Upload
clifton-morrison
View
219
Download
2
Embed Size (px)
Citation preview
8.6. Knapsack Ciphers8.6. Knapsack Ciphers
The ConceptThe Concept At the core of the Knapsack cipher is the At the core of the Knapsack cipher is the
Knapsack problemKnapsack problem: :
Given positive integers aGiven positive integers a11, a, a22,…,a,…,ann & S, & S,
which of the awhich of the aii integers add up to S. integers add up to S.
As an equation, solve for As an equation, solve for xxii either either 11 or or 00: :
S = aS = a11 x x11 + a + a22 x x22 + … + a + … + ann x xnn
Example: aExample: a11 = 2, a = 2, a22=3, a=3, a33=4, a=4, a44=7, a=7, a55=11, a=11, a66=13, a=13, a77=16 and S=18 =16 and S=18 Solutions: 16+2, 13+3+2, 11+4+3, 11+7, thusSolutions: 16+2, 13+3+2, 11+4+3, 11+7, thus (1,0,0,0,0,0,1); (1,1,0,0,0,1,0); (0,1,1,0,1,0,0); (0,0,0,1,1,0,0)(1,0,0,0,0,0,1); (1,1,0,0,0,1,0); (0,1,1,0,1,0,0); (0,0,0,1,1,0,0)
S = aS = a11 x x11 + a + a22 x x22 + … + a + … + ann x xn n
complexitycomplexity Good vs. Bad Good vs. Bad Difficult Calculations when n is large:Difficult Calculations when n is large:
Trial and Error Trial and Error 2 2nn possibilities for (x possibilities for (x11,x,x22,…,x,…,xnn))
infeasible to find all the infeasible to find all the solutions when n=100 or more solutions when n=100 or more
Easier to find solution for certain aEasier to find solution for certain a11, a, a22,…,a,…,ann::
aajj=2=2J-1J-1 SS = a= a11 x x11 + a + a22 x x22 + … + a + … + ann x xnn
= 2= 200 x x11 + + 2211 x x22 + … + + … + 22n-1n-1 x xnn
= x= xnn … x … x2 2 xx11 on binary form (base 2)on binary form (base 2)
Thus for the solution is:Thus for the solution is:
write S in the binary form! write S in the binary form!
Super Increasing SequencesSuper Increasing Sequences A type of sequence aA type of sequence a11, a, a22,…,a,…,ann for which it is for which it is
easier but not trivial to solve knapsack problemseasier but not trivial to solve knapsack problems super increasing sequence if super increasing sequence if
jjthth term > sum of the preceding values term > sum of the preceding values
ΣΣkk
(j-1) (j-1) aakk < a < aj j
forfor j = 2,3,…,nj = 2,3,…,n
Example1: Example1: (2, 3, 7, 13, 28) is super increasing (2, 3, 7, 13, 28) is super increasing(2, 3, 4, 7, 11, 13, 16) is not(2, 3, 4, 7, 11, 13, 16) is not
Example2 (pb 3): Example2 (pb 3): aaj+1j+1 > 2a > 2ajj super increasing sequence super increasing sequence Example3 (pb 2): Example3 (pb 2): aajj < 2 < 2j-1j-1 NOT NOT super increasing sequencesuper increasing sequence
Example of solving Knapsack problem Example of solving Knapsack problem for super increasing sequencefor super increasing sequence
((aa11=2, a=2, a22=3, a=3, a33=7, a=7, a44=13, a=13, a55=28) and S=40=28) and S=40 S≥ aS≥ a55 xx55 = 1 = 1 since asince a11+a+a22+a+a33+a+a44< a< a55=28=28
S- xS- x5 5 aa5 5 = 12 < a= 12 < a44 =13 =13 xx4 4 =0=0
S- (xS- (x5 5 aa5 5 + x+ x4 4 aa4 4 )=12 ≥ a)=12 ≥ a33 xx33 = 1 = 1
S- (xS- (x5 5 aa5 5 + x+ x4 4 aa4+ 4+ xx3 3 aa3 3 )=5 ≥ a)=5 ≥ a22 xx22 = 1 = 1
S- (xS- (x5 5 aa5 5 + x+ x4 4 aa44+x+x3 3 aa3 3 + x+ x3 3 aa3 3 )=2 ≥ a)=2 ≥ a11 xx11 = 1 = 1
Solution: (1,1,1,0,1)Solution: (1,1,1,0,1)
Super Increasing AlgorithmSuper Increasing Algorithm
SS = a= a11 x x11 + a + a22 x x22 + … + a + … + ann x xnn
n
nn aSif
aSifx
0
1
j
n
jkkk
j
n
jkkk
j
aaxSif
aaxSif
x
1
1
0
1
Public cryptosystem: Knapsack Ciphers Public cryptosystem: Knapsack Ciphers based on super increasing sequencesbased on super increasing sequences
Merkle and Hellman [MeHe78]. Merkle and Hellman [MeHe78]. Based on a transformed not super increasing sequence Based on a transformed not super increasing sequence
bb11, b, b22,…,b,…,bnn
from a simple super increasing from a simple super increasing
aa11, a, a22,…,a,…,ann
GivenGiven m> 2 a m> 2 ann andand ( (ωω,m)=1 ,m)=1 findfind ώώ
ώ ωώ ω ≡1(mod m) ≡1(mod m) ώ ώ ≡≡ ω ωΦΦ(m)-1 (m)-1 (mod m) (mod m)
Then Find Then Find bbjj
bbjj ≡ ≡ ωω a ajj (mod m) (mod m) aajj ≡ ≡ ώώ b bjj (mod m) (mod m)
ObservationsObservations IF S= bIF S= b11 x x11 + b + b22 x x22 + … + b + … + bnn x xnn ThenThen
ώώ S S ≡ ≡ ώώ b b11 x x1 1 + …+ + …+ ώώ b bnn x xnn
≡ ≡ aa11 xx1 1 + …+ a+ …+ ann xxnn (mod m)(mod m)
bb11, b, b22,…,b,…,bnn is not super increasing is not super increasing not easy to solve not easy to solve S= bS= b11 x x11 + +
bb22 x x22 + … + b + … + bnn x xnn
aa11, a, a22,…,a,…,ann is super increasing is super increasing easy to solve easy to solve
SS00= a= a11 x x11 + a + a22 x x22 + … + a + … + ann x xnn
wherewhere ώώ S S ≡ S≡ S00(mod m)(mod m)
One needs to know One needs to know m, m, ωω & & ώώ
Knapsack Cipher MethodKnapsack Cipher Method ChooseChoose a a11, a, a22,…,a,…,aN N along with along with
values for values for mm with with m>2am>2aNN, ,
and and ωω with ( with (ω, mω, m)=1)=1 ((bb11,…, b,…, bNN) is made public. ) is made public. Plaintext Plaintext PP is transformed into is transformed into
binary equivalentbinary equivalent using the using the table on the left (page 319).table on the left (page 319).
PP in binary is in binary is splitsplit into into segments of lensegments of length gth NN (if not (if not divisible by N, add 1s)divisible by N, add 1s)
Each segment will play the Each segment will play the role of role of (x(x11,x,x22,…,x,…,xNN))
Knapsack Cipher Method (cont.)Knapsack Cipher Method (cont.) For each segment For each segment (x(x11,x,x22,…,x,…,xNN) ) inin P, P, compute compute
S= bS= b11 x x11 + b + b22 x x22 + … + b + … + bNN x xNN CC= Ciphertext = Ciphertext
= the set of = the set of SS generated from each generated from each (x(x11,x,x22,…,x,…,xNN) ) inin P P
= difficult to find (x= difficult to find (x11,x,x22,…,x,…,xNN) from S) from S
Decryption when Decryption when mm & & ωω (thus (thus ώώ) are known) are known::
easy to solve for easy to solve for (x(x11,x,x22,…,x,…,xNN) ) with with
SS00= a= a11 x x11 + a + a22 x x22 + … + a + … + ann x xnn
wherewhere ώώ S S ≡ S≡ S00(mod m)(mod m)
ExampleExample P=BUY NOW=P=BUY NOW=000010000110100101001100011000011010110101110011101011010110 A=(3,5,9,20,44); m=89; A=(3,5,9,20,44); m=89; ωω=67=67 P= ([P= ([0,0,0,0,1],[0,0,0,0,1],[1,0,1,0,0],[1,0,1,0,0],[1,1,0,0,0],[1,1,0,0,0],[0,1,1,0,1],[0,1,1,0,1],[0,1,1,1,0],[0,1,1,1,0],[1,0,1,1,0])1,0,1,1,0])
= matrix notation= matrix notation
Encryption Encryption (B(BTT = transpose of B = Vertical vector B) = transpose of B = Vertical vector B) B≡B≡ ω ω A (mod 89) = (23,68,69,5,11) A (mod 89) = (23,68,69,5,11) C= PBC= PBTT = (11, 92,91,148,142,97 ) = (11, 92,91,148,142,97 )
Decryption:Decryption: ώ ώ ≡≡ ω ωΦΦ(m)-1 (m)-1 (mod m) =67(mod m) =678787= 4 (mod 89)= 4 (mod 89) SS00 ≡ ≡ ώώ S (mod m) S (mod m) ≡ 4*C = (44, 368, 364, 592, 568, 388)≡ 4*C = (44, 368, 364, 592, 568, 388)
≡ ≡ [44, 12, 8, 58, 34, 32] [44, 12, 8, 58, 34, 32] (mod 89) (mod 89) Use Knapsack algorithm to solve SUse Knapsack algorithm to solve S00= a= a11 x x11 + a + a22 x x22 + … + a + … + ann x xnn
For example: For example: 44= 44(1) 44= 44(1) 00001 00001 B B
12=9 (1) + 3(1)12=9 (1) + 3(1) 1010010100 U U
8= 3(1)+ 5 (1) 8= 3(1)+ 5 (1) 11000 11000 Y Y
CryptanalysisCryptanalysis Knapsack Ciphers were a popular form of public key Knapsack Ciphers were a popular form of public key
cryptography.cryptography. In 1982, Shamir (see [Sh84] & [Od 90]) In 1982, Shamir (see [Sh84] & [Od 90]) efficient efficient
method to solve method to solve S= bS= b11 x x11 + b + b22 x x22 + … + b + … + bNN x xNN, , thus find thus find xx11xx22…x…xNN from the from the transformedtransformed public key public key bb11bb22 …b …bNN
There exists an algorithmto find the solution using There exists an algorithmto find the solution using O(P(n)) O(P(n)) bit operations where bit operations where PP is a polynomial instead of is a polynomial instead of the exponential time the exponential time
Adjustments can be made to protect it from such Adjustments can be made to protect it from such weaknesses, such as using several successive weaknesses, such as using several successive transformations with transformations with (ω(ωii,m,mii) ) to form to form bb11bb22 …b …bNN