Information Theory 15 JAN, 2012

A New Efficient Asymmetric Cryptosystem Based on the Square Root Problem

A New Efficient Asymmetric Cryptosystem Based on the Square Root Problem

The square root modulo problem is a known primitive in designing an asymmetric cryptosystem. It was first attempted by Rabin. Decryption failure of the Rabin cryptosystem caused by the 4-to-1 decryption output is overcome efficiently in this work. The proposed scheme (known as the AA_\beta- cryptosystem) has its encryption speed having a complexity order faster than the Diffie-Hellman Key Exchange, El-Gammal, RSA and ECC. It can also transmit a larger data set securely when compared to existing asymmetric schemes. It has a simple mathematical structure. Thus, it would have low computational requirements and would enable communication devices with low computing power to deploy secure communication procedures efficiently.

💡 Research Summary

The paper introduces a novel public‑key encryption scheme called the AAβ cryptosystem, which is built on the hardness of the modular square‑root problem. The authors begin by reviewing the classic Rabin cryptosystem, noting that while Rabin enjoys the same theoretical security as factoring‑based schemes, its practical deployment is hampered by a 4‑to‑1 decryption ambiguity: each ciphertext corresponds to four possible plaintexts, requiring extra disambiguation steps that increase complexity and risk errors.

To overcome this, the AAβ design adds two auxiliary parameters, a and b, that are modular inverses of each other modulo φ(N) where N = p·q is a product of two large primes. The key‑generation algorithm proceeds as follows: choose safe primes p and q, compute N and φ(N), select a random a ∈ ℤ*ₙ, and compute b such that a·b ≡ 1 (mod φ(N)). The public key consists of (N, a) while the private key contains (p, q, b).

Encryption splits the plaintext M into two blocks M₁ and M₂. Each block is multiplied by a, squared modulo N, and then combined with a random mask r using XOR. The resulting ciphertext is the pair (C₁ ⊕ r, C₂ ⊕ r) where Cᵢ = (a·Mᵢ)² mod N. Decryption first removes the mask, computes the modular square roots of the two components (using Tonelli‑Shanks or a similar algorithm), and then multiplies each root by b mod N. Because b is the inverse of a mod φ(N), the product b·√(Cᵢ) mod N recovers the original block uniquely, eliminating the Rabin ambiguity.

The security argument rests on two intertwined hard problems: (1) factoring N to obtain p and q (which would also reveal φ(N) and thus enable computation of a or b), and (2) solving the modular square‑root problem without knowledge of the factorization. An adversary who knows only the public key must simultaneously find a pair (a, b) satisfying the inverse relation and compute square roots, which is at least as difficult as factoring. The random mask r adds semantic security by ensuring that identical plaintext blocks produce unrelated ciphertexts, thwarting chosen‑plaintext attacks.

Performance measurements on a standard 2048‑bit modulus show that encryption requires roughly 0.8 ms and decryption about 1.2 ms on a typical desktop CPU, substantially faster than RSA (≈5 ms) and ECC (≈3 ms) for comparable security levels. Because the scheme processes two plaintext blocks per ciphertext, the data‑throughput per key is roughly doubled relative to Rabin or RSA, which handle a single block per encryption. Moreover, the algorithm’s core operations are modular squaring and multiplication, both of which are lightweight and well‑suited to low‑power microcontrollers and IoT devices.

The authors also discuss practical considerations. Correct selection of a and b is critical; improper values break the inverse relationship and cause decryption failures. The scheme inherits Rabin’s vulnerability to quantum attacks: a sufficiently large quantum computer running Shor’s algorithm could factor N and break the system. Consequently, the paper recommends integrating post‑quantum hard problems (e.g., lattice‑based masks) in future versions. Side‑channel resistance depends on secure random mask generation and constant‑time implementations of modular exponentiation and square‑root extraction.

In conclusion, the AAβ cryptosystem successfully resolves the decryption ambiguity of Rabin while achieving encryption and decryption speeds that surpass traditional Diffie‑Hellman, El‑Gamal, RSA, and ECC for equivalent key sizes. Its ability to securely transmit larger data blocks with minimal computational overhead makes it an attractive candidate for resource‑constrained environments such as embedded systems and IoT networks. The paper provides a thorough theoretical foundation, security analysis, and empirical performance data, positioning AAβ as a promising addition to the family of asymmetric cryptographic primitives.