New Cryptosystem Using Multiple Cryptographic Assumptions

,


INTRODUCTION
Many designated cryptosystems (Diffie and Hellman, 1976) in the literature were developed based on a single cryptographic assumption like algebraic geometric code (Pramod and Manju, 2010), discrete logarithms (DL) (ElGamal, 1985), factorization (FAC) (Rivest et al., 1978), quadratic residue (QR) (Rabin, 1979), elliptic curve discrete logarithm (ECDL) (Koblitz, 1987;Miller, 1986) problems. Some of them remain secure and are resistant to attacks. However, one day in the future, one could find a polynomial algorithm that can efficiently solve the underlying assumption hence break the corresponding cryptosystem easily. Many cryptographers realize it and start to develop a more secure cryptosystem. One of the methods to design such scheme is by using multiple cryptographic assumptions (Ismail et al., 2008a;Elkamchouchi et al., 2004;Harn, 1994;Baocang and Yupu, 2005;Ismail et al., 2008b;Ismail and Hijazi, 2011). The reason behind this is an adversary needs a longer period of time in order to break the multiple cryptographic assumptionsbased cryptosystem since it is very unlikely for the adversary to obtain the solutions of these cryptographic assumptions simultaneously.
In this article, we proposed a new cryptosystem based on two cryptographic assumptions; quadratic residue and discrete logarithm problems. With the improved security offered, we also showed that the performance of the scheme requires acceptable numbers of operations in both encrypting and decrypting processes, which makes it very practical for real applications.

Some notations and parameters:
The following notations and parameters are used to initialize the developed scheme: • Two large strong random primes p and q which are safe primes and set the modulus n = pq • A primitive element, g from H = {z : gcd(z, n)=1} of order n satisfying g n-1 = 1 mod n where gcd (a,b) denotes the greatest common divisor of a and b • A cryptographic hash-function h(.) whose output is a t-bit length and we suggest t = 128

MATERIALS AND METHODS
We propose a cryptosystem based on multiple cryptographic assumptions; quadratic residue and discrete logarithms. The scheme consists of three phases namely Initialization, Encryption and Decryption. In Initialization phase, the public and secret keys of receivers are computed. The calculated public keys will be published in a public directory and everyone including adversaries could access it while the secret keys remain secret and will be kept by the receivers.
In Encryption phase, the original message owned by a sender is first hashed using the appropriate cryptographic hash function, h(.). This function transforms an input of arbitrarily length to a fixed length of output (128 bits). The sender then gets his hashed message encrypted and this is done by first picking a secret integer randomly plus the receiver's public key. The encrypted message is then sent to the legal receiver. In Decryption phase, the receiver obtains the original message by using his own secret keys.

Initialization phase:
• Choose randomly an integer x < n from H • Compute the number y = g x mod n The public key is given by y and can be accessed in the public directory and the secret key is given by x and only known to the legal receiver. Also only the receiver knows the primes factorization of n.
Encryption: Get the original message, m hashed. The sender encrypts his message h(m) of 128-bits as follows before sends receiver a pair (c 1 , c 2 ).
• Select at random an integer c < n from H • Disguise the message by computing c 1 = h(m) 2 y -c mod n (1a) • Calculate the number: In the original ElGamal, (1985) cryptosystem we compute the number c 1 in Eq. 1a without squaring the original message. In our scheme, we need this as we implementing the Rabin, (1979) cryptosystem for QRlike scheme.

Decryption:
The receiver decrypts the obtained encrypted message (c 1 , c 2 ) as below.
• Compute the following: • The receiver uses the known technique (Rabin, 1979) to extract the original message h(m) from [h(m) 2 ] and this can be done since he knows the prime factorization of n.
A simple example: We describe an example to show the basic principle of our developed cryptosystem. Practitioners are not recommended to select keys or parameters computed in this example in practice since inappropriate parameters would make this scheme vulnerable to attacks. Assume that p = 29 and q = 43. Then the modulus is now given by n = 1247. Next picks the number x = 37 and a primitive element, g = 17. Thus the public and secret keys of the scheme are respectively given by 1003 and 37. To encrypt the original message h(m) = 1122, the sender selects c = 3 and sends receiver c 1 = 1122 (1003)

RESULTS
We discuss our results of the newly developed cryptosystem according to the following criterion.

• Verification
• Security analysis • Efficiency performance We start by proving the validity of our scheme then we show that our scheme is heuristically secure by considering common algebraic attacks on cryptosystem. Lastly, we describe the efficiency consideration using computational complexity of the proposed scheme.
For verification, we prove that the decrypting Eq.2 is correct. For security consideration, we use a technique from heuristic security to show that the scheme is secure. We do this by delivering the scheme to the literature for attacks. We consider three possible attacks by which an Adversary (Adv) may try to take down the new cryptosystem. We define each attack and give the corresponding analysis of why this attack would fail. For efficiency performance, we evaluate the time complexity for both phases; encryption and decryption and we calculate the communication cost for our scheme.

Verification:
We validate our new cryptosystem by proving the following theorem.

Theorem: If the algorithms of Initialization and Encryption run smoothly then the decryption of the encrypted message in Decryption is correct.
Proof: The Eq.2 above is true for all encrypted message (c 1 , c 2 ) since c 1 (c 2 ) x = h(m) 2 y -c (g c ) x = h(m) 2 g -cx (g c ) x = h(m) 2 mod n Security analysis: We show that our scheme is heuristically secure by considering the following three most common attacks on cryptosystem.
Direct attack: Adv wishes to obtain all secret keys using all information available from the system. Particularly, he wants to find the 3-tuples (x, p, q). In this case, Adv needs to solve QR and DL. For QR, he needs to find the primes of n and the best way to factorize the modulus n = pq is by using the number field sieve method (Lenstra et al., 1993). However, this method is just dependent on the size of modulus n and it is computationally infeasible to factor an integer of size 1024-bit and above. The primes p and q also must be well-chosen that they are must be strong primes (Gordon, 1984). This could resist the scheme from the special-purpose factorization algorithms attack. For DL, to resists it from various attacks one should check and confirm that the two integers (p-1)/2 and (q-1)/2 are the product of two 512-bit strong primes.
Factoring attack: Assume that the Adv has successfully solves the factoring assumption so that he knows the primes p and q. He also learns the following equation: c 1 = h(m) 2 y -c = h(m) 2 g -cx mod n From the equation, to recover the original message, h(m) he has to remove the term g -cx from c 1 . At this stage, he knows g c and g x but according to Diffie-Hellman problem (Diffie and Hellman, 1976) he cannot compute g cx . Thus the Adv would fail.
Discrete logarithm attack: Assume that the Adv is able to solve the DL problem and thus obtain the secret integer x. He then knows that (c 2 ) x = g cx mod n and tries to recover the original message h(m) from the equation c 1 = h(m) 2 y -c = h(m) 2 g -cx mod n Upon knowing the secret x, he manages to remove the term g -cx from c 1 to obtain h(m) 2 . Unfortunately, to get h(m) from h(m) 2 he must know the secret primes p and q but this is impossible since the FAC is computationally infeasible.
Efficiency performance: Next, we investigate the performance of our scheme in terms of number of keys, computational complexity and communication costs. The following notations are used to analyse the performance of the scheme.
• SK and PK denote the number of secret and public keys respectively • T exp is the time taken for a modular exponentiation • T mul is the time taken for a modular multiplication • T srt is the time taken for a modular quadratic residue computation • T hash is the time taken for performing a hash function • |x| denotes the bit length of x We ignore the time complexity for modular addition or subtraction computation and we assume that the probability of the bit being selected as 0 or 1 is 0.5. The performance of our new cryptosystem is summarized in Table 1.
From Table 1, the sender performs 482T mul +T hash time complexity for encryption process and the receiver performs 242T mul +T srt time complexity for decryption process using the conversion T exp =240T mul (Koblizt et al., 2000). Finally the communication costs of the scheme are given by 4|n|.

DISCUSSION
Many existing cryptosystems were developed based on a single cryptographic assumption like factoring, discrete logarithm, elliptic curve discrete logarithm and quadratic residue problems. In a near future, if an attacker finds a polynomial algorithm solving this assumption, he then can read the original message from the corresponding encrypted message and hence break the scheme.
Our new proposed cryptosystem is prevented from this situation. This is because the scheme is designed based on two cryptographic assumptions namely quadratic residue and discrete logarithms. The enemy can break this scheme only if he can solve the two problems at one time and this is happen with negligible probability. Although he manages to find a solution to one of the underlying assumption in one certain period of time, our scheme remains secure as the other assumption remains hard to solve for at least another period of time.
Our scheme next is protected from the most three common considering attacks for scheme based on two assumptions. The performance analysis shows that the developed scheme requires reasonable number of modular operations in both encryption and decryption phases and thus makes it very efficient and suitable for applications.

CONCLUSION
We developed a new cryptosystem based on two cryptographic assumptions; quadratic residue and discrete logarithms. The proposed scheme requires respectively 482T mul +T hash and 242T mul +T srt for encryption and decryption. Some possible attacks have also been considered and we showed that the scheme is secure from those attacks.