1 / 33

Computer System Security CSE 5339/7339

Computer System Security CSE 5339/7339. Lecture 5 September 2, 2004. Contents. Math Background and mod Arithmetic Merkle-Hellman Knapsacks Monica’s Presentation. Student Presentations (15 minutes). First 4: Murtaza, Monica, Matthew, Diana 9/14 9/16 9/21 9/23.

vanig
Download Presentation

Computer System Security CSE 5339/7339

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer System SecurityCSE 5339/7339 Lecture 5 September 2, 2004

  2. Contents • Math Background and mod Arithmetic • Merkle-Hellman Knapsacks • Monica’s Presentation

  3. Student Presentations (15 minutes) First 4: Murtaza, Monica, Matthew, Diana 9/14 9/16 9/21 9/23

  4. Exercise (Group work) – Any luck? Decrypt the following encrypted quotation: fqjcb rwjwj vnjax bnkhj whxcq nawjv nfxdu mbvnu ujbbf nnc

  5. Identity i is identity for op if i op x = x op i = x Inverse b is inverse of a if a op b = b op a = i Prime Number Any number greater than 1 that is divisible only by itself and 1 2 divides 10 10 is divisible by 2 Composite vs. prime Math Background

  6. Math Background (cont.) Greatest Common Divisor – gcd(a,b) The largest integer that divides both a and b gcd(15,10) = 5 If p is a prime number gcd(p.q) = 1 for any q < p If x divides a and b  x also divides a – (k*b)

  7. Reminder after division • a mod n = b  a = c*n + b (11 mod 3 = 2, 5 mod 3 = 2) • Confine results to a particular range [0 – n-1] • Operations +, -, * can be applied before or after mod is taken • x and y are equivalent under mod n iff x mod n = y mod n • x and y are equivalent under mod n iff x – y = k*n Modular Arithmetic

  8. Multiplicative inverse of a  a-1 Modular Arithmetic (cont) Product – mod 5 a = 2, a-1 = 3

  9. For any prime p and any element a < p ap mod p = a Or ap-1 mod p = 1 Fermat’s Theorem

  10. Given a, let us compute the inverse of a in mod p The inverse of a is x such that a*x mod p = 1 (Definition of inverse) ap-1 mod p = 1 (Fermat’s Theorem) a*x mod p = ap-1 mod p x = ap-2 mod p Computing Inverse

  11. Compute the inverse of 3 mod 5 x = 35-2 mod 5 x = 27 mod 5 = 2 Compute the inverse of 3 mod 7 x = 37-2 mod 7 x = 243 mod 7 = 5 Example

  12. Merkle-Hellman Knapsacks • Algorithms is based on the knapsack problem • What is the knapsack problem? • General Knapsacks • Superincreasing knapsacks

  13. General Knapsacks (Hard) Given a sequence of integers a1, a2, …, an and a target sum T, the problem is to find a vector of 0s and 1s such that the sum of the integers associated with 1s equals T Given: H = [17, 38, 73, 4, 11, 1] T = 53 Solution: (0,1,0,1,1,0)

  14. Superincreasing Knapsacks (Easy) We place an additional restriction on the problem: The integers of S must form an superincresaing sequence. (i.e. each integer is greater than the sum of all preceding integers) Given: S = [1, 4, 11, 17, 38, 73] T = 53 Solution: (0,1,1,0,1,0) Algorithm?

  15. S = [1, 4, 11, 17, 38, 73] Try it with T = 96 & T = 95 T = 96  no solution T = 95  (1, 1, 0, 1, 0, 1) Example

  16. Merkle- Hellman Knapsack Idea is to encode a binary message as a solution to a knapsack problem, reducing the ciphertext to the target sum obtained by adding terms corresponding to 1s in the plain text. Public Key: Set of integers of a knapsack problem Private Key: Corresponding superincreasing knapsack

  17. Main Idea Private key Public key H S Solution T Solution Encryption Decryption ciphertext plaintext Original plaintext 010110 010110

  18. Relationship between S and H We start with a superincreasing knapsack -- S We need a Technique for converting S into regular Knapsack H

  19. Merkle- Hellman Knapsack (cont) • Normal arithmetic  + or * preserve superincreasing sets • Modular arithmetic  may destroy superincreasing sets H = w * S mod n (hi = w * si mod n)

  20. Merkle- Hellman Knapsack (cont) Modular arithmetic  sensitive to common factors Consider w * x mod n If w and n share common factors  the result will not cover all values [0-n-1] Otherwise  the result will cover all values ( w, n are relatively prime) (If w and n are relatively prime, w has multiplicative inverse mod n) Why?

  21. Example

  22. Breaking the superincreasing nature of integer • Multiple by w and take mod n n and w are relatively prime. • Select S of size m • Select w and n, n > summation of si • Obtain H (hi = w * si mod n)

  23. Select S (m =4) [1,2,4,9]

  24. Select w, n • n should be greater than the sum of all elements in S • w should have no common factors with n • This can be guaranteed if n is prime and w should be smaller than n (math background) • (n = 17) • (w = 15)

  25. Obtain H (Public Key) • H = w * S mod n • (hi = w * si mod n) • S = [1,2,4,9] • (n = 17) • (w = 15) h1 = 15*1 mode 17 = 15 h2 = 15*2 mode 17 = 13 h3 = 15*4 mode 17 = 9 h4 = 15*9 mode 17 = 16 H = [15,13,9,16]

  26. Encryption H Summation Solution Encryption P C = H * P

  27. Example (Encryption) Given P = 010010111010 0101 Public Key H = [15, 13, 9, 16] P  0100101110100101 C  13 40 24 29

  28. Example (Encryption) H = [15, 13, 9, 16] 0100 1011 1010 0101 13 40 24 29 Encryption ciphertext plaintext

  29. Decryption • What does a legitimate recipient know? • S, w, n • The inverse of w (w-1) is also known, correct? • w-1 * C w-1 * H * P • w-1 * H * P  w-1 * w * S * P mod n  S * P mod n

  30. Decryption S C T P W-1 * C Simple knapsack Decryption

  31. Example (Decryption) Given C = 13 40 24 29 W-1 = 8 8*13 mode 17 = 2 8*40 mode 17 = 14 8*24 mode 17 = 5 8*29 mode 17 = 11

  32. S [1,2,4,9] Example (Decryption) cont. C T P W-1 * C Simple knapsack Decryption 0100 1011 1010 0101 13 40 24 29 2 14 5 11

  33. GroupExercise Convert the superincreasing knapsack [1, 3, 5, 11, 23, 47, 97] to a hard knapsack using (w, n) = (7, 11) and (7, 29), respectively.

More Related