Title: Ciphertext Only Cryptanalytic Attack on Merkle-Hellman Knapsack: Dynamic Programming Algorithm
1Ciphertext Only Cryptanalytic Attack on
Merkle-Hellman Knapsack Dynamic Programming
Algorithm
- Input Aa1, a2, an public key, S -
ciphertext - Output The binary array B plaintext
- Algorithm Let Pi, j be TRUE if there is a
subset of first i elements of A - that sums to j, 0 i
n , 0 j S - Step 1 Computation of P
- P00 ? TRUE
- for j 1 to S do P0j ? FALSE
- for i 1 to n do
- for j 0 to S do
- if (j Ai lt 0) Pij Pi-1j
-
- else Pij Pi-1j-Ai or
Pi-1j -
2Step 2 Backtracking
- Let B be an array of n 1 elements initialized
to 0 - i ? n, j ? S
- while i gt 0
- if (j Ai) 0)
- if (Pi-1j-Ai is True)
- Bi ? Bi 1
- j ? j Ai
- i ? i 1
- else i ? i 1
- Output array B, elements of B that equal to 1
construct a - desired subset of A that sums to S
3EXAMPLEInput A1, 4, 5, 2, S 3
j 0 j 1 j 2 j 3
i 0 TRUE FALSE FALSE FALSE
i 1 A1 1 TRUE TRUE Element is taken FALSE FALSE
i 2 A2 4 TRUE TRUE FALSE FALSE
i 3 A3 5 TRUE TRUE FALSE FALSE
i 4 A4 2 TRUE TRUE TRUE TRUE Element is taken
4Merkle-Hellman Multiplicative Knapsack
Cryptosystem
- Alice
- Chooses set of relatively prime numbers
- P p1, pn private (easy) knapsack
- Chooses prime M gt p1 pn
- Chooses primitive root b mod M
- Computes the public (hard) knapsack
- A a1, .an, where ai is discrete logarithm
of pi to base b - 1 ? ai lt M, such that
- Private Key P, M, b
- Public Key A
5Merkle-Hellman Multiplicative Knapsack
Cryptosystem- Encryption
- Binary Plaintext T breaks up into sets of n
elements long T T1, Tk - For each set Ti compute
- Ci is the ciphertext that corresponds to
plaintext Ti - C C1, Ck) is ciphertext that corresponds to
the plaintext T - C is sent to Alice
6Merkle-Hellman Multiplicative Knapsack
Cryptosystem- Decryption
- For each Ci computes
- Si is a subset product of the easy knapsack
- Tij 1 if and only if pj divides Si
7Merkle-Hellman Multiplicative Knapsack Example
- Easy (Private) Knapsack P 2, 3, 5, 7
- M 211, b 17
- Hard (Public) Knapsack A 19, 187, 198, 121
- 2 ? 1719(mod 211), 3 ? 17187(mod 211),
- 5 ? 17198(mod 211), 7 ? 17121(mod 211)
- Plaintext T 1101
- Ciphertext C 327 19 187 121
- Decryption S 42 17327(mod 211)
- 42 21 31 50 71
- Plaintext 1101