Cryptanalysis of a New Knapsack Type Public-Key Cryptosystem
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Problems in Group Theory Motivated by Cryptography
PROBLEMS IN GROUP THEORY MOTIVATED BY CRYPTOGRAPHY VLADIMIR SHPILRAIN ABSTRACT. This is a survey of algorithmic problems in group theory, old and new, moti- vated by applications to cryptography. 1. INTRODUCTION The object of this survey is to showcase algorithmic problems in group theory motivated by (public key) cryptography. In the core of most public key cryptographic primitives there is an alleged practical irre- versibility of some process, usually referred to as a one-way function with trapdoor, which is a function that is easy to compute in one direction, yet believed to be difficult to compute the inverse function on “most” inputs without special information, called the “trapdoor”. For example, the RSA cryptosystem uses the fact that, while it is not hard to compute the prod- uct of two large primes, to factor a very large integer into its prime factors appears to be computationally hard. Another, perhaps even more intuitively obvious, example is that of the function f (x)= x2. It is rather easy to compute in many reasonable (semi)groups, but the inverse function √x is much less friendly. This fact is exploited in Rabin’s cryptosystem, with the multiplicative semigroup of Zn (n composite) as the platform. In both cases though, it is not immediately clear what the trapdoor is. This is typically the most nontrivial part of a cryptographic scheme. For a rigorous definition of a one-way function we refer the reader to [71]; here we just say that there should be an efficient (which usually means polynomial-time with respect to the complexity of an input) way to compute this function, but no visible (probabilistic) polynomial-time algorithm for computing the inverse function on “most” inputs. -
Part V Public-Key Cryptosystems, I. Key Exchange, Knapsack
Part V Public-key cryptosystems, I. Key exchange, knapsack, RSA CHAPTER 5: PUBLIC-KEY CRYPTOGRAPHY I. RSA The main problem of secret key (or symmetric) cryptography is that in order to send securely A secret message we need to send at first securely a secret key and therefore secret key cryptography is clearly not a sufficiently good tool for massive communication capable to protect secrecy, privacy and anonymity. prof. Jozef Gruska IV054 5. Public-key cryptosystems, I. Key exchange, knapsack, RSA 2/67 SECURE ENCRYPTION - a PRACTICAL POINT OF VIEW From practical point of view encryptions by a cryptosystem can be considered as secure if they cannot be broken by many (thousands) superomputeers with exaflop performance working for some years. prof. Jozef Gruska IV054 5. Public-key cryptosystems, I. Key exchange, knapsack, RSA 3/67 CONTENT In this chapter we describe the birth of public key cryptography, that can better manage key distribution problem, and three of its cryptosystems, especially RSA. The basic idea of a public key cryptography: In a public key cryptosystem not only the encryption and decryption algorithms are public, but for each user U also the key eU for encrypting messages (by anyone) for U is public. Moreover, each user U keeps secret another (decryption) key, dU , that can be used for decryption of messages that were addressed to him and encrypted with the help of the public encryption key eU . Encryption and decryption keys could (and should) be different - we can therefore speak also about asymmetric cryptography. Secret key cryptography, that has the same key for encryption and for decryption is also called symmetric cryptography. -
New Approach for CCA2-Secure Post-Quantum Cryptosystem Using Knapsack Problem
New Approach for CCA2-Secure Post-Quantum Cryptosystem Using Knapsack Problem Roohallah Rastaghi [email protected] Abstract — Chosen-ciphertext security, which guarantees confidentiality of encrypted messages even in the presence of a decryption oracle, has become the de facto notion of security for public-key encryption under active attack. In this manuscript, for the first time, we propose a new approach for constructing post-quantum cryptosystems secure against adaptive chosen ciphertext attack (CCA2-secure) in the standard model using the knapsack problem. The computational version of the knapsack problem is NP-hard . Thus, this problem is expected to be difficult to solve using quantum computers. Our construction is a precoding-based encryption algorithm and uses the knapsack problem to perform a permutation and pad random fogged data to the message bits. Compared to other approaches in use today, our approach is more efficient and its CCA2 security in quantum environment can be reduced in the standard model to the assumption that the knapsack problem is intractable. Furthermore, we show that our approach is a general paradigm and can be applying to any (post-quantum) trapdoor one-way function candidate. Index Terms — CCA2-security, Encoding, Knapsack problem, Post-quantum cryptosystem, Standard model I. INTRODUCTION HE notion of public-key cryptography was introduced by Diffy and Hellman [18] and the ultimate goal of public-key Tencryption is the production of a simple and efficient encryption scheme that is provably secure in a strong security model under a weak and reasonable computational assumption. The accepted notion for the security of a public-key encryption scheme is semantically secure against adaptive chose ciphertext attack (i.e. -
New Approach for CCA2-Secure Post-Quantum Cryptosystem Using Knapsack Problem
New Approach for CCA2-Secure Post-Quantum Cryptosystem Using Knapsack Problem Roohallah Rastaghi [email protected] Abstract— Chosen-ciphertext security, which guarantees confidentiality of encrypted messages even in the presence of a decryption oracle, has become the de facto notion of security for public-key encryption under active attack. In this manuscript, for the first time, we propose a new approach for constructing post-quantum cryptosystems secure against adaptive chosen ciphertext attack (CCA2-secure) in the standard model using the knapsack problem. The computational version of the knapsack problem is NP-hard. Thus, this problem is expected to be difficult to solve using quantum computers. Our construction is a precoding-based encryption algorithm and uses the knapsack problem to perform a permutation and pad random fogged data to the message bits. Compared to other approaches in use today, our approach is more efficient and its CCA2 security in quantum environment can be reduced in the standard model to the assumption that the knapsack problem is intractable. Furthermore, we show that our approach is a general paradigm and can be applying to any (post-quantum) trapdoor one-way function candidate. Index Terms— CCA2-security, Encoding, Knapsack problem, Post-quantum cryptosystem, Standard model I. INTRODUCTION HE notion of public-key cryptography was introduced by Diffy and Hellman [18] and the ultimate goal of public-key T encryption is the production of a simple and efficient encryption scheme that is provably secure in a strong security model under a weak and reasonable computational assumption. The accepted notion for the security of a public-key encryption scheme is semantically secure against adaptive chose ciphertext attack (i.e. -
Post Quantum Cryptography
i postquantumnitaj 2017/9/14 14:03 page 1 #1 i i i Malaysian Journal of Mathematical Sciences 11(S) August: 1 - 28 (2017) Special Issue: The 5th International Cryptology and Information Security Conference (New Ideas in Cryptology) MALAYSIAN JOURNAL OF MATHEMATICAL SCIENCES Journal homepage: http://einspem.upm.edu.my/journal Post Quantum Cryptography Nitaj, A. Laboratoire de Mathématiques Nicolas Oresme Université de Caen Normandie, France E-mail: [email protected] ABSTRACT Public key cryptography is widely used for many applications such as signing con- tracts, electronic voting, encryption, securing transactions over the Internet and stor- ing sensitive data. The discovery of an ecient algorithm based on quantum me- chanics for factoring large integers and computing discrete logarithms by Peter Shor in 1994 undermined the security assumptions upon which currently used public key cryptographic algorithms are based, like RSA, El Gamal and ECC. However, some cryptosystems, called post quantum cryptosystems, while not currently in widespread use are believed to be resistant to quantum computing based attacks. In this paper, we provide a survey of quantum and post quantum cryptography. We review the principle of a quatum computer as well as Shor's algorithm and quantum key dis- tribution. Then, we review some cryptosystems undermined by Shor's algorithm as well as some post quantum cryptosystems, that are believed to resist classical and quantum computers. Keywords: Quantum cryptography, Shor's algorithm, Quantum key distribution, Lattice reduction, LWE cryptosystem, NTRU cryptosystem. i i i i i postquantumnitaj 2017/9/14 14:03 page 2 #2 i i i Nitaj A. 1. -
Survey of Computational Assumptions Used in Cryptography Broken Or Not by Shor’S Algorithm
Survey of Computational Assumptions Used in Cryptography Broken or Not by Shor's Algorithm by Hong Zhu School of Computer Science McGill University Montr´eal,Canada December, 2001 A Thesis submitted to the Faculty of Graduate Studies and Research in partial fulfillment of the requirements for the degree of Master in Science c Hong Zhu, 2001 Abstract We survey the computational assumptions of various cryptographic schemes, and discuss the security threat posed by Shor's quantum algorithm. One-way functions form the the basis of public-key cryptography. Although we have candidate hard problems that are believed to be one-way, none has been proven to be so. Therefore the security of the corresponding cryptographic schemes depends on the the intractability assumptions of these problems. Two major species of such problems, factoring and discrete logarithm, are widely believed to be intractable, and serve as the basis of many popular schemes. However, these two problems turned out to be polynomial-time solvable on a hypothetical quantum computer using Shor's algorithm. This is the most worrisome long-term threat to current public-key cryp- tosystems. In the thesis we provide a review of existing cryptosystems, with a focus on their underlying computational assumptions and the security. Other than factoring and discrete logarithm, schemes have been proposed based on error-correcting codes, subset-sum and subset-product problems, lattice, polynomials, combinatorial group theory, number fields, etc. Many are to be furtherly evaluated in future research. i R´esum´e Nous faisons un survol des hypoth`esescalculatoires de plusieurs sch´emascryp- tographiques, et nous discutons de la menace pos´eepar l'algorithme quantique de Shor. -
Towards a Probabilistic Knapsack Public-Key Cryptosystem with High Density
information Article PKCHD: Towards A Probabilistic Knapsack Public-Key Cryptosystem with High Density Yuan Ping 1,2,* , Baocang Wang 1,3,*, Shengli Tian 1, Jingxian Zhou 2 and Hui Ma 1 1 School of Information Engineering, Xuchang University, Xuchang 461000, China; [email protected] (S.T.); [email protected] (H.M.) 2 Information Technology Research Base of Civil Aviation Administration of China, Civil Aviation University of China, Tianjin 300300, China; [email protected] 3 Key Laboratory of Computer Networks and Information Security, Ministry of Education, Xidian University, Xi’an 710071, China * Correspondence: [email protected] (Y.P.); [email protected] (B.W.) Received: 22 January 2019; Accepted: 19 February 2019; Published: 21 February 2019 Abstract: By introducing an easy knapsack-type problem, a probabilistic knapsack-type public key cryptosystem (PKCHD) is proposed. It uses a Chinese remainder theorem to disguise the easy knapsack sequence. Thence, to recover the trapdoor information, the implicit attacker has to solve at least two hard number-theoretic problems, namely integer factorization and simultaneous Diophantine approximation problems. In PKCHD, the encryption function is nonlinear about the message vector. Under the re-linearization attack model, PKCHD obtains a high density and is secure against the low-density subset sum attacks, and the success probability for an attacker to recover the message vector with a single call to a lattice oracle is negligible. The infeasibilities of other attacks on the proposed PKCHD are also investigated. Meanwhile, it can use the hardest knapsack vector as the public key if its density evaluates the hardness of a knapsack instance. -
Part V Public-Key Cryptosystems, I. Key Exchange, Knapsack
Part V Public-key cryptosystems, I. Key exchange, knapsack, RSA CHAPTER 5: PUBLIC-KEY CRYPTOGRAPHY I. RSA The main problem of secret key (or symmetric) cryptography is that in order to send securely a secret message we need to send at first securely a secret key Therefore, secret key cryptography is not a sufficiently good tool for massive communication capable to protect secrecy, privacy and anonymity. prof. Jozef Gruska IV054 5. Public-key cryptosystems, I. Key exchange, knapsack, RSA 2/75 SECURE ENCRYPTION - a PRACTICAL POINT OF VIEW From practical point of view encryptions by a cryptosystem can be considered as secure if they cannot be broken by many (thousands) supercomputers with exaflop performance working for some years. prof. Jozef Gruska IV054 5. Public-key cryptosystems, I. Key exchange, knapsack, RSA 3/75 PUBLIC KEY CRYPTOGRAPHY In this chapter we first describe the birth of public key cryptography, that can better manage the key distribution problem, and three of its cryptosystems, especially RSA. The basic idea of a public key cryptography: In a public key cryptosystem not only the encryption and decryption algorithms are public, but for each user U also the key eU for encrypting messages (by anyone) for U is public. Moreover, each user U keeps secret another (decryption) key, dU , that can be used for decryption of messages that were addressed to him and encrypted with the help of the public encryption key eU . Encryption and decryption keys could (and should) be different - we can therefore speak also about asymmetric cryptography. Secret key cryptography, that has the same key for encryption and for decryption is called also symmetric cryptography.