1 / 15

Understanding Merkle-Hellman Knapsacks in Cryptography: Concepts and Applications

This chapter explores the Merkle-Hellman knapsack cryptosystem, a public key encryption method utilizing superincreasing sequences. We detail the differences between symmetric and asymmetric encryption, delve into popular algorithms like RSA and ElGamal, and explain how the knapsack problem is used to encrypt and decrypt binary messages. Through examples, we demonstrate the construction of both simple and hard knapsacks, encryption and decryption processes, and exercises to reinforce understanding. This guide serves as a comprehensive overview for students and professionals in computer security.

kevina
Télécharger la présentation

Understanding Merkle-Hellman Knapsacks in Cryptography: Concepts and Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 3Encryption Algorithms & Systems (Part B)

  2. Outline • NP-completeness & Encryption • Symmetric (secret key) vs Asymmetric (public key) Encryptions • Popular Encryption Algorithms • Merkle-Hellman Knapsacks • RSA Encryption • El Gamal Algorithms • DES • Hashing Algorithms • Key Escrow & Clipper csci5233 computer security & integrity (Chap. 3)

  3. Merkle-Hellman Knapsacks • A public key cryptosystem • The public key is the set of integers of a knapsack problem (the general knapsack); the private key is a corresponding superincreasing knapsack (or simple knapsack). • A sample general knapsack: (17, 38, 73, 4, 11, 1) • A sample superincreasing knapsack: (1, 4, 11, 17, 38, 73), where each item ak is greater than the sum of all the previous items. • Merkle and Hellman provided an algorithm for the receiver to use a superincreasing knapsack (the private key) to decrypt the ciphertext. csci5233 computer security & integrity (Chap. 3)

  4. Merkle-Hellman Knapsacks • Basic idea: To encode a binary message as a solution to a knapsack problem, reducing the ciphertext to the target sum obtained by adding terms corresponding to the 1s in the plaintext. • Example: Fig. 3-5, p.84 • Two kinds of knapsacks: Simple (superincreasing) knapsack Hard (general) knapsack csci5233 computer security & integrity (Chap. 3)

  5. Solving a simple knapsack problem • Given a superincreasing knapsack S = (S1, S2, …, Sn) and a target sum T, find combination of Sithat equals to T. Hint: No combination of terms less than a particular term can yield a sum as large as the term. That is, Si > S1 + … +Si-1. Example: Given S = (1, 4, 11, 17, 38, 73) and T = 96, determine which terms in S correspond to the 1s of the plaintext. Solution: 1, 4, 17, 73 (See Fig. 3-6, p.85). That is, the plaintext was 110101. • Exercise: S = (1, 2, 5, 9, 20, 43), T = 49. csci5233 computer security & integrity (Chap. 3)

  6. Deriving a Hard Knapsack from a Simple Knapsack • An example on pages 87-89 • Choose the number (M) of items in a knapsack. Example: M = 4 • Create a simple knapsack (S) with M items. Example: S = (1, 2, 4, 9). • Choose a multiplier w and a modulus n, where n > S1 + … +SM and w is relprime to n. Note: Usually n is a prime, which is relprime to any number < n. Example: w = 15 and n = 17. • Replace every item in the simple knapsack with the term hi = w * si mod n. Then H = (h1, h2, …, hM) is the hard knapsack. Example: H = (15, 13, 9, 16). csci5233 computer security & integrity (Chap. 3)

  7. Encryption using Merkle-Hallman Knapsacks • The plaintext is encrypted using the hard knapsack (the public key), while the simple knapsack, as well as w and n, are used as the private key. • Example: Encrypt the plaintext ‘0100 1011 1010 0101’ using the sample hard knapsack H = (15, 13, 9, 16). Ans: C1 = 0100 * H = 13. C2 = 1011 * H = 15 + 9 + 16 = 40. C3 = 1010 * H = 15 + 9 = 24. C4 = 0101 * H = 13 + 16 = 29. So, ciphertext = (13, 40, 24, 29) csci5233 computer security & integrity (Chap. 3)

  8. Decryption using Merkle-Hallman Knapsacks • The receiver of the ciphertext uses w and n to calculate the multiplicative inverse of w, w-1. w * w-1mod n = 1. Example: w-1 = 15-1 mod 17 = 8 (use algorithm on p.81 or the inverse.java program) • To decipher the ciphertext (C): Multiply each of the numbers in C by w-1. (w-1* C = w-1* H * P = w-1* w * S * P = S* P )mod n • Exercise: Decrypt the ciphertext from the previous exercise, i.e., 13, 40, 24, 29, by using the simple knapsack S = (1, 2, 4, 9). The answer: next slide csci5233 computer security & integrity (Chap. 3)

  9. Decryption using Merkle-Hallman Knapsacks • Given: H = (19, 28, 76, 171, 293, 46, 130, 150). C =13, 40, 24, 29 S = (1, 2, 4, 9) n = 17, w = 15, w -1 = 8. • To get the target Ti: Multiply each Ci by w-1: T1 = (w-1* C1) mod n = 8 * 13 mod 17 = 2 T2 = (w-1* C1) mod n = 8 * 40 mod 17 = 14 T3 = (w-1* C1) mod n = 8 * 24 mod 17 = 5 T4 = (w-1* C1) mod n = 8 * 29 mod 17 = 11 • Given the target sum Ti and the simple knapsack S, find the combination of items in S that produces T. e.g., The answer for T1 is 0100. csci5233 computer security & integrity (Chap. 3)

  10. Another Example • Step 1: Derive a Hard Knapsack from a Simple Knapsack • Choose the number (M) of items in a knapsack. Example: M can be 8 when the plaintext is in ascii. • Create a simple knapsack (S) with M items. Example: S = (1, 2, 4, 9, 17, 34, 70, 150). • Choose a multiplier w and a modulus n, where n > S1 + … +SM and w is relprime to n. Note: Usually n is a prime, which is relprime to any number < n. Example: w = 19 and n = 303. • Replace every item in the simple knapsack with the term hi = w * si mod n. Then H = (h1, h2, …, hM) is the hard knapsack. Example: H = (19, 38, 76, 171, 20, 40, 118, 123). csci5233 computer security & integrity (Chap. 3)

  11. Another Example • Step 2: Encrypt a plaintext using the hard knapsack • Encrypt the plaintext ‘PEACE’ using the sample hard knapsack H, H= (19, 38, 76, 171, 20, 40, 118, 123). ‘P’ = 50h ‘E’ = 45h ‘A’ = 41h ‘C’ = 43h Ans: C1 = 50h * H = 0101 0000 * H = 38 + 171 = 209. C2 = 45h * H = 0100 0101 * H = 38 + 40 + 123 = 201. C3 = 41h * H = 0100 0001 * H = 38 + 123 = 161. C4 = 43h * H = 0100 0011 * H = 38 + 118 + 123 = 279. C5 = C2 = 228. So, ciphertext (‘PEACE’) = 209 201 161 279 228 csci5233 computer security & integrity (Chap. 3)

  12. Another Example • Step 3: Decrypt using C, w, n and S • The receiver of the ciphertext uses w and n to calculate the multiplicative inverse of w, w-1. w * w-1mod n = 1. Example: w-1 = 19-1 mod 303 = 16 (use algorithm on p.81 or the inverse.java program) • To decipher the ciphertext (C): Multiply each of the numbers in C by w-1. (w-1* C = w-1* H * P = w-1* w * S * P = S* P )mod n • Exercise: Decrypt the ciphertext from the previous exercise, i.e., 209 201 161 279 228, by using the simple knapsack S = (1, 2, 4, 9, 17, 34, 70, 150). The answer: next slide csci5233 computer security & integrity (Chap. 3)

  13. Another Example • Given: H = (19, 28, 76, 171, 293, 46, 130, 150). C = 209 201 161 279 228, n = 303, w = 19, w-1 = 16. S = (1, 2, 4, 9, 17, 34, 70, 150). • To get the target Ti: Multiply each Ci by w-1 T1 = (w-1* C1) mod n = 16 * 209 mod 303 = 11 T2 = (w-1* C1) mod n = 16 * 201 mod 303 = 186 T3 = (w-1* C1) mod n = 16 * 161 mod 303 = 152 T4 = (w-1* C1) mod n = 16 * 279 mod 303 = 222 • Given the target sum Ti and the simple knapsack S, find the combination of items in S that produces T. The answer for T1 is 0101 0000, which is 11. S = (1, 2, 4, 9, 17, 34, 70, 150) Ans. for T1 = (0 1 0 1 0 0 0 0)  50h csci5233 computer security & integrity (Chap. 3)

  14. Weakness of the Merkle-Hellman Algorithm • p.90 • The modulus n can be guessed. S, the secret key, and the multiplier, w, are then exposed. • 1980: Shamir found that if the value of the modulus n is known, it may be possible to determine the simple knapsack S. • 1982: Shamir came up with an approach to deduce w and n from H, the hard knapsack, alone. csci5233 computer security & integrity (Chap. 3)

  15. Summary • Merkle-Hellman is a public-key cryptosystem based on the knapsack problem. • The encryption can be broken, mainly due to its use of simple knapsacks as the secret keys. • Next: • RSA Encryption • El Gamal Algorithms • DES • Hashing Algorithms • Key Escrow & Clipper csci5233 computer security & integrity (Chap. 3)

More Related