A Public Key Cryptosystem Based on Complementing Sets

1
A Public Key Cryptosystem Based on Complementing
Sets

• By William A. Webb
• Washington State University
• Cryptologia April 1992
• Presented by
• Kathleen Repine

2
What is a complementing set?

• A1,A2,,Ak are such that each sum a1a2ak is
  unique for ai in Ai
• A1,A2,,Ak are complementing sets for A
• Aa1a2ak ai in Ai
• Example 0,2,4 and 0,1,6,7 are complementing
  sets for 0, 1, 2, ,10,11

3
The Question

• How might complementing sets be used to create a
  cryptosystem?
• Encoding finding the unique a in A that
  corresponds to n, the number to encode
• Decoding finding the elements aixi-1 s.t.
  Sum(aixi-1 ,i1..k)a and then calculating n from
  the xjs and the sizes of the Ais

4
Outline

• Constructing the keys (sets)
• Encryption and Decryption
• Knapsack problem and Cryptanalysis
• Future Work

5
Constructing the Sets I

• Arbitrarily choose r integers n1,,nr s.t. ni gt 1
• N0 1, Ni n1n2 ni
• S1, S2,, Sk is any partition of 0,1,,r-1 s.t.
  no consecutive integers are in any Si
• AiSum(yjNj, j in Si) 0ltyjltnj1
• A1,A2,,Ak are complementing sets for 0,Nr-1

6
Constructing the Sets I (Example)

• r3, n12, n23, n32
• N01, N12, N26, N312
• S10,2, S21
• A1y01y26 0lty0lt2, 0lty2lt2
• A10106,0116,1106,1116
  0,6,1,7
• A2 y12 0lty1lt3 02,12,220,2,4

7
Constructing Sets II

• miProduct(nj1, j in Si)Ai, mNr
• M0 1, Mi m1m2 mi
• Choose constants t1,,tk, and r1 and s1 s.t. s1gtm
  and (r1,s1)1
• Form Bir1(Aiti) (mod s1)
• B1,,Bk are complementing sets modulo s1

8
Constructing Sets II (Example)

• m1n1n3224, m2n23, m12
• M01, M14, M212
• t14, t26, s113, r13
• B13(04),30,15,3312,4,2,7 (mod 13)
• B23(06),24,305,11,4 (mod 13)

9
Constructing Sets III

• Choose r2 and s2 s.t. (r2,s2)1, s2gtks1
• Form Cir2Bi (mod s2) and permute into numerical
  order (permute Ai in parallel)
• C1,,Ck are complementing sets modulo s2
• Public key sets C1,,Ck
• Private key sets A1,,Ak and r1, r2, s1, s2,
  t1,,tk

10
Constructing Sets III (Example)

• r25, s229gt21326
• C1512,54,10,352,20,10,6 (mod 29)
  2,6,10,20 (mod 29)
• A10,6,1,70,7,1,6
• C225,55,2025,26,20 (mod 29)20,25,26 (mod
  29)
• A20,2,44,0,2

11
Encryption

• May encode number n in 0,m-1
• Each integer n in 0,m-1 is uniquely represented
  as a linear combination n Sum(xjMj, j0 to
  k-1) where 0ltxjltmj1
• Calculate n1 Sum(cixi-1,i1..k) where
  Cici1,cimi

12
Encryption Example

• n7x0M0x1M11x04x1
• Then x03, and x11
• C12,6,10,20
• C220,25,26
• n1c13c21102030

13
Decryption I

• r2-1 inverse of r2 (mod s2)
• n2least positive residue of r2-1n1(mod s2)
• r1-1 inverse of r1 (mod s1)
• n3least positive residue of
• (r1-1n2 - Sum(ti,i1k))(mod s1)
• Sum(ai,i1..k) for some ai in Ai 1ltiltk

14
Decryption II

• To find the ais
• Choose aj the largest element of Union(Ai,i1..k)
  which is at most n3 (aj in Aj)
• Choose the largest element of Union(Ai,iltgtj)
  which is at most n3-aj
• Continue
• Note does not work for all complementing sets,
  but does for A1,,Ak

15
Decryption III

• x0,,xk-1 are such that n3Sum(aixi-1,i1..k)
• nSum(xiMi,i0..k-1)

16
Decryption Example

• n130, r2-16, r1-19
• n26306 (mod 29)
• n396-(46)445 (mod 13)
• A10,7,1,6, A24,0,2, then a24,and a11
• Then x03 and x11
• nx0M0x1M131147

17
Constrained Knapsack Problem

• Sum(Sum(eijiciji, ji 1.. mi),i1..k)n1
• Sum(eiji,ji1..mi)1 for each i1,2,k
• Where eiji 0 or 1
• Equivalent to solving n1Sum(ci,i1..k), ci in
  Ci, where the Cis are complementing sets

18
Cryptanalysis

• Successful attacks against modified
  superincreasing knapsack problem and low density
  knapsack problem
• Neither directly apply to this version of the
  constrained knapsack problem (at the time of the
  paper)
• Due to the close relation, this cryptosystem
  might vulnerable

19
Future Work

• Try to break it

20
Questions?