Input: A={a1, a2, … an} – public key, S - ciphertext

Slides:



Advertisements
Similar presentations
7. Asymmetric encryption-
Advertisements

1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Chapter 3 Encryption Algorithms & Systems (Part B)
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Public Key Model 8. Cryptography part 2.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
The RSA Algorithm Based on the idea that factorization of integers into their prime factors is hard. ★ n=p . q, where p and q are distinct primes Proposed.
1 CIS 5371 Cryptography 8. Asymmetric encryption-.
CSCI 398 Research Topics in Computer Science Yana Kortsarts Computer Science Department Widener University Chester, PA.
ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, "A Public-Key Cryptosystem and a Signature Scheme.
Computer System Security CSE 5339/7339
Merkle-Hellman Knapsack Cryptosystem Merkle offered $100 award for breaking singly - iterated knapsack Singly-iterated Merkle - Hellman KC was broken by.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the order Teams mostly.
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
Implementing RSA Encryption in Java
Darci Miyashiro Math 480 April 29, 2013
8.6. Knapsack Ciphers. The Concept At the core of the Knapsack cipher is the Knapsack problem: At the core of the Knapsack cipher is the Knapsack problem:
Merkle-Hellman Knapsack Cryptosystem
Public Key Systems 1 Merkle-Hellman Knapsack Public Key Systems 2 Merkle-Hellman Knapsack  One of first public key systems  Based on NP-complete problem.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
22C:19 Discrete Structures Integers and Modular Arithmetic Fall 2014 Sukumar Ghosh.
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
Public Key Cryptosystem Introduced in 1976 by Diffie and Hellman [2] In PKC different keys are used for encryption and decryption 1978: First Two Implementations.
Computer Security Lecture 5 Ch.9 Public-Key Cryptography And RSA Prepared by Dr. Lamiaa Elshenawy.
Week 4 - Wednesday.  What did we talk about last time?  Finished DES  AES.
Introduction to Pubic Key Encryption CSCI 5857: Encoding and Encryption.
Lecture 3 (Chapter 9) Public-Key Cryptography and RSA Prepared by Dr. Lamiaa M. Elshenawy 1.
Elgamal Public Key Encryption CSCI 5857: Encoding and Encryption.
Information Security and Management 10. Other Public-key Cryptosystems Chih-Hung Wang Fall
Public Key Cryptosystem In Symmetric or Private Key cryptosystems the encryption and decryption keys are either the same or can be easily found from each.
Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication.
Public Key Cryptography. Asymmetric encryption is a form of cryptosystem in which Encryption and decryption are performed using the different keys—one.
Revision. Cryptography depends on some properties of prime numbers. One of these is that it is rather easy to generate large prime numbers, but much harder.
Merkle-Hellman
최신정보보호기술 경일대학교 사이버보안학과 김 현성.
Outline Primitive Element Theorem Diffie Hellman Key Distribution
Public Key Encryption.
Applied Cryptography Spring 2017 Asymmetric ciphers.
Public Key Cryptosystem
Asymmetric-Key Cryptography
Network Security Design Fundamentals Lecture-13
Key Exchange References: Applied Cryptography, Bruce Schneier
DTTF/NB479: Dszquphsbqiz Day 26
CS 2210:0001Discrete Structures Modular Arithmetic and Cryptography
Introduction to Cryptography
Prelude to Public-Key Cryptography
PUBLIC-KEY ENCRYPTION Focusing on RSA
Outline of implementation
RSA and El Gamal Cryptosystems
Elliptic Curves.
Public Key Cryptosystems - RSA
Knapsack Cryptosystems
Knapsack Cryptosystems
Topic 25: Discrete LOG, DDH + Attacks on Plain RSA
Asymmetric Cryptography
Diffie-Hellman Key-Exchange Algorithm
Rivest, Shamir and Adleman
Poking Holes in Knapsack Cryptosystems
Cryptography: Basics (2)
El Gamal and Diffie Hellman
El Gamal and Diffie Hellman
Public-Key, Digital Signatures, Management, Security
Hard Problems Some problems are hard to solve.
Introduction to Algorithms Second Edition by
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
The RSA Public-Key Encryption Algorithm
Diffie-Hellman Algorithm
Lecture 7: Key Distribution
Presentation transcript:

Ciphertext Only Cryptanalytic Attack on Merkle-Hellman Knapsack: Dynamic Programming Algorithm Input: A={a1, a2, … an} – public key, S - ciphertext Output: The binary array B – plaintext Algorithm: Let P[i, j] be TRUE if there is a subset of first i elements of A that sums to j, 0 ≤ i ≤ n , 0 ≤ j ≤ S Step 1: Computation of P P[0][0]  TRUE for j = 1 to S do: P[0][j]  FALSE for i = 1 to n do: for j = 0 to S do: if (j – A[i] < 0): P[i][j] = P[i-1][j] else: P[i][j] = P[i-1][j-A[i]] or P[i-1][j]

Step 2: Backtracking Let B be an array of n + 1 elements initialized to 0 i  n, j  S while i > 0: if (j – A[i]) ≥ 0): if (P[i-1][j-A[i]] is True): B[i]  B[i] + 1 j  j – A[i] i  i – 1 else: i  i – 1 Output: array B, elements of B that equal to 1 construct a desired subset of A that sums to S

P[i-1][j-A[i]] or P[i-1][j] EXAMPLE Input: A={1, 4, 5, 2}, S =3 j = 0 j = 1 j = 2 j = 3 i = 0 TRUE FALSE i = 1 A[1] =1 Element is taken i = 2 A[2] = 4 i = 3 A[3] = 5 i = 4 A[4] = 2 P[i-1][j-A[i]] or P[i-1][j]

Merkle-Hellman Multiplicative Knapsack Cryptosystem Alice: Chooses set of relatively prime numbers P = {p1, …pn} – private (easy) knapsack Chooses prime M > p1* …* pn Chooses primitive root b mod M Computes the public (hard) knapsack A = {a1, ….an}, where ai is discrete logarithm of pi to base b: 1  ai < M, such that: Private Key: P, M, b Public Key: A

Merkle-Hellman Multiplicative Knapsack Cryptosystem- Encryption Binary Plaintext T breaks up into sets of n elements long: T = {T1, …Tk} For each set Ti compute Ci is the ciphertext that corresponds to plaintext Ti C = {C1, …Ck) is ciphertext that corresponds to the plaintext T C is sent to Alice

Merkle-Hellman Multiplicative Knapsack Cryptosystem- Decryption For each Ci computes Si is a subset product of the easy knapsack: Tij = 1 if and only if pj divides Si

Merkle-Hellman Multiplicative Knapsack Example Easy (Private) Knapsack: P = {2, 3, 5, 7} M = 211, b = 17 Hard (Public) Knapsack: A= {19, 187, 198, 121} 2  1719(mod 211), 3  17187(mod 211), 5  17198(mod 211), 7  17121(mod 211) Plaintext: T = 1101 Ciphertext: C = 327 = 19 + 187 + 121 Decryption: S = 42 = 17327(mod 211) 42 = 21 * 31 *50 * 71 Plaintext: 1101

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.