SlideShare a Scribd company logo

1508.07756v1

Samir Crypticus
Samir Crypticus
1 of 14
Download to read offline
arXiv:1508.07756v1[cs.CR]31Aug2015 On a new fast public key cryptosystem Samir Bouftass E-mail : crypticator@gmail.com. September 1, 2015 Abstract This paper presents a new fast public key cryptosystem namely : a key exchange algorithm, a public key encryption algorithm and a digital signature algorithm, based on the difficulty to invert the following function : F(x) = (a × x)Mod(2p )Div(2q ) . Mod is modulo operation , Div is integer division operation , a , p and q are integers where (p > q) . In this paper we also evaluate the hardness of this problem by reducing it to SAT . Keywords : key exchange, public key encryption, digital signature, boolean satisfability problem, Multivariate polynomials over F(2) . 1 Introduction : Since its invention by Withfield Diffie and Martin Hellman [1] , Public key cryptography has imposed itself as the necessary and indispensable building block of every IT Security architecture. But in the last decades it has been proven that public key cryptosystems based on number theory problems are not immune againt quantum computing attacks [3]. The advent of low computing ressources mobile devices such wirless rfid sensors, smart cellphones, ect has also put demands on very fast and lightweight public key algorithms . Public key cryptosystem presented in this paper is not based on number theory problems and is very fast compared to Diffie-Hellman [1] and RSA algorithms [2]. It is based on the difficulty to invert the following function : F(x) = (a × x)Mod(2p)Div(2q) . Mod is modulo operation , Div is Integer division operation , a , p and q are known integers where (p > q) . In this paper we construct three public key algorithms based on this problem namely a key exchange algorithm, a public key encryption algorithm and a digital signature algorithm. We prove its efficiency compared to Diffie-Hellman and RSA, and that the underlying problem can be a hard SAT instance [4] or a equations set of multivariate polynomials over F(2) . 1
2 Secret key exchange algorithm : Before exchanging a secret key, Alice and Bob shared a knowledge of : Integers [ l, m, p, q, r, Z ] satisfying following conditions : q = l + m − p , p > m + q + r, Z is l bits long. To exchange a secret key : - 1 Bob chooses randomly a integer X. [ X ] is m bits and a private knowledge of Bob. - 2 Computes number U = (X × Z)Mod(2p)Div(2q) , and sends it to Alice. - 3 Alice chooses randomly a integer Y . [ Y ] is m bits and a private knowledge of Alice. - 4 Computes number V = (Y × Z)Mod(2p)Div(2q) , and sends it to Bob. - 5 Bob computes number Wa = (X × V )Mod(2p−q)Div(2m+r). - 6 Alice computes number Wb = (Y × U)Mod(2p−q)Div(2m+r). Our experiments shows us that Pr[Wa = Wb] = 1 − 0.3 ∗ 2−r. If Bob and Alice chooses r great enough say superior to 128, Pr[Wa = Wb] will be negligible, they can use then this protocol as a key exchange algorithm Secrete key exchanged is the number : W = (X × V )Mod(2(p−q))Div(2m+r) = (Y × U)Mod(2(p−q))Div(2m+r) A python implementation of this algorithm is provided in Appendix A 2
3 Public key encryption algorithm : 3.1 Encryption : In order to send a encrypted message to Bob, Alice performs the following steps : -1 She gots his public key composed by integers [ l, m, p, q, r, Z, U ] , satisfying : q = l + m − p, p > m + q + r , U = (X × Z)Mod(2p)Div(2q), Z is l bits long. [ X ] is the m bits long private key of Bob. - 2 She chooses randomly a integer Y which is m bits long . - 3 She computes number V = (Y × Z)Mod(2p)Div(2q), then the secret key W = (Y × U)Mod(2p−q)Div(2m+r). - 4 She encrypts with secret key W her plaintext and sends corresponding ciphertext and number V to Bob. 3.2 Decryption : In order to decrypt the ciphertext recieved from Alice, Bob performs the following steps : - 1 With his private key X and number V recieved from Alice, he computes secret key W = (X × V )Mod(2p−q)Div(2m+r). - 2 With secret key W, he decrypts the ciphertext recieved from Alice. 3
4 Digital signature Algorithm : Bob’s public key is composed by integers [ l, m, p, q, r, Z, U ] , satisfying : q = l + m − p , p > l + q + r, U = (X × Z)Mod(2p)Div(2q), X is m bits whereas Z is l bits long. 4.1 Signature : In order to sign a Message Msg, Bob performs the following steps : - 1 He chooses randomely an m bit long integer Y . - 2 Hashes Msg by a hash function HF and gets a digest H which length in bits is the same as elements Z of his public key . with his private key [X], he computes : S1 = (Y × Z)Mod(2p)Div(2q) and S2 = (H × (X + Y ))Mod(2p)Div(2q) - 3 Sends Message Msg and signature (S1, S2) to Alice. 4.2 Verification : In order to verify that Message Msg is sent by Bob, Alice performs the following steps : - 1 She gots his public key. - 2 Hashes Msg by HF and gets a digest H which the length in bits is l the same as Zs. - 3 From digest H, signature (S1, S2) and the elements [ p, q, l, U, Z ] of Bob’s public key, She computes Wa = (H×(S1+U))Mod(2p−q)Div(2l+r) and Wb = (Z×S2)Mod(2p−q)Div(2l+r). - 4 Compares Wa to Wb , Msg is sent by Bob if Wa = Wb A python implementation of this algorithm is provided in Appendix B 4
5 Efficiency : The key exchange algorithm presented in this paper can be realised by a multiplication circuit where some leftmost and righmost output bits are discarded, meaning that it has a time complexity of O(n2). In comparaison to standardised key exchange algorithms such as Diffie-Hellman in the multiplicatif group or RSA whose time complexities are O(n3), under the same security parameters, presented key exchange algorithm is O(n) time faster. The same can be said about presented public key and digital signature algorithms since they are basically applications of the key exchange algorithm. 6 Security : The Security of presented public key cryptosystem is based on the difficulty of finding X and Y while knowing Z, l, m, p, q, r, U = (X × Z)Mod(2p)Div(2q), V = (Y × Z)Mod(2p)Div(2q) l + m = p + q, p > m + q + r, Z is l bit long , X and Y are m bits. To get X from U and Y from V , a attacker should : 1 - Invert F(X) = U = (Z × X)Mod(2p)Div(2q) 2 - Invert F(Y ) = V = (Z × Y )Mod(2p)Div(2q). Puting it otherwise, presented public key cryptosystem is based on the difficulty to invert the fol- lowing function : F(x) = y = (a × x)Mod(2p)Div(2q). a, x, p and q are known integers, while a and x are respectively n and m bits long, (n > m) and (p > q) . At first glance we can notice that it is easy to verify a solution but it is difficult to find one, implying that this problem is in NP. In our knowlege it has never been mentioned in the literature. In subsequent section we will reduce it to SAT in order to evaluate its hardness. 5
6.1 Hardness evaluation : Let A, X, Y , n, m be integers where A, X are rescpectively n and m bits long (m ≤ n). The binary representation of A is a(n−1)...a(i+1)a(i)...a(0). The binary representation of X is x(m−1)...x(i+1)x(i)...x(0) . The binary representation of Y is y(n+m−1)...y(i+1)y(i)...y(0) . Y is the arithmetic product of A and X, Y ’s bits in function of A’s bits and X’s bits can be translated by the following set of algebric equations (1) : c0 = 0 For ( j = 0 to m − 1 ) : yj = (( j i=0 a(j−i) × xi) + cj)Mod(2) and cj+1 = (( j−1 i=0 a(j−i) × xi) + cj)Div(2) For ( j = m − 1 to n − 1 ) : yj = (( m−1 i=0 a(j−i) × xi) + cj)Mod(2) and cj+1 = (( m−1 i=0 a(j−1−i) × xi) + cj)Div(2) For ( j = n − 1 to m + n − 1 ) : yj = (( m−1 i=j−n+1 a(j−i) × xi) + cj)Mod(2) and cj+1 = (( m−1 i=j−n a(j−i) × xi) + cj)Div(2) cj is the retenue bit of multiplication product (Y = A × X) at column j. In our problem we have as unknowns bits Y0→q and Yp→(m+n−1) (1) become then following set of algebric equations (2) : For ( j = q to m − 1 ) : yj = (( j i=0 a(j−i) × xi) + cj)Mod(2) and cj+1 = (( j−1 i=0 a(j−i) × xi) + cj)Div(2) For ( j = m − 1 to n − 1 ) : yj = (( m−1 i=0 a(j−i) × xi) + cj)Mod(2) and cj+1 = (( m−1 i=0 a(j−1−i) × xi) + cj)Div(2) 6
For ( j = n − 1 to p ) : yj = (( m−1 i=j−n+1 a(j−i) × xi) + cj)Mod(2) and cj+1 = (( m−1 i=j−n a(j−i) × xi) + cj)Div(2) Set of algebric equations (2) can be translated to following set of logical equations (3). If (j ≤ m) cj = Fj(x(j−1), ..., x(k+1), x(k), ..., x0, c(j−1)) If (m ≤ j) cj = Fj(xm, ..., x(k+1), x(k), ..., x0, c(j−1)) ∧m j=q((⊕j i=0(a(j−i) ∧ xi) ⊕ cj) = yj) = true ∧n j=m((⊕j i=j−m(a(j−i) ∧ xi) ⊕ cj) = yj) = true ∧p j=n((⊕n i=j−n(a(j−i) ∧ xi) ⊕ cj) = yj) = true Notice this set of logical equation is practicaly the same set resulting from reducing FACT to SAT, In paper [9] Authors had suggested to use FACT as a source of Hard SAT Instances, moreover SAT Solvers to this day are still inefficient in solving this sort of SAT instances. Every logical function can be realised by nands gates , if we replace ¬xi by (1 − xi) , ( xi ∧ xj ) by ( xi × xj ) (3) can also be translated to following set of multivariate polynomials equations : If (q ≤ j ≤ m − 1) : yj = (( j i=0 a(j−i) × xi) + Fj(x0, ....xm))Mod(2) If (m − 1 ≤ j ≤ n − 1) : yj = (( m−1 i=0 a(j−i) × xi) + Fj(x0, ....xm))Mod(2) If (n − 1 ≤ j ≤ p) : yj = (( m−1 i=j−n+1 a(j−i) × xi) + Fj(x0, ....xm))Mod(2) Where Fj’s are multivariate polynomials corresponding to carries cj Summing it up, to break presented public key cryptosystem one had to solve SAT instances re- sulting from logical equations containing lot of Xors which is not that evident if the number of unknown bits are high enough [6]. Or solve sets of multivariate polynomials equations over F(2) with degrees superior or equal to parameter q. 7
7 Conclusion , open question and future work : In this paper we have presented a new fast public key cryptosystem based on the difficulty of in- verting the following function : F(x) = (a × x)Mod(2p)Div(2q) . Mod is modulo operation , Div is integer division operation , a , p and q are known integers where (p > q) . We have proved its efficiency compared to Diffie Hellman and RSA cryptosystems. We have also proved that its security is based on a new problem that can be viewed as a hard sat instance or a set of multivariate polynomial equations over F(2) . The fact that its security is not based on number theory problems is also a proof of its resistance against current quantum computing attacks [3]. The last decade have seen a enormous progress of SAT Solvers but they are still inefficient in solving logical statements containg a lot of xors which is the case of our problem [5][6][7]. SAT is NP complete, meaning that solving it can take exponential time. It is has been found that the hardest instances of a SAT problem depends on its constraindness which is defined as the ratio of clauses to variables [8]. This lead us to ask what forms should have the integers composing public parameters of our PKCS in order to produce hard SAT instances even to a eventual SAT Solver that have not problems with xor clauses. Recently we have found a way to build public key cryptosystems based on the difficulty of inverting the following function : F(x) = (a × x)Mod(bp)Div(bq) . Mod is modulo operation , Div is integer division operation , a , b , p and q are known integers where (p > q) . This work will be the subject of a future paper. 8
References [1] Whitfield Diffie, Martin E.Hellman. New Directions in cryptography, IEEE Trans. on Info. Theory, Vol. IT-22, Nov. 1976 (1976) [2] R.L. Rivest , A. Shamir , L. Adleman. A method of obtaining digital signatures and public key cryptosystems , SL Graham, RL Rivest* Editors (1978) [3] Daniel J Bernstein, Johannes Buchmann, Erik Dahman. Post-Quantum Cryptography, (2009), Springer Verlag , Berlin Heidelberg . [4] Thomas J Schaefer. The complexity of satisfability problems , (1978), Departement of Mathe- matics University of California, Berkeley . [5] Stefan Schoenmackers, Anna Cavender. Satisfy This: An Attempt at Solving Prime Factor- ization using Satisfiability Solvers , (2005), Department of Computer Science, University of Washington . [6] Mate Soosy, Karsten Nohlz, and Claude Castellucciay. Extending SAT Solvers to Cryptographic Problems, (2009), INRIA Rhone-Alpes, University of Virginia . [7] Tero Laitinen, Tommi Junttila, Ilkka NiemelConflict-Driven XOR-Clause Learning , (2014), Logic in Computer Science . [8] Eugene Nudelman, Kevin Leyton-Brown, Holger H. Hoos, Alex Devkar, Yoav Shoham Under- standing Random SAT: Beyond the Clauses-to-Variables Ratio , (1978), Principles and Practice of Constraint Programming CP 2004 Lecture Notes in Computer Science Volume 3258, 2004 . [9] Satoshi Horie, Osamu Watanabe Hard instance generation for SAT , Algorithm and Computa- tion, Lecture Notes in Computer Science Volume 1350,1997, pp 22-31 , Date 29 Jul 2005 9
8 Appendix A : Following python script is a ” practical ” proof of correctness of key exchange algorithm presented in this paper. (pycrypto library is needed ) ======================================================== import sys from Crypto.Util.number import getRandomNBitInteger def ModDiv(A,B,C) : return (A % B ) // C l = sys.argv[1] m = sys.argv[2] p = sys.argv[3] q = sys.argv[4] r = sys.argv[5] try: l = int(l) m = int(m) p = int(p) q = int(q) r = int(r) except ValueError: print(’Invalid Arguments’) if m + q + r ≥ p : print(””) print(”Public Parameter l = %d” %l) print(”Public Parameter m = %d” %m) print(”Public Parameter p = %d” %p) print(”Public Parameter q = %d” %q) print(”Public Parameter r = %d” %r) print(””) print(’Condition (p > m + q + r) is not fulfilled !’) else : ” Size in bits of public pararameter Z is l ” 10
Z = getRandomNBitInteger(l,randfunc=None) ” Size in bits of private parameters X and Y is m ” X = getRandomNBitInteger(m,randfunc=None) Y = getRandomNBitInteger(m,randfunc=None) M = pow(2,p) M1 = pow(2,p-q) D = pow(2,q) D1 = pow(2,m+r) ” If r = 0, In 30 % percents, the keys computed by Alice and Bob are not identical : ” ” Wa = Wb ± 1, this is due to bit carry propagation, if r is increased by one ” ” the probability that Wa is diffrent to Wb is devided by two. ” U = ModDiv(Z*X,M,D) V = ModDiv(Z*Y,M,D) Wa = ModDiv(U*Y,M1,D1) Wb = ModDiv(V*X,M1,D1) print(””) print(”Public Parameters :”) print(”===================”) print(””) print(”Public Parameter l = %d” %l) print(”Public Parameter m = %d” %m) print(”Public Parameter p = %d” %p) print(”Public Parameter q = %d” %q) print(”Public Parameter r = %d” %r) print(”Public Parameter Z = %d” %Z) print(””) print(”Private Parameters :”) print(”====================”) print(””) print(”Alice Private Parameter X = %d” %X) print(”Bob Private Parameter Y = %d” %Y) print(””) 11
print(”Shared Parameters :”) print(”=============”) print(””) print(”Parameter shared with Bob by Alice U = %d” %U) print(”Parameter shared with Alice by Bob V = %d” %V) print(””) print(”Exchanged Secret Key :”) print(”======================”) print(””) print(”Secret key computed by Alice Wa = %d” %Wa) print(”Secret key computed by Bob Wb = %d” %Wb) print(””) sys.exit ======================================================== You can download this script from : https : //github.com/Crypticator/ModDiv/blob/master/Kex.py 9 Appendix B : Following python script is a ” practical ” proof of correctness of digital signature algorithm pre- sented in this paper. (pycrypto library is needed ) ======================================================== import sys from Crypto.Util.number import getRandomNBitInteger def ModDiv(A,B,C) : return (A % B ) // C l = sys.argv[1] m = sys.argv[2] p = sys.argv[3] q = sys.argv[4] r = sys.argv[5] 12
try: l = int(l) m = int(m) p = int(p) q = int(q) r = int(r) except ValueError: print(’Invalid Arguments’) if m + q + r ≥ p : print(””) print(”Public Parameter l = %d” %l) print(”Public Parameter m = %d” %m) print(”Public Parameter p = %d” %p) print(”Public Parameter q = %d” %q) print(”Public Parameter r = %d” %r) print(””) print(’Condition (p > m + q + r) is not fulfilled !’) else : ” Size in bits of public pararameter Z is l ” Z = getRandomNBitInteger(l,randfunc=None) ” a hash value of a hypothetical file ” H = getRandomNBitInteger(l,randfunc=None) ” Size in bits of private parameters X and Y is m ” X = getRandomNBitInteger(m,randfunc=None) Y = getRandomNBitInteger(m,randfunc=None) M = pow(2,p) M1 = pow(2,p-q) D = pow(2,q) D1 = pow(2,l+r) U = ModDiv(Z*X,M,D) S1 = ModDiv(Z*Y,M,D) S2 = ModDiv(H*(X+Y) ,M,D) Wa = ModDiv(H*(S1+U),M1,D1) Wb = ModDiv(Z*S2,M1,D1) 13
print(””) print(”Public Parameters :”) print(”===================”) print(””) print(”Public Parameter l = %d” %l) print(”Public Parameter m = %d” %m) print(”Public Parameter p = %d” %p) print(”Public Parameter q = %d” %q) print(”Public Parameter r = %d” %r) print(”Public Parameter Z = %d” %Z) print(”Public Parameter H = %d” %H) print(””) print(”Private Parameters :”) print(”====================”) print(””) print(”Private key X = %d” %X) print(”Ephemeral key Y = %d” %Y) print(””) print(”Signature:”) print(”==========”) print(””) print(”S1 = %d” %S1) print(”S2 = %d” %S2) print(””) print(”Verification :”) print(”==============”) print(””) print(”Wa = %d” %Wa) print(”Wb = %d” %Wb) print(””) sys.exit ======================================================== You can download this script from : https : //github.com/Crypticator/ModDiv/blob/master/moddiv/Sig.py 14

Recommended

Spreading Rumors Quietly and the Subgroup Escape Problem
Spreading Rumors Quietly and the Subgroup Escape ProblemSpreading Rumors Quietly and the Subgroup Escape Problem
Spreading Rumors Quietly and the Subgroup Escape ProblemAleksandr Yampolskiy
 
On the Secrecy of RSA Private Keys
On the Secrecy of RSA Private KeysOn the Secrecy of RSA Private Keys
On the Secrecy of RSA Private KeysDharmalingam Ganesan
 
NCCU CPDA Lecture 12 Attribute Based Encryption
NCCU CPDA Lecture 12 Attribute Based EncryptionNCCU CPDA Lecture 12 Attribute Based Encryption
NCCU CPDA Lecture 12 Attribute Based EncryptionNational Chengchi University
 
Security of RSA and Integer Factorization
Security of RSA and Integer FactorizationSecurity of RSA and Integer Factorization
Security of RSA and Integer FactorizationDharmalingam Ganesan
 
Active Attacks on DH Key Exchange
Active Attacks on DH Key ExchangeActive Attacks on DH Key Exchange
Active Attacks on DH Key ExchangeDharmalingam Ganesan
 
RSA cracking puzzle
RSA cracking puzzleRSA cracking puzzle
RSA cracking puzzleDharmalingam Ganesan
 
THE KEY EXCHANGE CRYPTOSYSTEM USED WITH HIGHER ORDER DIOPHANTINE EQUATIONS
THE KEY EXCHANGE CRYPTOSYSTEM USED WITH HIGHER ORDER DIOPHANTINE EQUATIONSTHE KEY EXCHANGE CRYPTOSYSTEM USED WITH HIGHER ORDER DIOPHANTINE EQUATIONS
THE KEY EXCHANGE CRYPTOSYSTEM USED WITH HIGHER ORDER DIOPHANTINE EQUATIONSIJNSA Journal
 
Social Network Analysis
Social Network AnalysisSocial Network Analysis
Social Network Analysisrik0
 

Recommended

Spreading Rumors Quietly and the Subgroup Escape Problem
Spreading Rumors Quietly and the Subgroup Escape ProblemSpreading Rumors Quietly and the Subgroup Escape Problem
Spreading Rumors Quietly and the Subgroup Escape ProblemAleksandr Yampolskiy
 
On the Secrecy of RSA Private Keys
On the Secrecy of RSA Private KeysOn the Secrecy of RSA Private Keys
On the Secrecy of RSA Private KeysDharmalingam Ganesan
 
NCCU CPDA Lecture 12 Attribute Based Encryption
NCCU CPDA Lecture 12 Attribute Based EncryptionNCCU CPDA Lecture 12 Attribute Based Encryption
NCCU CPDA Lecture 12 Attribute Based EncryptionNational Chengchi University
 
Security of RSA and Integer Factorization
Security of RSA and Integer FactorizationSecurity of RSA and Integer Factorization
Security of RSA and Integer FactorizationDharmalingam Ganesan
 
Active Attacks on DH Key Exchange
Active Attacks on DH Key ExchangeActive Attacks on DH Key Exchange
Active Attacks on DH Key ExchangeDharmalingam Ganesan
 
RSA cracking puzzle
RSA cracking puzzleRSA cracking puzzle
RSA cracking puzzleDharmalingam Ganesan
 
THE KEY EXCHANGE CRYPTOSYSTEM USED WITH HIGHER ORDER DIOPHANTINE EQUATIONS
THE KEY EXCHANGE CRYPTOSYSTEM USED WITH HIGHER ORDER DIOPHANTINE EQUATIONSTHE KEY EXCHANGE CRYPTOSYSTEM USED WITH HIGHER ORDER DIOPHANTINE EQUATIONS
THE KEY EXCHANGE CRYPTOSYSTEM USED WITH HIGHER ORDER DIOPHANTINE EQUATIONSIJNSA Journal
 
Social Network Analysis
Social Network AnalysisSocial Network Analysis
Social Network Analysisrik0
 
Chapter 06 rsa cryptosystem
Chapter 06 rsa cryptosystemChapter 06 rsa cryptosystem
Chapter 06 rsa cryptosystemAnkur Choudhary
 
RSA without Padding
RSA without PaddingRSA without Padding
RSA without PaddingDharmalingam Ganesan
 
Improved security system using steganography and elliptic curve crypto...
Improved security system using steganography and elliptic curve crypto...Improved security system using steganography and elliptic curve crypto...
Improved security system using steganography and elliptic curve crypto...atanuanwesha
 
F010243136
F010243136F010243136
F010243136IOSR Journals
 
Lattice Cryptography
Lattice CryptographyLattice Cryptography
Lattice CryptographyPriyanka Aash
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSASrilal Buddika
 
Data Security Using Elliptic Curve Cryptography
Data Security Using Elliptic Curve CryptographyData Security Using Elliptic Curve Cryptography
Data Security Using Elliptic Curve CryptographyIJCERT
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionDharmalingam Ganesan
 
Final Report-1-(1)
Final Report-1-(1)Final Report-1-(1)
Final Report-1-(1)Chandramowliswaran NARAYANASWAMY
 
Magic graphs
Magic graphsMagic graphs
Magic graphsSpringer
 
Rsa Signature: Behind The Scenes
Rsa Signature: Behind The Scenes Rsa Signature: Behind The Scenes
Rsa Signature: Behind The Scenes acijjournal
 
Csr2011 june15 12_00_davydow
Csr2011 june15 12_00_davydowCsr2011 june15 12_00_davydow
Csr2011 june15 12_00_davydowCSR2011
 
An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)Dharmalingam Ganesan
 
Animashree Anandkumar, Electrical Engineering and CS Dept, UC Irvine at MLcon...
Animashree Anandkumar, Electrical Engineering and CS Dept, UC Irvine at MLcon...Animashree Anandkumar, Electrical Engineering and CS Dept, UC Irvine at MLcon...
Animashree Anandkumar, Electrical Engineering and CS Dept, UC Irvine at MLcon...MLconf
 
The RSA Algorithm
The RSA AlgorithmThe RSA Algorithm
The RSA AlgorithmANTONY P SAIJI
 
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEM
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEMLITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEM
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEMIJNSA Journal
 
ON THE COVERING RADIUS OF CODES OVER Z4 WITH CHINESE EUCLIDEAN WEIGHT
ON THE COVERING RADIUS OF CODES OVER Z4 WITH CHINESE EUCLIDEAN WEIGHTON THE COVERING RADIUS OF CODES OVER Z4 WITH CHINESE EUCLIDEAN WEIGHT
ON THE COVERING RADIUS OF CODES OVER Z4 WITH CHINESE EUCLIDEAN WEIGHTijitjournal
 
Introduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyIntroduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyAlexandre Augusto Giron
 
Lattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemLattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemVarun Janga
 
Image Cryptography and Steganography
Image Cryptography and SteganographyImage Cryptography and Steganography
Image Cryptography and SteganographyMohammad Amin Amjadi
 
Analysis of a Modified RC4
Analysis of a Modified RC4 Analysis of a Modified RC4
Analysis of a Modified RC4 Tharindu Weerasinghe
 
3XRC4
3XRC43XRC4
3XRC4Samir Crypticus
 

More Related Content

What's hot

Chapter 06 rsa cryptosystem
Chapter 06 rsa cryptosystemChapter 06 rsa cryptosystem
Chapter 06 rsa cryptosystemAnkur Choudhary
 
Improved security system using steganography and elliptic curve crypto...
Improved security system using steganography and elliptic curve crypto...Improved security system using steganography and elliptic curve crypto...
Improved security system using steganography and elliptic curve crypto...atanuanwesha
 
Lattice Cryptography
Lattice CryptographyLattice Cryptography
Lattice CryptographyPriyanka Aash
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSASrilal Buddika
 
Data Security Using Elliptic Curve Cryptography
Data Security Using Elliptic Curve CryptographyData Security Using Elliptic Curve Cryptography
Data Security Using Elliptic Curve CryptographyIJCERT
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionDharmalingam Ganesan
 
Magic graphs
Magic graphsMagic graphs
Magic graphsSpringer
 
Rsa Signature: Behind The Scenes
Rsa Signature: Behind The Scenes Rsa Signature: Behind The Scenes
Rsa Signature: Behind The Scenes acijjournal
 
Csr2011 june15 12_00_davydow
Csr2011 june15 12_00_davydowCsr2011 june15 12_00_davydow
Csr2011 june15 12_00_davydowCSR2011
 
An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)Dharmalingam Ganesan
 
Animashree Anandkumar, Electrical Engineering and CS Dept, UC Irvine at MLcon...
Animashree Anandkumar, Electrical Engineering and CS Dept, UC Irvine at MLcon...Animashree Anandkumar, Electrical Engineering and CS Dept, UC Irvine at MLcon...
Animashree Anandkumar, Electrical Engineering and CS Dept, UC Irvine at MLcon...MLconf
 
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEM
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEMLITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEM
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEMIJNSA Journal
 
ON THE COVERING RADIUS OF CODES OVER Z4 WITH CHINESE EUCLIDEAN WEIGHT
ON THE COVERING RADIUS OF CODES OVER Z4 WITH CHINESE EUCLIDEAN WEIGHTON THE COVERING RADIUS OF CODES OVER Z4 WITH CHINESE EUCLIDEAN WEIGHT
ON THE COVERING RADIUS OF CODES OVER Z4 WITH CHINESE EUCLIDEAN WEIGHTijitjournal
 
Introduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyIntroduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyAlexandre Augusto Giron
 
Lattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemLattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemVarun Janga
 
Image Cryptography and Steganography
Image Cryptography and SteganographyImage Cryptography and Steganography
Image Cryptography and SteganographyMohammad Amin Amjadi
 

What's hot (20)

Chapter 06 rsa cryptosystem
Chapter 06 rsa cryptosystemChapter 06 rsa cryptosystem
Chapter 06 rsa cryptosystem
 
RSA without Padding
RSA without PaddingRSA without Padding
RSA without Padding
 
Improved security system using steganography and elliptic curve crypto...
Improved security system using steganography and elliptic curve crypto...Improved security system using steganography and elliptic curve crypto...
Improved security system using steganography and elliptic curve crypto...
 
F010243136
F010243136F010243136
F010243136
 
Lattice Cryptography
Lattice CryptographyLattice Cryptography
Lattice Cryptography
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSA
 
Data Security Using Elliptic Curve Cryptography
Data Security Using Elliptic Curve CryptographyData Security Using Elliptic Curve Cryptography
Data Security Using Elliptic Curve Cryptography
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor Function
 
Final Report-1-(1)
Final Report-1-(1)Final Report-1-(1)
Final Report-1-(1)
 
Magic graphs
Magic graphsMagic graphs
Magic graphs
 
Rsa Signature: Behind The Scenes
Rsa Signature: Behind The Scenes Rsa Signature: Behind The Scenes
Rsa Signature: Behind The Scenes
 
Csr2011 june15 12_00_davydow
Csr2011 june15 12_00_davydowCsr2011 june15 12_00_davydow
Csr2011 june15 12_00_davydow
 
An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)
 
Animashree Anandkumar, Electrical Engineering and CS Dept, UC Irvine at MLcon...
Animashree Anandkumar, Electrical Engineering and CS Dept, UC Irvine at MLcon...Animashree Anandkumar, Electrical Engineering and CS Dept, UC Irvine at MLcon...
Animashree Anandkumar, Electrical Engineering and CS Dept, UC Irvine at MLcon...
 
The RSA Algorithm
The RSA AlgorithmThe RSA Algorithm
The RSA Algorithm
 
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEM
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEMLITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEM
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEM
 
ON THE COVERING RADIUS OF CODES OVER Z4 WITH CHINESE EUCLIDEAN WEIGHT
ON THE COVERING RADIUS OF CODES OVER Z4 WITH CHINESE EUCLIDEAN WEIGHTON THE COVERING RADIUS OF CODES OVER Z4 WITH CHINESE EUCLIDEAN WEIGHT
ON THE COVERING RADIUS OF CODES OVER Z4 WITH CHINESE EUCLIDEAN WEIGHT
 
Introduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyIntroduction - Lattice-based Cryptography
Introduction - Lattice-based Cryptography
 
Lattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemLattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH Cryptosystem
 
Image Cryptography and Steganography
Image Cryptography and SteganographyImage Cryptography and Steganography
Image Cryptography and Steganography
 

Viewers also liked

"It's all about Time" - Presentation at the National Instruments Aerospace & ...
"It's all about Time" - Presentation at the National Instruments Aerospace & ..."It's all about Time" - Presentation at the National Instruments Aerospace & ...
"It's all about Time" - Presentation at the National Instruments Aerospace & ...Marco Lisi
 
Icl gnss helsinki-2014_lisi_v02
Icl gnss helsinki-2014_lisi_v02Icl gnss helsinki-2014_lisi_v02
Icl gnss helsinki-2014_lisi_v02Marco Lisi
 
Malicious File for Exploiting Forensic Software
Malicious File for Exploiting Forensic SoftwareMalicious File for Exploiting Forensic Software
Malicious File for Exploiting Forensic SoftwareTakahiro Haruyama
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...EC-Council
 
Hello rootKitty: A lightweight invariance-enforcing framework
Hello rootKitty: A lightweight invariance-enforcing frameworkHello rootKitty: A lightweight invariance-enforcing framework
Hello rootKitty: A lightweight invariance-enforcing frameworkFrancesco Gadaleta
 
Master Homeland Security 2014 Lisi
Master Homeland Security 2014 LisiMaster Homeland Security 2014 Lisi
Master Homeland Security 2014 LisiMarco Lisi
 
BuBBle: a Javascript engine level countermeasure against heap-spraying attacks
BuBBle: a Javascript engine level countermeasure against heap-spraying attacksBuBBle: a Javascript engine level countermeasure against heap-spraying attacks
BuBBle: a Javascript engine level countermeasure against heap-spraying attacksFrancesco Gadaleta
 
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSSECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
 
Iwscff delft 2015_akhtyamov_golkar_lisi
Iwscff delft 2015_akhtyamov_golkar_lisiIwscff delft 2015_akhtyamov_golkar_lisi
Iwscff delft 2015_akhtyamov_golkar_lisiMarco Lisi
 
Sogei2014 lisi v01
Sogei2014 lisi v01Sogei2014 lisi v01
Sogei2014 lisi v01Marco Lisi
 
Security_in_Satellite_Systems_Lisi_2015
Security_in_Satellite_Systems_Lisi_2015Security_in_Satellite_Systems_Lisi_2015
Security_in_Satellite_Systems_Lisi_2015Marco Lisi
 
Turning client-side-to-server-side-ruxcon-2011-laurent
Turning client-side-to-server-side-ruxcon-2011-laurentTurning client-side-to-server-side-ruxcon-2011-laurent
Turning client-side-to-server-side-ruxcon-2011-laurentlgandx
 
20th kabandconference 2014_lisi_v03
20th kabandconference 2014_lisi_v0320th kabandconference 2014_lisi_v03
20th kabandconference 2014_lisi_v03Marco Lisi
 
"Giving the bad guys no sleep"
"Giving the bad guys no sleep""Giving the bad guys no sleep"
"Giving the bad guys no sleep"Christiaan Beek
 
Cnes workshop mw_filters_2015_angeletti_lisi_v01
Cnes workshop mw_filters_2015_angeletti_lisi_v01Cnes workshop mw_filters_2015_angeletti_lisi_v01
Cnes workshop mw_filters_2015_angeletti_lisi_v01Marco Lisi
 
Origine ed evoluzione_del_project_management
Origine ed evoluzione_del_project_managementOrigine ed evoluzione_del_project_management
Origine ed evoluzione_del_project_managementMarco Lisi
 
Satellites and Timing - Space Expo, Milan, 2015
Satellites and Timing - Space Expo, Milan, 2015Satellites and Timing - Space Expo, Milan, 2015
Satellites and Timing - Space Expo, Milan, 2015Marco Lisi
 

Viewers also liked (20)

Analysis of a Modified RC4
Analysis of a Modified RC4 Analysis of a Modified RC4
Analysis of a Modified RC4
 
3XRC4
3XRC43XRC4
3XRC4
 
"It's all about Time" - Presentation at the National Instruments Aerospace & ...
"It's all about Time" - Presentation at the National Instruments Aerospace & ..."It's all about Time" - Presentation at the National Instruments Aerospace & ...
"It's all about Time" - Presentation at the National Instruments Aerospace & ...
 
Icl gnss helsinki-2014_lisi_v02
Icl gnss helsinki-2014_lisi_v02Icl gnss helsinki-2014_lisi_v02
Icl gnss helsinki-2014_lisi_v02
 
Malicious File for Exploiting Forensic Software
Malicious File for Exploiting Forensic SoftwareMalicious File for Exploiting Forensic Software
Malicious File for Exploiting Forensic Software
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
 
Hello rootKitty: A lightweight invariance-enforcing framework
Hello rootKitty: A lightweight invariance-enforcing frameworkHello rootKitty: A lightweight invariance-enforcing framework
Hello rootKitty: A lightweight invariance-enforcing framework
 
Master Homeland Security 2014 Lisi
Master Homeland Security 2014 LisiMaster Homeland Security 2014 Lisi
Master Homeland Security 2014 Lisi
 
BuBBle: a Javascript engine level countermeasure against heap-spraying attacks
BuBBle: a Javascript engine level countermeasure against heap-spraying attacksBuBBle: a Javascript engine level countermeasure against heap-spraying attacks
BuBBle: a Javascript engine level countermeasure against heap-spraying attacks
 
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSSECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
 
Iwscff delft 2015_akhtyamov_golkar_lisi
Iwscff delft 2015_akhtyamov_golkar_lisiIwscff delft 2015_akhtyamov_golkar_lisi
Iwscff delft 2015_akhtyamov_golkar_lisi
 
Sogei2014 lisi v01
Sogei2014 lisi v01Sogei2014 lisi v01
Sogei2014 lisi v01
 
Security_in_Satellite_Systems_Lisi_2015
Security_in_Satellite_Systems_Lisi_2015Security_in_Satellite_Systems_Lisi_2015
Security_in_Satellite_Systems_Lisi_2015
 
Turning client-side-to-server-side-ruxcon-2011-laurent
Turning client-side-to-server-side-ruxcon-2011-laurentTurning client-side-to-server-side-ruxcon-2011-laurent
Turning client-side-to-server-side-ruxcon-2011-laurent
 
20th kabandconference 2014_lisi_v03
20th kabandconference 2014_lisi_v0320th kabandconference 2014_lisi_v03
20th kabandconference 2014_lisi_v03
 
"Giving the bad guys no sleep"
"Giving the bad guys no sleep""Giving the bad guys no sleep"
"Giving the bad guys no sleep"
 
Cnes workshop mw_filters_2015_angeletti_lisi_v01
Cnes workshop mw_filters_2015_angeletti_lisi_v01Cnes workshop mw_filters_2015_angeletti_lisi_v01
Cnes workshop mw_filters_2015_angeletti_lisi_v01
 
CeBIT SCALE 11 pitch
CeBIT SCALE 11 pitchCeBIT SCALE 11 pitch
CeBIT SCALE 11 pitch
 
Origine ed evoluzione_del_project_management
Origine ed evoluzione_del_project_managementOrigine ed evoluzione_del_project_management
Origine ed evoluzione_del_project_management
 
Satellites and Timing - Space Expo, Milan, 2015
Satellites and Timing - Space Expo, Milan, 2015Satellites and Timing - Space Expo, Milan, 2015
Satellites and Timing - Space Expo, Milan, 2015
 

Similar to 1508.07756v1

Signyourd digital signature certificate provider
Signyourd digital signature certificate providerSignyourd digital signature certificate provider
Signyourd digital signature certificate providerKishankant Yadav
 
RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2Fahad Layth
 
Convolution presentation
Convolution presentationConvolution presentation
Convolution presentationSoham Mondal
 
Novel encryption algorithm and software development ecc and rsa
Novel encryption algorithm and software development ecc and rsaNovel encryption algorithm and software development ecc and rsa
Novel encryption algorithm and software development ecc and rsaSoham Mondal
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyAbhijit Mondal
 
RSA SIGNATURE: BEHIND THE SCENES
RSA SIGNATURE: BEHIND THE SCENESRSA SIGNATURE: BEHIND THE SCENES
RSA SIGNATURE: BEHIND THE SCENESacijjournal
 
How to invent a new cryptosystem.pdf
How to invent a new cryptosystem.pdfHow to invent a new cryptosystem.pdf
How to invent a new cryptosystem.pdfMihailIulianPlea1
 
Paper computer
Paper computerPaper computer
Paper computerbikram ...
 
Paper computer
Paper computerPaper computer
Paper computerbikram ...
 
Divide-and-Conquer & Dynamic ProgrammingDivide-and-Conqu.docx
Divide-and-Conquer & Dynamic ProgrammingDivide-and-Conqu.docxDivide-and-Conquer & Dynamic ProgrammingDivide-and-Conqu.docx
Divide-and-Conquer & Dynamic ProgrammingDivide-and-Conqu.docxjacksnathalie
 
Reed solomon Encoder and Decoder
Reed solomon Encoder and DecoderReed solomon Encoder and Decoder
Reed solomon Encoder and DecoderAmeer H Ali
 
The Mathematics of RSA Encryption
The Mathematics of RSA EncryptionThe Mathematics of RSA Encryption
The Mathematics of RSA EncryptionNathan F. Dunn
 
basicsofcodingtheory-160202182933-converted.pptx
basicsofcodingtheory-160202182933-converted.pptxbasicsofcodingtheory-160202182933-converted.pptx
basicsofcodingtheory-160202182933-converted.pptxupendrabhatt13
 

Similar to 1508.07756v1 (20)

Codes and Isogenies
Codes and IsogeniesCodes and Isogenies
Codes and Isogenies
 
Signyourd digital signature certificate provider
Signyourd digital signature certificate providerSignyourd digital signature certificate provider
Signyourd digital signature certificate provider
 
RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2
 
D0111720
D0111720D0111720
D0111720
 
Convolution presentation
Convolution presentationConvolution presentation
Convolution presentation
 
Novel encryption algorithm and software development ecc and rsa
Novel encryption algorithm and software development ecc and rsaNovel encryption algorithm and software development ecc and rsa
Novel encryption algorithm and software development ecc and rsa
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
Randomized algorithms ver 1.0
Randomized algorithms ver 1.0Randomized algorithms ver 1.0
Randomized algorithms ver 1.0
 
RSA SIGNATURE: BEHIND THE SCENES
RSA SIGNATURE: BEHIND THE SCENESRSA SIGNATURE: BEHIND THE SCENES
RSA SIGNATURE: BEHIND THE SCENES
 
How to invent a new cryptosystem.pdf
How to invent a new cryptosystem.pdfHow to invent a new cryptosystem.pdf
How to invent a new cryptosystem.pdf
 
Paper computer
Paper computerPaper computer
Paper computer
 
Paper computer
Paper computerPaper computer
Paper computer
 
Rsa cryptosystem
Rsa cryptosystemRsa cryptosystem
Rsa cryptosystem
 
RSA
RSARSA
RSA
 
Divide-and-Conquer & Dynamic ProgrammingDivide-and-Conqu.docx
Divide-and-Conquer & Dynamic ProgrammingDivide-and-Conqu.docxDivide-and-Conquer & Dynamic ProgrammingDivide-and-Conqu.docx
Divide-and-Conquer & Dynamic ProgrammingDivide-and-Conqu.docx
 
Reed solomon Encoder and Decoder
Reed solomon Encoder and DecoderReed solomon Encoder and Decoder
Reed solomon Encoder and Decoder
 
Hamming codes
Hamming codesHamming codes
Hamming codes
 
The Mathematics of RSA Encryption
The Mathematics of RSA EncryptionThe Mathematics of RSA Encryption
The Mathematics of RSA Encryption
 
kactl.pdf
kactl.pdfkactl.pdf
kactl.pdf
 
basicsofcodingtheory-160202182933-converted.pptx
basicsofcodingtheory-160202182933-converted.pptxbasicsofcodingtheory-160202182933-converted.pptx
basicsofcodingtheory-160202182933-converted.pptx
 

1508.07756v1

  • 1. arXiv:1508.07756v1[cs.CR]31Aug2015 On a new fast public key cryptosystem Samir Bouftass E-mail : crypticator@gmail.com. September 1, 2015 Abstract This paper presents a new fast public key cryptosystem namely : a key exchange algorithm, a public key encryption algorithm and a digital signature algorithm, based on the difficulty to invert the following function : F(x) = (a × x)Mod(2p )Div(2q ) . Mod is modulo operation , Div is integer division operation , a , p and q are integers where (p > q) . In this paper we also evaluate the hardness of this problem by reducing it to SAT . Keywords : key exchange, public key encryption, digital signature, boolean satisfability problem, Multivariate polynomials over F(2) . 1 Introduction : Since its invention by Withfield Diffie and Martin Hellman [1] , Public key cryptography has imposed itself as the necessary and indispensable building block of every IT Security architecture. But in the last decades it has been proven that public key cryptosystems based on number theory problems are not immune againt quantum computing attacks [3]. The advent of low computing ressources mobile devices such wirless rfid sensors, smart cellphones, ect has also put demands on very fast and lightweight public key algorithms . Public key cryptosystem presented in this paper is not based on number theory problems and is very fast compared to Diffie-Hellman [1] and RSA algorithms [2]. It is based on the difficulty to invert the following function : F(x) = (a × x)Mod(2p)Div(2q) . Mod is modulo operation , Div is Integer division operation , a , p and q are known integers where (p > q) . In this paper we construct three public key algorithms based on this problem namely a key exchange algorithm, a public key encryption algorithm and a digital signature algorithm. We prove its efficiency compared to Diffie-Hellman and RSA, and that the underlying problem can be a hard SAT instance [4] or a equations set of multivariate polynomials over F(2) . 1
  • 2. 2 Secret key exchange algorithm : Before exchanging a secret key, Alice and Bob shared a knowledge of : Integers [ l, m, p, q, r, Z ] satisfying following conditions : q = l + m − p , p > m + q + r, Z is l bits long. To exchange a secret key : - 1 Bob chooses randomly a integer X. [ X ] is m bits and a private knowledge of Bob. - 2 Computes number U = (X × Z)Mod(2p)Div(2q) , and sends it to Alice. - 3 Alice chooses randomly a integer Y . [ Y ] is m bits and a private knowledge of Alice. - 4 Computes number V = (Y × Z)Mod(2p)Div(2q) , and sends it to Bob. - 5 Bob computes number Wa = (X × V )Mod(2p−q)Div(2m+r). - 6 Alice computes number Wb = (Y × U)Mod(2p−q)Div(2m+r). Our experiments shows us that Pr[Wa = Wb] = 1 − 0.3 ∗ 2−r. If Bob and Alice chooses r great enough say superior to 128, Pr[Wa = Wb] will be negligible, they can use then this protocol as a key exchange algorithm Secrete key exchanged is the number : W = (X × V )Mod(2(p−q))Div(2m+r) = (Y × U)Mod(2(p−q))Div(2m+r) A python implementation of this algorithm is provided in Appendix A 2
  • 3. 3 Public key encryption algorithm : 3.1 Encryption : In order to send a encrypted message to Bob, Alice performs the following steps : -1 She gots his public key composed by integers [ l, m, p, q, r, Z, U ] , satisfying : q = l + m − p, p > m + q + r , U = (X × Z)Mod(2p)Div(2q), Z is l bits long. [ X ] is the m bits long private key of Bob. - 2 She chooses randomly a integer Y which is m bits long . - 3 She computes number V = (Y × Z)Mod(2p)Div(2q), then the secret key W = (Y × U)Mod(2p−q)Div(2m+r). - 4 She encrypts with secret key W her plaintext and sends corresponding ciphertext and number V to Bob. 3.2 Decryption : In order to decrypt the ciphertext recieved from Alice, Bob performs the following steps : - 1 With his private key X and number V recieved from Alice, he computes secret key W = (X × V )Mod(2p−q)Div(2m+r). - 2 With secret key W, he decrypts the ciphertext recieved from Alice. 3
  • 4. 4 Digital signature Algorithm : Bob’s public key is composed by integers [ l, m, p, q, r, Z, U ] , satisfying : q = l + m − p , p > l + q + r, U = (X × Z)Mod(2p)Div(2q), X is m bits whereas Z is l bits long. 4.1 Signature : In order to sign a Message Msg, Bob performs the following steps : - 1 He chooses randomely an m bit long integer Y . - 2 Hashes Msg by a hash function HF and gets a digest H which length in bits is the same as elements Z of his public key . with his private key [X], he computes : S1 = (Y × Z)Mod(2p)Div(2q) and S2 = (H × (X + Y ))Mod(2p)Div(2q) - 3 Sends Message Msg and signature (S1, S2) to Alice. 4.2 Verification : In order to verify that Message Msg is sent by Bob, Alice performs the following steps : - 1 She gots his public key. - 2 Hashes Msg by HF and gets a digest H which the length in bits is l the same as Zs. - 3 From digest H, signature (S1, S2) and the elements [ p, q, l, U, Z ] of Bob’s public key, She computes Wa = (H×(S1+U))Mod(2p−q)Div(2l+r) and Wb = (Z×S2)Mod(2p−q)Div(2l+r). - 4 Compares Wa to Wb , Msg is sent by Bob if Wa = Wb A python implementation of this algorithm is provided in Appendix B 4
  • 5. 5 Efficiency : The key exchange algorithm presented in this paper can be realised by a multiplication circuit where some leftmost and righmost output bits are discarded, meaning that it has a time complexity of O(n2). In comparaison to standardised key exchange algorithms such as Diffie-Hellman in the multiplicatif group or RSA whose time complexities are O(n3), under the same security parameters, presented key exchange algorithm is O(n) time faster. The same can be said about presented public key and digital signature algorithms since they are basically applications of the key exchange algorithm. 6 Security : The Security of presented public key cryptosystem is based on the difficulty of finding X and Y while knowing Z, l, m, p, q, r, U = (X × Z)Mod(2p)Div(2q), V = (Y × Z)Mod(2p)Div(2q) l + m = p + q, p > m + q + r, Z is l bit long , X and Y are m bits. To get X from U and Y from V , a attacker should : 1 - Invert F(X) = U = (Z × X)Mod(2p)Div(2q) 2 - Invert F(Y ) = V = (Z × Y )Mod(2p)Div(2q). Puting it otherwise, presented public key cryptosystem is based on the difficulty to invert the fol- lowing function : F(x) = y = (a × x)Mod(2p)Div(2q). a, x, p and q are known integers, while a and x are respectively n and m bits long, (n > m) and (p > q) . At first glance we can notice that it is easy to verify a solution but it is difficult to find one, implying that this problem is in NP. In our knowlege it has never been mentioned in the literature. In subsequent section we will reduce it to SAT in order to evaluate its hardness. 5
  • 6. 6.1 Hardness evaluation : Let A, X, Y , n, m be integers where A, X are rescpectively n and m bits long (m ≤ n). The binary representation of A is a(n−1)...a(i+1)a(i)...a(0). The binary representation of X is x(m−1)...x(i+1)x(i)...x(0) . The binary representation of Y is y(n+m−1)...y(i+1)y(i)...y(0) . Y is the arithmetic product of A and X, Y ’s bits in function of A’s bits and X’s bits can be translated by the following set of algebric equations (1) : c0 = 0 For ( j = 0 to m − 1 ) : yj = (( j i=0 a(j−i) × xi) + cj)Mod(2) and cj+1 = (( j−1 i=0 a(j−i) × xi) + cj)Div(2) For ( j = m − 1 to n − 1 ) : yj = (( m−1 i=0 a(j−i) × xi) + cj)Mod(2) and cj+1 = (( m−1 i=0 a(j−1−i) × xi) + cj)Div(2) For ( j = n − 1 to m + n − 1 ) : yj = (( m−1 i=j−n+1 a(j−i) × xi) + cj)Mod(2) and cj+1 = (( m−1 i=j−n a(j−i) × xi) + cj)Div(2) cj is the retenue bit of multiplication product (Y = A × X) at column j. In our problem we have as unknowns bits Y0→q and Yp→(m+n−1) (1) become then following set of algebric equations (2) : For ( j = q to m − 1 ) : yj = (( j i=0 a(j−i) × xi) + cj)Mod(2) and cj+1 = (( j−1 i=0 a(j−i) × xi) + cj)Div(2) For ( j = m − 1 to n − 1 ) : yj = (( m−1 i=0 a(j−i) × xi) + cj)Mod(2) and cj+1 = (( m−1 i=0 a(j−1−i) × xi) + cj)Div(2) 6
  • 7. For ( j = n − 1 to p ) : yj = (( m−1 i=j−n+1 a(j−i) × xi) + cj)Mod(2) and cj+1 = (( m−1 i=j−n a(j−i) × xi) + cj)Div(2) Set of algebric equations (2) can be translated to following set of logical equations (3). If (j ≤ m) cj = Fj(x(j−1), ..., x(k+1), x(k), ..., x0, c(j−1)) If (m ≤ j) cj = Fj(xm, ..., x(k+1), x(k), ..., x0, c(j−1)) ∧m j=q((⊕j i=0(a(j−i) ∧ xi) ⊕ cj) = yj) = true ∧n j=m((⊕j i=j−m(a(j−i) ∧ xi) ⊕ cj) = yj) = true ∧p j=n((⊕n i=j−n(a(j−i) ∧ xi) ⊕ cj) = yj) = true Notice this set of logical equation is practicaly the same set resulting from reducing FACT to SAT, In paper [9] Authors had suggested to use FACT as a source of Hard SAT Instances, moreover SAT Solvers to this day are still inefficient in solving this sort of SAT instances. Every logical function can be realised by nands gates , if we replace ¬xi by (1 − xi) , ( xi ∧ xj ) by ( xi × xj ) (3) can also be translated to following set of multivariate polynomials equations : If (q ≤ j ≤ m − 1) : yj = (( j i=0 a(j−i) × xi) + Fj(x0, ....xm))Mod(2) If (m − 1 ≤ j ≤ n − 1) : yj = (( m−1 i=0 a(j−i) × xi) + Fj(x0, ....xm))Mod(2) If (n − 1 ≤ j ≤ p) : yj = (( m−1 i=j−n+1 a(j−i) × xi) + Fj(x0, ....xm))Mod(2) Where Fj’s are multivariate polynomials corresponding to carries cj Summing it up, to break presented public key cryptosystem one had to solve SAT instances re- sulting from logical equations containing lot of Xors which is not that evident if the number of unknown bits are high enough [6]. Or solve sets of multivariate polynomials equations over F(2) with degrees superior or equal to parameter q. 7
  • 8. 7 Conclusion , open question and future work : In this paper we have presented a new fast public key cryptosystem based on the difficulty of in- verting the following function : F(x) = (a × x)Mod(2p)Div(2q) . Mod is modulo operation , Div is integer division operation , a , p and q are known integers where (p > q) . We have proved its efficiency compared to Diffie Hellman and RSA cryptosystems. We have also proved that its security is based on a new problem that can be viewed as a hard sat instance or a set of multivariate polynomial equations over F(2) . The fact that its security is not based on number theory problems is also a proof of its resistance against current quantum computing attacks [3]. The last decade have seen a enormous progress of SAT Solvers but they are still inefficient in solving logical statements containg a lot of xors which is the case of our problem [5][6][7]. SAT is NP complete, meaning that solving it can take exponential time. It is has been found that the hardest instances of a SAT problem depends on its constraindness which is defined as the ratio of clauses to variables [8]. This lead us to ask what forms should have the integers composing public parameters of our PKCS in order to produce hard SAT instances even to a eventual SAT Solver that have not problems with xor clauses. Recently we have found a way to build public key cryptosystems based on the difficulty of inverting the following function : F(x) = (a × x)Mod(bp)Div(bq) . Mod is modulo operation , Div is integer division operation , a , b , p and q are known integers where (p > q) . This work will be the subject of a future paper. 8
  • 9. References [1] Whitfield Diffie, Martin E.Hellman. New Directions in cryptography, IEEE Trans. on Info. Theory, Vol. IT-22, Nov. 1976 (1976) [2] R.L. Rivest , A. Shamir , L. Adleman. A method of obtaining digital signatures and public key cryptosystems , SL Graham, RL Rivest* Editors (1978) [3] Daniel J Bernstein, Johannes Buchmann, Erik Dahman. Post-Quantum Cryptography, (2009), Springer Verlag , Berlin Heidelberg . [4] Thomas J Schaefer. The complexity of satisfability problems , (1978), Departement of Mathe- matics University of California, Berkeley . [5] Stefan Schoenmackers, Anna Cavender. Satisfy This: An Attempt at Solving Prime Factor- ization using Satisfiability Solvers , (2005), Department of Computer Science, University of Washington . [6] Mate Soosy, Karsten Nohlz, and Claude Castellucciay. Extending SAT Solvers to Cryptographic Problems, (2009), INRIA Rhone-Alpes, University of Virginia . [7] Tero Laitinen, Tommi Junttila, Ilkka NiemelConflict-Driven XOR-Clause Learning , (2014), Logic in Computer Science . [8] Eugene Nudelman, Kevin Leyton-Brown, Holger H. Hoos, Alex Devkar, Yoav Shoham Under- standing Random SAT: Beyond the Clauses-to-Variables Ratio , (1978), Principles and Practice of Constraint Programming CP 2004 Lecture Notes in Computer Science Volume 3258, 2004 . [9] Satoshi Horie, Osamu Watanabe Hard instance generation for SAT , Algorithm and Computa- tion, Lecture Notes in Computer Science Volume 1350,1997, pp 22-31 , Date 29 Jul 2005 9
  • 10. 8 Appendix A : Following python script is a ” practical ” proof of correctness of key exchange algorithm presented in this paper. (pycrypto library is needed ) ======================================================== import sys from Crypto.Util.number import getRandomNBitInteger def ModDiv(A,B,C) : return (A % B ) // C l = sys.argv[1] m = sys.argv[2] p = sys.argv[3] q = sys.argv[4] r = sys.argv[5] try: l = int(l) m = int(m) p = int(p) q = int(q) r = int(r) except ValueError: print(’Invalid Arguments’) if m + q + r ≥ p : print(””) print(”Public Parameter l = %d” %l) print(”Public Parameter m = %d” %m) print(”Public Parameter p = %d” %p) print(”Public Parameter q = %d” %q) print(”Public Parameter r = %d” %r) print(””) print(’Condition (p > m + q + r) is not fulfilled !’) else : ” Size in bits of public pararameter Z is l ” 10
  • 11. Z = getRandomNBitInteger(l,randfunc=None) ” Size in bits of private parameters X and Y is m ” X = getRandomNBitInteger(m,randfunc=None) Y = getRandomNBitInteger(m,randfunc=None) M = pow(2,p) M1 = pow(2,p-q) D = pow(2,q) D1 = pow(2,m+r) ” If r = 0, In 30 % percents, the keys computed by Alice and Bob are not identical : ” ” Wa = Wb ± 1, this is due to bit carry propagation, if r is increased by one ” ” the probability that Wa is diffrent to Wb is devided by two. ” U = ModDiv(Z*X,M,D) V = ModDiv(Z*Y,M,D) Wa = ModDiv(U*Y,M1,D1) Wb = ModDiv(V*X,M1,D1) print(””) print(”Public Parameters :”) print(”===================”) print(””) print(”Public Parameter l = %d” %l) print(”Public Parameter m = %d” %m) print(”Public Parameter p = %d” %p) print(”Public Parameter q = %d” %q) print(”Public Parameter r = %d” %r) print(”Public Parameter Z = %d” %Z) print(””) print(”Private Parameters :”) print(”====================”) print(””) print(”Alice Private Parameter X = %d” %X) print(”Bob Private Parameter Y = %d” %Y) print(””) 11
  • 12. print(”Shared Parameters :”) print(”=============”) print(””) print(”Parameter shared with Bob by Alice U = %d” %U) print(”Parameter shared with Alice by Bob V = %d” %V) print(””) print(”Exchanged Secret Key :”) print(”======================”) print(””) print(”Secret key computed by Alice Wa = %d” %Wa) print(”Secret key computed by Bob Wb = %d” %Wb) print(””) sys.exit ======================================================== You can download this script from : https : //github.com/Crypticator/ModDiv/blob/master/Kex.py 9 Appendix B : Following python script is a ” practical ” proof of correctness of digital signature algorithm pre- sented in this paper. (pycrypto library is needed ) ======================================================== import sys from Crypto.Util.number import getRandomNBitInteger def ModDiv(A,B,C) : return (A % B ) // C l = sys.argv[1] m = sys.argv[2] p = sys.argv[3] q = sys.argv[4] r = sys.argv[5] 12
  • 13. try: l = int(l) m = int(m) p = int(p) q = int(q) r = int(r) except ValueError: print(’Invalid Arguments’) if m + q + r ≥ p : print(””) print(”Public Parameter l = %d” %l) print(”Public Parameter m = %d” %m) print(”Public Parameter p = %d” %p) print(”Public Parameter q = %d” %q) print(”Public Parameter r = %d” %r) print(””) print(’Condition (p > m + q + r) is not fulfilled !’) else : ” Size in bits of public pararameter Z is l ” Z = getRandomNBitInteger(l,randfunc=None) ” a hash value of a hypothetical file ” H = getRandomNBitInteger(l,randfunc=None) ” Size in bits of private parameters X and Y is m ” X = getRandomNBitInteger(m,randfunc=None) Y = getRandomNBitInteger(m,randfunc=None) M = pow(2,p) M1 = pow(2,p-q) D = pow(2,q) D1 = pow(2,l+r) U = ModDiv(Z*X,M,D) S1 = ModDiv(Z*Y,M,D) S2 = ModDiv(H*(X+Y) ,M,D) Wa = ModDiv(H*(S1+U),M1,D1) Wb = ModDiv(Z*S2,M1,D1) 13
  • 14. print(””) print(”Public Parameters :”) print(”===================”) print(””) print(”Public Parameter l = %d” %l) print(”Public Parameter m = %d” %m) print(”Public Parameter p = %d” %p) print(”Public Parameter q = %d” %q) print(”Public Parameter r = %d” %r) print(”Public Parameter Z = %d” %Z) print(”Public Parameter H = %d” %H) print(””) print(”Private Parameters :”) print(”====================”) print(””) print(”Private key X = %d” %X) print(”Ephemeral key Y = %d” %Y) print(””) print(”Signature:”) print(”==========”) print(””) print(”S1 = %d” %S1) print(”S2 = %d” %S2) print(””) print(”Verification :”) print(”==============”) print(””) print(”Wa = %d” %Wa) print(”Wb = %d” %Wb) print(””) sys.exit ======================================================== You can download this script from : https : //github.com/Crypticator/ModDiv/blob/master/moddiv/Sig.py 14