160 likes | 406 Views
Chapter 3 Encryption Algorithms & Systems (Part B). Outline. NP-completeness & Encryption Symmetric (secret key) vs Asymmetric (public key) Encryptions Popular Encryption Algorithms Merkle-Hellman Knapsacks RSA Encryption El Gamal Algorithms DES Hashing Algorithms Key Escrow & Clipper.
E N D
Outline • NP-completeness & Encryption • Symmetric (secret key) vs Asymmetric (public key) Encryptions • Popular Encryption Algorithms • Merkle-Hellman Knapsacks • RSA Encryption • El Gamal Algorithms • DES • Hashing Algorithms • Key Escrow & Clipper csci5233 computer security & integrity (Chap. 3)
Merkle-Hellman Knapsacks • A public key cryptosystem • The public key is the set of integers of a knapsack problem (the general knapsack); the private key is a corresponding superincreasing knapsack (or simple knapsack). • A sample general knapsack: (17, 38, 73, 4, 11, 1) • A sample superincreasing knapsack: (1, 4, 11, 17, 38, 73), where each item ak is greater than the sum of all the previous items. • Merkle and Hellman provided an algorithm for the receiver to use a superincreasing knapsack (the private key) to decrypt the ciphertext. csci5233 computer security & integrity (Chap. 3)
Merkle-Hellman Knapsacks • Basic idea: To encode a binary message as a solution to a knapsack problem, reducing the ciphertext to the target sum obtained by adding terms corresponding to the 1s in the plaintext. • Example: Fig. 3-5, p.84 • Two kinds of knapsacks: Simple (superincreasing) knapsack Hard (general) knapsack csci5233 computer security & integrity (Chap. 3)
Solving a simple knapsack problem • Given a superincreasing knapsack S = (S1, S2, …, Sn) and a target sum T, find combination of Sithat equals to T. Hint: No combination of terms less than a particular term can yield a sum as large as the term. That is, Si > S1 + … +Si-1. Example: Given S = (1, 4, 11, 17, 38, 73) and T = 96, determine which terms in S correspond to the 1s of the plaintext. Solution: 1, 4, 17, 73 (See Fig. 3-6, p.85). That is, the plaintext was 110101. • Exercise: S = (1, 2, 5, 9, 20, 43), T = 49. csci5233 computer security & integrity (Chap. 3)
Deriving a Hard Knapsack from a Simple Knapsack • An example on pages 87-89 • Choose the number (M) of items in a knapsack. Example: M = 4 • Create a simple knapsack (S) with M items. Example: S = (1, 2, 4, 9). • Choose a multiplier w and a modulus n, where n > S1 + … +SM and w is relprime to n. Note: Usually n is a prime, which is relprime to any number < n. Example: w = 15 and n = 17. • Replace every item in the simple knapsack with the term hi = w * si mod n. Then H = (h1, h2, …, hM) is the hard knapsack. Example: H = (15, 13, 9, 16). csci5233 computer security & integrity (Chap. 3)
Encryption using Merkle-Hallman Knapsacks • The plaintext is encrypted using the hard knapsack (the public key), while the simple knapsack, as well as w and n, are used as the private key. • Example: Encrypt the plaintext ‘0100 1011 1010 0101’ using the sample hard knapsack H = (15, 13, 9, 16). Ans: C1 = 0100 * H = 13. C2 = 1011 * H = 15 + 9 + 16 = 40. C3 = 1010 * H = 15 + 9 = 24. C4 = 0101 * H = 13 + 16 = 29. So, ciphertext = (13, 40, 24, 29) csci5233 computer security & integrity (Chap. 3)
Decryption using Merkle-Hallman Knapsacks • The receiver of the ciphertext uses w and n to calculate the multiplicative inverse of w, w-1. w * w-1mod n = 1. Example: w-1 = 15-1 mod 17 = 8 (use algorithm on p.81 or the inverse.java program) • To decipher the ciphertext (C): Multiply each of the numbers in C by w-1. (w-1* C = w-1* H * P = w-1* w * S * P = S* P )mod n • Exercise: Decrypt the ciphertext from the previous exercise, i.e., 13, 40, 24, 29, by using the simple knapsack S = (1, 2, 4, 9). The answer: next slide csci5233 computer security & integrity (Chap. 3)
Decryption using Merkle-Hallman Knapsacks • Given: H = (19, 28, 76, 171, 293, 46, 130, 150). C =13, 40, 24, 29 S = (1, 2, 4, 9) n = 17, w = 15, w -1 = 8. • To get the target Ti: Multiply each Ci by w-1: T1 = (w-1* C1) mod n = 8 * 13 mod 17 = 2 T2 = (w-1* C1) mod n = 8 * 40 mod 17 = 14 T3 = (w-1* C1) mod n = 8 * 24 mod 17 = 5 T4 = (w-1* C1) mod n = 8 * 29 mod 17 = 11 • Given the target sum Ti and the simple knapsack S, find the combination of items in S that produces T. e.g., The answer for T1 is 0100. csci5233 computer security & integrity (Chap. 3)
Another Example • Step 1: Derive a Hard Knapsack from a Simple Knapsack • Choose the number (M) of items in a knapsack. Example: M can be 8 when the plaintext is in ascii. • Create a simple knapsack (S) with M items. Example: S = (1, 2, 4, 9, 17, 34, 70, 150). • Choose a multiplier w and a modulus n, where n > S1 + … +SM and w is relprime to n. Note: Usually n is a prime, which is relprime to any number < n. Example: w = 19 and n = 303. • Replace every item in the simple knapsack with the term hi = w * si mod n. Then H = (h1, h2, …, hM) is the hard knapsack. Example: H = (19, 38, 76, 171, 20, 40, 118, 123). csci5233 computer security & integrity (Chap. 3)
Another Example • Step 2: Encrypt a plaintext using the hard knapsack • Encrypt the plaintext ‘PEACE’ using the sample hard knapsack H, H= (19, 38, 76, 171, 20, 40, 118, 123). ‘P’ = 50h ‘E’ = 45h ‘A’ = 41h ‘C’ = 43h Ans: C1 = 50h * H = 0101 0000 * H = 38 + 171 = 209. C2 = 45h * H = 0100 0101 * H = 38 + 40 + 123 = 201. C3 = 41h * H = 0100 0001 * H = 38 + 123 = 161. C4 = 43h * H = 0100 0011 * H = 38 + 118 + 123 = 279. C5 = C2 = 228. So, ciphertext (‘PEACE’) = 209 201 161 279 228 csci5233 computer security & integrity (Chap. 3)
Another Example • Step 3: Decrypt using C, w, n and S • The receiver of the ciphertext uses w and n to calculate the multiplicative inverse of w, w-1. w * w-1mod n = 1. Example: w-1 = 19-1 mod 303 = 16 (use algorithm on p.81 or the inverse.java program) • To decipher the ciphertext (C): Multiply each of the numbers in C by w-1. (w-1* C = w-1* H * P = w-1* w * S * P = S* P )mod n • Exercise: Decrypt the ciphertext from the previous exercise, i.e., 209 201 161 279 228, by using the simple knapsack S = (1, 2, 4, 9, 17, 34, 70, 150). The answer: next slide csci5233 computer security & integrity (Chap. 3)
Another Example • Given: H = (19, 28, 76, 171, 293, 46, 130, 150). C = 209 201 161 279 228, n = 303, w = 19, w-1 = 16. S = (1, 2, 4, 9, 17, 34, 70, 150). • To get the target Ti: Multiply each Ci by w-1 T1 = (w-1* C1) mod n = 16 * 209 mod 303 = 11 T2 = (w-1* C1) mod n = 16 * 201 mod 303 = 186 T3 = (w-1* C1) mod n = 16 * 161 mod 303 = 152 T4 = (w-1* C1) mod n = 16 * 279 mod 303 = 222 • Given the target sum Ti and the simple knapsack S, find the combination of items in S that produces T. The answer for T1 is 0101 0000, which is 11. S = (1, 2, 4, 9, 17, 34, 70, 150) Ans. for T1 = (0 1 0 1 0 0 0 0) 50h csci5233 computer security & integrity (Chap. 3)
Weakness of the Merkle-Hellman Algorithm • p.90 • The modulus n can be guessed. S, the secret key, and the multiplier, w, are then exposed. • 1980: Shamir found that if the value of the modulus n is known, it may be possible to determine the simple knapsack S. • 1982: Shamir came up with an approach to deduce w and n from H, the hard knapsack, alone. csci5233 computer security & integrity (Chap. 3)
Summary • Merkle-Hellman is a public-key cryptosystem based on the knapsack problem. • The encryption can be broken, mainly due to its use of simple knapsacks as the secret keys. • Next: • RSA Encryption • El Gamal Algorithms • DES • Hashing Algorithms • Key Escrow & Clipper csci5233 computer security & integrity (Chap. 3)