Another question about Rabin-Williams

7 views
Skip to first unread message

Durward McDonell

unread,
Jun 24, 2002, 7:22:39 PM6/24/02
to crypto...@eskimo.com

In an attempt to understand what I'm doing wrong (see previous post),
I looked up the Rabin-Williams algorithm in the Handbook of Applied
Cryptography. Aside from some small numerical differences, it seems
like the way HAC describes RW encryption is implemented in
InvertibleRWFunction::CalculateInverse() , and the decryption is
implemented in RWFunction::ApplyFunction(). This is the reverse of
the way I thought Crypto++ did public key cryptography, and explains
why I'm getting zeroes out when I try to encrypt. Can someone explain
what's going on?

Thanks.

--
Durward McDonell dur...@tislabs.com

o.br...@free.fr

unread,
Jun 25, 2002, 10:46:50 AM6/25/02
to crypto...@eskimo.com
>Hi,
>The paper you need to read is called "How to share a Secret with
Cheaters"
>by Martin Tompa and Heather Woll. This paper is also short but the
math is
>not too hairy


Is this paper available on the Internet ? I was not able to find it, only
reference to it and to the crypto journal issue where it was published.

Thanks for your help.

Durward McDonell

unread,
Jun 25, 2002, 11:10:38 AM6/25/02
to crypto...@eskimo.com
o.br...@free.fr writes:

Try

http://dsns.csie.nctu.edu.tw/research/crypto/HTML/PDF/C86/261.PDF

It definitely cleared up some issues for me.

--
Durward McDonell dur...@tislabs.com

Wei Dai

unread,
Jun 25, 2002, 2:47:57 PM6/25/02
to crypto...@eskimo.com
RW as defined by IEEE P1363 and implemented in Crypto++ cannot be used for
encryption (only signature) because the trapdoor function is not a
permutation. There is a non-standard variant of Rabin in Crypto++ which
can be used for encryption (see rabin.h). But since you probably need some
other variant of RW for backwards compatibility you'll probably have to
implement your own TrapdoorFunction class.

ApplyFunction() means apply the trapdoor function, which is always done
using the public key. So this corresponds to encryption and signature
verification. CalculateInverse() uses the trapdoor information (i.e.
private key) so it corresponds to decryption and signing.

Durward McDonell

unread,
Jun 25, 2002, 3:22:20 PM6/25/02
to crypto...@eskimo.com

> RW as defined by IEEE P1363 and implemented in Crypto++ cannot be
> used for encryption (only signature) because the trapdoor function
> is not a permutation.

Thanks for the explanation. I don't have immediate access to the
standard, and HAC and AC didn't explain this (or I didn't see where
they did). I think this means we're going to have to switch to RSA.

Thanks again.

--
Durward McDonell dur...@tislabs.com

Anish

unread,
Jun 26, 2002, 12:22:36 AM6/26/02
to crypto...@eskimo.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
try your luck writing to Tompa :-)
anish

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
Comment: PGP

iQA/AwUBPRlBtEg24b/yoBVDEQJIrACgky91VdicIKF7a7kMQe1Ey4zEe14Anjj2
47lUTU23iw31iI/ZwADPdTbk
=Ht14
-----END PGP SIGNATURE-----

Reply all
Reply to author
Forward
0 new messages