Chapter 3 Encryption Algorithms & Systems (Part B)

Chapter 3

Encryption Algorithms & Systems (Part B)

csci5233 computer security & integrity (Chap. 3)

2

Outline

NP-completeness & EncryptionNP-completeness & Encryption Symmetric (secret key) vs Asymmetric (public key) Symmetric (secret key) vs Asymmetric (public key)

EncryptionsEncryptions Popular Encryption Algorithms

– Merkle-Hellman Knapsacks– RSA Encryption– El Gamal Algorithms– DES

Hashing Algorithms Key Escrow & Clipper


3

Merkle-Hellman Knapsacks A public key cryptosystem The public key is the set of integers of a knapsack

problem (the general knapsack); the private key is a corresponding superincreasing knapsack (or simple knapsack).

A sample general knapsack: (17, 38, 73, 4, 11, 1) A sample superincreasing knapsack: (1, 4, 11, 17,

38, 73), where each item ak is greater than the sum of all the previous items.

Merkle and Hellman provided an algorithm for the receiver to use a superincreasing knapsack (the private key) to decrypt the ciphertext.


4

Merkle-Hellman Knapsacks Basic idea: To encode a binary message as a

solution to a knapsack problem, reducing the ciphertext to the target sum obtained by adding terms corresponding to the 1s in the plaintext.

Example: Fig. 3-5, p.84 Two kinds of knapsacks:

Simple (superincreasing) knapsack

Hard (general) knapsack


5

Solving a simple knapsack problem Given a superincreasing knapsack S = (S1, S2, …,

Sn) and a target sum T, find combination of Si that equals to T.

Hint: No combination of terms less than a particular term can yield a sum as large as the term. That is, Si > S1 + … + Si-1.

Example: Given S = (1, 4, 11, 17, 38, 73) and T = 96, determine which terms in S correspond to the 1s of the plaintext.

Solution: 1, 4, 17, 73 (See Fig. 3-6, p.85). That is, the plaintext was 110101.

Exercise: S = (1, 2, 5, 9, 20, 43), T = 49.


6

Deriving a Hard Knapsack from a Simple Knapsack An example on pages 87-89

1. Choose the number (M) of items in a knapsack.Example: M = 4

2. Create a simple knapsack (S) with M items.Example: S = (1, 2, 4, 9).

3. Choose a multiplier w and a modulus n, where n > S1 + … + SM and w is relprime to n. Note: Usually n is a prime, which is relprime to any number < n.Example: w = 15 and n = 17.

4. Replace every item in the simple knapsack with the term hi = w * si mod n. Then H = (h1, h2, …, hM) is the hard knapsack.

Example: H = (15, 13, 9, 16).


7

Encryption using Merkle-Hallman Knapsacks The plaintext is encrypted using the hard knapsack

(the public key), while the simple knapsack, as well as w and n, are used as the private key.

Example: Encrypt the plaintext ‘0100 1011 1010 0101’ using the sample hard knapsack H = (15, 13, 9, 16).

Ans:

C1 = 0100 * H = 13.

C2 = 1011 * H = 15 + 9 + 16 = 40.

C3 = 1010 * H = 15 + 9 = 24.

C4 = 0101 * H = 13 + 16 = 29.

So, ciphertext = (13, 40, 24, 29)


8

The receiver of the ciphertext uses w and n to calculate the multiplicative inverse of w, w-1. w * w-1 mod n = 1.Example: w-1 = 15-1 mod 17 = 8 (use algorithm on

p.81 or the inverse.java program)

To decipher the ciphertext (C): Multiply each of the numbers in C by w-1.(w-1 * C = w-1 * H * P = w-1 * w * S * P = S* P )mod n

Exercise: Decrypt the ciphertext from the previous exercise, i.e., 13, 40, 24, 29, by using the simple knapsack S = (1, 2, 4, 9).The answer: next slide

Decryption using Merkle-Hallman Knapsacks


9

Given: H = (19, 28, 76, 171, 293, 46, 130, 150).

C = 13, 40, 24, 29S = (1, 2, 4, 9)n = 17, w = 15, w -1 = 8.

1. To get the target Ti : Multiply each Ci by w-1:

T1 = (w-1 * C1) mod n = 8 * 13 mod 17 = 2

T2 = (w-1 * C1) mod n = 8 * 40 mod 17 = 14

T3 = (w-1 * C1) mod n = 8 * 24 mod 17 = 5

T4 = (w-1 * C1) mod n = 8 * 29 mod 17 = 11

2. Given the target sum Ti and the simple knapsack S, find the combination of items in S that produces T.

e.g., The answer for T1 is 0100.

Decryption using Merkle-Hallman Knapsacks


10

Another Example Step 1: Derive a Hard Knapsack from a Simple Knapsack

1. Choose the number (M) of items in a knapsack.Example: M can be 8 when the plaintext is in ascii.

2. Create a simple knapsack (S) with M items.Example: S = (1, 2, 4, 9, 17, 34, 70, 150).

3. Choose a multiplier w and a modulus n, where n > S1 + … + SM and w is relprime to n. Note: Usually n is a prime, which is relprime to any number < n.Example: w = 19 and n = 303.

4. Replace every item in the simple knapsack with the term hi = w * si mod n. Then H = (h1, h2, …, hM) is the hard knapsack.Example: H = (19, 38, 76, 171, 20, 40, 118, 123).


11

Another Example Step 2: Encrypt a plaintext using the hard knapsack Encrypt the plaintext ‘PEACE’ using the sample

hard knapsack H, H = (19, 38, 76, 171, 20, 40, 118, 123).‘P’ = 50h ‘E’ = 45h ‘A’ = 41h

‘C’ = 43h

Ans: C1 = 50h * H = 0101 0000 * H = 38 + 171 = 209.

C2 = 45h * H = 0100 0101 * H = 38 + 40 + 123 = 201.

C3 = 41h * H = 0100 0001 * H = 38 + 123 = 161.

C4 = 43h * H = 0100 0011 * H = 38 + 118 + 123 = 279.

C5 = C2 = 228.

So, ciphertext (‘PEACE’) = 209 201 161 279 228


12

Step 3: Decrypt using C, w, n and S The receiver of the ciphertext uses w and n to

calculate the multiplicative inverse of w, w-1. w * w-1 mod n = 1.Example: w-1 = 19-1 mod 303 = 16 (use algorithm on

p.81 or the inverse.java program)

To decipher the ciphertext (C): Multiply each of the numbers in C by w-1.(w-1 * C = w-1 * H * P = w-1 * w * S * P = S* P )mod n

Exercise: Decrypt the ciphertext from the previous exercise, i.e., 209 201 161 279 228, by using the simple knapsack S = (1, 2, 4, 9, 17, 34, 70, 150).The answer: next slide

Another Example


13

Given: H = (19, 28, 76, 171, 293, 46, 130, 150).

C = 209 201 161 279 228, n = 303, w = 19, w-1 = 16.

S = (1, 2, 4, 9, 17, 34, 70, 150).

1. To get the target Ti : Multiply each Ci by w-1

T1 = (w-1 * C1) mod n = 16 * 209 mod 303 = 11

T2 = (w-1 * C1) mod n = 16 * 201 mod 303 = 186

T3 = (w-1 * C1) mod n = 16 * 161 mod 303 = 152

T4 = (w-1 * C1) mod n = 16 * 279 mod 303 = 222

2. Given the target sum Ti and the simple knapsack S, find the combination of items in S that produces T.

The answer for T1 is 0101 0000, which is 11.

S = (1, 2, 4, 9, 17, 34, 70, 150)

Ans. for T1 = (0 1 0 1 0 0 0 0) 50h

Another Example


14

p.90

The modulus n can be guessed. S, the secret key,

and the multiplier, w, are then exposed.

1980: Shamir found that if the value of the modulus n

is known, it may be possible to determine the simple

knapsack S.

1982: Shamir came up with an approach to deduce w

and n from H, the hard knapsack, alone.

Weakness of the Merkle-Hellman Algorithm


15

Summary Merkle-Hellman is a public-key cryptosystem based

on the knapsack problem. The encryption can be broken, mainly due to its use

of simple knapsacks as the secret keys. Next:

– RSA Encryption

– El Gamal Algorithms

– DES

– Hashing Algorithms

– Key Escrow & Clipper

Chapter 3 Encryption Algorithms & Systems (Part B)

Documents

Transcript of Chapter 3 Encryption Algorithms & Systems (Part B)