1 / 7

Ciphertext Only Cryptanalytic Attack on Merkle-Hellman Knapsack: Dynamic Programming Algorithm

Ciphertext Only Cryptanalytic Attack on Merkle-Hellman Knapsack: Dynamic Programming Algorithm . Input: A ={a 1 , a 2 , … a n } – public key, S - ciphertext Output: The binary array B – plaintext Algorithm: Let P [ i , j ] be TRUE if there is a subset of first i elements of A

bellona
Download Presentation

Ciphertext Only Cryptanalytic Attack on Merkle-Hellman Knapsack: Dynamic Programming Algorithm

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ciphertext Only Cryptanalytic Attack on Merkle-Hellman Knapsack: Dynamic Programming Algorithm • Input:A={a1, a2, … an} – public key, S - ciphertext • Output: The binary array B – plaintext • Algorithm: Let P[i, j] be TRUE if there is a subset of first i elements of A that sums to j, 0 ≤ i ≤ n , 0 ≤ j ≤ S Step 1: Computation of P P[0][0]  TRUE for j = 1 to S do: P[0][j]  FALSE for i = 1 to n do: for j = 0 to S do: if (j – A[i] < 0): P[i][j] = P[i-1][j] else: P[i][j] = P[i-1][j-A[i]] or P[i-1][j]

  2. Step 2: Backtracking Let B be an array of n + 1 elements initialized to 0 i  n, j  S while i > 0: if (j – A[i]) ≥ 0): if (P[i-1][j-A[i]] is True): B[i] B[i] + 1 j  j – A[i] i  i – 1 else: i  i – 1 Output: arrayB, elements of B that equal to 1 construct a desired subset of A that sums to S

  3. EXAMPLEInput: A={1, 4, 5, 2}, S =3 P[i-1][j-A[i]] or P[i-1][j]

  4. Merkle-Hellman Multiplicative Knapsack Cryptosystem • Alice: • Chooses set of relatively prime numbers P = {p1, …pn} – private (easy) knapsack • Chooses prime M > p1* …* pn • Choosesprimitive root b mod M • Computes the public (hard) knapsack A = {a1, ….an}, where aiis discrete logarithm of pi to base b: 1  ai < M, such that: • Private Key: P, M, b • Public Key: A

  5. Merkle-Hellman Multiplicative Knapsack Cryptosystem- Encryption • Binary Plaintext T breaks up into sets of n elements long: T = {T1, …Tk} • For each set Ti compute • Ci is the ciphertext that corresponds to plaintext Ti • C = {C1, …Ck) is ciphertext that corresponds to the plaintext T • Cis sent to Alice

  6. Merkle-Hellman Multiplicative Knapsack Cryptosystem- Decryption • For each Cicomputes • Si is a subset product of the easy knapsack: • Tij = 1 if and only if pj divides Si

  7. Merkle-Hellman Multiplicative Knapsack Example • Easy (Private) Knapsack: P = {2, 3, 5, 7} • M = 211, b = 17 • Hard (Public) Knapsack: A= {19, 187, 198, 121} 2  1719(mod 211), 3  17187(mod 211), 5  17198(mod 211), 7  17121(mod 211) • Plaintext: T = 1101 • Ciphertext: C = 327 = 19 + 187 + 121 • Decryption: S = 42 = 17327(mod 211) • 42 = 21 * 31 *50 * 71 • Plaintext: 1101

More Related