ISSN : 0975-3273
EISSN : 0975-9085
ABOUD S.J.1*
1Department of Information Technology, Iraqi Council of Representatives, Baghdad-Iraq
* Corresponding Author : sattar_aboud@yahoo.com
Received : 02-07-2013 Accepted : 15-07-2013 Published : 14-12-2013
Volume : 5 Issue : 1 Pages : 138 - 140
Adv Comput Res 5.1 (2013):138-140
Conflict of Interest : None declared
In this paper, we analyze the Akleylek, et al. scheme and their try to enhance a security of peer-to-peer network by merging ElGamal scheme with knapsack system. We demonstrate that this combination disclose a security and causes a scheme weak to cipher-text only attack. So, in a network a hacker can use this attack and easily decrypt an encrypted message. Also, we illustrate that a receiver cannot recover an encrypted message in polynomial time. Thus, this scheme is entirely inappropriate to employ in the peer-to-peer networks. We will change this scheme to enhance security and efficiency.
Public key encryption, cryptanalysis, ElGamal scheme, knapsack system, hybrid encryption.
The use of computer network is increased day by day. This development produces a number of nodes to increase. By increasing a customer, a server becomes full of activity and inadequate while a bandwidth is sufficient. Furthermore, because the diversity of requests is growth, server may not have information a user needed. We can conquer these problems by using peer-to-peer network. The peer-to-peer network have not central server, some powerful nodes work as servers. In a fourth generation, streams over peer-to-peer network are supported. Thus, every node can communicate with another. The most influential problem in a peer-to-peer network is security. There are some ways to make peer-to-peer networks secure. Cryptosystem has a significant role in every way. Cryptosystem is the art of keeping information secure from overhearing and other malicious behavior. Thus, cryptography is very useful in peer-to-peer schemes because it can protect message and check its integrity. Akleylek, et al. [1] presented a modified scheme for security in peer-to-peer network. In their scheme, they try to increase a security of peer-to-peer system by combining ElGamal scheme [2] with knapsack scheme. The knapsack system is NP-complete [3-6] . This difficulty cannot be clearly solved even when applying quantum computers. They use ElGamal scheme to hide private knapsack to generate the public-key. But as we illustrate, this combination disclosures a security and makes a scheme weak to encrypted cipher-text-only-attack. Thus, in a network hacker can use this attack and easily decrypt message from any challenge-cipher-text. Also, we show that this scheme is not practical. So, we attempt to modify it to increase security and efficiency.
The remainder of this article is organized as follows. In Section 2 we provide a mathematical background. In Section 3 we describe Akleylek, et al. scheme. Cryptanalysis of this scheme will be considered in Section 4. In Section 5 we revise this scheme in order to perform a good security and efficiency. Conclusion is provided in Section 6.
In this section, we provide the mathematical background and definitions which are required to show the proposed attack.
In this section we will discuss some mathematical background related to the proposed scheme.
Assume that the sequence of integers (w1,…..,wx) and suppose an integer z. If there is a subset of Wi so that the sum equivalent to integer z. That is equal to verify if there is a set of integer (v1,…..,vx) where so that
with
A subset sum problem is the decision problem that is NP-complete [5] .
A set (w1,…..,wx) of numbers is the super-increasing sequence, when for every i ≥ 2. However, the greedy algorithm to solve a subset sum problem when wi is the super-increasing sequence. Subtract a largest number from integer Z and repeat. The following method usefully resolves a subset sum problem for super-increasing sequence in a polynomial time.
Solving the super-increasing subset sum problem.
The sequence (w1,…..,wx) of integer which is a sum of the subset of wi, and an integer z.
(v1 ,..., vx) with v1 (0, 1), where
While i ≥ 1 do
{
If Z ≥ wi then
{
vi := 1;
z:= z - wi;
}
Else
{
vi := 1;
i:= i - 1;
}
} repeat
Return (v1 ,..., vx);
The set of positive values (w1,…..,wx) and a number rare provided. If there is the subset of wi where the result equals to r, specifically determine if there are values (v1 ,….., vx) where Such that vi
(0,1) where 1 ≤ i ≤ x A subset product problem is the decision problem. As noted in [7,8] , when wi are short primes and less than r, the difficulty is solved in polynomial time by factoring r. The product can be reviewed in the following theorem.
When (w1,…..,wx) are short primes, it can be solving a subset problem in polynomial time.
As wi are short primes and vi (0, 1) then:
If
Or if
Assume q be prime, a primitive element and an integer
. Compute element v where
, so that
. This is the discrete logarithm problem.
The ElGamal scheme is a public key scheme relied on a discrete logarithm problem. Suppose q is a prime number where a discrete logarithm problem is infeasible, and assume that is a generator. Every user chooses an arbitrary integer w where 1 ≤ w ≤ q - 2, and find
. Then (q, w, f) is public key and w is private key. Assume that we desire to transmit the message v to receiver. First, we choice a random element S so that 1 ≤ w ≤ q - 2. Then we find
and
. We pass the encrypted message(p1, p2) to a receiver. The encryption process in ElGamal scheme is probabilistic, since an encrypted message relies on both a message v and on a random integer S selected by user. To decrypt message v from encrypted message m, receiver should uses a private-key w and find
.
The cipher text-only attack is the situation in which a hacker attempts to determine a private key by only intercepted a cipher-text or decrypt cipher-text as a challenge. Every encryption scheme weak to this sort of attack and is considered entirely vulnerable.
Hacker knowledge: given and
.
Hacker purpose: get v1, v2,….. or a private key d.
In this section, we describe the Akleylek, et al. scheme. We aim to multiply the security of a proposed scheme by combing ElGamal scheme and knapsack scheme.
1. Every user selects the super-increasing sequence (w1 ,….., wx), so that , with 2 ≤ j ≤ x, and wi are integer values.
2. The keys of ElGamal (q, a, w, f) scheme are computed.
3. To computing public knapsack e=(c1 ,….., cx), randomly choice integer S with 1 ≤ s ≤ q-1 and do the following:
f = aw modq
zi = aS modq
ki = f S • wi modq
ci = (zi, ki)
e = ((z1, k1),...,(zx, kx))
d = (f,a,q,w,(w1,...,wx))
To encrypt x-bit binary message v=(v1,…..,vx), user should do the following
1. Find [Eq-1]
2. Send encrypted message m to a receiver.
To decrypt an encrypted message m, a receiver finds:
1. .
2. Upon finding r, we should get message v=(v1,…..,vx) from
3. We have with w1,…..,wx is a super-increasing sequence.
4. From Theorem 1, if wi are short primes, we can compute vi from r, else, a problem stays NP-complete and we cannot solve this difficulty.
5. In practice, Akleylek, et al., scheme is entirely unrealistic.
In this section, we illustrate that Akleylek, et al., scheme is defenseless to cipher text-only attack. However, we can find message from an encrypted message text as follows.
Assume m (p1, p2) is a challenge cipher text encrypted with Akleylek, et al., scheme and we aim to discover a related message. From [Eq-1] , we have
= m (p1, p2)
= (Zi, ki)Vi
= (Z1, k1)V1 ... (Zx, Kx)Vx
The element Zi = as mod q of a public-key is constant for every i, and we can let Zi = b with 1 ≤ i ≤ x. We have
[Eq-2]
With is a Hamming weight of a binary message v=(v1,…..,vx). From [Eq-2] , we can find Hamming weight y of message (v1,…..,vx). Thus, we know number of vi with vi=1. From [Eq-1] , we have
. Thus, we know number of ki and the result of them matches p2. To find these ki, we must obtain a y-tuple subset of k1,….,kx from public key
so that the result of them equal to p2. We indicate this subset by n. We can select y values of k1,….,kx in
ways. Thus, we require at most
bit processes to obtain such subsets. When finding these ki, we can find an original message from vi = 1 when
else = 0. We have
Therefore, a complexity of attack is O (xv).
This scheme is relied on multiplicative knapsack problem. The encrypted message is found by multiplying a public key and a message is retrieved by factoring an encrypted message raised to the secret power.
Each user should do the following:
1. Choose a prime q.
2. Verify an integer x where with qi is begin from q1 = 2
3. Arbitrarily select elements w,s so that 1 < w,s < q-1
4. Find f = aw mod q
5. Find Zi = as mod q
6. Find ki = f S pi mod q
7. Verify ci = (zi, ki)
8. Determine (x,q(c1,...,cx)) is a public key and (f,w,a,s) is a private key.
To encrypt x-bit binary message v=(v1,…..,vx), we calculate:
1. m = (p1, p2) = (Zi, ki)Vi mod q
2. Pass encrypted message m to a receiver.
To decrypt message v from encrypted message m, a receiver must do the following:
1. Find
2. While with
therefore
and thus
3. Since vi (0,1) so r is a result of some distinct primes qi.
4. By Theorem 1, we achieve that vi = 1 when qi / r else vi = 0.
In the proposed scheme, we have
1. , with
and b = zi = as mod q.
2. As discrete logarithm problem is difficult. Thus, we cannot verify Hamming weight y from p1 = by mod q and so, a proposed attack is not possible in this case.
When a prime q is selected small, then x is also small. Therefore, q, should be adequately large in order to avoid birthday-search over two the lists A and B of 2x/2 components to obtain a couple of sets where
In this paper, we propose the hybrid public key encryption. This scheme uses ElGamal scheme in a key generation algorithm for hiding a secure knapsack secret key and to make a public knapsack key. We illustrate that this combination discloses a security and becomes a scheme vulnerable to cipher text-only attack. To prevent this attack, we calculate a cipher text mod large prime q. Furthermore, we proved that a proposed scheme is unfeasible. We adapted this scheme for enhancing security and efficiency. In this case, when individual desires to break a scheme, should find discrete logarithm problem which is intractable.
[1] Akleylek S., Emmungil L. and Nureyev U. (2007) Journal of Application Computer Math., 6(22), 258-264.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[2] ElGamal T. (1985) IEEE Transactions on Information Theory, 31(4), 469-472.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[3] Ronald Cramer and Victor Shoup (2004) SIAM Journal on Computing, 33(1), 167-226.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[4] Dennis Hofheinz and Eike Kiltz (2007) Advances in Cryptology, Lecture Notes in Computer Science, 4622, 553-571.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[5] Yuan Chen, Xiaofeng Chen and Hui Li (2012) Proceedings of the Fourth International Conference on Intelligent Networking and Collaborative Systems, 264-269.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[6] Shabnam Parveen and Priyanka Gandhi (2012) International Journal of Engineering Research and Applications, 2(4), 873-876.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[7] Shabnam Parveen and Priyanka Gandhi (2012) International Journal of Engineering Research and Applications, 2(4), 873-876.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[8] Markku-Juhani Saarinen (2012) IEEE Symposium on Security and Privacy Workshops, 27-32.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus