Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!rochester!pt!nl.cs.cmu.edu!mlm
From: mlm@nl.cs.cmu.edu (Michael Mauldin)
Newsgroups: sci.crypt
Subject: Re: non-RSA public-key encryption systems
Message-ID: <14@nl.cs.cmu.edu>
Date: Mon, 13-Jul-87 00:54:35 EDT
Article-I.D.: nl.14
Posted: Mon Jul 13 00:54:35 1987
Date-Received: Tue, 14-Jul-87 00:46:34 EDT
References: <8248@utzoo.UUCP] <8457@linus.UUCP> <321@louie.udel.EDU>
Distribution: world
Organization: Carnegie-Mellon University, CS/RI
Lines: 52
Summary: Possible non-RSA/RSA variant encryption scheme you could use

In article <321@louie.udel.EDU>, galvin@udel.EDU (James M Galvin) writes:
>>> Anybody know of a reasonably good public-key encryption system which has
>>> not been broken like the knapsack algorithm and is not patented like RSA?
>> 
>> It doesn't exist.
> 
> Not true.  As far as I know any algorithm based on computing logarithms
> in a finite field are available.

How about using an exponentiation cipher based on three or more secret
primes instead of just two (like the RSA scheme):

	C = exp (M, E) mod N
	M = exp (C, D) mod N

		Where:
		M = message (clear) text
		C = cipher text
		N = p*q*r	p,q,r are large 'safe' primes

		Then phi(N) = (p-1)(q-1)(r-1)

		E,D such that gcd(D,phi(N)) = 1 and E*D = 1 mod phi(N)
		(for example, fix D, compute E = invert (D, phi(N)))

		A prime p is safe if p = 2p'+1 for some prime p'.

		To use k primes p(i), just compute
			  __		
		N =       || p(i)		i=1,k
			  __
		phi(N) =  || (p(i)-1)		i=1,k

  The neat trick is that you could still use RSA hardware for
  encryption and decryption, since the enciphering/deciphering
  step is still  C = exp (M, E) mod N, the only difference is 
  the method of computing the actual values of E, D, and N.

Questions:

  Is this different enough from RSA to avoid patent infringement?

  Does choosing modulus N with a few factors (say 3 to 10)
  rather than just 2 make it much easier to factor N?  Are
  there any known pitfalls to using more than 2 primes?

  What's the state of the art in factoring large numbers.  How fast
  can it be done on various computers (Vax, Sun, PC, Cray, VLSI)?

Michael L. Mauldin (Fuzzy)		Department of Computer Science
ARPA: Michael.Mauldin@NL.CS.CMU.EDU	Carnegie-Mellon University
Phone: (412) 268-3065			Pittsburgh, PA  15213-3890