Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!rochester!pt!nl.cs.cmu.edu!mlm From: mlm@nl.cs.cmu.edu (Michael Mauldin) Newsgroups: sci.crypt Subject: Re: non-RSA public-key encryption systems Message-ID: <14@nl.cs.cmu.edu> Date: Mon, 13-Jul-87 00:54:35 EDT Article-I.D.: nl.14 Posted: Mon Jul 13 00:54:35 1987 Date-Received: Tue, 14-Jul-87 00:46:34 EDT References: <8248@utzoo.UUCP] <8457@linus.UUCP> <321@louie.udel.EDU> Distribution: world Organization: Carnegie-Mellon University, CS/RI Lines: 52 Summary: Possible non-RSA/RSA variant encryption scheme you could use In article <321@louie.udel.EDU>, galvin@udel.EDU (James M Galvin) writes: >>> Anybody know of a reasonably good public-key encryption system which has >>> not been broken like the knapsack algorithm and is not patented like RSA? >> >> It doesn't exist. > > Not true. As far as I know any algorithm based on computing logarithms > in a finite field are available. How about using an exponentiation cipher based on three or more secret primes instead of just two (like the RSA scheme): C = exp (M, E) mod N M = exp (C, D) mod N Where: M = message (clear) text C = cipher text N = p*q*r p,q,r are large 'safe' primes Then phi(N) = (p-1)(q-1)(r-1) E,D such that gcd(D,phi(N)) = 1 and E*D = 1 mod phi(N) (for example, fix D, compute E = invert (D, phi(N))) A prime p is safe if p = 2p'+1 for some prime p'. To use k primes p(i), just compute __ N = || p(i) i=1,k __ phi(N) = || (p(i)-1) i=1,k The neat trick is that you could still use RSA hardware for encryption and decryption, since the enciphering/deciphering step is still C = exp (M, E) mod N, the only difference is the method of computing the actual values of E, D, and N. Questions: Is this different enough from RSA to avoid patent infringement? Does choosing modulus N with a few factors (say 3 to 10) rather than just 2 make it much easier to factor N? Are there any known pitfalls to using more than 2 primes? What's the state of the art in factoring large numbers. How fast can it be done on various computers (Vax, Sun, PC, Cray, VLSI)? Michael L. Mauldin (Fuzzy) Department of Computer Science ARPA: Michael.Mauldin@NL.CS.CMU.EDU Carnegie-Mellon University Phone: (412) 268-3065 Pittsburgh, PA 15213-3890