Massey-Omura scheme

The Massey-Omura scheme is a cryptosystem that allows two parties to exchange messages in confidence without the existence of public keys or shared secret keys . It is based on the difficulty of the discrete logarithm .

The Massey-Omura scheme was developed in 1983 by cryptologists James Massey and Jim Omura .

requirements

A prerequisite for the Massey-Omura scheme is the common knowledge of all participants about a large prime number . ${\ displaystyle p}$

In addition, each subscriber generated for the communication a key with which relatively prime to is, so we have: . ${\ displaystyle T}$ ${\ displaystyle e_ {T}}$ ${\ displaystyle e_ {T} <p-1}$ ${\ displaystyle p-1}$ ${\ displaystyle \ operatorname {ggT} (e_ {T}, p-1) = 1}$

The number is determined for this (e.g. using the extended Euclidean algorithm ) . It is the multiplicative inverse of modulo . Thus: . ${\ displaystyle d_ {T}}$ ${\ displaystyle e_ {T}}$ ${\ displaystyle p-1}$ ${\ displaystyle e_ {T} \ cdot d_ {T} = 1 {\ bmod {(}} p-1)}$

Now applies to all messages : ${\ displaystyle m <p}$

${\ displaystyle (m ^ {e_ {T}}) ^ {d_ {T}} = m ^ {e_ {T} \ cdot d_ {T}} = m ^ {k \ cdot (p-1) +1} = m ^ {k \ cdot (p-1)} \ cdot m = m {\ bmod {p}}}$ based on Fermat's Little Theorem , da ${\ displaystyle m ^ {k \ cdot (p-1)} \ equiv 1 {\ bmod {p}}}$

procedure

As an example, subscriber A should transmit the confidential message to subscriber B. You have both , in addition, each only knows his own key and or and . ${\ displaystyle m}$ ${\ displaystyle p}$ ${\ displaystyle e_ {A}}$ ${\ displaystyle d_ {A}}$ ${\ displaystyle e_ {B}}$ ${\ displaystyle d_ {B}}$

A now forms and sends the resulting number to B. ${\ displaystyle m ^ {e_ {A}} {\ bmod {p}}}$

B raises the received message to the power and replies . ${\ displaystyle e_ {B}}$ ${\ displaystyle (m ^ {e_ {A}}) ^ {e_ {B}} {\ bmod {p}}}$

A generated , which after the small Fermat's theorem corresponds and sends this back to B. Thus, A has the effect of exponentiation with the known only to him to "canceled." However, the message is still encrypted by the exponentiation . ${\ displaystyle {\ big (} (m ^ {e_ {A}}) ^ {e_ {B}} {\ big)} ^ {d_ {A}} {\ bmod {p}}}$ ${\ displaystyle m ^ {e_ {B}} {\ bmod {p}}}$ ${\ displaystyle e_ {A}}$ ${\ displaystyle m}$ ${\ displaystyle e_ {B}}$

B can now by exponentiation with the message win: . ${\ displaystyle d_ {B}}$ ${\ displaystyle m}$ ${\ displaystyle (m ^ {e_ {B}}) ^ {d_ {B}} = m {\ bmod {p}}}$

It is not possible to infer from all exchanged messages without knowing the key of the participants . ${\ displaystyle m}$

Safety considerations

The Massey-Omura scheme is secure against passive eavesdropping on messages; H. Third parties cannot infer the original text from the messages exchanged. Furthermore, due to the assumed severity of the calculation of discrete logarithms , it is almost impossible, even with existing knowledge of the original text , to open up the key selected by a subscriber T and with the aid of a recorded message . ${\ displaystyle m}$ ${\ displaystyle e_ {T}}$ ${\ displaystyle d_ {T}}$ ${\ displaystyle m ^ {e_ {T}}}$

However, the method is susceptible to a man-in-the-middle attack (Janus attack) by proceeding similarly to a man-in-the-middle attack on the Diffie-Hellman method .