A PROPOSED SECURITY EVALUATOR FOR KNAPSACK PUBLIC KEY CRYPTOSYSTEMS BASED ON ANN

Transcription

1 A PROPOSED SECURITY EVALUATOR FOR KNAPSACK PUBLIC KEY CRYPTOSYSTEMS BASED ON ANN Sattar B. Sadkhan *, Nidaa A. Abbas *, and Muhammad K Ibrahim **, * Faculty of Computer Technology, University of Babylon, Babylon, P. O. Box: Hilla-4, IRAQ drengsattari@ieee.org, drnidaa_muhsin@ieee.org ** Faculty of Education, AlMustansyrial Univ., IRAQ mhan24@ieee.org ABSTRACT Sometimes the users of any security system need to evaluate the security (complexity) of the system under consideration. For that reason the research about the foundation of security evaluation method (approach) is considered as an important field in cryptology. This paper presents (for the first time as we know) the use of Artificial Neural Network (ANN) as a security evaluator for Knapsack type PKC. The proposed evaluator considers the following Knapsack cryptosystems including Merkle Hellman Cryptosystem (based on Super Increasing Sequence (SIS)), Lu-Lee cryptosystem (based on building a vector depends on Factorization), Goodman-Maculey cryptosystem (based on Standardized Multiplication (SM)), Adina di Parto cryptosystem (based on factorization for more than two prime numbers), etc. The proposed evaluation method based mainly on considering the attacking methods applied on the cryptosystems mentioned above, and the density of the knapsack vector used in each cryptosystem. The main contribution is related to the adaptation of ANN as security evaluator to find the suitable network for such task. The paper considers three ANN types: Perception Network, Linear Network, and Back Propagation Network. For every knapsack cryptosystem two parameters are calculated: Method of Hiding Knapsack vector and Density of the knapsack vector. Keywords: Security evaluation, knapsack cryptosystems, artificial Neural Network, knapsack Vector Density, A public-key algorithm can be based on classical problem in number theory known as the knapsack problem. The following is an introduction to this approach. Let A be a non secret (published) vector of n integers (a 1, a 2,.., a n ) and let X be a secret vector of n binary digits (0s and 1s) whose components are designated (x 1, x 2,., x n ), that is, A= (a 1, a 2,, a n ) X= (x 1, x 2,..., x n ) Defining Y to be the dot product of A and X results, by definition, in Y=A.X = a 1 x 1 +a 2 x a n x n = a i x i Calculation of Y is simple, involving only a sum at most n integers. However, finding X from Y and A is generally difficult when n is large and A is properly chosen. This is called the knapsack problem. [18]. In 1978, Merkle and Hellman introduced a knapsackbased public-key cryptosystem, which received widespread attention. The two major open problems concerning this cryptosystem are: 1) Security: How difficult are the Merkle- Hellman knapsacks 2) Efficiency : Can the huge key size be reduced. In their paper they analyzed the cryptographic security of knapsack problems with small keys, developed a new (non-enumerative) type of algorithm for solving them, and used the algorithm to show that under certain assumptions it is as difficult to find the hidden trapdoors in Merkle-Hellman knapsacks as it is to solve general knapsack problems [15]. There was enormous interest when Shamir announced in early 1982 cryptanalytic technique that could break many Merkle-Hellman knapsacks. In a rapid sequence of developments, Brickell and Simmons, Adelman, and Lagarias all announced other attacks on knapsack-based cryptosystems that were either computationally much more efficient or else directed at other knapsack schemes such as the Graham- Shamir or iterated system. E. F. Brickell and G. J. Simmons [7] analyzed the common features of knapsack-based cryptosystems and presented all of the cryptanalytic attacks made in 1982 from a unified viewpoint.

2 2. BACKGROUND OF VORONOI DIAGRAMS J. P. Pieprzyk, and D. A. Ruthkowski in 1984 concentrated their attention on a modification of public key cryptosystems (PKC) based on the knapsack problem. The modification concerns the generalization of the PKC invented by Merkle and Hellman (1978). In order to specify the considerations, some properties of idempotent elements in algebraic rings are recalled [9]. R. M. F. Goodman and A. J. McAuley in 1985 presented a trapdoor-knapsack public-key cryptosystem. The encryption equation is based on the general modular knapsack equation, but unlike the Merkle-Hellman scheme, the knapsack components do not have to have a superincreasing structure. The trapdoor is based on the transformations between the modular and radix form of the knapsack components, via the Chinese Reminder Theorem. The security is based on factoring a number composed of 256 bit prime factors [13]. In 1986 H. Niederreiter claimed that Chor and Rivest proposed a knapsack-type cryptosystem for lowweight message vectors. Hence Niederreiter introduced cryptosystems of this type involving public keys with fewer bits and yielding a higher information rate than the Chor-Rivest cryptosystem. The design of these cryptosystems is based on techniques from algebraic coding theory [8]. J. P. Pieprzyk presented a public-key cryptosystem based on polynomial rings in 1985, and he claimed that his system was a modification of the Merkle- Hellman cryptosystem. But Y. Yang in 1987 [16] showed that the Pieprzyk's system has little relation with the knapsack problem, and that his system can easily be broken by the Euclidean algorithm for polynomials. A knapsack type public key cryptosystem is introduced that is the system is based on a novel application of arithmetic in finite fields. By appropriately choosing the parameters, one can control the density of the resulting knapsack, which is the ratio between the number of elements in the knapsack and their size in bits. In particular, the density can be made high enough to foil so-called low-density attacks against the system. At the moment, no attacks capable of breaking the system in a reasonable amount of time are known [10]. B. Chor and L. Rivest [1] proposed a new multiplicative knapsack type cryptosystem based on arithmetic in GF (RHO **h) which cannot be broken by the Odlyzko attack. They showed that the cryptosystem is broken if the public knapsack vector has three elements whose values are close to one another or if the primitive polynomial is known. A shifted knapsack cryptosystem is proposed in 1988 by C. Laih and his group. An encryption key generated by this algorithm cannot be obtained by applying one or more modular multiplications on any other sequence, but it has a very high probability of falling into the category of worst-case knapsacks with the NP-completeness characteristic. However, the legitimate receivers can decipher the ciphertext within polynomial time [4]. R. Xia in 1988 [14] proposed a public key distribution scheme based on matrix ring. The security depends on the problem of solving a random knapsack. In 1989, two algorithms are proposed to improve the Merkle -Hellman Knapsack public key cryptosystem. An approach to transform a superincreasing sequence to a highly density knapsack sequence is proposed. The algorithm is easy to implement and eliminates the redundancy of many knapsack cryptosystems. A linear shift method is used to improve the security of the knapsack public key cryptosystem. It is shown that several knapsacks (e.g., the so called useless knapsack ), which cannot be generated by using Merkle-Hellman scheme, can not be generated by linear shift method. Thus Shamir's attack to the original knapsack, as well as the low density attack to the iterated knapsacks, cannot be applied to this system successfully. It is interesting to note that the concept of the requirement of being one to one in practical enciphering keys is not necessary for this system [3]. R. Cooper, and at el, in 1989 [12] proposed a public key cryptosystem that uses a knapsack model based on the structure of Pascal triangle or super-pascal triangle. They claimed that such system does not seem vulnerable to low density attack. Furthermore, the computational cost of this method compares very favorably with the cost of the familiar RSA public key cryptosystem. The weakness of the system is its substantial storage cost. 3. ARTIFICIAL NEURAL NETWORKS IN CRYPTOGRAPHY 3.1 Introduction to ANN Designing and implementing intelligent systems has become a crucial factor for the innovation and development of better products for society. Throughout the years, the computational changes

3 have brought growth to new technologies. Such is the case of artificial neural networks, that over the years, they have given various solutions to the industry [19]. An artificial neural network (ANN) or commonly just neural network (NN) is an interconnected group of artificial neurons that uses a mathematical model or computational model for information processing based on a connectionist approach to computation. In most cases an ANN is an adaptive system that changes its structure based on external or internal information that flows through the network. In more practical terms neural networks are non-linear statistical data modeling tools. They can be used to model complex relationships between inputs and outputs or to find patterns in data as shown in Fig. 1. components model the actual activity within the neuron cell. An adder sums up all the inputs modified by their respective weights. This activity is referred to as linear combination. Finally, an activation function controls the amplitude of the output of the neuron. An acceptable range of output is usually between 0 and 1, or -1 and 1. Mathematically, this process is described in figure 2. Figure 2: Mathematical Model of ANN Figure 1: ANN Structure A neural network is an interconnected group of nodes, akin to the vast network of neurons in the human brain. A neural network is a parallel system, capable of resolving paradigms that linear computing cannot. The advantages of ANN are: can perform tasks that a linear program can not. When an element of the neural network fails, it can continue without any problem by their parallel nature. It learns and does not need to be reprogrammed. It can be implemented in any application. It can be implemented without any problem. While the disadvantages of ANN are: It needs training to operate. The architecture of a neural network is different from the architecture of microprocessors therefore needs to be emulated. It requires high processing time for large neural networks. When creating a functional model of the biological neuron, there are three basic components of importance. First, the synapses of the neuron are modeled as weights. The strength of the connection between an input and a neuron is noted by the value of the weight. Negative weight values reflect inhibitory connections, while positive values designate excitatory connections. The next two From this model the interval activity of the neuron can be shown to be: The output of the neuron, yk, would therefore be the outcome of some activation function on the value of vk. The activation function acts as a squashing function, such that the output of a neuron in a neural network is between certain values (usually 0 and 1, or -1 and 1). In general, there are three types of activation functions, denoted by (.). First, there is the Threshold Function which takes on a value of 0 if the summed input is less than a certain threshold value (v), and the value 1 if the summed input is greater than or equal to the threshold value. Secondly, there is the Piecewise-Linear function. This function again can take on the values of 0 or 1, but can also take on values between that depending on the amplification factor in a certain region of linear

4 operation. Thirdly, there is the sigmoid function. This function can range between 0 and 1, but it is also sometimes useful to use the -1 to 1 range. An example of the sigmoid function is the hyperbolic tangent function. Recently, the neural networks incorporated with annealing techniques have been taken to solve the combinatorial optimization problems. As a deterministic annealing, the chaotic annealing endows the neural networks with more complex dynamics. It is shown to be powerful in approximating the global optimum. However, the networks cannot be applicable to the inequality constrained 0/1 optimization directly, because the gradient decent in the evolving of the network is expected to spend very long time to reach binary state. Considering the definition of the knapsack problem the output of the network should be the sequence of the 0, 1. Otherwise it thought to be ineffective. 3.2 ANN based Cryptography B. Wang and his group at 1998 modified the chaotic neural network to solve the knapsack problem. During the chaotic searching the gains of the neuron gradually increase and finally arrive at a large value. This strategy can accelerate the convergence of the network to binary state and keep the satisfaction of the constraints [2]. Neural Cryptography is based on the effect that the neural networks are able to synchronize by mutual learning. In each step of this online learning procedure they receive a common input pattern and calculate their output. Then both neural network use those output presented by their partner to adjust their own weights. So they act as teacher and student simultaneously. Finally, this process leads to fully synchronized weight vectors. ANN can deal efficiently with incomplete, and noisy information set. They can learn complex nonlinear relationships even when the input information is noisy. ANN have made strong advances in the area of pattern recognition, classification of noisy data, and nonlinear feature detection. These abilities make the ANN technology very well suited for solving problems of cryptanalysis. M. Sramka, and et al., in 2005 proposed a cryptosystem based on a clipped Hopfield neural network (CHNN) primarily for encryption of digital images and videos. The system is fast and suitable for hardware implementation. They investigated the security aspects of CHNN-based cryptosystem, and two weaknesses are pointed out: 1) the cryptosystem is not sufficiently secure against the ciphertext-only attacks due to the weak randomness properties of the generated key stream, and 2) the cryptosystem is insecure against known/chosen-plaintext attacks and only known plaintext-ciphertext pair is enough to completely break all cipher texts of the same or smaller size obtained using the same encryption keys. The security of CHNN-based cryptosystem cannot be improved unless the basic model is fundamentally changed [11]. D. Culibrk., D. Socek, in 2005 [5] showed why the cryptosystem proposed by D. Guo, and et al, in 1999 [6] is impractical (slow with large expansion factor). Then they presented some cryptanalytical results (ciphertext-only attack, chosen-ciphertext attack). It is well known that the ANN can be used for Identification tasks. Hence we can investigate the possibility of using ANN as identifier for the different security levels of different Knapsack type Public Key Cryptosystems. However our main efforts in this paper was to enhance this estimation, by design ANN based evaluator to different knapsack cryptosystems. 4. DESIGN AND IMPLEMENTATION of the Proposed Security EVALUATOR This section provides the main concepts applied in the design of the proposed security evaluator [17]. We choose 9 different knapsack type cryptosystem, to be tested in our proposed security evaluator; these systems are mentioned in first column of Table (1). Design Steps: 1) Specifying the Security Evaluation Parameters The first step is to specify the evaluation parameters that must be considered as essential for such purpose. This matter can be well established through the detailed study of the chosen knapsack based cryptosystems and their attacking methods. In order to specify the required evaluation parameters. 2) Determine the used ANN in the evaluation purpose. In this work we choose three different ANN to be tested, of the same feedforward connection, and the same supervision learning procedure, these are:

5 a- Perceptron: It is one of the single layer networks. It used the "Hardlimit" function with learning parameter =1. b- Linear Network: It is one of the single layer networks which use the same principle as Perceptron type in the operation, but the difference lies in the equation of error correction or the (Widrow Hoff ) equation. The learning parameter is variable.. c- Back Propagation Network: It is considered a generalization to Widrow - Hoff, but for a multilayer network. 3) The evaluation parameters taken into consideration here are: a- Density of the Knapsack vector: The density is calculated according to low density attack (the general attack used against most of the known Knapsack Cryptosystems). This attack prove that any Knapsack cryptosystem with knapsack vector density less than is breakable, and the ones having density above this value is unbreakable very difficult to be cryptanalyzed) using this attack. Hence we consider the densities less than are lower densities and that above this threshold are higher. Table (1) classifies the 9 considered Knapsack cryptosystems according to their vectors densities. b- Method of Hiding the Knapsack vector: We take into consideration the point of security strength based on the mathematical approaches applied in hiding the knapsack vectors used in these considered 9 cryptosystems. 4) Determination of the Security: Table (2) shows the structure of the inputs to each ANN used in the implementation of the evaluator according to the calculated parameters. The Final Column in the table gives the calculated security of each knapsack cryptosystem taken into consideration. The Lowest security is Conventional MH, while the Chang Knapsack gives highest security. The other tested systems lie in between these two systems.. 5. CONCLUSION From the Table (2) it is shown that the training of the ANN can support to result in values approximately describe the security of the tested system. The system was designed to have attesting security measure range from (0 up to 1). This means that the very weak system in the tested group can take the lowest value which is near to zero. While the system with higher complexity can take values near to one. In the Table 2, it shown that Conventional MH knapsack cryptosystem is the lowest tested system, it takes complexity=0.04, while the Chang system takes about If we need to compare these values with already available existing about the security of these system. The result will coincide with the values appear in the table. This proposal can be considered as a challenging concept in the possibility of adapting the most important knowledge available about the knapsack cryptosystem, and applied it (in a suitable) manner to ANN. To enhance this proposal we need to take different ANN, and test another knapsack PKC, and searching about another suitable comparing parameters. This proposal can represent to the possibility of applying the Artificial intelligence aspect in the cryptology field. REFERENCES [1] B. Chor, and L. Rivest, "Knapsack-type public key cryptosystem based on arithmetic in finite fields", IEEE Trans. On Information Theory, 34(5), ) [2] B. Wang, H. Dong, and Z. He, "A modified chaotic annealing neural network and its application to knapsack problem, International Conference Intelligence, China [3] C. Laih, Y. Lee, L. Harn, and Y. Su, " Linearly shift knapsack public key cryptosystem", IEEE journal on selected area on communication, 7(4), , 1989 [4] C. S. Laih,, L. Harn, J. Y. Lee, and Y. K. Su, "Improved knapsack public-key cryptosystem", IEEE International Symposium on Information Theory, 25(3), [5] D. Culibrk, and D. Socek," On the security of a Clipped Hopfield Neural Network-Based Stream Cipher, Proceeding of MoraviaCrypt: The 5 th Central European Conference on Cryptography, June,, Czech Republic [6] D. Guo,L. M. Cheng, and L. L. Cheng, "A New symmetric probabilistic encryption scheme based on chaotic attractors of neural networks", Applied Intelligence, 10, 71-84, [7] E. F. Brickell, and G. J. Simmons, " Status report on knapsack-based public key cryptosystems", [8] H. Niederreiter, "Knapsack-Type cryptosystems and algebraic coding theory", Problems of Control and Information Theory, 23( 2),

6 [9] J. P. Pieprzyk, and D. A. Rutkowski, "Design of Public Key Cryptosystems Using Idempotent Elements" Brighton, Engl. Conference, Sep , [10] K. Kurosawa, S. Toshiya, and S. Tsujii,, "Attacking method for multiplicative knapsack type public key cryptosystem based on finite field", Trans. Inst. Info. Communication. Eng. Sect. E., E70(1), [11] M. Sramka, D. Culibrk, and D. Socek, "Cryptanalysis of the block cipher based on the Hopfield Neural network", Proceeding of MoraviaCrypt: The 5 th Central European Conference on Cryptography, June, Czech Republic [12] R. Cooper, R. Hunter, and W. Patterson, "More efficient public key cryptosystem using the Pascal triangle", IEEE International Conference on communications-icc' [13] R. M. F Goodman,. and A. J. McAuley,," New trapdoor-knapsack public-key cryptosystem", IEE Proceedings, Part E: Computers and Digital Techniques V 132, No. 6, Nov., PP , [14] R. Xia, "another public key distribution system based on matrix rings", Electronic Letters, 24(4), [15] S. Adi,, " The cryptographic security of compact knapsacks"; preliminary report, [16] Y. Yang, "Pieprzyk Public-Key Cryptosystem is Insecure", Electronics Letters, 23(20), [17] W. Khalil," Analysis and Evaluate of Public Cryptosystem Type Knapsack by using ANN", M.Sc. thesis, University of Babylon, [18] S. M Metyes, C. H. Meyer, " Cryptography: A New Dimension in computer Data security", kingeston, New York, [19] S. A. Pandya, B. R. Macy, " Pattern Recognition with Neural Networks in C++", CRC Press, Table 1: classification of considered cryptosystems from the point of density of knapsack vector and from the point of Hiding knapsack vector Cryptosystem method of hiding knapsack vector Density vector Conventional Merkle Hellman Super Increasing sequence (ISI) Low Developed Merkle Hellman ISI with modular multiplication Low Lu Lee Factorization to prime numbers Low Goodman McAuley Factorization High Conventional Adina di Parto Factorization with using Inverse High Developed Adina di Parto Factorization with using Inverse High Pieprzyk Modular multiplication for High polynomials Chor Rivest discrete logarithm High Chang Linear Diophantine equations High

7 Table 2: The working structure for each tested knapsack crypto system and the resulting security evaluation Densit y SI S SIS With Factorizati on Factorizatio n Factorin g Modular Multipli Discret e Linear Diophantin Strength of the system Modular To prime With Two cation Logarit e (Estimated Multiplication numbers Inverse Numbers of hm Equations Security) With Inverse Polyno mial Conv MH Develope d MH Lu Lee Goodman Mcauley Conv Adna Devel Adna Pieprzyk Shor Rivest Chang