ACE (advanced cryptographic engine) is the collection of units, implementing both a public key encryption scheme and a digital signature scheme. Corresponding names for these schemes â ëACE Encryptû and ëACE Signû. Schemes are based on Cramer-Shoup public key encryption scheme and Cramer-Shoup signature scheme. Introduced variants of these schemes are intended to achieve a good balance between performance and security of the whole encryption system.
All the algorithms, implemented in ACE are based on algorithms developed by Victor Shoup and Ronald Cramer. The full algorithms specification is written by Victor Shoup. Implementation of algorithms is done by Thomas Schweinberger and Mehdi Nassehi, its supporting and maintaining is done by Victor Shoup. Thomas Schweinberger participated in construction of ACE specification document and also wrote a user manual.
Ronald Cramer currently stays in the university of Aarhus, Denmark. He worked on the project of ACE Encrypt while his staying in ETH in Zürich, Switzerland.
Mehdi Nassehi and Thomas Schweinberger worked on ACE project in the IBM research lab in Zürich, Switzerland.<br /> Victor Shoup works in the IBM research lab in Zürich, Switzerland.
The encryption scheme in ACE can be proven secure under reasonable and natural intractability assumptions. These four assumptions are:
Here we introduce some notations, being used in this article.
â The set of integers.<br /> â The set of univariate polynomials with coefficients in the finite field of cardinality 2.<br /> â integer such that for integer and .<br /> â polynomial with such that with .
â The set of all strings.<br /> â The set of all strings with length n.<br /> For â length of string . The string of length zero is denoted .<br /> For â the result of and concatenation.
â The set of bits.<br /> Let us take all sets of form . For such a set A we define the "zero element":
We define as a set of bytes, and as a set of words.
For with and we define a padding operator:
Conversion operator makes a conversion between elements .
The encryption scheme employs two key types:<br /> ACE public key: .<br /> ACE private key: .<br /> For a given size parameter , such that , key components are defined as:<br /> â a 256-bit prime number.<br /> â a m-bit prime number, such that .<br /> â elements (whose multiplicative order modulo divides ).<br /> â elements .<br /> â elements with and , where and .
Algorithm. Key Generation for ACE encryption scheme.<br /> Input: a size parameter , such that .<br /> Output: a public/private key pair.
A ciphertext of the ACE encryption scheme has the form<br /> <br /> where the components are defined as:<br /> â integers from (whose multiplicative order modulo divides ).<br /> â element .<br /> â element .<br /> we call the preamble, and â the cryptogram. If a cleartext is a string consisting of ñðùÃÂ, then the length of is equal to .<br /> We need to introduce the function , which maps a ciphertext to its byte-string representation, and the corresponding inverse function . For the integer , word string , integers , and byte string , <br /> For integer , byte string , such that ,
Algorithm. ACE asymmetric encryption operation.<br /> input: public key and byte string .<br /> Output: byte string â ciphertext of .
Before starting off the symmetric encryption process, the input message is divided into blocks , where each of the block, possibly except the last one, is of 1024 bytes. Each block is encrypted by the stream cipher. For each encrypted block 16-byte message authentication code is computed. We get the cryptogram Note that if , then . Algorithm. ACE asymmetric encryption process.<br /> Input: <br /> Output: , .
Algorithm. ACE decryption process.<br /> Input: public key and corresponding private key , byt e string .<br /> Output: Decrypted message .
Algorithm. Decryption operation .<br /> Input: <br /> Output: Decrypted message .
The signature scheme employs two key types:<br /> ACE Signature public key: .<br /> ACE Signature private key: .<br /> For the given size parameter , such that , key components are defined the following way:<br /> â -bit prime number with â is also a prime number.<br /> â -bit prime number with â is also a prime number.<br /> â and has either or ñøÃÂ.<br /> â elements (quadratic residues modulo ).<br /> â 161-bit prime number.<br /> â element <br /> â elements .<br /> â elements .
Algorithm. Key generation for the ACE public-key signature scheme.<br /> Input: size parameter , such that .<br /> Output: public/private key pair.
The signature in the ACE signature scheme has the form , where the components are defined the following way:<br /> â element .<br /> â integer, such that .<br /> â elements .<br /> â element ;note that , where â message being signed.<br /> We need to introduce the function, which maps a signature into its byte string representation, and the corresponding inverse function . For integer , byte string , integers and , and byte string ,<br /> For integer , byte string , where ,
Algorithm. ACE Signature Generation Process.<br /> Input: public key and corresponding private key and byte string , .<br /> Output: byte string â digital signature .
In the definition of ACE Encryption process and ACE Signature process some auxiliary function (e.g. UOWHash, ESHash and some other) are being used, definition of which goes beyond this article. More details about it can be found in ò.
ACE Encryption scheme is recommended by NESSIE (New European Schemes for Signatures, Integrity and Encryption) as asymmetric encryption scheme. Press-release is dated by February 2003.
Both schemes were implemented in ANSI C, with the use of GNU GMP library. Tests were done on two platforms: Power PC 604 model 43P under AIX system and 266 MHz Pentium under Windows NT system. Result tables: