Security Analysis of an Encryption Scheme Based on Nonpositional Polynomial Notations

Security Analysis of an Encryption Scheme Based on Nonpositional Polynomial Notations

Open Eng. 2016; 6:250–258 Research Article Open Access Nursulu Kapalova* and Dilmukhanbet Dyusenbayev Security analysis of an encryption scheme based on nonpositional polynomial notations DOI 10.1515/eng-2016-0034 unique providing that bases are pairwise relatively prime. Received May 05, 2016; accepted Jun 28, 2016 As distinct from classical RNSs, irreducible polynomials over GF(2) that is binary polynomials serve as bases in Abstract: The aim of the research was to conduct a cryp- NPNs [1–6]. tographic analysis of an encryption scheme developed Based on NPNs, nonconventional algorithms for en- on the basis of nonpositional polynomial notations to cryption, digital signatures and cryptographic key ex- estimate the algorithm strength. Nonpositional polyno- change have been developed [3, 7–9]. This paper is con- mial notations (NPNs) are residue number systems (RNSs) cerned with an investigation of the strength of a noncon- based on irreducible polynomials over GF(2). To evalu- ventional encryption scheme against cryptanalysis. The ate if the algorithms developed on the basis of NPNs are core of the algorithm under study is as follows. secure, mathematical models of cryptanalysis involving algebraic, linear and differential methods have been de- 1. First of all, an NPN is formed with its working bases signed. The cryptanalysis is as follows. A system of non- consisting of chosen irreducible polynomials linear equations is obtained from a function transforming p x p x ... p x plaintext into ciphertext with a key. Next, a possibility of 1( ), 2( ), , S( ) (1) transition of the nonlinear system to a linear one is consid- over GF(2) of degrees m1, m2, ... , mS respectively. ered. The cryptanalysis was conducted for the cases with Polynomials (1) subject to their arrangement consti- known: 1) ciphertext; 2) plaintext and the related cipher- tute a certain base system. All bases are to be dif- text; 3) plaintext file format; and 4) ASCII-encoded plain- ferent including the case when they have the same text. degree. The working range of the NPN is specified by Keywords: cryptography; encryption; nonpositional poly- polynomial (modulus) nominal notations; cryptostrength; residue; cryptanalysis P(x) = p1(x)p2(x) ··· pS(x) m PS m of degree = i=1 i. Therefore, a mes- 1 Introduction sage of length N bits could be interpreted as a sequence of remainders α1(x), α2(x), ... , αS(x) Algorithms and methods developed on the basis of non- of dividing a polynomial F(x) by working bases positional polynomial notations (NPNs) are also known p1(x), p2(x), ... , pS(x) respectively: as nonconventional [1–3]. When considering a classical F x α x α x ... α x notation in residue number system (RNS), positive inte- ( ) = ( 1( ), 2( ), , S( )). (2) gers are chosen as a base system, where a positive inte- 2. Encryption of a message of length N bits is per- ger is represented by its remainders (residues) of dividing formed with a key sequence of the same length, by the base system [2, 4]. RNS construction relies on the which is interpreted as a sequence of remainders Chinese remainder theorem. According to the theorem, a β1(x), β2(x), ... , βS(x) of dividing some other poly- representation of a number as a sequence of remainders is nomial G(x) by the same working bases of the sys- tem: G(x) = (β1(x), β2(x), ... , βS(x)), (3) *Corresponding Author: Nursulu Kapalova: Institute Informa- ≡ tion and Computational Technologies Almaty, Kazakhstan; Email: where G(x) βi(x)(mod pi(x)), i = 1, s. [email protected] 3. Cryptogram H(x) = (ω1(x), ω2(x), ... , ωS(x)) is the Dilmukhanbet Dyusenbayev: Institute Information and result of multiplying polynomials (2) and (3). Mem- Computational Technologies Almaty, Kazakhstan; Email: di- bers of residue sequence ω1(x), ω2(x), ... , ωS(x) [email protected] © 2016 N. Kapalova and D. Dyusenbayev, published by De Gruyter Open. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 License. Security analysis of an encryption scheme based on nonpositional polynomial notations Ë 251 are then remainders on dividing products αi(x)βi(x) 2 Some methods of cryptographic by respective bases pi(x): attacks αi(x)βi(x) ≡ ωi(x)(mod pi(x)), i = 1, s. (4) The binary form of ciphertext H(x) represents the Cryptanalysis associates with such characteristics of cryp- sequence of consecutive coefficients of polynomials tosystems as evaluation of cipher reliability and develop- ment of breaking methods thereof. Analysis of reliabil- ω1(x), ω2(x), ... , ωS(x). 4. Decryption of cryptogram H(x) with a known key ity is based on the assumption that a cryptanalyst pos- sesses all the information about the cryptographic algo- G(x) for each βi(x) represents evaluation of a recip- −1 rithm in use while the key for a certain message is un- rocal (inverse) polynomial βi (x) under the follow- ing condition: known (Kerckhoffs’ principle). Cryptosystem strength de- pends on complexity of transformation algorithms, key −1 βi · βi (x) ≡ 1(mod pi(x)), i = 1, s. (5) multiplicity and implementation method thereof (protec- tion against bugs, viruses, etc.) Despite the fact that the G−1 x β−1 x β−1 x ... The result is polynomial ( ) = (( 1 ( ), 2 ( ), , concept of cipher strength holds a central position in cryp- β−1 x G x S ( )) inverse to polynomial ( ). The original message tography, a quantitative estimation of cryptostrength is, then could be calculated according to (4) and (5) through in general terms, still an open problem. The most general remainders of the following congruence: practical approaches to estimate an algorithm quality are −1 as follows [11]: αi(x) ≡ βi (x)ωi(x)(mod (pi(x)), i = 1, S. (6) 1. All possible attempts to break the algorithm; Hence, the complete key of a message of length 2. Analysis of the decrypting algorithm complexity; N bits in the above model of encryption scheme 3. Estimate of the cipher statistical security. is comprised of the chosen system of polyno- mial bases p1(x), p2(x), ... , pS(x), key G(x) = In the first instance, much depends on qualification, expe- (β1(x), β2(x), ... , βS(x)) obtained while generating a rience and intuition of a cryptanalyst as well as a proper pseudo-random sequence, and inverse key G−1(x) = estimate of capabilities of algorithm originators. It is gen- −1 −1 −1 erally believed that a cryptanalyst has knowledge about ((β1 (x), β2 (x), ... , βS (x)) calculated according to ex- pression (5). the cipher structure, abilities to study the cipher and some To evaluate the scheme reliability, it was derived a for- characteristics of plaintext such as message themes, pat- mula of cryptostrength taking into account all possible terns, standards, formats and so on. In the second in- choices of secret parameters of the scheme. Cryptostrength stance, the estimate of cryptostrength is substituted with of the encryption scheme based on NPNs is determined by the estimate of minimum complexity of a breaking algo- all possible but distinct from each other choices of com- rithm. However, in general it does not seem possible to ob- plete keys that is secrecy thereof. Cryptostrength of en- tain rigorously provable estimates of the lower bound of cryption of a message of a given length N bits can be de- complexity of different algorithms. Complexity of compu- duced from a formula [5]: tational schemes can be evaluated by the quantity of com- putational primitives with due regard to the cost thereof. X Q N k k ... k Ck1 Ck2 ...CkS kr = 2 ( 1 + 2 + + s)! n1 n2 nS . (7) This quantity generally must have a strict lower bound k1 ,k2 ,...,ks and fall outside performance limitations of state-of-the-art If an encryption scheme and at least one pair of plain- computer-based systems. In the third instant, an assump- text and ciphertext have been known to a cryptanalyst, tion is that a reliable cryptosystem from the standpoint then a natural way for analysis is straightforward enumer- of cryptanalyst represents a black box, where input and ation of all possible keys. The attack is conducted succes- output information sequences are mutually independent sively as long as encryption with a sample key coincides while the output ciphered sequence is pseudorandom. For with the known ciphertext. Formula (7) determines the the purposes of cryptanalysis the following methods are maximum possible number of attempts to find the right also used [12]: secret key. Such analysis technique is variously known as – Ciphertext only attack; full enumeration method [10], brute force technique [11] – Attack based on plaintexts and resulting cipher- or exhaustive method [12]. This paper represents results texts; of some cryptographic attacks applied against the above- mentioned encryption scheme. 252 Ë N. Kapalova and D. Dyusenbayev – Chosen plaintext attack (possibility to choose a to perform the attack it is needed a large set of plain- plaintext to encrypt); texts and related ciphertexts. Besides, modern encryp- – Adaptive chosen plaintext attack. tion schemes were developed with due consideration of resistance to attacks of this nature. Relevance of alge- The goal of the ciphertext only attack is to find as many braic methods of cryptanalysis rests upon the possibility of as possible plaintexts corresponding to available cipher- breaking through them encryption schemes given merely texts that is to find a key, which was used for encryption. one plaintext-ciphertext pair. It is also of importance that However, the given attack type is the weakest as well as the methods are applicable to strong modern cipher sys- inconvenient. tems. Algebraic attacks make use of internal cipher struc- When performing the attack based on plaintexts and ture that is to obtain an encryption key it is necessary resulting ciphertexts there are two alternatives for the to represent enciphering transformations in the form of a statement of the problem: 1) to find the key that was used set of multidimensional polynomial equations, and subse- to transform a plaintext into ciphertext; and 2) to build an quently to solve the system [11].

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    9 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us