セアラの暗号 - PDF 無料ダウンロード

1 Cayley-Purser 1 Sarah Flannery 16 1 [1] [1] [1]314 www.cayley-purser.ie http://cryptome.org/flannery-cp.htm [2] Cryptography: An Investigation of a New Algorithm vs. the RSA(1999 RSA 1999 9 11 2 (17 RSA Cayley-Purser RSA 3 1 In Code: A Mathematical Journey by Sarah Flannery and David Flannery 2 http://ec.europa.eu/research/press/1999/pr2509en ann.pdf 3

2 CP 2 [2] Cayley-Purser(CP RSA CP RSA RSA RSA RSA RSA RSA 3 The Cayley-Purser Algorithm 2 2 Purser Cayley-Purser Algorithm CP Cayley 19 Arthur Cayley (1821-1895 Purser Michael Purser [1] 4 3.1 GL(2, Z n n GL(2, Z n 5.2 5 Z n n Z Z n (mod n n GL(2, Z n Z n 2 2 GL(2, Z n 4 Michael Purser 5 3.1

3 3.1 GL(2, Z n α = ( a 11 a 12 a 21 a 22 Z n 2 2 α GL(2, Z n a 11 a 22 a 12 a 21 n. 2 2 ( ( ( a 11 a 12 a 22 a 12 = (a 11 a 22 a 12 a 21 a 21 a 22 a 21 a 11 α (a 11 a 22 a 12 a 21 Z n (mod n n 1 0 0 1 p q n = pq G = GL(2, Z n CP GL(2, Z n GL(2, Z n 6 3.2 p, q n = pq GL(2, Z n = p(p 1(p 2 1q(q 1(q 2 1 = nφ(n 2 (p + 1(q + 1 φ(n n φ(n = (p 1(q 1. M(2, Z n, M(2, Z p, M(2, Z q Z n, Z p, Z q 2 2 M(2, Z n M(2, Z p M(2, Z q GL(2, Z n GL(2, Z p GL(2, Z q GL(2, Z n = GL(2, Z p GL(2, Z q a, b, c, d Z p ab cd = 0 ab = cd Z p 6 A A A

4 CP (1 a = 0 b : c = 0 d : = p 2 (2 a = 0 b : c 0 d = 0 = p(p 1 (3 a 0 b : c : d : = (p 1p 2 3.1 GL(2, Z p M(2, Z p = p 4 GL(2, Z p = p 4 p 2 p(p 1 (p 1p 2 = p(p 3 p 3 p + 1 = p(p 1(p 2 1 GL(2, Z q = q(q 1(q 2 1 GL(2, Z n = nφ(n 2 (p + 1(q + 1 RSA φ(n n n n = pq 3.2 CP RSA n (mod n CP 2 2 n 2 2 RSA (mod n n (mod n n CP n n RSA B p q n = pq χα 1 αχ χ, α GL(2, Z n β = χ 1 α 1 χ γ = χ r ; r N n α β γ

5 A µ B A B s N δ = γ s ɛ = δ 1 αδ κ = δ 1 βδ A µ µ = κµκ µ ɛ B A µ ɛ λ = χ 1 ɛχ µ = λµ λ µ 3.3. λ = χ 1 ɛχ............................. (λ = χ 1 (δ 1 αδχ....................... (ɛ = δ 1 (χ 1 αχδ (δ χ δ χ = δ 1 (χ 1 α 1 χ 1 δ...................... ( = δ 1 β 1 δ................. (β = χ 1 α 1 χ = (δ 1 βδ 1...................... ( = κ 1.....(κ A

6 CP λµ λ = λ(κµκλ = (κ 1 κµ(κκ 1 = µ 4 CP CP 4.1 A B C B n α β γ A µ ɛ χ χ β = χ 1 α 1 χ (1 χ χ r γ = χ r (2 χ α α 1 (1 χ 4.2 (2 (2 γ (2 r χ r n r- r = 2 2 2 x 2 a (mod n (3 n = pq n = pq (3 n = pq 7 p q n n = pq γ χ (2 RSA 7

7 4.3 (1 (1 β = χ 1 α 1 χ χβ = α 1 χ (4 χ χ GL(2, Z n α C(α χ C(α α GL(2, Z n αx = xα GL(2, Z n x GL(2, Z n α C(α C(α GL(2, Z n αx = xα xα 1 = α 1 x = C(α 1 = C(α 4.1 (4 χ C(α. χ χ 1 (4 β = χ 1 α 1 χ β = χ 1 1 α 1 χ 1 χ 1 α 1 χ = χ 1 1 α 1 χ 1 χ 1 1 χ α 1 χχ 1 1 = χχ 1 1 α 1 C(α χχ 1 1 C(α 1 χ C(α 1 χ 1 1 C(α 1 = C(α 1 χ C(α χ 1

8 CP C(α α α GL(2, Z n α C(α C(α α α 4.2 p q p 1 q 1 p = 2p 1 + 1, q = 2q 1 + 1 GL(2, Z n α 4.1. GL(2, Z n A det(a GL(2, Z n Z n Φ Φ : GL(2, Z n Z n A Z n Φ(A. r A GL(2, Z n A r = I I Φ(A = u 1 = Φ(I = Φ(A r = Φ(A r = u r u Z n m m r A GL(2, Z n m GL(2, Z n A Φ(A A Z n Z p Z q Z p Z q p 1 q 1 Ψ : Z/Z n Z p Z q Z/Z n Z p Z q x (mod n (x mod p, x mod q (5 GL(2, Z n

9 Z n 4.2. Z n 1, 2, p 1, q 1, 2p 1, 2q 1, p 1 q 1, 2p 1 q 1. p = 2p 1 + 1 q = 2q 1 + 1 p 1 = 2p 1 q 1 = 2q 1 p 1 q 1 Z n Z p Z q (2, 2, p 1, q 1 2, 2, p 1, q 1 4.3. Z n 1 1 2 3 p 1 p 1 1 q 1 q 1 1 2p 1 3p 1 3 2q 1 3q 1 3 p 1 q 1 p 1 q 1 p 1 q 1 + 1 2p 1 q 1 3p 1 q 1 3p 1 3q 1 + 3. 2p 1 Z p (2, p 1 Z p Z q Zp Zq 1 1 1 1 2 1 2 1 p 1 p 1 1 q 1 q 1 1 2p 1 p 1 1 2q 1 q 1 1 (5 Ψ Z p Z q (a, b a Z p s b Z q t Ψ(c = (a, b Zn c s t [s, t] a p 1 b q 1 c p 1 q 1 p 1 a p 1 1 q 1 b q 1 1 Z n

10 CP p 1 q 1 c (p 1 1(q 1 1 = p 1 q 1 p 1 q 1 + 1 1 1 [1, 1] = 1 2 3 [1, 2] = [2, 1] = [2, 2] = 2 p 1 p 1 1 [p 1, 1] = p 1 q 1 q 1 1 [1, q 1 ] = q 1 2p 1 3p 1 3 [2p 1, 1] = [2p 1, 1] = [2p 1, 2] = 2p 1 2q 1 3q 1 3 [1, 2q 1 ] = [1, 2q 1 ] = [2, 2q 1 ] = 2q 1 p 1 q 1 p 1 q 1 p 1 q 1 + 1 [p 1, q 1 ] = p 1 q 1 2p 1 q 1 3p 1 q 1 3p 1 3q 1 + 3 [2p 1, q 1 ] = [2p 1, 2q 1 ] = [p 1, 2q 1 ] = 2p 1 q 1 4.2 p 1 q 1 1 2 p 1 q 1 1 2 4 Z n 4p 1q 1 4.2 [2]. p 1 q 1 p 1 q 1 4p 1 + 4q 1 4 4p 1 q 1 1 + 1 1 p 1 q 1 p 1 q 1 p q 10 100 2 10 100 (4 8 χ 8 6.2 RSA p 1 q 1

11 5 RSA CP [2] RSA CP 1. RSA CP CP RSA Mathematica PowerMod CP 20 2. RSA (n, e Bob n e CP CP Alice RSA e 3. Alice Bob Eve c RSA e 4. CP Alice Bob δ κ 1 = λ RSA Alice Bob CP Alice Bob 6 RSA vs. CP CP RSA Max Ehrmannn Desiderata 1769 RSA CP [2] Mathematica [2] 9 9

12 CP 7 [2] (a CP RSA (b CP RSA Running Time (Seconds Message = 4 * 1769 = 7076 characters b RSA CP 222 digits 84.641 3.916 21.6:1 242 digits 104.71 4.036 25.9:1 262 digits 118.841 4.276 27.8:1 282 digits 131.739 4.326 30.5:1 302 digits 145.689 4.487 32.5:1 8 CP 8.1 3.2 µ χ = νχ χ CP B A µ ɛ A µ ɛ µ. χ 1 ɛ χ = (χ 1 ν 1 ɛ ν χ = χ 1 ɛ χ = κ 1 κ µ 3.2 γ c δ = ci ɛ = α

13 κ = β α κ n γ 3.2 γ γ ci c 1 c 2 γ c 1 I (mod p γ c 2 I (mod q n. 0 γ ij < n γ = ( γ 11 γ 12 γ 21 γ 22 d = gcd(γ 11 γ 22, γ 12, γ 21, n 1 d n d = n γ 11 = γ 22, γ 12 = 0, γ 21 = 0 γ = ci 1 < d < n n p q γ c 1 I (mod p γ 11 γ 22 (mod p, γ 12 0 (mod p, γ 21 0 (mod p d > 1 γ c 1 I (mod q d > 1 8.2 γ (mod n (mod p (mod q α, β γ χ χ n. γ γ = χ r 2 Cayley-Hamilton γ = χ r = aχ + bi gcd(a, n = 1 a 1 Z n aχ = γ bi (6 χ = aχ

14 CP β = χ 1 α 1 χ = a 1 χ 1 α 1 aχ = (aχ 1 α 1 (aχ = χ 1 α 1 χ χ β = α 1 χ (6 (γ biβ = α 1 (γ bi γβ bβ = α 1 γ bα 1 b(α 1 β = α 1 γ γβ b α 1 β (α 1 β (1, 1 b(α 11 β 11 e (mod n α 11 α 1 (1, 1 b gcd(α 11 β 11, n = 1 1 < gcd(α 11 β 11, n n n (α 11 β 11 1 b 4 [2] Remark 1: α, γ, δ χ χ χ ɛ λ = κ 1 ɛ χ CP Remark 2: γ n n n χ Remark 3: 3 3 CP Remark 4: δ δ = γ s δ = aγ + bi

15 [1] / [2] Sarah Flannery, Cryptography: An Investigation of a New Algorithm vs. the RSA, 1999, http://cryptome.org/flannery-cp.pdf Remark 1 (a CP RSA RSA CP 11 CP CP CP Cayley-Purser RSA [1] In Code: A Mathematical Journey by Sarah Flannery and David Flannery [2]