|
|
(One intermediate revision by one other user not shown) |
Line 1: |
Line 1: |
| The '''Merkle–Hellman knapsack cryptosystem''' was one of the earliest [[public key]] [[cryptography|cryptosystems]] invented by [[Ralph Merkle]] and [[Martin Hellman]] in 1978.<ref>{{cite journal |last1=Merkle|first1=Ralph|last2=Hellman|first2=Martin|year=1978|title=Hiding information and signatures in trapdoor knapsacks|journal=Information Theory, IEEE Transactions on|volume=24|issue=5|pages=525–530|doi=10.1109/TIT.1978.1055927}}</ref> The ideas behind it are simpler than those involving [[RSA (algorithm)|RSA]]. However, it has been broken.<ref>{{cite journal |last1=Shamir|first1=Adi|year=1984|title=A polynomial-time algorithm for breaking the basic Merkle - Hellman cryptosystem|journal=Information Theory, IEEE Transactions on|volume=30|issue=5|pages= 699–704|doi=10.1109/SFCS.1982.5}}</ref>
| | Whether you are having your lounge decorated, a garden wall building, or a new kitchen fitting, will lead you to skilled tradespeople. As we will see, terminology can often be confusing, as scientific and traditional definitions don"t line up. The Shampooing brush is specially matched to clean carpets. Different types of stone can be restored such as granite, marble, limestone, and travertine. The entire process of travertine refinishing consists at a minimum of a multiple step mechanical process that makes use of diamond abrasive pads and water. <br><br>Green marble tile designs are attractive and better properties than other natural stones. Answering the Needs of Your Real Estate Target Market. Stay on this road, but don't let the sign indicating the Fossil Creek trail head fool you, a memorable driving adventure awaits you. Brushed for a naturally worn look suitable for restoration work in old buildings– created by brushing the tile surface wil metal brushes. It can be noisy and tiring to stand on, and cold if there is not radiant floor heat. <br><br>My favorite place in the house is a common room with beautiful chandeliers, comfy seating arrangements and lots of books on the first floor just off the main vestibule. Unfortunately, this product may dull your tiles, so use only on the stained areas. cups of white vinegar, four tablespoons of lemon juice, four drops of lavender oil (if desired) and mix in a bucket. So, if you are a homeowner who has decided to stay where you are, consider remodeling. Travertine tiles are expensive and installing them is highly complicated. <br><br>Deep purple and green fabrics and an austere oak writing table also adorn the room. Don't be afraid to experiment with different themes and accessories so that one can turn a bathroom into a magical place where the child associates this with enjoyment. Polishing scratched travertine is one of the offered services by Heaven Sent [http://www.angieslist.com/companylist/us/tx/plano/heaven-sent-floor-care-reviews-255079.htm Floor Care]. In many cases upgrading existing space is a better option than building new. John Smeaton, an engineer, was tasked with a remedy for the repeated structural failure of the Eddystone Lighthouse off the coast of Cornwall. <br><br>Therefore, regardless of what you need to use, the Marfil marble is the greatest selection. You can also store your antique items and expensive art work in them as these units are completely weather proof. The return of full creek flow caused large travertine deposits that created fish habitat, as the creek did prior to the dam's construction. There are traditional tools that can do the basic designing and pattern work on marble but when you ask for complex and complicated patterns and designs, then the application of latest equipment becomes inevitable. Often when you plan to sell your car and start looking around to find the best price you can get for your car, you’re disappointed and start think that you should’ve probably taken better care of your car. |
| | |
| ==Description==
| |
| Merkle-Hellman is an asymmetric-key cryptosystem, meaning that two keys are required for communication: a public key and a private key. Furthermore, unlike RSA, it is one-way: the public key is used only for encryption, and the private key is used only for decryption. Thus it is unusable for authentication by [[Digital signature|cryptographic signing]].
| |
| | |
| The Merkle-Hellman system is based on the [[subset sum problem]] (a special case of the [[knapsack problem]]). The problem is as follows: given a set of numbers {{math|''A''}} and a number '''b''', find a subset of {{math|''A''}} which sums to b. In general, this problem is known to be [[NP-complete]]. However, if the set of numbers (called the knapsack) is [[Superincreasing sequence|superincreasing]], meaning that each element of the set is greater than the sum of all the numbers before it, the problem is "easy" and solvable in polynomial time with a simple [[greedy algorithm]]. | |
| | |
| ===Key generation===
| |
| In Merkle-Hellman, the keys are two knapsacks. The public key is a 'hard' knapsack {{math|''A''}}, and the private key is an 'easy', or superincreasing, knapsack {{math|''B''}}, combined with two additional numbers, a multiplier and a modulus. The multiplier and modulus can be used to convert the superincreasing knapsack into the hard knapsack. These same numbers are used to transform the sum of the subset of the hard knapsack into the sum of the subset of the easy knapsack, which is a problem that is solvable in polynomial time.
| |
| | |
| ===Encryption===
| |
| To encrypt a message, a subset of the hard knapsack {{math|''A''}} is chosen by comparing it with a set of bits (the plaintext) equal in length to the key. Each term in the public key that corresponds to a 1 in the plaintext is an element of the subset {{math|''A_m''}}, while terms that corresponding to 0 in the plaintext are ignored when constructing {{math|''A_m''}} - they are not elements of the key. The elements of this subset are added together and the resulting sum is the ciphertext.
| |
| | |
| ===Decryption===
| |
| Decryption is possible because the multiplier and modulus used to transform the easy knapsack into the public key can also be used to transform the number representing the ciphertext into the sum of the corresponding elements of the superincreasing knapsack. Then, using a simple greedy algorithm, the easy knapsack can be solved using [[Big O notation|O(n)]] arithmetic operations, which decrypts the message.
| |
| | |
| ==Mathematical method==
| |
| | |
| ===Key generation===
| |
| To encrypt ''n''-bit messages, choose a [[superincreasing sequence]]
| |
| | |
| :''w'' = (''w''<sub>1</sub>, ''w''<sub>2</sub>, ..., ''w''<sub>''n''</sub>)
| |
| | |
| of ''n'' nonzero [[natural numbers]]. Pick a random integer ''q'', such that
| |
| | |
| : <math>q>\sum_{i = 1}^n w_i</math>,
| |
| | |
| and a random integer, ''r'', such that gcd(''r'',''q'') = 1 (i.e. ''r'' and ''q'' are [[coprime]]). | |
| | |
| ''q'' is chosen this way to ensure the uniqueness of the ciphertext. If it is any smaller, more than one plaintext may encrypt to the same ciphertext. Since ''q'' is larger than the sum of every subset of ''w'', no sums are congruent mod ''q'' and therefore none of the private key's sums will be equal. ''r'' must be [[coprime]] to ''q'' or else it will not have an inverse mod ''q''. The existence of the inverse of ''r'' is necessary so that decryption is possible.
| |
| | |
| Now calculate the sequence
| |
| :β = (β<sub>1</sub>, β<sub>2</sub>, ..., β<sub>''n''</sub>)
| |
| where | |
| :β<sub>''i''</sub> = ''rw''<sub>''i''</sub> mod ''q''.
| |
| The public key is β, while the private key is (''w'', ''q'', ''r'').
| |
| | |
| ===Encryption===
| |
| To encrypt an ''n''-bit message
| |
| | |
| :α = (α<sub>1</sub>, α<sub>2</sub>, ..., α<sub>''n''</sub>),
| |
| | |
| where <math>\alpha_i</math> is the ''i''-th bit of the message and <math>\alpha_i \boldsymbol{\in}</math>{0, 1}, calculate
| |
| | |
| :<math>c = \sum_{i = 1}^n \alpha_i \beta_i.</math>
| |
| The cryptogram then is ''c''.
| |
| | |
| ===Decryption===
| |
| In order to decrypt a ciphertext ''c'' a receiver has to find the message bits α<sub>''i''</sub> such that they satisfy
| |
| :<math>c = \sum_{i = 1}^n \alpha_i \beta_i.</math>
| |
| This would be a hard problem if the β<sub>''i''</sub> were random values because the receiver would have to solve an instance of the subset sum problem, which is known to be [[NP-hard]]. However, the values β<sub>''i''</sub> were chosen such that decryption is easy if the private key (''w'', ''q'', ''r'') is known.
| |
| | |
| The key to decryption is to find an integer ''s'' that is the [[modular inverse]] of ''r'' modulo ''q''. That means ''s'' satisfies the equation ''s'' ''r'' mod ''q'' = 1 or equivalently there exist an integer ''k'' such that ''sr'' = ''kq'' + 1. Since ''r'' was chosen such that gcd(''r'',''q'')=1 it is possible to find ''s'' and ''k'' by using the [[Extended Euclidean algorithm]]. Next the receiver of the ciphertext ''c'' computes
| |
| : <math>c'\equiv cs \pmod{q}.</math> | |
| Hence
| |
| : <math>c' \equiv cs \equiv \sum_{i = 1}^n \alpha_i \beta_i s \pmod{q}.</math>
| |
| Because of ''rs'' mod q = 1 and β<sub>''i''</sub> = ''rw''<sub>''i''</sub> mod ''q'' follows
| |
| : <math>\beta_i s\equiv w_i r s\equiv w_i\pmod{q}.</math>
| |
| Hence
| |
| : <math>c' \equiv \sum_{i = 1}^n \alpha_i w_i\pmod{q}.</math>
| |
| The sum of all values ''w''<sub>i</sub> is smaller than ''q'' and hence <math>\sum_{i = 1}^n \alpha_i w_i</math> is also in the interval [0,''q''-1].
| |
| Thus the receiver has to solve the subset sum problem
| |
| : <math>c' = \sum_{i = 1}^n \alpha_i w_i.</math>
| |
| This problem is easy because ''w'' is a superincreasing sequence.
| |
| Take the largest element in ''w'', say ''w''<sub>''k''</sub>. If ''w''<sub>''k''</sub> > ''c' '', then α<sub>''k''</sub> = 0, if ''w''<sub>''k''</sub>≤''c' '', then α<sub>''k''</sub> = 1. Then, subtract ''w''<sub>''k''</sub>×α<sub>''k''</sub> from ''c' '', and repeat these steps until you have figured out α.
| |
| | |
| ==Example==
| |
| First, a superincreasing sequence ''w'' is created
| |
| w = {2, 7, 11, 21, 42, 89, 180, 354}
| |
| This is the basis for a private key. From this, calculate the sum.
| |
| : <math>\sum w = 706</math>
| |
| Then, choose a number ''q'' that is greater than the sum.
| |
| <code>q = 881</code>
| |
| Also, choose a number ''r'' that is in the range <math>[1, q)</math> and is [[coprime]] to ''q''.
| |
| <code>r = 588</code>
| |
| The private key consists of ''q'', ''w'' and ''r''. | |
| | |
| To calculate a public key, generate the sequence ''β'' by multiplying each element in ''w'' by ''r'' mod ''q''
| |
| β = {295, 592, 301, 14, 28, 353, 120, 236}
| |
| because
| |
| (2 * 588) mod 881 = 295
| |
| (7 * 588) mod 881 = 592
| |
| (11 * 588 mod 881 = 301
| |
| (21 * 588) mod 881 = 14
| |
| (42 * 588) mod 881 = 28
| |
| (89 * 588) mod 881 = 353
| |
| (180 * 588) mod 881 = 120
| |
| (354 * 588) mod 881 = 236
| |
| | |
| The sequence ''β'' makes up the public key.
| |
| | |
| Say Alice wishes to encrypt "a". First, she must translate "a" to binary (in this case, using [[ASCII]] or [[UTF-8]])
| |
| 01100001
| |
| She multiplies each respective bit by the corresponding number in ''β''
| |
| <code>a = 01100001</code>
| |
| 0 * 295
| |
| + 1 * 592
| |
| + 1 * 301
| |
| + 0 * 14
| |
| + 0 * 28
| |
| + 0 * 353
| |
| + 0 * 120
| |
| + 1 * 236
| |
| = 1129
| |
| She sends this to the recipient.
| |
| | |
| To decrypt, Bob multiplies 1129 by ''r'' <sup>−1</sup> mod <math>q</math></code> (See [[Modular inverse]])
| |
| <code>1129 * 442 mod 881 = 372</code>
| |
| Now Bob decomposes 372 by selecting the largest element in ''w'' which is less than or equal to 372. Then selecting the next largest element less than or equal to the difference, until the difference is <math>0</math>:
| |
| <code>372 - 354 = 18</code>
| |
| <code>18 - 11 = 7</code>
| |
| <code>7 - 7 = 0</code>
| |
| The elements we selected from our private key correspond to the 1 bits in the message
| |
| <code>01100001</code>
| |
| When translated back from binary, this "a" is the final decrypted message.
| |
| | |
| ==References==
| |
| <references />
| |
| {{Cryptography navbox | public-key}}
| |
| | |
| {{DEFAULTSORT:Merkle-Hellman Knapsack Cryptosystem}}
| |
| [[Category:Public-key encryption schemes]]
| |
| [[Category:Broken cryptography algorithms]]
| |
Whether you are having your lounge decorated, a garden wall building, or a new kitchen fitting, will lead you to skilled tradespeople. As we will see, terminology can often be confusing, as scientific and traditional definitions don"t line up. The Shampooing brush is specially matched to clean carpets. Different types of stone can be restored such as granite, marble, limestone, and travertine. The entire process of travertine refinishing consists at a minimum of a multiple step mechanical process that makes use of diamond abrasive pads and water.
Green marble tile designs are attractive and better properties than other natural stones. Answering the Needs of Your Real Estate Target Market. Stay on this road, but don't let the sign indicating the Fossil Creek trail head fool you, a memorable driving adventure awaits you. Brushed for a naturally worn look suitable for restoration work in old buildings– created by brushing the tile surface wil metal brushes. It can be noisy and tiring to stand on, and cold if there is not radiant floor heat.
My favorite place in the house is a common room with beautiful chandeliers, comfy seating arrangements and lots of books on the first floor just off the main vestibule. Unfortunately, this product may dull your tiles, so use only on the stained areas. cups of white vinegar, four tablespoons of lemon juice, four drops of lavender oil (if desired) and mix in a bucket. So, if you are a homeowner who has decided to stay where you are, consider remodeling. Travertine tiles are expensive and installing them is highly complicated.
Deep purple and green fabrics and an austere oak writing table also adorn the room. Don't be afraid to experiment with different themes and accessories so that one can turn a bathroom into a magical place where the child associates this with enjoyment. Polishing scratched travertine is one of the offered services by Heaven Sent Floor Care. In many cases upgrading existing space is a better option than building new. John Smeaton, an engineer, was tasked with a remedy for the repeated structural failure of the Eddystone Lighthouse off the coast of Cornwall.
Therefore, regardless of what you need to use, the Marfil marble is the greatest selection. You can also store your antique items and expensive art work in them as these units are completely weather proof. The return of full creek flow caused large travertine deposits that created fish habitat, as the creek did prior to the dam's construction. There are traditional tools that can do the basic designing and pattern work on marble but when you ask for complex and complicated patterns and designs, then the application of latest equipment becomes inevitable. Often when you plan to sell your car and start looking around to find the best price you can get for your car, you’re disappointed and start think that you should’ve probably taken better care of your car.