Beruflich Dokumente
Kultur Dokumente
Abstract-The algorithm is an extension of the El Gamal algorithm is based on the El Gamal encryption system
encryption system. The difference from the classical form [1][3][4] and, in this article, it will be further called the
is the way the keys are generated and distributed. This ElGamal with differentiated decryption on k+1 access
system allows the encryption of the message mi... by Alicei... levels (EG(k+1)GA), this taking part of the category
and its decryption by Bobi.... Moreover, there exists the
encryption systems with a public key which is based on
possibility of decrypting a group of messages or all the
messages by other beneficiaries, each using a secret the discrete logarithm problem. The extended system
special key. This key is distributed depending on the (EG(k+1)GA) is described in the next part of the paper.
access level, meaning, on the access right. The user of the Generally, the encryption systems allow a user to
key of level 0 can decrypt all messages, the user which encrypt the information M and another one to decrypt
holds one of the keys of level 1 can decrypt a subset of the it. Such a possibility is offered by the ElGamal system.
set of messages that can be decrypted with the key of level Unlike these, (EG(k+1)GA) allows the information M
0, the one which holds one of the keys of level 2 can to be encrypted by more than one user, and the access
decrypt a subset of the set of messages that can be to it, by decryption, to be possible to more users. The
decrypted with the key of level 1 and so on, and the one
messages from the information M, which will be
which holds one of the keys of level k can decrypt a
message mi... accessed by decryption by a user, will be those for
which the user has rights. These rights can be
organized with the help of access levels [8][9].
Between levels there are hierarchical links. These
Keywords: The system EG(k+1)GA, ElGamal with
valences of (EG(k+1)GA) are possible because of the
Differentiated Decryption, public key of level
links between the keys. The presentation emphasizes
P(k+1)K, secret key of level k SK(k+1)Gk.
the way the keys are generated, distributed and the
links between them. The personal contributions,
conclusions and application ideas are illustrated at the
I. INTRODUCTION
end of the paper.
The paper starts with a few mathematical
preliminaries which have the scope of presenting the
II. PRELIMINARIES
terms used throughout the presentation. By the term
information it is presented the following set:
Next, a few notions regarding trees will be presented
M = {mijk ... | mijk ... , {0,1} p , ijk ... } in order to introduce the terminology. The nodes of a
which is a set of messages. The encryption of the tree are placed on levels. So, the root of the tree is
information M can be realized by the encryption of situated on level 0,its direct descendants on level 1, the
each message. The access to an encrypted information direct descendants of a node on level k are situated on
means that the user can decrypt a part of or all of the level k+1.The maximum height of a tree(depth of the
encrypted messages, depending on the users rights. tree) is the maximum level of a node in the tree. If
The central subject of this paper is the description of an there is an arc from node x to node y it is said that y is
encryption system elaborated to ensure the access to an the child of node x or x is the parent of node y. A node
encrypted information in a differentiated way. This y is the sibling of node z if they have the same parent.
system is structured on levels of access [7][8]. The A leaf is a node without any children.
Let I **** be a set of k indices. Next,
x
Level 0 the following notations will be used:
i... = (i1, i2 ,..., ik ) = i1i2 ...ik
k j... = (i1, i2 ,..., ik j ) =
Level 1 y z = i1i2 ...ik j , j = 1,..., k
The information {mi.... iI} is considered.
Construct a system such that every message mi can
Level 2 r s t
respectively be encrypted by Alicei, using a set of
public keys, and decrypted by Bobi.. using a secret
Figure 1.The representation of a tree. key, and only by them. Moreover, Bobk-jk-jcan decrypt
Stepping through the items of a tree can be realized using a special secret key, only the messages contained
in numerous ways, out of which A-preorder means in an element of the partition of the set
visiting the root, then the subtrees which have as roots {mi.... iI}
its descendants. For the following tree : Finally, Bob0 can decrypt using a special secret key
all the messages contained in the information
1
{mi.... iI}.
The algorithm for solving the exercise is:
f0
1
f 1 f12
2 2 2
f 11 f 12 f 21 f222
3 3
f 111 f 112 f3121 3
f 211 f3
212 f3221
z1111 z1112 z1113 z1121 z1211 z1212 z2111 z2121 z2122 z2211
m111 m111 m111 m112 m121 m121 m211 m212 m212 m221
1 2 3 1 1 2 1 1 2 1
Figure. 3. The representation of AK5GA and of the messages
For a given node, the indices of the parent node are that at the exponent the level of access is written. The
written, and finally, the number which represents the level k+1 of the leaves is implicitly understood, and it
order in the set of siblings of this node. It is obvious is not written in order not to create confusion. The
above scheme says which is the power of Following the facts stated above, AK(k+1)GA is
decryption of a key, meaning that using a certain key, constructed and it looks like in the Figure 6.
all the messages which are below it can be decrypted.
For a clearer mode of expression, the following
f o notations will be used:
SK(k+1)G
The level which ensures the access to all
0
messages mi... is 0, the immediately following one is 1,
then 2 and the one which ensures the access to a single
SK(k+1)G
1 f11 f12 f1r mi... is k.
For the decryption of message mi... the
procedure is:
1. The access level 0 is ensured by f0.
SK(k+1)G 2. The access level 1 is ensured by f1i.
k
3. The access level 2 is ensured by f2i.
.
z11 z1s .
z12 z21 zr1
.
k+1. The access level k is ensured by z i....
Graphically, these ideas can be expressed in the
Figure. 4. The representation of AK(k+1)GA following way:
Decryption of order 0 :
f0
Decryption of order 1 :
f11 f12 ... f1r
.
Decryption of order k :
z11 z12 . z1 z21 ... Zr .
.. s 1 ..
B. The keys generation k different elements x1, x2,...,xk are chosen. Also, the
following functions are chosen :
Next, a mathematical model for generating keys and i : ** , i = 1,..., k
distributing them will be presented, such that the These functions are irreducible polynomial.
requirements of the presented system to be fulfilled. In The secret keys fi are functions defined as shown
the computations that follow, in order to simplify the below:
mode of expression, modulo q will be computed, if the SK(k+1)G0
elements are from Zq, without explicitly writing this
fact. f 0 : ***** q
A cyclic group of order q prime number is chosen,
f 0 ( n1, n2 ,..., nk ) =
for which the problem of discrete logarithm is difficult,
g being one of its generators. From the set {0,,q-1}
= x11 (n1 ) x2 2 (n2 ) ...xk k (nk )
SK(k+1)G1
0
f : ***** f r1 : *****q ,
q ,
f11 : *****q ,
...........................................................
f112 : *****q ,
........................................................... .............................................................
A function of order s is obtained from that of order s- In the reverse way, it is practically impossible. This
1, assigning values to the variable ns, starting with the property ensures the differentiation of the beneficiaries
natural number 1. If the system has k+1 access levels, by the access levels. This system assumes the existence
then the function f0 has k variables, f1 has k-1 variables of an entity which is the manager of the keys.
, f2 has k-2 variables, and finally, after the values of all
the variables are given, the secret key z i... is obtained. C. Message Encryption
This fact is proved by the following equalities:
f 0 (i1, i2 ,..., ik ) = f 1i (i2 , i3 ,..., ik ) = Knowing the public key, Alicei encrypts the
1
message mi... in the following way: the elements yi...
= f 2i i (i3 , i4 ,..., ik ) = from the set {0,,q-1} are chosen and c1 i... =gyi, c2
1 2
= mi...
are difficult to compute. The system of keys generated gy z ... ...
in this way ensures solving the proposed exercise. This way, the decryption of order k is realized. If the
Due to the way the keys are defined, these can decryption of order k-j is opted for, the below
be determined ones from others only in the following computations are needed:
way:
f 0 f 1 f 2 ... zi...
1 2 j 1 2 k j
= 1 2 j 1 2 k j 1 2 j 1 2 k j
=
f k j
(i ,i ,...,i ) f k j
(i ,i ,...,i )
(c1 ... ii ...i ) 12 ... j 1 2 k j
(g y )... 12 ... j 1 2 k j
1 2 j 1 2 k j
f k j
(i ,i ,...,i ) y
m ... ii ...i .g 12 ... j 1 2 k j ..
1 2 j 1 2 k j
= m ... ii ...i
yf k j
(i ,i ,...,i ) 1 2 j 1 2 k j
g ... 12 ... j 1 2 k j
fo
f11 f12
f3211 f3212
f3111 f3112 f3121
f01
f11 f12
Figure. 6.The scheme of restriction of AK(k+1)GA P(k)K and D(k)K are generated according to the model shown in the algorithm.
B. The Extension of AK(k+1)GA or SK(k+2)G0 is made up of the function
f 0 : ***** q
In order to obtain a AK(k+2)GA, a new root is
added which will become the key of level 0, the f 0 (n0 , n1, n2 ,..., nk ) =
number that indicates the level is modified by
incrementing with 1 the initial one and the indices are = x0 0 (n0 ) x11 (n1 ) x2 2 (n2 ) ...xk k (nk )
modified by adding in front of the first index from left
the index 2, as it is shown in Figure 7. The functions From this construction it immediately results
from SK(k+2)GA are computed as follows: SK ( k + 1) G0 SK ( k + 2 ) G1
From the set {0,,q-1} x0 is chosen so that x0, x1, SK ( k + 1) G1 SK ( k + 2 ) G2
x2,...,xk to be different, where x1, x2,...,xk are from
SK(k+1)G0. Also, it is chosen : .
i : ** , a polynomial function so that SK ( k + 1) GK SK ( k + 2 ) GK+1
0 (1) = 0 . Finally, SK(k+2)GA is filled with secret keys
generated according to the model shown in the
SK ( k + 2 ) G0 = x0 0 (n0 ) *SK ( k + 1) G0 algorithm.
f01
f11 f12
fo
f12
f11
f221 f222
New Subtree
Figure. 7. The scheme of extension of AK(k+1)GA P(k+2)K and D(k+2)K are generated according
database where different fields are encrypted with
V. CONTRIBUTIONS different keys or in a distributed database.
The method of generating AK(k+1)GA allows
EG(k+1)GA emphasizes a specific method of relatively easy replacement of a AK(k+1)GA with a
generating keys, of organizing AK(k+1)GA and of new one, different from the initial one.
distributing them. In this manner, a control of the
access to the information through access levels is REFERENCES
ensured. The construction AK(k+1)GA is based on [1] A. Menezes, P. Oorschot, S. Vanstome, Handbook of applied
the notions of trees, functions and sets of the remainder cryptography, CRC Press, 1996.
[2] A. Salomaa, Criptografie cu chei publice (Romanian), Ed.
classes. Militar, 1996
AK(k+1)GA has as an important characteristic: [3] ***, http://www.galaxyng.com/adrian_atanasiu/cript.htm
openness, meaning that it can be extended or restricted [4] http://en.wikipedia.org/wiki/ElGamal_encryption
by adding or removing access levels, which means that [5] Stelian Flonta, Liviu Miclea , An extension of the El Gamal
encryption algorithm, Proceedings of 2008 IEEE International
it can add or remove levels in the tree. Conference on Automation, Quality and Testing, Robotics (AQTR),
2008
[6]http://www.documentareonline.com/files/cursuri/Programarea%20cal
VI. CONCLUSIONS culatoarelor/cap4.pdf
[7] By Jiali Cao , Zheng-an Yao, An Improved RSA-Based Access
Control Scheme for Hierarchical Groups, 19th International
The working speed of EG(k+1)GA is similar to that Conference on Advanced Information Networking and Applications
of the ElGamal system. The above extension is based (AINA'05) V o l u m e 1 ( A I N A p a p e r s ) , pp. 719-723, March
2005
on the specific way of generating and distributing keys.
[8] Sigurd Eskeland , Vladimir Oleshchuk, Efficient Hierarchical
Starting from this idea, extensions of some systems Group-Oriented Key Establishment and Decryption , 2008 The
that are based on the discrete logarithm problem can be Fourth International Conference on Information Assurance and
realized, for example the MOR Encryption System or Security, pp. 67-72 , September 2008
[9] Liang Chen , Chengmin Gao, Public Key Homomorphism Based
the Cramer-Shoup Encryption System.
on Modified ElGamal in Real Domain, 2008 International
The EG(k+1)GA is advantageous in the situations Conference on Computer Science and Software Engineering,
when information with a large number of messages is December 2008
encrypted. This information can be organized in a