LLMpediaThe first transparent, open encyclopedia generated by LLMs

Blum–Goldwasser cryptosystem

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Manuel Blum Hop 5
Expansion Funnel Raw 50 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted50
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Blum–Goldwasser cryptosystem
NameBlum–Goldwasser cryptosystem
TypePublic-key cryptosystem
InventorsManuel Blum, Shafi Goldwasser
Introduced1984
Key sizeVariable (security parameter)
StatusActive

Blum–Goldwasser cryptosystem The Blum–Goldwasser cryptosystem is a probabilistic cryptography public-key scheme introduced in 1984 that provides semantic security under standard hardness assumptions. It combines a pseudorandom generator based on quadratic residues with a trapdoor based on integer factorization to enable efficient encryption and short ciphertexts while preserving provable security. The design influenced later work in probabilistic encryption, stream ciphers, and theoretical studies at institutions such as MIT, UC Berkeley, and Harvard University.

Introduction

The Blum–Goldwasser cryptosystem was proposed by Manuel Blum and Shafi Goldwasser during research connected to MIT and Carnegie Mellon University collaborations and published in venues frequented by researchers from Stanford University, Princeton University, and University of California, Berkeley. It is notable for using a Blum integer modulus reminiscent of constructions studied by Rivest, Shamir, and Adleman and for formal connections to notions developed at conferences such as CRYPTO, EUROCRYPT, and STOC.

Cryptographic Basis and Security Assumptions

Security of the scheme rests on the hardness of integer factorization and the unpredictability of the Blum Blum Shub pseudorandom generator, which itself depends on properties of quadratic residues modulo a Blum integer. The underlying assumptions align with complexity-theoretic results explored by researchers at Bell Labs, IBM Research, and Microsoft Research and reference the worst-case/average-case paradigms discussed at FOCS and ICALP. Reductionist proofs tie semantic security to the difficulty of factoring moduli used in schemes by RSA, and to pseudorandomness analyses influenced by work of Yao, Goldreich, and Levin.

Algorithm Description

Key generation selects two large primes p and q congruent to 3 mod 4, producing a Blum integer N = p·q, a choice familiar from constructions by Rivest and Shamir. The sender computes a seed by iterating the Blum Blum Shub map x_{i+1} = x_i^2 mod N to produce a keystream, then XORs the keystream with the plaintext to produce the ciphertext bits; the final state and a short mask are transmitted alongside the encrypted bits. Decryption uses the Chinese Remainder Theorem techniques standard in implementations from Sun Microsystems and Oracle engineering teams to invert the squaring map via knowledge of p and q, similar to exponentiation optimizations used by PGP and OpenSSL.

Correctness and Proofs

Correctness follows from algebraic properties of quadratic residues and the ability, given p and q, to compute square roots modulo N and recover the initial seed; these roots are reconstructed using methods developed by Gauss and algorithmic refinements linked to work at ETH Zurich and École Normale Supérieure. Security proofs relate semantic security under chosen-plaintext attacks to the unpredictability of the pseudorandom generator and to factoring hardness, echoing reductions used in analyses by Goldwasser, Micali, and contemporaries at Weizmann Institute.

Efficiency and Performance

Encryption is efficient since generating the keystream requires repeated modular squaring, an operation optimized in libraries maintained by OpenSSL, GnuTLS, and Bouncy Castle. Ciphertext size grows only linearly with plaintext length plus a short final state, enabling compact transmission favored in protocols developed at IETF and standards work by IEEE. Decryption cost is dominated by modular exponentiation and Chinese Remainder Theorem recombination, with performance comparable to optimized implementations of RSA and techniques used in TLS stacks.

Applications and Variants

Applications include secure message encryption in settings that prioritize short ciphertexts and provable security, influencing subsequent stream-based public-key designs and hybrid schemes adopted in prototypes at DARPA and research labs like Bell Labs. Variants and hybrids combine Blum–Goldwasser components with authenticated encryption techniques from GCM and hybrid key encapsulation methods evaluated by NIST. The core ideas also informed analyses in lattice-based research groups at CWI and guidance on post-quantum transitions discussed at IACR workshops.

History and Development

The cryptosystem emerged from theoretical advances in the 1980s when researchers at MIT, University of California, Berkeley, and Stanford University were formalizing probabilistic encryption and zero-knowledge proofs. It was presented alongside contemporaneous breakthroughs by figures associated with CRYPTO and STOC venues and influenced later practitioners at RSA Security, Microsoft Research, and academic groups at Tel Aviv University, University of Waterloo, and Columbia University.

Category:Public-key cryptography