−1), . . . , (p_{k}−1)))).3. A method for transferring a message signal M
_{i }in a communications of a message signal M_{i } cryptographically processed with RSA public key encryption in a system having j terminals, wherein each terminal is being characterized by an encoding key E_{i}=(e_{i}, n_{i}) and a decoding key D_{i}=(d_{i}, n_{i}), where i=1, 2, . . . , j, and wherein the message signal M_{i }corresponds to a number representative of a message-to-be-transmitted received from the i^{th }terminal, the method comprising the steps of:
establishing n _{i } where n_{i }is a composite number of the form
n _{i}=P_{i,1}·p_{i,2}·, . . . , ·p_{i,k}n_{i} =p _{i,1} ·p _{i,2} · . . . ·p _{i,k } where k is an integer greater than 2,
p
_{i,1}, p_{i,2}, . . . , p_{i,k }are distinct random prime numbers, e
_{i }is relatively prime to lcm(p_{i,1}−1, p_{i,2}−1, p_{i,kd}−1) lcm(p _{i,1} − 1, p_{i,2} − 1, . . . , p_{i,k} −)1 , and d
_{i }is selected from the group consisting of the a class of numbers equivalent to a multiplicative inverse of
e _{i}(mod(lcm((p_{i,1}−1), (p_{i,2}−1), . . . , (p_{i,k}−1)))),; comprising the steps of:
receiving by a recipient terminal ( i=y) from a sender terminal (i=x, x≠y) a ciphertext signal C _{x } formed by encoding a digital message word signal M_{A }for transmission from a first terminal (i=A) to a second terminal (i=B), said encoding step including the sub-step of:M_{x} , wherein the encoding includes transforming said message word signal M _{A }to one or more message block word signals M_{A}″ M_{X}″, each block word signal M_{A}″ M_{X} ″ corresponding to a number representative of a portion of said message word signal M_{A} M_{X } in the range 0≦M_{A}″≦n_{B} −1 0≦M _{X} ″≦n _{y} −, and 1 transforming each of said message block word signals M _{A}″ M_{X}″ to a ciphertext word signal C_{A}, C_{A }corresponding C_{X } that corresponds to a number representative of an encoded form of said message block word signal M_{A}″, M_{X}″ whereby :
C _{A}≡M_{A} ^{″eB}(mod n_{B}.)C_{x} ≡M _{x} ^{″ey}(mod n _{y}); and deciphering the received ciphertext word signal C _{x } at the recipient terminal having available to it the k distinct random prime numbers p _{y,1}, p_{y,2}, . . . , p_{y,k }for establishing its d_{y}; wherein the deciphering step is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the deciphering step if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a deciphering step if the pair of prime numbers p and q is used instead. 4. A cryptographic communications system for communications of a message cryptographically processed with an RSA public key encryption, comprising:
a communication medium channel for transmitting a ciphertext word signal C;
an encoding means coupled to said channel and adapted for transforming a transmit message word signal M to athe ciphertext word signal C using a composite number, n,
where n is a product of the form n=p _{1} ·p _{2} · . . . ·p _{k} , where k is an integer greater than 2, and p_{1} , p _{2} , . . . p _{k } are distinct random prime numbers, and for transmitting C on said channel, where the transmit message word signal M corresponds to a number representative of a the message and 0≦M≦n−
1, where n is a composite number of the form
n=p _{1}·p_{2}·. . . ·p_{k } where k is an integer greater than 2 and p
_{1}, p_{2}, . . . , p_{k }are distinct prime numbers, and where the ciphertext word signal C corresponds to a number representative of an enciphered encoded form of said message and corresponds to through a relationship of the form
C≡M ^{e}(mod n), and where e is a number relatively prime to lcm(p
_{1}−1, p_{2}−1, . . . , p_{k}−1); and
a decoding means coupled to said channel and adapted for receiving the ciphertext word signal C from said channel and, having available to it the k distinct random prime numbers p
_{1} , p _{2} , . . . p _{k} , for transforming the ciphertext word signal C to a receive message word signal M′ where M′ corresponds to a number representative of a deciphereddecoded form of the ciphertext word signal C and corresponds tothrough a relationship of the form M′≡C ^{d}(mod n) where d is selected from the group consisting of the a class of numbers equivalent to a multiplicative inverse of
e(mod(lcm((p _{1}−1), (p_{2}−1), . . . , (p_{k}−1)))); wherein transforming the ciphertext word signal C to a receive message word signal M′ is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the transforming of the ciphertext word signal C if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a transforming of the ciphertext word signal C if the pair of prime numbers p and q is used instead. 5. A cryptographic communications system for communications of a message cryptographically processed with an RSA public key encryption, the system having a plurality of terminals coupled by a communications channel, including comprising:
a first terminal of the plurality of terminals characterized by an associated encoding key E
_{A}=(e_{A}, n_{A}) and a decoding key D_{A}=(d_{A}, n_{A}), wherein n_{A }is a composite number of the form
n _{A}=p_{A,1}·p_{A,2}·. . . ·P_{A,k } where
k is an integer greater than 2,
p
_{A,1}, p_{A,2}, . . . , p_{A,k }are distinct random prime numbers, e
_{A }is relatively prime to
lcm(p _{A,1}−1, p_{A,2}−1, . . . , p_{A,k}−1), and d
_{A }is selected from the group consisting of the a class of numbers equivalent to a multiplicative inverse of
e _{A}(mod(lcm((p_{A,1}−1), (p_{A,2}−1), . . . , (p_{A,k}−1)))),; and and including a second terminal, comprising:of the plurality of terminals having
blocking means for transforming a first message-to-be-transmitted , which is to be transmitted on said communications channel from said second terminal to said first terminal, into one or more transmit message word signals M
_{B}, where each M_{B }corresponds to a number representative of said first message in the range
0≦M _{B}≦n_{A} −1, and encoding means coupled to said channel and adapted for transforming each transmit message word signal M
_{B }to a ciphertext word signal C_{B }that and for transmitting C_{B }on said channel, where C
_{B} corresponds to a number representative of an enciphered encoded form of said first message and corresponds to through a relationship of the form
C _{B}=M_{B} ^{eA}(mod n_{A})C_{B} ≡M _{B} ^{e} ^{ A }(mod n _{A}), wherein said first terminal comprises:having
decoding means coupled to said channel and adapted for receiving each of said ciphertext word signals C _{B }from said channel and, having available to it the k distinct random prime numbers p_{A,1} , p _{A,2} , . . . , p _{A,k} , for transforming each of said ciphertext word signals C_{B }to a receive message word signal M_{B} M_{B}′, and means for transforming said receive message word signals M′ M _{B}′ to said first message, where M′ is M_{B} ′ corresponds to a number representative of a deciphered decoded form of C_{B }and corresponds to through a relationship of the form
M _{B}′=C_{B} ^{d} ^{ A }(mod n_{A})M_{B} ′≡C _{B} ^{d} ^{ A }(mod n _{A}); wherein transforming said receive message word signal M _{B} ′ to said first message is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the transforming of said receive message word signal M _{B} ′ if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a transforming of said receive message word signal M _{B} ′ if the pair of prime numbers p and q is used instead. 6. The system according to
_{B}=(e_{B}, n_{B}) and a decoding key DB=(D_{B}, d_{B}) D_{B}=(d _{B} , n _{B}), where:
n
_{B }is a composite number of the form
n _{B}=p_{B,1}·p_{B,2}·. . . ·p_{B,k}, where k is an integer greater than 2,
p
_{B,1}, p_{B,2}, . . . , p_{B,k }are distinct random prime numbers, e
_{B }is relatively prime to
lcm(p _{B,1}−1, p_{B,2}−1, . . . , p_{B,k}−1), and d
_{B }is selected from the group consisting of the a class of numbers equivalent to a multiplicative inverse of
e _{B}(mod(lcm((p_{B,1}), (p_{B,2}−1), . . . , (p_{B,k}−1)))), wherein said first terminal comprises:further having
blocking means for transforming a second message-to-be-transmitted , which is to be transmitted on said communications channel from said first terminal to said second terminal, to one or more transmit message word signals M _{A}, where each M_{A }corresponds to a number representative of said message in the range
0≦M _{A} ^{eB}(mod n_{B}),0≦M_{A} ≦n _{B} − 1, and encoding means coupled to said channel and adapted for transforming each transmit message word signal M _{A }to a ciphertext word signal C_{A }and for transmitting C_{A }on said channel, where C_{A }corresponds to a number representative of an enciphered encoded form of said second message and corresponds to through a relationship of the form
C _{A}=M_{A} ^{eB}(mod n_{B})C_{A} ≡M _{A} ^{e} ^{ B }(mod n _{B}); and wherein said second terminal comprises;further having
decoding means coupled to said channel and adapted for receiving each of said ciphertext word signals C _{A }from said channel and, having available to it the k distinct random prime numbers p_{B1} , p _{B,2} , . . . , p _{B,k} , for transforming each of said ciphertext word signals to a receive message word signal M_{A}′, and means for transforming said receive message word signals M _{A} M_{A} ′ to said second message, where M′ M_{A} ′ corresponds to a number representative of a deciphered decoded form of and corresponds to C_{A } through a relationship of the form
M _{A}′≡C_{A} ^{dB}(mod n_{B})M_{A} ′≡C _{A} ^{d} ^{ B }(mod n _{B}). 7. A method for establishing cryptographic communications comprising the step of:
encoding a digital message word signal M to a cipher text word signal C, where M corresponds to a number representative of a message and
0≦M≦n−1, where n is a composite number having at least 3 whole number factors greater than one, the factors being distinct prime numbers, and where C corresponds to a number representative of an encoded form of message word M, wherein said encoding step comprises the step of:
transforming said message word signal M to said ciphertext word signal C whereby
C≡a _{e}M^{e}+a_{e−1}M^{e−1}+. . . +a_{o}(mod n) where e and a
_{e, a} _{e−1}, . . . , a_{o }are numbers. 8. In the method according to
decoding C to M by the performance of a second ordered succession of invertible operations on C, where each of the invertible operations of said second succession is the inverse of a corresponding one of said first succession, and wherein the order of said operations in said second succession is reversed with respect to the order of corresponding operations in said first succession. 9. A communication system for transferring communications of message signals M
_{i} cryptographically processed with RSA public key signing, comprising:
j stations, terminals including first and second terminals, each of the j stations terminals being characterized by an encoding key E
_{i}=(e_{i}, n_{i}) and decoding key D_{i}=(d_{i}, n_{i}), where i=1,2, . . . ,j, and wherein M_{i }corresponds to a number representative of a message signal to be transmitted from the i^{th }terminal, each of the j terminals being adapted to transmit a particular one of the message signals where an i^{th } message signals M _{i }is transmitted from an i^{th } terminal and
0≦M _{i}≦n_{i}−1, n
_{i is being }a composite number of the form
n _{i}=pi_{i,1}·p_{i,2}·. . . p_{i,k n} _{i} =p _{i,1} ·p _{i,2} ·. . . ·p _{i,k } where
k is an integer greater than 2,
p
_{i,1}, p_{i,2}, . . . , p_{i,k }are distinct random prime numbers, e
_{i }is relatively prime to lcm(p_{i,1}−1,p_{i,2}−1, . . . , p_{i,k}−1), and d
_{i }is selected from the group consisting of the a class of numbers equivalent to a multiplicative inverse of
e _{i}(mod(lcm((p_{i,1}−1), (p_{i,2}−1), . . . , (p_{i,k}−1)))); asaid first one of the j terminalsterminal including
means for encoding a digital message word signal M
_{A }for transmission M_{1 } to be transmitted from said first terminal (i=A 1) to a said second one of the j terminals terminal (i=B 2), and said encoding means for transforming said digital message word signal M
_{AS}, M_{AS }corresponding to a number representative of an encoded form of said message word signal M_{A}, whereby:M_{1S } using a relationship of the form M _{AS}≡M_{A} ^{dA}(mod n_{A})M_{1S} ≡M _{1} ^{d} ^{ 1 }(mod n _{1}); and means for transmitting said signed message word signal M _{1S } from said first terminal to said second terminal, wherein said second terminal includes means for decoding said signed message word signal M _{1S } to said digital message word signal M _{1} ; wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime number each smaller than p and q, and the composite number m having the same number of digits as the composite number n; wherein encoding a digital message word signal M _{1 } is divided into sub-steps, on sub-step for each of the k distinct random prime numbers; and wherein for a give number of digits for composite numbers n and m, it takes fewer computational cycles to perform the encoding of the digital message word signal M _{i } if the k distinct random prime numbers are used, relative to the number of computational cycles for performing an encoding of the digital message word signal M _{1 } if the pair of prime numbers p and q is used instead. 10. The system of
_{1S } includes means for further comprising:
means for transmitting said signal message word signal M
_{AS }from said first terminal to said second terminal, and wherein said second terminal includes means for decoding said signed message word signal M_{AS }to said message word signal M_{A}, said second terminal including:
means for transforming said signed message word signal M
_{AS} M_{1S }to said digital message word signal M_{A}, whereby M_{1 } using a relationship of the form
M _{A}≡M_{AS} ^{eA}(mod n_{A})M_{i} ≡M _{1S} ^{e} ^{ 1 }(mod n _{1}). 11. A communication system for transferring a message signal M
_{i} cryptographically processed with RSA public key encryption, the communications system comprising:
j communication stations including first and second stations, each of the j communication stations being characterized by an encoding key E
_{i}=(e_{i}, n_{i}) and a decoding key D_{i}=(d_{i}, n_{i}), where i=1, 2, . . . , j, and wherein M_{i }corresponds to a number representative of a message signal to be transmitted from the i^{th }terminal, each of the j communication stations being adapted to transmit a particular one of the message signals where an i^{th } message signal M _{i } is received from an i ^{th } communication station, and
0≦M_{i} ≦n _{i} − 1 n
_{i }is being a composite number of the form
n _{i}=p_{i,1}·p_{i,2}·. . . ·p_{i,k } where
k is an integer greater than 2,
p
_{i,1}, p_{i,2}, . . . , p_{i,k }are distinct random prime numbers, e
_{i }is relatively prime to lcm(p_{i,1}−1,p_{i,2}−1, . . . ,p_{i,k}−1), and d
_{i }is selected from the group consisting of the a class of numbers equivalent to a multiplicative inverse of
e _{i}(mod(lcm((p_{i,1}−1), (p_{i,2}−1), . . . , (p_{i,k}−1)))), asaid first one of the j communication stationsstation including
means for encoding a digital message word signal M
_{A }for transmission M_{1 } to be transmitted from said first one of the j communication stations station (l=A 1) to a said second one of the j communication stations station (l=B 2), means for transforming said digital message word signal M_{A} M_{1 }to one or more message block word signals M_{A}″ M_{1}″, each block word signal M_{A}′ M_{1}″ being a number representative of a portion of said digital message word signal M_{A}′ M_{1 }in the range 0≦M_{A}≦n_{B} −1, 0≦M _{1} ″≦n _{2} −and 1, means for transforming each of said message block word signals M
_{A}″ M_{1}″ to a ciphertext word signal C_{A}, C_{A }corresponding to a number representative of an encoded form of said message block word signal M_{A}″, whereby: C_{1 } using a relationship of the form
C _{A}=M_{A}″^{Eb}(mod n_{B})C_{1} ≡M _{1}″^{e} ^{ 2 }(mod n _{2}); and means for transmitting said ciphertext signals C _{1 } from said first station to said second station, wherein said second station includes means for deciphering said ciphertext signals C _{1 } using p _{2,1} , p _{2,2} , . . . p _{2,k } to produce said digital message word signal M _{1} ; wherein deciphering said ciphertext signals C _{1 } is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the deciphering of said ciphertext signals C _{1 } if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a deciphering of said ciphertext signals C _{1 } if the pair of prime numbers p and q is used instead. 12. The communications system of
means for transmitting said ciphertext word signals from said first terminal to said second terminal, and wherein said second terminal the deciphering means includes
means for decoding said cyphertext word signals C
_{1 }to said message block word signals MA M_{1} ″ using a relationship of the form, said second terminal including: means for transforming each of said ciphertext word signals C
_{A }to one of said message block word signals M_{A}″, whereby
M _{A}″≡C_{A} ^{Db}(mod n_{B})M_{1} ″≡C _{1} ^{d} ^{ 2 }(mod n _{2}), and means for transforming said message block word signals M
_{A}″ M_{1}″ to said message word signal M_{A} M_{1}. 13. In a communications system, including first and second communicating stations interconnected for communication therebetween,
the first communicating station having
encoding means for transforming a transmit message word signal M to a ciphertext word signal C where M corresponds to a number representative of a message and
0≦M≦n−1 where n is a composite number having at least 3 whole number factors greater than one, the factors being distinct prime numbers, and
where C corresponds to a number representative of an enciphered form of said message and corresponds to
C≡a _{e}M^{e}+a_{e−1}M^{e−1}+. . . +a_{o}(mod n) where e and a _{e}, a_{e}−1, . . . , a_{o }are numbers; and
means for transmitting the ciphertext word signal C to the second communicating station.
14. The method according to
_{1S} , formed from the digital message word signal M _{1 } being cryptographically processed at the first terminal with multi-prime (k>) 2 RSA public key signing which is characterized by the composite number n being computed as the product of the k distinct random prime numbers p _{1} , p _{2} , . . . p _{k} , is decipherable at the second terminal with two-prime RSA public key signing characterized by the composite number m being computed as the product of the pair of prime numbers p and q. 15. A method of communicating a message cryptographically processed with an RSA public key encryption, comprising the steps of:
selecting a public key portion e associated with a recipient intended for receiving the message; developing k distinct random prime numbers, p _{1} , p _{2} , . . . p _{k} , where k≧ 3, and checking that each of the k distinct random prime numbers minus 1, p_{1} − 1, p_{2} − 1, . . . , p_{k} − 1, is relatively prime to the public key portion e; computing a composite number, n, as a product of the k distinct random prime numbers; receiving a ciphertext message formed by encoding a plaintext message data M to the ciphertext message data C using a relationship of the form C≡M ^{e}(mod n) where M represents the message, where 0≦M≦n−1, and where the sender knows n and the public key portion e but has no access to the k distinct random prime numbers, p_{1} , p _{2} , . . . p _{k} ; and deciphering at the recipient the received ciphertext message data C to produce the message, the recipient having access to the k distinct random prime numbers, p _{1} , p _{2} , . . . p _{k} ; wherein the deciphering step is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the deciphering step if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a deciphering step if the pair of prime numbers p and q is used instead. 16. The method according to
establishing a private key portion d by a relationship to the public key portion e in the form of d≡e ^{−1}(mod((p _{1} −)·(1 p _{2} −)· . . . ·(1 p _{k} −)))1 , wherein the deciphering step includes decoding the ciphertext message data C to the plaintext message data M using a relationship of the form M≡C ^{d}(mod n). 17. The method according to
prime RSA public key encryption characterized by the composite number m being computed as the product of the pair of prime numbers p and q, is decipherable with multi-prime (k>) 2 RSA public key encryption characterized by the composite number n being computed as the product of the k distinct random prime numbers p _{1} , p _{2} , . . . p _{k} . 18. The method according to
600 digits long. 19. A method of communicating a message cryptographically processed with RSA public key encryption, comprising the steps of:
selecting a public key portion e; developing k distinct random prime numbers p _{1} , p _{2} , . . . p _{k} , where k≧ 3, and checking that each of the k distinct random prime numbers minus 1, p_{1} − 1, p_{2} − 1, . . . p_{k} − 1 , is relatively prime to the public key portion e; establishing a private key portion d by a relationship to the public key portion e in the form of d≡e ^{−1}(mod((p _{1} −)·(1 p _{2} −) . . . (1 p _{k} −)))1 ; computing a composite number, n, as a product of the k distinct random prime numbers; receiving a ciphertext message data C representing an encoded form of a plaintext message data M; and decoding the received ciphertext message data C to the plaintext message data M using a relationship of the form M≡C ^{d}(mod n), the decoding performed by a recipient owning the private key portion d and having access to the k distinct random prime numbers p _{1} , p _{2} , . . . p _{k} ; wherein the decoding step is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the decoding step if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a decoding step if the pair of prime numbers p and q is used instead. 20. The method according to
^{e }(mod n), wherein 0≦M≦n−1 and wherein n and the public key portion e are accessible to the sender although it has no access to the k distinct random prime numbers p_{1} , p _{2} , . . . p _{k} . 21. The method according to
prime RSA public key encryption characterized by the composite number m being computed as the product of the pair of prime numbers p and q, is decipherable by the decoding with multi-prime (k>) 2 RSA public key encryption characterized by the composite number n being computed as the product of the k distinct random prime numbers p _{1} , p _{2} , . . . p _{k} . 22. The method according to
600 digits long. 23. A method of communicating a message cryptographically processed with RSA public key signing, comprising the steps of:
selecting a public key portion e; developing k distinct random prime numbers p _{1} , p _{2} , . . . p _{k} , where k≧ 3, and checking that each of the k distinct random prime numbers minus 1, p_{1} − 1, p_{2} − 1, . . . p_{k} − 1, is relatively prime to the public key portion e; establishing a private key portion d of a relationship to the public key portion e of the form d≡e ^{−1}(mod((p _{1} −)·(1 p _{2} −) . . . (1 p _{k} −))))1 ; computing a composite number, n, as product of the k distinct random prime numbers; encoding a plaintext message data M with the private key portion d to produce a signed message M _{S } using a relationship of the form M
_{S} ≡M ^{d}(mod n),
where 0≦M≦n−1; receiving the signed message M _{S} ; and deciphering the signed message to produce the plaintext message data M; wherein the encoding step is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the encoding step if the k distinct random prime numbers are used, relative to the number of computational cycles for performing an encoding step if the pair of prime numbers p and q is used instead. 24. The method of
decoding the signed message M _{S } with the public key portion e to produce the plaintext message data M using a relationship of the form M≡M _{S} ^{e}(mod n). 25. The method according to
_{S } formed from the plaintext message data M being cryptographically processed at the sender with multi-prime (k>) 2 RSA public key signing which is characterized by the composite number n being computed as the product of the k distinct random prime numbers p _{1} , p _{2} , . . . p _{k} , is decipherable by the decoding at the recipient with two-prime RSA public key signing characterized by the composite number m being computed as the product of the pair of prime numbers p and q. 26. The method according to
600 digits long. 27. A method for communicating a message cryptographically processed with RSA public key encryption, comprising the steps of:
sending to a recipient a cryptographically processed message formed by assigning a number M to represent the message in plaintext message form, and cryptographically transforming the assigned number M from the plaintext message form to a number C that represents the message in an encoded form, wherein the number C is a function of the assigned number M, a number n that is a composite number equaling the product of at least three distinct random prime numbers, wherein 0≦M≦n−1, and an exponent e that is a number relatively prime to a lowest common multiplier of the at least three distinct random prime numbers, wherein the number n and exponent e having been obtained by the sender are associated with the recipient to which the message is intended; and receiving the cryptographically processed message which is decipherable by the recipient based on the number n, another exponent d, and the number C, wherein the exponent d is a function of the exponent e and the at least three distinct random prime numbers; wherein p and q are a pair of prime numbers that product of which equals a composite number m, the at least three distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n; wherein deciphering the cryptographically processed message is divided into sub-steps, one sub-step for each of the at least three distinct random prime numbers; and wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the deciphering if the at least three distinct random prime numbers are used, relative to the number of computational cycles for performing a deciphering if the pair of prime numbers p and q is used instead. 28. The method according to
wherein the cryptographically transforming step includes using a relationship of the form C≡M ^{e }(mod n), wherein the exponent d is established based on the at least three distinct random prime numbers p _{1} , p _{2} , . . . p _{k} , using a relationship of the form d≡e ^{−1}(mod((p _{1} −)·(1 p _{2} −) . . . (1 p _{k} −)))1 , and wherein the cryptographically processed message is deciphered using a relationship of the form M≡C ^{d}(mod n). 29. The method according to
prime RSA public key encryption characterized by the composite number m being computed as the product of the pair of prime numbers p and q, is decipherable at the recipient with multi-prime RSA public key encryption characterized by the composite number n being computed as the product of the at least three distinct random prime numbers. 30. The method according to
600 digits long. 31. A method for communicating a message cryptographically processed with RSA public key encryption, comprising the steps of:
receiving from a sender a cryptographically processed message, in the form of a number C, which is decipherable by the recipient based on a number n, an exponent d, and the number C; and deciphering the cryptographically processed message, wherein a number M represents a plaintext form of the message, wherein the number C represents a cryptographically encoded form of the message and is a function of the number M, the number n that is a composite number equaling the product of at least three distinct random prime numbers, wherein 0≦M≦n−1, and wherein the number n and exponent e are associated with the recipient to which the message is intended, and wherein p and q are a pair of prime numbers that product of which equals a composite number m, the at least three distinct random prime numbers each smaller than p and q, the composite number m having the same number of digits as the composite number n; wherein deciphering the cryptographically processed message is divided into sub-steps, one sub-step for each of the at least three distinct random prime numbers; and 32. The method according to
wherein the number C is formed using a relationship of the form C≡M ^{e }(mod n), wherein the exponent d is established based on the at least three distinct random prime numbers p _{1} , p _{2} , . . . p _{k} , using a relationship of the form d≡e ^{−1}((p _{1} −)·(1 p _{2} −) . . . (1 p _{k} −)))1 , and wherein the number M is obtained using a relationship of the form M≡C ^{d}(mod n). 33. The method according to
prime RSA public key encryption characterized by the composite number m being computed as the product of the pair of prime numbers p and q, is decipherable at the recipient with multi-prime RSA public key encryption characterized by the composite number n being computed as the product of the at least three distinct random prime numbers. 34. The method according to
600 digits long. 35. A cryptography method for local storage of data by a private key owner, comprising the steps of:
selecting a public key portion e; developing k distinct random prime numbers, p _{1} , p _{2} , . . . p _{k} , where k≧ 3, and checking that each of the k distinct random prime numbers minus 1, p_{1} − 1, p_{2} − 1, . . . , p_{k} − 1, is relatively prime to the public key portion e; establishing a private key portion d by a relationship to the public key portion e in the form of d≡e ^{−1}(mod((p _{1} −)·(1 p _{2} −) . . . (1 p _{k} −)))1 ; computing a composite number, n, as a product of the k distinct random prime numbers that are factors of n, where only the private key owner knows the factors of n; and encoding plaintext data M to ciphertext data C for the local storage, using a relationship of the form C≡M ^{e}(mod n), wherein 0≦M≦n−1, whereby the ciphertext data C is decipherable only by the private key owner having available to it the factors of n; wherein the encoding step is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and 36. The cryptography method in accordance with
decoding the ciphertext data C from the local storage to the plaintext data M using a relationship of the form M≡C ^{d }(mod n). 37. A cryptographic communications system, comprising:
a plurality of stations; a communications medium; and a host system adapted to communicate with the plurality of stations via the communications medium sending and receiving messages cryptographically processed with an RSA public key encryption, the host system including at least one cryptosystem configured for developing k distinct random prime numbers p _{1} , p _{2} , . . . , p _{k} , where k≧ 3, checking that each of the k distinct random prime numbers minus 1, p_{1} − 1, p_{2} − 1, . . . p_{k} − 1, is relatively prime to a public key portion e that is associated with the host system, computing a composite number, n, as a product of the k distinct random prime numbers, establishing a private key portion d by a relationship of the public key portion e in the form of d≡e ^{−1}(mod((p _{1} −)·(1 p _{2} −) . . . (1 p _{k} −)))1 , in response to an encoding request from the host system, encoding a plaintext message data M producing therefrom a ciphertext message data C to be communicated via the host system, the encoding using a relationship of the form C≡M ^{e}(mod n), where 0≦M≦n−1, and in response to a decoding request from the host system, decoding a ciphertext message data C′ communicated via the host producing therefrom a plaintext message data M′ using a relationship of the form M′≡C′ ^{d}(mod n); wherein p and q are a pair of prime numbers that product of which equals a composite number, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n; wherein decoding the ciphertext message data C′ is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the decoding of the ciphertext message data C′ if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a decoding of the ciphertext message data C′ if the pair of prime numbers p and q is used instead. 38. The system of
39. The system of
a processor, a data-address bus, a memory coupled to the processor via the data-address bus, a data encryption standard (DES) unit coupled to the memory and the processor via the data-address bus, and a plurality of exponentiator elements coupled to the processor via the DES unit, the plurality of exponentiator elements being configured to operate in parallel in developing respective subtask values corresponding to the message. 40. The system of
41. The system of
42. The system of
Federal Information Processing Standard) -140 1 level 3. 43. The system of
_{1} , p _{2} , . . . p _{k} . 44. A system for communications of a message cryptographically processed with RSA public key encryption, comprising:
a bus; and a cryptosystem communicatively coupled to and receiving from the bus encoding and decoding requests, the cryptosystem being configured for providing a public key portion e, developing k distinct random prime numbers p _{1} , p _{2} , . . . , p _{k} , where k≧ 3, checking that each of the k distinct random prime numbers minus 1, p_{1} − 1, p_{2} − 1, . . . p_{k} _{1} , is relatively prime to the public key portion e, computing a composite number, n, as a product of the k distinct random prime numbers, ^{−1}(mod((p _{1} −)·(1 p _{2} −) . . . (1 p _{k} −)))1 , in response to an encoding request from the bus, encoding a plaintext form of a first message M to produce C, a ciphertext form of the first message, using a relationship of the form C≡M ^{e}(mod n), wherein 0≦M≦n−1, and in response to a decoding request from the host system, decoding C′, a ciphertext form of a second message, to produce M′, a plaintext form of the second message, using a relationship of the form M′≡C′ ^{d}(mod n), the first and second messages being distinct or one and the same; wherein decoding C′ is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the decoding of C′ if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a decoding of C′ if the pair of prime numbers p and q is used instead. 45. A system for communications of a message cryptographically processed with RSA public key encryption, comprising:
a bus; and a cryptoplasm receiving from the system via the bus encoding and decoding requests, the cryptosystem including a plurality of exponentiator elements configured to develop subtask values, a memory, and a processor configured for receiving the encoding and decoding requests, each encoding request providing a plaintext message M to be encoded, obtaining a public key that includes an exponent e and a modulus n, a representation of the modulus n existing in the memory in the form of its k distinct random prime number factors p _{1} , p _{2} , . . . p _{k} , where k≧ 3, constructing subtasks, one subtask for each of the k factors, to be executed by the exponentiator elements for producing respective ones of the subtask values C _{1} , C _{2} , . . . C _{k} , and forming a ciphertext message C from the subtask values C _{1} , C _{2} , . . . C _{k} , wherein the ciphertext message C is decipherable using a private key that includes the modulus n and an exponent d which is a function of e; wherein p and q are a pair of prime numbers that product of which equals a modulus m, the k distinct random prime numbers each smaller than p and q, and the modulus m having the same number of digits as the modulus n; and wherein for a given number of digits for modulus n and modulus m, it takes fewer computational cycles to form the ciphertext message C if the k distinct random prime numbers are used, relative to the number of computational cycles for forming a ciphertext message C′ if the pair of prime numbers p and q is used instead. 46. The system of
_{1} , C _{2} , . . . C _{k } is developed using a relationship of the form C _{i} ≡M _{i} ^{e} ^{ i }(mod p _{i}), where M _{i} ≡M(mod p _{i}), and e _{i} ≡e(mod p _{i} −)1 , and where i= 1, 2, . . . k. 47. A system for communications of a message cryptographically processed with RSA public key encryption, comprising:
a bus; and a cryptosystem receiving from the system via the bus encoding and decoding requests, the cryptosystem including a plurality of exponentiator elements configured to develop subtask values, a memory, and a processor configured for receiving the encoding and decoding requests, each encoding/decoding request provided with a plaintext/ciphertext message M/C to be encoded/decoded and with or without a public/private key that includes an exponent e/d and a modulus n representation of which exists in the memory in the form of its k distinct random prime number p _{1} , p _{2} , . . . p _{k} , where k≧ 3, obtaining the public/private key from the memory if the encoding/decoding request is provided without the public/private key, constructing subtasks to be executed by the exponentiator elements for producing respective ones of the subtask values M _{1} , M _{2} , . . . M _{k} /C _{1} , C _{2} , . . . C _{k} , and forming the ciphertext/plaintext message C/M from the subtask values C _{1} , C _{2} , . . . C _{k} /M _{1} , M _{2} , . . . M _{k} ; wherein p and q are a pair of prime numbers that product of which equals a modulus m, the k distinct random prime numbers each smaller than p and q, and the modulus m having the same number of digits as the modulus n; and wherein for a given number of digits for modulus n and modulus m, it takes fewer computational cycles to form the ciphertext/plaintext message C/M if the k distinct random prime numbers are used, relative to the number of computational cycles for forming a ciphertext/plaintext message C′/M′ if the pair of prime numbers p and q is used instead. 48. The system of
_{1} , C _{2} , . . . C _{k } is developed using a relationship of the form C _{i} ≡M _{i} ^{e} ^{ i }(mod p _{i}), where C _{i} ≡C(mod p _{i}), and e _{i} ≡e(mod p _{i} −)1 , and where i= 1, 2, . . . , k. 49. The system of
_{1} , M _{2} , . . . M _{k } is developed using a relationship of the form M _{i} ≡C _{i} ^{d} ^{ i }(mod p _{i}), where M _{i} ≡M(mod p _{i}), and d _{i} =d(mod p _{i} −)1 , and where i= 1, 2, . . . , k. 50. The system of
^{−1}(mod((p _{1} −)·(1 p _{2} −) . . . (1 p _{k} −)))1 . 51. A system for communications of a message cryptographically processed with RSA public key encryption, comprising:
means for selecting a public key portion e; means for developing k distinct random prime number p _{1} , p _{2} , . . . p _{k} , where k≧ 3, and for checking that each of the k distinct random prime numbers minus 1, p_{1} − 1, p_{2} − 1, . . . p_{k} − 1, is relatively prime to the public key portion e; means for establishing a private key portion of d by a relationship to the public key portion e in the form of d≡e ^{−1}(mod((p _{1} −)·(1 p _{2} −) . . . (1 p _{k} −)))1 ; means for computing a composite number, n, as a product of the k distinct random prime numbers; means for receiving a ciphertext message data C; and means for decoding the ciphertext message data C to a plaintext message data M using a relationship of the form M≡C ^{d}(mod n); wherein decoding said ciphertext message data C is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the decoding of said ciphertext message data C if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a decoding of said ciphertext message data C if the pair of prime numbers p and q is used instead. 52. The system according to
means for encoding the plaintext message data M to the ciphertext message data C, using a relationship of the form C≡M ^{e }(mod n), where 0≦M≦n−1. 53. A system for communications of a message cryptographically processed with RSA public key signing, comprising:
means for selecting a public key portion e; means for developing k distinct random prime numbers p _{1} , p _{2} , . . . p _{k} , where k≧ 3, and for checking that each of the k distinct random prime numbers minus 1, p_{1} − 1, p_{2} − 1, . . . p_{k} − 1 , is relatively prime to the public key portion e; means for establishing a private key portion d by a relationship to the public key portion e of the form d≡e ^{−1}(mod((p _{1} −)·(1 p _{2} −) . . . (1 p _{k} −)))1 ; means for computing a composite number, n, as a product of the k distinct random prime numbers; and means for encoding a plaintext message data M with the private key portion d to produce a signed message M _{S} , using a relationship of the form M _{S} ≡M ^{d}(mod n), where
0≦M≦n−1, the signed message M_{S }
being decipherable using the public key portion e;
wherein encoding said plaintext message data M is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the encoding of said plaintext message data M if the k distinct random prime numbers are used, relative to the number of computational cycles for performing an encoding of said plaintext message data M if the pair of prime numbers p and q is used instead.
54. The system of
means for decoding the signed message M _{S } with the public key portion e to produce the plaintext message data M using a relationship of the form M≡M _{S} ^{e}(mod n). 55. The system of
56. The system of
Description This application claims the benefit of U.S. Provisional Application No. 60/033,271 for PUBLIC KEY CRYTOGRAPHIC APPARATUS AND METHOD, filed Dec. 9, 1996, naming as inventors, Thomas Colins Collins, Dale Hopkins, Susan Langford and Michale Michael Sabin, the discolsure disclosure of which is incorporated by reference. This invention relates generally to communicating data in a secure fashion, and more particularly to a cryptographic system and methods using public key cryptography. Computer systems are found today in virtually every walk of life for storing, maintaining, and transferring various types of data. The integrity of large portions of this data, especially that portion relating to financial transactions, is vital to the health and survival of numerous commercial enterprises. Indeed, as open and unsecured data communications channels for sales transactions gain popularity, such as credit card transactions over the Internet, individual consumers have an increasing stake in data security. Thus, for obvious reasons, it is important that financial transaction communications pass from a sender to an intended receiver without intermediate parties being able to interpret the transferred message. Cryptography, especially public key cryptography, has proven to be an effective and convenient technique of enhancing data privacy and authentication. Data to be secured, called plaintext, is transformed into encrypted data, or ciphertext, by a predetermined encryption process of one type or another. The reverse process, transforming ciphertext into plaintext, is termed decryption. Of particular importance to this invention is that the processes of encryption and decryption are controlled by a pair of related cryptographic keys. A “public” key is used for the encryption process, and a “private” key is used to decrypt ciphertext. The public key transforms plaintext to ciphertext, but cannot be used to decrypt the ciphertext to retrieve the plaintext therefrom. As an example, suppose a Sender A wishes to send message M to a recipient B. The idea is to use public key E and related private key D for encryption and decryption of M. The public key E is public information while D is kept secret by the intended receiver. Further, and importantly, although E is determined by D, it is extremely difficult to compute D from E. Thus the receiver, by publishing the public key E, but keeping the private key D secret, can assure senders of data encrypted using E that anyone who intercepts the data will not be able to decipher it. Examples of the public key/private key concept can be found in U.S. Pat. Nos. 4,200,770, 4,218,582, and 4,424,414. The prior art includes a number of public key schemes, in addition to those described in the above-identified patents. Over the past decade, however, one system of public key cryptography has gained popularity. Known generally as the “RSA” scheme, it is now thought by many to be a worldwide defacto standard for public key cryptography. The RSA scheme is described in U.S. Pat. No. 4,405,829 which is fully incorporated herein by this reference. The RSA scheme capitalizes on the relative ease of creating a composite number from the product of two prime numbers whereas the attempt to factor the composite number into its constituent primes is difficult. The RSA scheme uses a public key E comprising a pair of positive integers n and e, where n is a composite number of the form
The recipient of the ciphertext C retrieves the message M using a (private) decoding key D, comprising a pair of positive integers d and n, employing the relation
As used in (4), above, d is a multiplicative inverse of
q−)))) (6)
1 where lcm((p−1), (q−1)) is the least common multiple of numbers p−1 and q−1. Most commercial implementations of RSA employ a different, although equivalent, relationship for obtaining d: d=e ^{−1}mod(p−1) (q−1) d≡e^{−1} mod((p−)·(1 q−)). (7)
1 This alternate relationship simplifies computer processing. Note: Mathematically (6) defines a set of numbers and (7) defines a subset of that set. For implementation, (7) or (6) usually is interpreted to mean d is the smallest positive element in the set.) The net effect is that the plaintext message M is encoded knowing only the public key E (i.e., e and n). The resultant ciphertext C can only decoded using decoding key D. The composite number n, which is part of the public key E, is computationally difficult to factor into its components, prime numbers p and q, a knowledge of which is required to decrypt C. From the time a security scheme, such as RSA, becomes publicly known and used, it is subjected to unrelenting attempts to break it. One defense is to increase the length (i.e., size) of both p and q. Not long ago it was commonly recommended that p and q should be large prime numbers 75 digits long (i.e., on the order of 10 This problem is exacerbated if the volume of ciphertext messages requiring decryption is large—such as can be expected by commercial transactions employing a mass communication medium such as the Internet. A financial institution may maintain as Internet site that could conceivably receive thousands of enciphered messages every hour that must be decrypted, and perhaps even responded to. Using larger numbers to form the keys used for an RSA scheme can impose severe limitations and restraints upon the institution's ability to timely respond. Many prior art techniques, while enabling the RSA scheme to utilize computers more efficiently, nonetheless have failed to keep pace with the increasing length of n, p, and q. Accordingly, it is an object of this invention to provide a system and method for rapid encryption and decryption of data without compromising data security. It is another object of this invention to provide a system and method that increases the computational speed of RSA encryption and decryption techniques. It is still another object of this invention to provide a system and method for implementing an RSA scheme in which the components factors of n do not increase in length as n increases in length. It is still another object to provide a system and method for utilizing multiple (more than two), distinct prime number components factors to create n. It is a further object to provide a system and method for providing a technique for reducing the computational effort for calculating exponentiations in an RSA scheme for a given length of n. The present invention discloses a method and apparatus for increasing the computational speed of RSA and related public key schemes by focusing on a neglected area of computation inefficiency. Instead of n=p·q, as is universal in the prior art, the present invention discloses a method and apparatus wherein n is developed from three or more distinct random prime numbers; i.e., n=p The commercial need for longer and longer primes shows no evidence of slowing; already there are projected requirements for n of about 600 digits long to forestall incremental improvements in factoring techniques and the ever faster computers available to break ciphertext. The invention, allowing 4 primes each about 150 digits long to obtain a 600 digit n, instead of two primes about 350 300 digits long, results in a marked improvement in computer performance. For, not only are primes that are 150 digits in size easier to find and verify than ones on the order of 350 300 digits, but by applying techniques the inventors derive from the Chinese Remainder Theorem (CRT), public key cryptography calculations for encryption and decryption are completed much faster—even if performed serially on a single processor system. However, the inventors' techniques are particularly adapted to be advantageously apply enable RSA public key cryptographic operations to parallel computer processing. The present invention is capable of using extending the RSA scheme to perform encryption and decryption operation using a large (many digit) n much faster than heretofore possible. Other advantages of the invention include its employment for decryption without the need to revise the RSA public key encryption transformation scheme currently in use on thousands of large and small computers. A key assumption of the present invention is that n, composed of 3 or more sufficiently large distinct prime numbers, is no easier (or not very much easier) to factor than the prior art, two prime number n. The assumption is based on the observation that there is no indication in the prior art literature that it is “easy” to factor a product consisting of more than two sufficiently large, distinct prime numbers. This assumption may be justified given the continued effort (and failure) among experts to find a way “easily” to break large component composite numbers into their large prime factors. This assumption is similar, in the inventors' view, to the assumption underlying the entire field of public key cryptography that factoring composite numbers made up of two distinct primes is not “easy.” That is, the entire field of public key cryptography is based not on mathematical proof, but on the assumption that the empirical evidence of failed sustained efforts to find a way systematically to solve NP problems in polynomial time indicates that these problems truly are “difficult.” The invention is preferably implemented in a system that employs parallel operations to perform the encryption, decryption operations required by the RSA scheme. Thus, there is also disclosed a cryptosystem that includes a central processor unit (CPU) coupled to a number of exponentiator elements. The exponentiator elements are special purpose arithmetic units designed and structured to be provided message data M, an encryption key e, and a number n (where n=p Alternatively, the exponentiator elements may be provided the ciphertext C, a decryption (private) key d and n to return M according to the relationship,
According to this decryption aspect of the invention, the CPU receives a task, such as the requirement to decrypt cyphertext ciphertext data C. The CPU will also be provided, or have available, a public private key e d and n, and the factors of n (p In a preferred embodiment of this latter aspect of the invention, the bus structure used to couple the CPU and exponentiator elements to one another is made secure by encrypting all important information communicated thereon. Thus, data sent to the exponentiator elements is passed through a data encryption unit that employs, preferably, the ANSI Data Encryption Standard (DES). The exponentiator elements decrypt the DES-encrypted sub-task information they receive, perform the desired task, and encrypt the result, again using DES, for return to the CPU. As indicated above, the present invention is employed in the context of the RSA public key encryption/decryption scheme. As also indicated, the RSA scheme obtains its security from the difficulty of factoring large numbers, and the fact that the public and private keys are functions of a pair of large (100-200 digits or even larger) prime numbers. Recovering the plaintext from the public key and the ciphertext is conjectured to be equivalent to factoring the product of two primes. According to the present invention, the public key portion e is picked. Then, three or more random large, distinct prime numbers, p _{1}, p_{2}, . . . , p_{k} n=p_{1} ·p _{2} · . . . p _{k}, is computed.Finally, the decryption key exponent, d, is established by the relationship:
p _{2} −)· . . . ·(1 p _{k} −))1 , or equivalently
d≡e ^{−1} mod(lcm((p _{1} −)1 , (p _{2} −)1 , . . . (p _{k} −)))
1 The message data, M is encrypted to ciphertext C using the relationship of (3), above, i.e.,
To decrypt the ciphertext, C, the relationship of (3) ( M=C ^{d}mod n M≡C^{d}(mod n)
where n and d are those values identified above. Alternatively, a message data M can be encoded with the private key to a signed message data M Using the present invention involving three primes to develop the product n, RSA encryption and decryption time can be substantially less than an RSA scheme using two primes by dividing the encryption or decryption task into sub-tasks, one sub-task for each distinct prime. (However, breaking the encryption or decryption into subtasks requires knowledge of the factors of n. This knowledge is not usually available to anyone except the owner of the key, so the encryption process can be accelerated only in special cases, such as encryption for local storage. A system encrypting data for another user performs the encryption process according to (3), independent of the number of factors of n. Decryption, on the other hand, is performed by the owner of a key, so the factors of n are generally known and can be used to accelerate the process.) For example, assume that three distinct primes, p d _{2}=dmod (p_{2}−1) d_{2} ≡d(mod(p _{2} −)); and
1 d _{3}=dmod (p_{3}−1) d_{3} ≡d(mod(p _{3} −)).
1 The results of each sub-task, M e _{2}=emod (p_{2}−1) e_{2} ≡e(mod(p _{2} −), and
1 e _{3}=emod (p_{3}−1) e_{3} ≡e(mod(p _{3} −))1 .
In generalized form, the decrypted ciphertext C ( Preferably, the recursive CRT method described above is used to obtain either the ciphertext, C, or the deciphered plaintext (message) M due to its speed. However, there may be occasions implementations when it is beneficial to use a non-recursive technique in which case the following relationships are used:
Thus, for example above (k=3), M is constructed from the returned sub-task values M Employing the multiple distinct prime number technique of the present invention in the RSA scheme can realize accelerated processing over that using only two primes for the same size n. The invention can be implemented on a single processor unit or even the architecture disclosed in the above-referenced U.S. Pat. No. 4,405,829. The capability of developing sub-tasks for each prime number is particularly adapted to employing a parallel architecture such as that illustrated in FIG. Turning to As The I/O bus Preferably, the CPU In order to ensure a secure environment, it is preferable that the cryptosystem 3. Accordingly, the elements that make up the CPU 14 would be implemented in a design that will be secure from external probing of the circuit. However, information communicated on the I/O bus 30 between the CPU 14 and the exponentiator circuits 32 (and external memory 34—if present) is exposed. Consequently, to maintain the security of that information, it is first encrypted by the DES unit 24 before it is placed on the I/O bus 30 by the CPU 14. The exponentiator circuits 32, as well as the external memory 34, will also include similar DES units to decrypt information received from the CPU, and later to encrypt information returned to the CPU 14.It may be that not all information communicated on the I/O bus The DES unit In similar fashion, information conveyed to or retrieved from the exponentiators Information that need not be maintained in secure fashion to be stored in the external memory In operation, the CPU Assume, for the purpose of the remainder of this discussion, that the encryption/decryption tasks performed by the cryptosystem In turn, the exponentiators The encryption, decryption techniques described hereinabove, and the use of cryptosystem As an example, the host system, as indicated, may receive encrypted communication from the stations Continuing, the DES encrypted communication, including the DES key encrypted with the RSA scheme, would be received by the host system. Before decrypting the DES communication, it must obtain the DES key and, accordingly, the host system In turn, the cryptosystem Alternatively, the post host-system Of course, the host system Other techniques for encrypting the communication could used. For example, the communication could be entirely encrypted by the RSA scheme. If, however, the message to be communication ed is represented by a numerical value greater than n−1, it will need to be broken up into blocks size M where
Each block M would be separately encrypted/decrypted, using the public key/private key RSA scheme according to that described above. Patent Citations
Non-Patent Citations
Classifications
Legal Events
Rotate |