Chapter 3
Encryption Algorithms &
Systems (Part B)
Outline

NP-completeness & Encryption
 Symmetric (secret key) vs Asymmetric (public key)
Encryptions
 Popular Encryption Algorithms
– Merkle-Hellman Knapsacks
– RSA Encryption
– El Gamal Algorithms
– DES
 Hashing Algorithms
 Key Escrow & Clipper
csci5233 computer security &
integrity (Chap. 3)
2
Merkle-Hellman Knapsacks

A public key cryptosystem
 The public key is the set of integers of a knapsack
problem (the general knapsack); the private key is a
corresponding superincreasing knapsack (or simple
knapsack).
 A sample general knapsack: (17, 38, 73, 4, 11, 1)
 A sample superincreasing knapsack: (1, 4, 11, 17,
38, 73), where each item ak is greater than the sum
of all the previous items.
 Merkle and Hellman provided an algorithm for the
receiver to use a superincreasing knapsack (the
private key) to decrypt the ciphertext.
csci5233 computer security &
integrity (Chap. 3)
3
Merkle-Hellman Knapsacks



Basic idea: To encode a binary message as a
solution to a knapsack problem, reducing the
ciphertext to the target sum obtained by adding
terms corresponding to the 1s in the plaintext.
Example: Fig. 3-5, p.84
Two kinds of knapsacks:
Simple (superincreasing) knapsack
Hard (general) knapsack
csci5233 computer security &
integrity (Chap. 3)
4
Solving a simple knapsack problem


Given a superincreasing knapsack S = (S1, S2, …,
Sn) and a target sum T, find combination of Si that
equals to T.
Hint: No combination of terms less than a particular
term can yield a sum as large as the term. That
is, Si > S1 + … + Si-1.
Example: Given S = (1, 4, 11, 17, 38, 73) and T =
96, determine which terms in S correspond to
the 1s of the plaintext.
Solution: 1, 4, 17, 73 (See Fig. 3-6, p.85). That is,
the plaintext was 110101.
Exercise: S = (1, 2, 5, 9, 20, 43), T = 49.
csci5233 computer security &
integrity (Chap. 3)
5
Deriving a Hard Knapsack from a Simple Knapsack

An example on pages 87-89
1.
Choose the number (M) of items in a knapsack.
Example: M = 4
2.
Create a simple knapsack (S) with M items.
Example: S = (1, 2, 4, 9).
3.
Choose a multiplier w and a modulus n, where n
> S1 + … + SM and w is relprime to n. Note:
Usually n is a prime, which is relprime to any
number < n.
Example: w = 15 and n = 17.
4.
Replace every item in the simple knapsack with
the term hi = w * si mod n. Then H = (h1, h2, …,
hM) is the hard knapsack.
Example: H = (15, 13, 9, 16).
csci5233 computer security &
integrity (Chap. 3)
6
Encryption using Merkle-Hallman Knapsacks

The plaintext is encrypted using the hard knapsack
(the public key), while the simple knapsack, as well
as w and n, are used as the private key.

Example: Encrypt the plaintext ‘0100 1011 1010 0101’ using
the sample hard knapsack H = (15, 13, 9, 16).
Ans:
C1 = 0100 * H = 13.
C2 = 1011 * H = 15 + 9 + 16 = 40.
C3 = 1010 * H = 15 + 9 = 24.
C4 = 0101 * H = 13 + 16 = 29.
So, ciphertext = (13, 40, 24, 29)
csci5233 computer security &
integrity (Chap. 3)
7
Decryption using Merkle-Hallman
Knapsacks

The receiver of the ciphertext uses w and n to
calculate the multiplicative inverse of w, w-1.
w * w-1 mod n = 1.
Example: w-1 = 15-1 mod 17 = 8 (use algorithm on
p.81 or the inverse.java program)

To decipher the ciphertext (C): Multiply each of the
numbers in C by w-1.
(w-1 * C = w-1 * H * P = w-1 * w * S * P = S* P )mod n

Exercise: Decrypt the ciphertext from the previous
exercise, i.e., 13, 40, 24, 29, by using the simple
knapsack S = (1, 2, 4, 9).
The answer: next slide
csci5233 computer security &
integrity (Chap. 3)
8
Decryption using Merkle-Hallman
Knapsacks

Given: H = (19, 28, 76, 171, 293, 46, 130, 150).
C = 13, 40, 24, 29
S = (1, 2, 4, 9)
n = 17, w = 15, w -1 = 8.
1.
To get the target Ti : Multiply each Ci by w-1:
T1 = (w-1 * C1) mod n = 8 * 13 mod 17 = 2
T2 = (w-1 * C1) mod n = 8 * 40 mod 17 = 14
T3 = (w-1 * C1) mod n = 8 * 24 mod 17 = 5
T4 = (w-1 * C1) mod n = 8 * 29 mod 17 = 11
2.
Given the target sum Ti and the simple knapsack S,
find the combination of items in S that produces T.
e.g., The answer for T1 is 0100.
csci5233 computer security &
integrity (Chap. 3)
9
Another Example

1.
Step 1: Derive a Hard Knapsack from a Simple Knapsack
Choose the number (M) of items in a knapsack.
Example: M can be 8 when the plaintext is in ascii.
2.
Create a simple knapsack (S) with M items.
Example: S = (1, 2, 4, 9, 17, 34, 70, 150).
3.
Choose a multiplier w and a modulus n, where n >
S1 + … + SM and w is relprime to n. Note: Usually
n is a prime, which is relprime to any number < n.
Example: w = 19 and n = 303.
4.
Replace every item in the simple knapsack with
the term hi = w * si mod n. Then H = (h1, h2, …, hM)
is the hard knapsack.
Example: H = (19, 38, 76, 171, 20, 40, 118, 123).
csci5233 computer security &
integrity (Chap. 3)
10
Another Example


Step 2: Encrypt a plaintext using the hard knapsack
Encrypt the plaintext ‘PEACE’ using the sample
hard knapsack H, H = (19, 38, 76, 171, 20, 40, 118, 123).
‘P’ = 50h
‘E’ = 45h
‘A’ = 41h
‘C’ = 43h
Ans:
C1 = 50h * H = 0101 0000 * H = 38 + 171 = 209.
C2 = 45h * H = 0100 0101 * H = 38 + 40 + 123 = 201.
C3 = 41h * H = 0100 0001 * H = 38 + 123 = 161.
C4 = 43h * H = 0100 0011 * H = 38 + 118 + 123 = 279.
C5 = C2 = 228.
So, ciphertext (‘PEACE’) = 209 201 161 279 228
csci5233 computer security &
integrity (Chap. 3)
11
Another Example


Step 3: Decrypt using C, w, n and S
The receiver of the ciphertext uses w and n to
calculate the multiplicative inverse of w, w-1.
w * w-1 mod n = 1.
Example: w-1 = 19-1 mod 303 = 16 (use algorithm on
p.81 or the inverse.java program)

To decipher the ciphertext (C): Multiply each of the
numbers in C by w-1.
(w-1 * C = w-1 * H * P = w-1 * w * S * P = S* P )mod n

Exercise: Decrypt the ciphertext from the previous
exercise, i.e., 209 201 161 279 228, by using the simple
knapsack S = (1, 2, 4, 9, 17, 34, 70, 150).
The answer: next slide
csci5233 computer security &
integrity (Chap. 3)
12
Another Example

Given: H = (19, 28, 76, 171, 293, 46, 130, 150).
C = 209 201 161 279 228, n = 303, w = 19, w-1 = 16.
S = (1, 2, 4, 9, 17, 34, 70, 150).
1.
To get the target Ti : Multiply each Ci by w-1
T1 = (w-1 * C1) mod n = 16 * 209 mod 303 = 11
T2 = (w-1 * C1) mod n = 16 * 201 mod 303 = 186
T3 = (w-1 * C1) mod n = 16 * 161 mod 303 = 152
T4 = (w-1 * C1) mod n = 16 * 279 mod 303 = 222
2.
Given the target sum Ti and the simple knapsack S,
find the combination of items in S that produces T.
The answer for T1 is 0101 0000, which is 11.
S = (1, 2, 4, 9, 17, 34, 70, 150)
Ans. for T1 = (0 1 0 1 0 0 0
0)  50h
csci5233 computer security &
integrity (Chap. 3)
13
Weakness of the Merkle-Hellman Algorithm

p.90

The modulus n can be guessed. S, the secret key,
and the multiplier, w, are then exposed.

1980: Shamir found that if the value of the modulus n
is known, it may be possible to determine the simple
knapsack S.

1982: Shamir came up with an approach to deduce w
and n from H, the hard knapsack, alone.
csci5233 computer security &
integrity (Chap. 3)
14
Summary

Merkle-Hellman is a public-key cryptosystem based
on the knapsack problem.

The encryption can be broken, mainly due to its use
of simple knapsacks as the secret keys.

Next:
– RSA Encryption
– El Gamal Algorithms
– DES
– Hashing Algorithms
– Key Escrow & Clipper
csci5233 computer security &
integrity (Chap. 3)
15