Lec 17 :Computer Security
Public key Cipher
1
5.7 KNAPSACK CIPHER :
Knapsack cipher system is a public key system based on the so
–called Knapsack problem . The Knapsack problem can be described
as follows .The vector A = (a1,a2,a3……..an) consist of positive integer
.The elements of this vector are multiplied by a binary vector denoted
by X=(x1,x2……xn) in which every xi ; i= 1,……..,n is either 0 or 1 .
This results is the sum s :
n
S=  aixi
i 1
If X and A are given the value of S can be calculated with out any
effort . However if S and A are given , it is considerably move
difficult to calculate X. figure 5-3illustrates the knapsack problem . A
Knapsack filled with a selection of object) from a large set , each
object has a different weight (the elements of a correspond to the
determine which items are in the Knapsack?
In other word is it possible to determine the elements of X ? when A is
sufficiently large (more than 100 elements), it is almost impossible to
calculate X from a given S and A.
Figure 5-3 The knapsack
Lec 17 :Computer Security
Public key Cipher
2
Now suppose A is selected such that Scan be calculated from X and A
, but the calculation of X given S and A is almost impossible , unless
additional information is available .The
vector X would then
represent the plaintext , which would be converted to a cipher text S
with the aid of A. The procedure is performed as follows :
Select two numbers , u and v, which are relatively prime and u > Σaj,
the knapsack vector A (which is a super – increasing sequence) is
transformed to vector B whose elements satisfy :
bi = V ai (mod u) for all values of i :
The vector B is made public u , v and A are kept secret .The vector X
can now enciphered to S according to S = BX . Deciphering of the
cipher is only possible if u ,v and A are available . The following
procedure can be used for deciphering :
vv1  1(mod u )
n
v 1 S mod u  v 1  bixi (mod u )
i 1
n
v 1 S mod u  v 1  vaixi(mod u )
i 1
n
n
i 1
i 1
v 1 S mod u  v 1  v 1vaixi(mod u )  v 1  bixi (mod u )
Example :
Let A= (3,5,9,19), u = 40 ,v =7 , x =(0110)
vv1  1(mod u )7v 1  1(mod 40)  V 1  23(mod 40)
bi  v  ai (mod u )  7  ai (mod 40)  b  (21,35,23,13)
S  BX  35  23  58
Todecipher
4
v 1 S (mod u )  23 * 58(mod 40  14)Thisleadsto aixi  14  X  (0110)
i 1
Lec 17 :Computer Security
Public key Cipher
3
1. Chose a knapsack vector A with super – increasing sequence
.
2. Select two relatively prime number u and v where u >  ai
3. Transform vector A into vector B .
bi = vai (mod u) for all values of i .
4. Make B public and keep u , v and secret
5. Encrypt S =BX
6. Decrypt X=v-1 S(mod u) =
n
 aixi (mod u)
i 1
Figure 5-4 Knapsack Algorithm
5.8 PUBLIC KEY DIGITAL SIGNATURE ALGORITHM (DSA):
In august 1991 , the national institute of standards and technology
proposed the digital signature algorithm (DSA). DSA is a variant of Schnorr
and ELgamal signature algorithm.
The following algorithm is Variant ofSchnorr and Elgamal signature algorithm,
which uses the following parameters:
P : 512 – 1024 bit prime number .
q : 160 bit prime , factor of p – 1 .
g = h(p-1)/q mod p, where h is any number less than p – 1 such that:
h(p-1)q mod p > 1 .
y = gx mod p .
x : private key < q.
k : random number < q.
x = (gk mod p) mod q.
s = k-1 (H(m) + xr )) mod q.
The algorithm makes use of a one- way hash function h(m) . p, q and g are
public and can be common across a net work of users. The private key is X , The
public key is y. To sign a message m follow the procedure shown in figure 5-6 .
Lec 17 :Computer Security
Public key Cipher
4
SENDER
 Generate a random mmber k<q.
 Generate r = (qr mod p ) mod q
(H(m)+xr) mod q
 Verify the signature by computing :
w= S-1 mod q
ul= (h(m).w)mod q.
U2= (rw) mod q.
v= ((qn1 yn2) mod p)mod q .
S=k-1
Receiver:
If bv = r then the signature is verfied
Figure 5-5 Digital Signature Algorithm
5.9 Key EXCHANGE:
1. using public key : attacked by man- in – the –middle (cipher text attack), and
prevented by interlock protocol .
2. using digital signature , one way hash function .
3. Keys and messages transmission .
5.10 AUTHENTICATION
Using one way function attacked by dictionary attack , prevented by using
SALT.e.g skid2,skid3 . DASS, Distributed Authentication Security Service for
matual authentication and key exchange.
5.11 PUBLIC KEY CRY PT ANALYSIS:
1. Mathematically: deduce d from n and e.
2. Guess (p -1) and (q-1)
3. Factoring n : having e ===> deduce d.
4. Chosen ciphertext attack: (Protocol attack): scenario:
eve wants Alice to sign m3; she generates ml and m2 Such that
m3
m3d
ml m2 (mod n)
(m1d mod n) (m2d mod n)
moral: never use RSA to sign a random document presented by a stranger.
5. Common modulus: Known n,c1. c2., e1, and e2;
Select two random numbers r and s such that:
rel +,se2 1, assume r is negative:
( C1-1 )- r. c25 =m mod n
Lec 17 :Computer Security
Public key Cipher
5
Moral: Don't share a common n among a group of users.
6. Genetic algorithm:
Choose a set of prime numbers such that the product of any two of them less
than n use fitness function with the following characteistics:
- Neglect all even numbers, and those least significant digit = 0.
- Neglect numbers, which are divided by 3.
- Generated numbers by mating should be relatively prime to e.
7. Crypt analysis knowing n and e:
8. It is possible for cryptanalyst to try every possible d, until he fined the correct
one. This is called brute-force attack. It is less efficient than other methods.
9. There is a common probabilistic algorithm for computing primes p and q.
10. Factoring n is the most obvious means of attack. Factoring a number means
finding its prime factors. There are some factoring algorithm such as number
field sieve (NFS), Quadratic sieve (QS), elliptic curve method (ECM), pollards
Montecarlo algorithm, ..., etc. In March 1994, a 129-digit (428-bit) number was
factored using the double prime variation of the multiple polynomial (QS) by a
team of mathematician, led by Lenstra. Volunteers on the Internet carried out the
computation; 600 people and 1600 machines over the course of eight months.
The machines communicated via electronic mail sending their intermediate
result to a central machine where the final steps of analysis took Lessons
learned:
• Knowledge of encryption/decryption pail of exponent for a given modulus (e,
n), enables attacker of factoring the modules.
• Knowledge of encryption/decryption pair of exponent for a given modulus
(e,n), c, n enables attacker to calculale other pairs with out factoring n.
• Common modulus should not been used in network.
• Messages should be padded with random values on low encryption exponents
• Decryption exponent should be large.