An Implementation of the Chor-Rivest Knapsack Type Public Key Cryptosystem

The Chor-Rivest cryptosystem is a public key cryptosystem first proposed by MIT cryptographers Ben Zion Chor and Ronald Rivest [Chor84]. More recently Chor has imple mented the cryptosystem as part of his doctoral thesis [Chor85]. Derived from the knapsack problem, this cryptosystem differs from earlier knapsack public key systems in that computa tions to create the knapsack are done over finite algebraic fields. An interesting result of Bose and Chowla supplies a method of constructing higher densities than previously attain able [Bose62]. Not only does an increased information rate arise, but the new system so far is immune to the low density attacks levied against its predecessors, notably those of Lagarias- Odlyzko and Radziszowski-Kreher [Laga85, Radz86]. An implementation of this cryptosystem is really an instance of the general scheme, dis tinguished by fixing a pair of parameters, p and h , at the outset. These parameters then remain constant throughout the life of the implementation (which supports a community of users). Chor has implemented one such instance of his cryptosystem, where p =197 and h =24. This thesis aspires to extend Chor\u27s work by admitting p and h as variable inputs at run time. In so doing, a cryptanalyst is afforded the means to mimic the action of arbitrary implementations. A high degree of success has been achieved with respect to this goal. There are only a few restrictions on the choice of parameters that may be selected. Unfortunately this general ity incurs a high cost in efficiency; up to thirty hours of (VAX1 1-780) processor time are needed to generate a single key pair in the desired range (p = 243 and h =18)

Quadratic compact knapsack public-key cryptosystem

AbstractKnapsack-type cryptosystems were among the first public-key cryptographic schemes to be invented. Their NP-completeness nature and the high speed in encryption/decryption made them very attractive. However, these cryptosystems were shown to be vulnerable to the low-density subset-sum attacks or some key-recovery attacks. In this paper, additive knapsack-type public-key cryptography is reconsidered. We propose a knapsack-type public-key cryptosystem by introducing an easy quadratic compact knapsack problem. The system uses the Chinese remainder theorem to disguise the easy knapsack sequence. The encryption function of the system is nonlinear about the message vector. Under the relinearization attack model, the system enjoys a high density. We show that the knapsack cryptosystem is secure against the low-density subset-sum attacks by observing that the underlying compact knapsack problem has exponentially many solutions. It is shown that the proposed cryptosystem is also secure against some brute-force attacks and some known key-recovery attacks including the simultaneous Diophantine approximation attack and the orthogonal lattice attack

Cryptography from tensor problems

We describe a new proposal for a trap-door one-way function. The new proposal belongs to the "multivariate quadratic" family but the trap-door is different from existing methods, and is simpler

Cryptographic Hash Functions in Groups and Provable Properties

We consider several "provably secure" hash functions that compute simple sums in a well chosen group (G,*). Security properties of such functions provably translate in a natural way to computational problems in G that are simple to define and possibly also hard to solve. Given k disjoint lists Li of group elements, the k-sum problem asks for gi ∊ Li such that g1 * g2 *...* gk = 1G. Hardness of the problem in the respective groups follows from some "standard" assumptions used in public-key cryptology such as hardness of integer factoring, discrete logarithms, lattice reduction and syndrome decoding. We point out evidence that the k-sum problem may even be harder than the above problems. Two hash functions based on the group k-sum problem, SWIFFTX and FSB, were submitted to NIST as candidates for the future SHA-3 standard. Both submissions were supported by some sort of a security proof. We show that the assessment of security levels provided in the proposals is not related to the proofs included. The main claims on security are supported exclusively by considerations about available attacks. By introducing "second-order" bounds on bounds on security, we expose the limits of such an approach to provable security. A problem with the way security is quantified does not necessarily mean a problem with security itself. Although FSB does have a history of failures, recent versions of the two above functions have resisted cryptanalytic efforts well. This evidence, as well as the several connections to more standard problems, suggests that the k-sum problem in some groups may be considered hard on its own, and possibly lead to provable bounds on security. Complexity of the non-trivial tree algorithm is becoming a standard tool for measuring the associated hardness. We propose modifications to the multiplicative Very Smooth Hash and derive security from multiplicative k-sums in contrast to the original reductions that related to factoring or discrete logarithms. Although the original reductions remain valid, we measure security in a new, more aggressive way. This allows us to relax the parameters and hash faster. We obtain a function that is only three times slower compared to SHA-256 and is estimated to offer at least equivalent collision resistance. The speed can be doubled by the use of a special modulus, such a modified function is supported exclusively by the hardness of multiplicative k-sums modulo a power of two. Our efforts culminate in a new multiplicative k-sum function in finite fields that further generalizes the design of Very Smooth Hash. In contrast to the previous variants, the memory requirements of the new function are negligible. The fastest instance of the function expected to offer 128-bit collision resistance runs at 24 cycles per byte on an Intel Core i7 processor and approaches the 17.4 figure of SHA-256. The new functions proposed in this thesis do not provably achieve a usual security property such as preimage or collision resistance from a well-established assumption. They do however enjoy unconditional provable separation of inputs that collide. Changes in input that are small with respect to a well defined measure never lead to identical output in the compression function

The Interpolating Random Spline Cryptosystem and the Chaotic-Map Public-Key Cryptosystem

The feasibility of implementing the interpolating cubic spline function as encryption and decryption transformations is presented. The encryption method can be viewed as computing a transposed polynomial. The main characteristic of the spline cryptosystem is that the domain and range of encryption are defined over real numbers, instead of the traditional integer numbers. Moreover, the spline cryptosystem can be implemented in terms of inexpensive multiplications and additions. Using spline functions, a series of discontiguous spline segments can execute the modular arithmetic of the RSA system. The similarity of the RSA and spline functions within the integer domain is demonstrated. Furthermore, we observe that such a reformulation of RSA cryptosystem can be characterized as polynomials with random offsets between ciphertext values and plaintext values. This contrasts with the spline cryptosystems, so that a random spline system has been developed. The random spline cryptosystem is an advanced structure of spline cryptosystem. Its mathematical indeterminacy on computing keys with interpolants no more than 4 and numerical sensitivity to the random offset t( increases its utility. This article also presents a chaotic public-key cryptosystem employing a one-dimensional difference equation as well as a quadratic difference equation. This system makes use of the El Gamal’s scheme to accomplish the encryption process. We note that breaking this system requires the identical work factor that is needed in solving discrete logarithm with the same size of moduli

Public key cryptosystems : theory, application and implementation

The determination of an individual's right to privacy is mainly a nontechnical matter, but the pragmatics of providing it is the central concern of the cryptographer. This thesis has sought answers to some of the outstanding issues in cryptography. In particular, some of the theoretical, application and implementation problems associated with a Public Key Cryptosystem (PKC).The Trapdoor Knapsack (TK) PKC is capable of fast throughput, but suffers from serious disadvantages. In chapter two a more general approach to the TK-PKC is described, showing how the public key size can be significantly reduced. To overcome the security limitations a new trapdoor was described in chapter three. It is based on transformations between the radix and residue number systems.Chapter four considers how cryptography can best be applied to multi-addressed packets of information. We show how security or communication network structure can be used to advantage, then proposing a new broadcast cryptosystem, which is more generally applicable.Copyright is traditionally used to protect the publisher from the pirate. Chapter five shows how to protect information when in easily copyable digital format.Chapter six describes the potential and pitfalls of VLSI, followed in chapter seven by a model for comparing the cost and performance of VLSI architectures. Chapter eight deals with novel architectures for all the basic arithmetic operations. These architectures provide a basic vocabulary of low complexity VLSI arithmetic structures for a wide range of applications.The design of a VLSI device, the Advanced Cipher Processor (ACP), to implement the RSA algorithm is described in chapter nine. It's heart is the modular exponential unit, which is a synthesis of the architectures in chapter eight. The ACP is capable of a throughput of 50 000 bits per second