Computer System Security CSE 5339/7339

1
Computer System SecurityCSE 5339/7339
Lecture 5 September 2, 2004
2
Contents

• Math Background and mod Arithmetic
• Merkle-Hellman Knapsacks
• Monicas Presentation

3
Student Presentations (15 minutes)
First 4 Murtaza, Monica, Matthew,
Diana 9/14 9/16 9/21 9/23
4
Exercise (Group work) Any luck?
Decrypt the following encrypted
quotation fqjcb rwjwj vnjax bnkhj whxcq
nawjv nfxdu mbvnu ujbbf nnc
5
Math Background
Identity i is identity for op if i op x x op i
x Inverse b is inverse of a if a op b b op a
i Prime Number Any number greater than 1 that
is divisible only by itself and 1 2 divides
10 10 is divisible by 2 Composite vs. prime
6
Math Background (cont.)
Greatest Common Divisor gcd(a,b) The largest
integer that divides both a and b gcd(15,10)
5 If p is a prime number gcd(p.q) 1 for any q
lt p If x divides a and b ? x also divides a
(kb)
7
Modular Arithmetic

• Reminder after division
• a mod n b ? a cn b (11 mod 3 2, 5 mod 3
  2)
• Confine results to a particular range 0 n-1
• Operations , -, can be applied before or after
  mod is taken
• x and y are equivalent under mod n iff x mod n
  y mod n
• x and y are equivalent under mod n iff x y
  kn

8
Modular Arithmetic (cont)

• Multiplicative inverse of a ? a-1

0 1 2 3 4
0 0 0 0 0 0
1 0 1 2 3 4
2 0 2 4 1 3
3 0 3 1 4 2
4 0 4 3 2 1
Product mod 5 a 2, a-1 3
9
Fermats Theorem
For any prime p and any element a lt p ap mod p
a Or ap-1 mod p 1
10
Computing Inverse
Given a, let us compute the inverse of a in mod
p The inverse of a is x such that ax mod p
1 (Definition of inverse) ap-1 mod p 1
(Fermats Theorem) ax mod p ap-1 mod p x
ap-2 mod p
11
Example
Compute the inverse of 3 mod 5 x 35-2 mod 5 x
27 mod 5 2 Compute the inverse of 3 mod 7 x
37-2 mod 7 x 243 mod 7 5
12
Merkle-Hellman Knapsacks

• Algorithms is based on the knapsack problem
• What is the knapsack problem?
• General Knapsacks
• Superincreasing knapsacks

13
General Knapsacks (Hard)
Given a sequence of integers a1, a2, , an and a
target sum T, the problem is to find a vector of
0s and 1s such that the sum of the integers
associated with 1s equals T Given H 17,
38, 73, 4, 11, 1 T 53 Solution
(0,1,0,1,1,0)
14
Superincreasing Knapsacks (Easy)
We place an additional restriction on the
problem The integers of S must form an
superincresaing sequence. (i.e. each integer is
greater than the sum of all preceding
integers) Given S 1, 4, 11, 17, 38, 73 T
53 Solution (0,1,1,0,1,0) Algorithm?
15
Example
S 1, 4, 11, 17, 38, 73 Try it with T 96 T
95 T 96 ? no solution T 95 ? (1, 1, 0, 1,
0, 1)
16
Merkle- Hellman Knapsack
Idea ? is to encode a binary message as a
solution to a knapsack problem, reducing the
ciphertext to the target sum obtained by adding
terms corresponding to 1s in the plain
text. Public Key Set of integers of a knapsack
problem Private Key Corresponding
superincreasing knapsack
17
Main Idea
Private key
Public key
H
S
Solution
T
Solution
Encryption
Decryption
ciphertext
plaintext
Original plaintext
010110
010110
18
Relationship between S and H
We start with a superincreasing knapsack -- S
We need a Technique for converting S into regular
Knapsack H
19
Merkle- Hellman Knapsack (cont)

• Normal arithmetic ? or preserve
  superincreasing sets
• Modular arithmetic ? may destroy superincreasing
  sets
• H w S mod n
• (hi w si mod n)

20
Merkle- Hellman Knapsack (cont)
Modular arithmetic ? sensitive to common
factors Consider w x mod n If w and n share
common factors ? the result will not cover all
values 0-n-1 Otherwise ? the result will cover
all values ( w, n are relatively prime) (If w
and n are relatively prime, w has multiplicative
inverse mod n) Why?
21
Example
x 3 x mod 5 3 x mod 6
1 3 3
2 1 0
3 4 3
4 2 0
5 0 3
22
Breaking the superincreasing nature of integer

• Multiple by w and take mod n
• n and w are relatively prime.
• Select S of size m
• Select w and n, n gt summation of si
• Obtain H (hi w si mod n)

23
Select S (m 4)
Sequence Sum so far Next term
1, 1 2
1,2 3 4
1,2,4 7 9
1,2,4,9 16
1,2,4,9
24
Select w, n

• n should be greater than the sum of all elements
  in S
• w should have no common factors with n
• This can be guaranteed if n is prime and w should
  be smaller than n (math background)
• (n 17)
• (w 15)

25
Obtain H (Public Key)

• H w S mod n
• (hi w si mod n)
• S 1,2,4,9
• (n 17)
• (w 15)
• h1 151 mode 17 15
• h2 152 mode 17 13
• h3 154 mode 17 9
• h4 159 mode 17 16
• H 15,13,9,16

26
Encryption
H
Summation
Solution
Encryption
P
C H P
27
Example (Encryption)

• Given P 010010111010 0101
• Public Key H 15, 13, 9, 16
• P ? 0100 1011 1010 0101
• C ? 13 40 24 29

28
Example (Encryption)
H 15, 13, 9, 16
0100 1011 1010 0101
13 40 24 29
Encryption
ciphertext
plaintext
29
Decryption

• What does a legitimate recipient know?
• S, w, n
• The inverse of w (w-1) is also known, correct?
• w-1 C ? w-1 H P
• w-1 H P ? w-1 w S P mod n ? S P mod n
  

30
Decryption
S
C
P
T
Simple knapsack
W-1 C
Decryption
31
Example (Decryption)

• Given C 13 40 24 29
• W-1 8
• 813 mode 17 2
• 840 mode 17 14
• 824 mode 17 5
• 829 mode 17 11

32
Example (Decryption) cont.
S
1,2,4,9
C
P
T
Simple knapsack
W-1 C
Decryption
0100 1011 1010 0101
13 40 24 29
2 14 5 11
33
Group Exercise

• Convert the superincreasing knapsack
• 1, 3, 5, 11, 23, 47, 97
• to a hard knapsack using
• (w, n) (7, 11) and (7, 29), respectively.