King Mongkut`s University of Technology Faculty of Information

advertisement
King Mongkut’s University of Technology
Faculty of Information Technology
Report: Knapsack Algorithm
Prof. Reuven Aviv: Network Security (Winter 2008-9)
Member
Jarutorn Laokietkul (IMMIS) 50-7038-0-117
Sineenut Tonsaiphetch (IMMIS) 50-7038-0-026
Introduction
Merkel and Hellman developed and encryption algorithm based on the knapsack problem. The
knapsack problem suggests about a set of positive integers and a target sum, with the goal of finding a
subset of the integers that summed to the target. The knapsack problem is NP-complete; implying that to
solve it probably requires time exponential to the size of the problem
The idea behind the Merkel-Hellman knapsack scheme is to encode a binary message as a solution
to a knapsack problem, reducing the ciphertext to the target sum obtained by adding terms corresponding to
1s in the plaintext. That is, we convert blocks of plaintext to a knapsack sum by adding into the sum the
terms that match with 1 bit in the plaintext.
Knapsack Techniques
In this section, we conclude about the detail of Merkel-Hellman techniques.
1. General Knapsacks
Given a set of n weights W0, W1,…,Wn-1 and A target sum S.
Then find a0,a1,…,an-1 where each ai ∑ {0,1} , so that Sum S= a0W0+a1W1+…+an-1Wn-1
For example
Suppose that the weight are 85,13,9,7,47,27,99,86 and the desired sum is S=172.
The problem is to find which of integers to select for the sum
- Then a solution to solve the problem is given by
a = (a0,a1,a2,a3,a4,a5,a6,a7)
= (11001100)
Weight
a
Selected Values
85
1
85
13
1
13
9
0
7
0
47
1
47
27
1
27
99
0
- With this solution, we can solve the problem by 85+13+47+27=172
86
0
Sum S=172
2. A superincreasing knapsacks
It is similar to the general knapsacks except that when the weights are rearranged from least to
greatest, each weight is greater than the sum of all preceding weights.
For example,
3,6,11,25,46,95,200,411
It is a superincreasing knapsack. Solving a superincreasing knapsack problem is easy.
Suppose we are given the set of weights and the sum S = 309.
Solve: First, start with the largest weight and work toward the smallest to recover ai in linear time.
Sum S
Private Key
Compare
an
Sum
309
411
S < 411
a7=0
309
309
200
S > 200
a6=1
309-200 = 109
109
95
S >95
a5=1
109-95 = 14
14
46
S < 46
a4=0
14
14
25
S < 25
a3=0
14
14
11
S > 11
a2=1
14-11 = 3
3
6
S<6
a1=0
3
3
3
S=3
a0=1
0
So, we find a=10100110 which can solve the problem by 200+95+11+3=309
Steps of Work
The steps to construct a knapsack cryptosystem can conclude as follow,
1. Generate a superincreasing knapsack.
2. Convert the superincreasing knapsack into a general knapsack.
3. The public key is the general knapsack.
4. The private key is the superincreasing knapsack together with the conversion factors.
For example
1. Choose the superincreasing knapsack.
(2, 3, 7, 14, 30, 57, 120, 251)
2. Convert superincreasing into general knapsack, we use (a*m) mod n,
a=member of superincreasing knapsack.
m,n= relatively prime, in this example we choose m=41,n=491.
n = greater than the sum of all elements in the superincreasing knapsack.
The general knapsack is computed from the superincreasing knapsack by modular multiplication:
Superincreasing(a)
m
n
(a*m) mod n
2
41 491
82
3
41 491
123
7
41 491
287
14
41 491
83
30
41 491
248
57
41 491
373
120
41 491
10
251
41 491
471
The resulting general knapsack is (82, 123, 287, 83, 248, 373, 10, 471)
3. The public key is the general knapsack
Public key: (82, 123, 287, 83, 248, 373, 10, 471).
4. The private key is the superincreasing knapsack together with the modular inverse of the conversion
factor m, that is
Private key: (2, 3, 7, 14, 30, 57, 120, 251) Then find inverse of m for doing decrypt the message
m−1 mod n = 41−1 mod 491 = 12.
From these equation, x=ap-2modp
;a=41,p=491
41x=1mod491
41*12=491+1 So inverse of m is 12
Encrypting a Message
For example, Alice wants to encrypt Message M=150 for Bob then Alice convert it into binary message, so
that we can get binary message like this,
150=1001 0110
Then Alice has a Bob’s public key (82, 123, 287, 83, 248, 373, 10, 471).
Alice uses the 1 bits to select the elements of the general knapsack that are summed to give the ciphertext.
In this case, Alice finds C=82+83+373+10=548
Decrypting a Message
After that Bob gets a ciphertext C=548 from Alice and then uses his private key (2, 3, 7, 14, 30, 57, 120,
251) to decrypt Alice’s message.
Cm-1 mod n=548*12 mod 491=193
Sum=193 (Doing Superincreasing)
Sum S
Private Key
Compare
an(Binary message) Sum
193
251
S<251
a7=0
193
193
120
S>120
a6=1
193-120=73
73
57
S>57
a5=1
73-57=16
16
30
S<30
a4=0
16
16
14
S>14
a3=1
16-14=2
2
7
S<7
a2=0
2
2
3
S<3
a1=0
2
2
2
S=2
a0=1
0
Binary Message that already doing decryption in this table is equal to 1001 0110
Then, Bob solves the superincreasing knapsack for 193 as in the table.
Public Key
471
82 123 287 83 248 373 10
Private Key
3
7
2
14 30
57
120 251 Sum=2+14+57+120150
=193
Binary message
0
0
0
0
1
1
1
1
This is an easy problem from which Bob recovers the original message in binary 1001 0110 or, in decimal
M=150.
Advantage and Disadvantage
• Efficient algorithm of the feasibility form of the problems helps to find such a solution easily
• Easy to attack.
Security of Knapsack
- First, knapsack technique has been broken already by cryptanalysis but that not brute-force.
- Public keys can reconstruct by use the superincreasing knapsack and found by Shamir and Zippel.
- Many Knapsack variants also have been totally broken, it seems that Knapsack concept is not
secure any more.
Download