Cryptanalysis of a Public-key Cryptosystem Using Lattice Basis Reduction Algorithm

Transcription

1 110 Cryptanalyss of a Publc-key Cryptosystem Usng Lattce Bass Reducton Algorthm Roohallah Rastagh 1, Hamd R. Dall Oskoue 2 1,2 Department of Electrcal Engneerng, Aeronautcal Unversty of Snce & Technology, Tehran, Iran Abstract In ths paper, we proposed a new attack aganst Hwang et al. s cryptosystem. Ths cryptosystem uses a super-ncreasng sequence as prvate key and the authors nvestgate a new algorthm called permutaton combnaton algorthm to enhance densty of knapsack to avod the low-densty attack. Sattar J. Aboud [Aboud j. Sattar, An mproved knapsack publc key cryptography system, Internatonal Journal of Internet Technology and Secured Transactons, Vol.3 (3), pp , 2011] used Shamr s attack on the basc Merkle-Hellman cryptosystem to break ths cryptosystem. Due to use of Lenstera s nteger programmng, Lagaras showed that Shamr s attack s neffcent n practce; So, Aboud s attack s mpractcal too. In ths paper, we ntroduce a drect attack aganst Hwang et al. s cryptosystem based on Lattce bass reducton algorthms. By computng complexty of propose attack, we show that unlke Aboud s cryptanalyss, our cryptanalyss s more effcent and practcable. Key words: Knapsack-type cryptosystem, LLL-lattce bass reducton algorthm, smultaneous Dophantne approxmaton, Cryptanalyss. 1. Introducton The frst knapsack-type publc key cryptosystem (PKC) was ntroduced by Merkle and Hellman[12]. Snce ts proposal, knapsack-type PKC had been wdely studed and many knapsack PKCs were developed. However, almost all knapsack cryptosystems were shown nsecure n that they are vulnerable to some known attacks, such as low densty attack [2,8], orthogonal lattce attack [15],.... Nowadays, we reconsder knapsack publc key cryptography because Shor [17] showed that nteger factorzaton and dscrete logarthm problems can be easly solved by usng quantum computers. Therefore, tradtonal publc key cryptosystem based on the two problems cannot be used to provde prvacy protectons any longer and publc key cryptosystems secure n quantum computng envronments are needed to be developed. The knapsack problem s NP-complete [14]. Hence, we can desgn cryptosystems based on the knapsack problem n order to resst quantum attacks. On the other hand, although the underlyng problem s NP-complete, but some of the knapsack cryptosystems such as Merkle-Hellman [16], Chor-Rvest [18], was broken due to the specal structure of the prvate key and the mathematcal way that publc key (publc knapsack) was bult from the prvate key. M. S. Hwang et al. [6] ntroduced a new knapsack type publc key cryptosystem n Ths cryptosystem s based on basc Merkel-Hellman knapsack cryptosystem [12] and uses a super-ncreasng sequence as prvate key. They nvestgate a new algorthm called permutaton combnaton algorthm. By explotng ths algorthm, the authors attempted to enhance densty of knapsack to avod the low-densty attack. Hwang et al. knapsack-type cryptosystem was attacked by Aboud [1]. Aboud s attack s based on Shamr s attack [16] on the basc Merkle- Hellman cryptosystem. Lagaras [9] showed due to use of Lenstera s nteger programmng, Shamr s attack s neffcent n practce, so, Aboud s attack s not practcable. In ths paper, we use LLL-lattce bass reducton algorthm for analyss Hwang et al. s knapsack-type cryptosystem. The LLL-lattce bass reducton algorthm s a crucal component n many number-theoretc algorthms. It s useful for solvng certan knapsack (subset sum) problems, and has been used for cryptanalyzeng publc-key encrypton schemes whch are based on the subset sum problem. We show that because of the specal structure n the key generaton stage, we can use the LLL-lattce bass reducton algorthm for cryptanalyzeng Hwang et al. s cryptosystem and obtan equvalent prvate keys (superncreasng sequences). The rest of ths paper s organzed as follows: In the followng secton, we brefly explan some mathematcal background. These concepts are useful for understandng the securty analyss of the Hwang et al. s cryptosystem. Then, n Secton 3, we revew Hwang et al. s knapsack cryptosystem. New cryptanalyss of ths cryptosystem wll be dscussed n Secton 4 and n secton 5, we compute the computatonal complexty of the proposed attack.

2 Mathematcal Background In ths secton, we recall some concepts about the subsetsum problem and lattce theory. These concepts are useful to understand the securty analyss of the Hwang et al. s cryptosystem. The subset sum problem s stated as follows: Defnton1. (Subset sum problem (SSP)). A set of postve ntegers ( a1, a2,, a n ) and postve nteger s s gven. Whether there s a subset of the a s that ther sum equal to s. That s equvalent to determne whether there are varables x {0,1}, 1 n such that n x. a = s = 1 The Subset sum problem s a partcular case of the 0-1 knapsack problem. The subset sum problem has been proven to be NP-complete. The computatonal verson of the subset sum problem s NP-hard [13]. Defnton2. (super-ncreasng sequence). ) The sequence ( a1, a2,, a n ) of postve ntegers s a super-ncreasng 1 sequence, f a > j= 1 a j for all 2. There s an effcent greedy algorthm to solve the subset sum problem f the a are a super-ncreasng sequence: Just subtract the largest possble value from s and repeat. Algorthm1 effcently solves the subset sum problem for super-ncreasng sequences n the polynomal tme. Algorthm1:Solvng a super-ncreasng subset sum problem INPUT: super-ncreasng sequence ( a1, a2,, a n ) and an nteger s whch s the sum of a subset of the a s. OUTPUT: ( x1, x2,, x n ) where x {0,1}, such that n = 1 a. x s =. 1. n 2. Whle 1 do the followng: 2.2. If s a then x 1 and s s a Otherwse x Return( ( x1, x2,, x n ) ). Knapsack publc-key encrypton schemes are based on the subset sum problem, whch s NP-complete. The basc dea s to select an nstance of the subset sum problem that s easy to solve, and then to dsguse t as an nstance of the general subset sum problem whch s hopefully dffcult to solve. The orgnal knapsack set can serve as the prvate key, whle the transformed knapsack set serves as the publc key. Defnton3. Let =(,,..., ) and =(,,..., ) be two vectors n R. The nner product of and s the real number <,> = Defnton4. Let =(,,..., ) be a vector n R. The l norm (or Eucld norm) of s the real number y = < y, y > = y + y + + y n The sup norm, maxmum norm or l norm s: We can show that = max,,, Defnton5. Let {,,, } be a set of lnearly ndependent vectors n R ( ). The set of all nteger lnear combnatons of,,, s called a lattce of dmenson; that s m L = l f : l Z. = 1 The vectors,,, are called a bass for the lattce. Defnton6. (Gram-Schmdt orthogonalzaton). Let {,,, } be an arbtrary bass of R. Defne the vectors,1 nductvely by =, Where, =,, for 1. In partcular =. We wll call,,, the Gram-Schmdt orthogonal bass of {,,, } and the together, form the Gram-Schmdt orthogonalzaton of {,,, }. A lattce can have many dfferent bases. A bass consstng of vectors of relatvely small lengths s called reduced. The followng defnton provdes a useful noton of a reduced bass, and s based on the Gram-Schmdt orthogonalzaton procedure.

3 112 Defnton7. Let,,, R be lnearly ndependent and,,, the correspondng Gram-Schmdt orthogonal bass. Then {,,, } s reduced f for 1 <. So we have 2 = The bass {,,, } s sad to be reduced (more precsely, Lovász-reduced) f, 1 2, 1 < (where, denotes the absolute value of, ), and, 1<<. The LLL-lattce bass reducton algorthm s a crucal component n many number-theoretc algorthms such as smultaneous Dophantne approxmaton Problem. It s useful for solvng certan subset sum problems, and has been used for cryptanalyzeng publc-key encrypton schemes whch are based on the subset sum problem. Algorthm2[13]: LLL-lattce bass reducton algorthm INPUT: a bass{,,, } for a lattce n R,. OUTPUT: a reduced bass for. 1., <, >. 2. For from 2 to do the followng: For from 1 to 1, set, <, >/ and,. 2.3 <, > Execute subroutne (, 1) to possbly update some,. 5. If <(,) then do the followng: 5.1 Set μ μ,, +,, /, / and. 5.2 Exchange and. 5.3 If >2 then exchange, and, for =1,2,, For =+1,+2,,: Set,,,,, and, t+μ, μ,. 5.5 (2, 1). 5.6 Go to step 4. Otherwse, for = 2, 3,,1, execute (,), and fnally set If then go to step 4. Otherwse, return {,,, }. (,): If, >1/2 then do the followng: ,,. 2. For from 1 to 1, set,,,. 3.,,. The LLL-lattce bass reducton algorthm s a polynomaltme algorthm for fndng a reduced bass, gven a bass for a lattce. Theorem1. Let Z be a lattce wth bass {,,, }, and let R, 2 be such that for =1,2,...,. Then the number of arthmetc operatons needed by Algorthm2 s ( ), on ntegers of sze ( ) bts, whch s polynomal tme. Proof: see [11]. Lemma 1. Let,,, be a LLL reduced bass of a ratonal lattce Q and,,, be ts Gram- Schmdt orthogonalzaton. Then Proof: see [5]. ()=. Defnton8. (Smultaneous Dophantne Approxmaton Problem). Let,,, R and let >0. Let N be an nteger such that. The smultaneous dophantne approxmaton problem s to fnd (,,, ) Z such that 0< and / / for all 1. A major applcaton of algorthm2 s to gve an algorthm to compute the ntegers (,,, ) n Defnton8. In practce, the real numbers,,, are gven to some decmal precson (and so are ratonal numbers wth coeffcents of some sze). The sze of an nstance of the smultaneous Dophantne approxmaton s the sum of the bt lengths of the numerator and denomnator of the gven approxmatons to the, together wth the bt length of the representaton of and. Let be a bound on the absolute value of all numerators and denomnators of the.the computatonal task s to fnd a soluton (,,, ) n tme whch s polynomal n, log(), log(1/) and logq.

4 113 Theorem2. (Solvng the smultaneous Dophantne approxmaton problem). Let,,, Q be gven as ratonal numbers wth numerator and denomnator bounded n absolute value by. Let 0<<1. One can compute n polynomal tme ntegers (,,, ) such that 0<<2 ()/ () and / / for all 1. Proof: A general proof of ths theorem s gven n [7] but we ntroduce dfferent and smple proof. Let = 2 ()/ and Q be the lattce by the rows,, Q of the matrx / The dmenson s +1 and the determnant s /= 2 ()/. The entres of the lattce are ratos of ntegers wth absolute value bounded by {, ()/ }. Note that the lattce does not have a bass wth entres n Z, but rather n Q. The LLL algorthm appled to, outputs a non-zero vector =(,, )=(/,,,, ). If s the smallest vector found by the LLL-algorthm, then from defnton7, we have By multplyng together the +1 above nequalty, we have Hence, () ()/ 2 / ( ) /() From lemma 1, we know that ()= and so 2 / () /() =2 / 2 / =<1. If =0 then =(0,,,, ) wth some 0 and so 1, hence 0. Wthout loss of generalty, >0. Snce and <<1 t follows that /<<1 (where =/= ) and so 0<</=2 ()/ (). Smlarly, for other, 2 we have and so / / for 1. Theorem3. If we use LLL algorthm for solvng Smultaneous Dophantne Approxmaton Problem, then the computatonal complexty of the problem s ( { (), + (1/)} ), whch s polynomal tme. Proof: See [7]. 3. Hwang Et Al. s Cryptosystem Hwang et al. s cryptosystem s based on the basc Merkle- Hellman knapsack cryptosystem. 3.1 Key Generaton: Each user chooses a super-ncreasng sequence (,,, ) as secret key..e. > (=1,2,,1360). Choose a large prme as modulus such that >, two modular multplers and such that (,)=1, and. =1. Each user transfers super-ncreasng sequence =(,,, ) nto a pseudorandom sequence =(,,, ) as follows: =., (1 1360) (1) The publc key s (,,, ) and the prvate key s {(,,, ),,,}. They presented a permutaton combnaton algorthm and used ths algorthm to ensure the securty of the cryptosystem. By explotng ths algorthm, they attempted to enhance densty of knapsack to avod the low-densty attack [2, 8]. The permutaton algorthm s as follows: 1. Defne an orgnal sequence ={,,,,,,,, }. 2. Recombne all the elements of the orgnal sequence whch obtan (! 1) sequences,..., (!). The sequences (=1,2,,! 1) are defned as follows: ={,,,,,,,, } ={,,,,,,,, }! ={,,,,,, } 3. Suppose we can compute for 1! 1. can be wrtten as = ( )!, 0. Each sequence has an own correspondng value called the

5 114 factoral carry value, {,,.,, }. Usng the factoral carry value, we can effcently obtan any sequence wth the followng algorthm. Algorthm 3: permutaton combnaton algorthm INPUT: =(,,, ) and ntegers. OUTPUT: =(,,, ). = ( )!. For 1 do f = 0 then = ; else { for (1 ) do = }; Return (,,, ). For nstance, generate the orgnal vector 0 = (,,,,,). Fnd the result of : 100=0 5!+4 4!+0 3!+2 2!+0 1!+0 then = (,,,,,). 3.2 Encrypton: For encrypt the message, the sender executes the followng steps: 1. Select a hash functon whose dgest s 1024 bts and compute the dgest of as = (). 2. Compute = 170! 3. Compute the factoral carry value ={,,, } of where = 169!+ 168!+ + 0! 4. Dvde the publc key vector =(,,, ) nto 8 subset publc key vectors. Each subset publc key vector has 170 elements. ={(,,, ),...,(,,, )}. 5. Recombne each subset publc key vector usng ={,,, } by means of the permutaton combnaton Algorthm. Then chooses the frst 128 elements n each subset publc key vector. Thus, the sender obtan 1024 elements = (,,, ). 6. The message s dvded nto {,,, }. Each (=1,2,,) s a 1024-bt message: ={,,,, } 7. The correspondng cphertext s gven as the product of =(,,, ) and (= 1,2,,). =,, 1. The cphertext s ={,..., } and sends (, ) to the recever. 3.3 Decrypton: Recever after recevng (, ), executes the followng steps to derve from and : 1. Compute the factoral carry value ={,,, } of where = 169!+ 168!+, Dvde hs/her secret key vector =(,,, ) nto 8 subset publc key vectors. Each key vector has 170 elements. = {(,,, ),...,(,,, )}. 3. Recombne each subset publc key vector usng ={,,, } by means of the Permutaton Combnaton Algorthm. Then chooses the frst 128 elements n each subset publc key vector. The recever obtan 1024 elements =(,,, ). However =(,,, ) s stll a superncreasng sequence. 5. Dvde nto ={,..., }. Each (=1,2,,) s a 1024-bt cphertext. 6. Compute = = ( = ( =, ), ), for =1,2,,. So we have =,. Snce > we have =,. Hence, the recever can solves these super-ncreasng knapsack problems wth algorthm1 and obtans, for and 1. Therefore, we can recover orgnal message ={,,, } where ={,,,, }. Aboud attacked ths cryptosystem by usng Shamr s attack [16] on the basc Merkle-Hellman cryptosystem. As we sad, Lagaras n [9] showed Shamr s attack s neffcent n practce, so Aboud s attack s not practcable.

6 Our Proposed Attack In ths secton, we present our attack aganst the Hwang et al. s knapsack cryptosystem. The frst step n the attack s notcng that the gven knapsack problem = (wth publc weghts (,,..., ) and target ) can be transformed nto nfntely many dfferent easy knapsack problems wth super-ncreasng weghts (,,..., ) and target. Ths was ndependently observed by Eer-Lagger [4] and Desmedt-Vanderwalle-Govaerts [3]. Ther result can be summarzed n the followng lemma. Let (,,, ) be the prvate super-ncreasng sequence, (,,..., ) be the Correspondng publc key such that =. and, be defned as n secton 3. Let =, so we have =.. Lemma 2. There exsts an >0 such that f s ratonal wth <, then the weghts (,,..., ) where = for =1,..., are super-ncreasng. Our attack conssts of three steps: n step1, we can use LLL-lattce bass reducton algorthm for fndng a superncreasng sequence =(,,, ) that s very close to super-ncreasng sequence =(,,, ). In step2 and step3 we use super-ncreasng sequence = (,,, ) and publc cphertext (, ) for recover the plantext. Step1: In the general form, equaton (1) can be wrtten as follows: =., 1. Where (,,, ) s the publc key and (,,, ) s the prvate key. Let = where 1 <. We have =. =.,1 (2) Ths means that for 1, there exsts some ntegers such that and 0 <. Hence, = 0 / / = /. (3) Snce (,,, ) s a super-ncreasng sequence, so 2 and wth > we have 0 </2 Hence 0 / / <1/ 2. In partcular, the rght sde of / / <1/( 2 ) s very small. Hence, we can assume / /. (4) From equaton (4), If we take = and =, then / s very close to / and from lemma 2, the postve ntegers = for 1 are a superncreasng sequence (note that s are publc and obvous). Subtractng the case =1 of equaton (3) from the -th gves and so, for 2, = = = < =2 < (5) Snce s publc, It remans to compute the nteger such that equaton (5) holds, gven only the ntegers,,...,. Another way to wrte equaton (5) s <,2. (6) and one sees that the problem s precsely smultaneous Dophantne approxmaton. From theorem2, We can solve the smultaneous Dophantne approxmaton n the polynomal tme and fnd a value for. We now set = and = (note that s publc) and computes = for 1 to obtan the sequence (,,..., ), as we sad ths s a super-ncreasng sequence. We then compute = ( ) for any challenge cphertext. Snce (,,..., ) s super-ncreasng sequence, we can solve an easy knapsack problem = wth algorthm1 and therefore the orgnal message bts,1 are recovered. Let =2 ()/ and =/. We can use LLL-lattce bass reducton for solve equaton (5) (smultaneous Dophantne approxmaton) and hence, the value of = s determnd. Consder the lattce () wth dmenson +1 and bass matrx 0 0 =

7 IJCSI Internatonal Journal of Computer Scence Issues, Vol. 9, Issue 5, No 1, September where 0<<1 and 1<<. LLL-lattce bass reducton algorthm can be appled to the lattce () to output a relatvely short vector =( 1, 2,, ), whch can be used to approxmate the smultaneous Dophantne approxmaton problem. Snce (), there exst ntegers,,, such that =(,,, ) =(,,,, ) where (,,, ) s the publc key. After computng =(,,, ) wth LLL-lattce bass reducton algorthm, we can compute from equaton =. Wth the par (, )=(, ), we now compute ntegers =., 1 n whch form lemma 2, ths s a super-ncreasng sequence. We can use ths sequence n place of to prvate key (,,, ). Step2: We can eavesdrop publc cphertext (, ) from nsecure channel and hence we can compute factoral carry value ={,,, } of where = 169!+ 168!+ + 0! wth the followng algorthm. Algorthm4: compute the factoral carry value of nteger INPUT: ntegers, such that <!. OUTPUT: {,,..., } such that 0 and = ( )! for =1 to do ()! (+1 )! 3. Return "{,,..., }" Step3: We dvde super-ncreasng sequence (,,, ) (whch s computed n step1) nto 8 subset publc key vectors: = {(,,, ), (,,, ), (,,, )}. and recombne each subset publc key vector usng factoral carry value =(,,, ) (whch s computed n step2) by means of the permutaton combnaton algorthm. Smlar Hwang et al. s cryptosystem, we can choose frst 128 elements n each subset publc key vector. Then, we wll obtan 1024 elements (,,, ). Wth computed par (, ) from step1, frst compute = and then dvde nto ={,..., }. Each,1 s a 1024-bt message. Now, snce (,,, ) s super-ncreasng sequence, we can use algorthm1 for solve the followng superncreasng subset sum problems: =, =, (7) =, and recover message bts ={,,,, },1 to obtan the orgnal message ={,,, } for any challenge cphertext (, ). 5. Performance Analyss of Attack As we see n secton 4, n step1, we need to fnd a par of ntegers (, ) such that / s very close to / (where = ( ) and are parts of the prvate key and (,,, ) s publc key). As we showed, we can take = where s publc. So we need to fnd a value for =. In step2, we can use algorthm4 for fnd the factoral carry value ={,,, } of the publc value. In step3, we need one modular multplcaton for compute and (1024 ) subtracton to solve equaton (7) wth algorthm1 for recover the orgnal message = {,,, } from any challenge cphertext (, ). Hence, the more dffcult and mportant part of attack s step1. In step1, we used smultaneous Dophantne approxmaton problem for fndng the value of =. So we need to compute the computatonal complexty of smultaneous Dophantne approxmaton problem. complexty of ths problem s gven n theorem3 where take ( { (), + (1/)} ) bt operatons, whch s polynomal tme. Consequently, the proposed attack s polynomal tme and practcable.

8 Concluson We consdered cryptanalyss of a knapsack-type publc key cryptosystem. Ths cryptosystem uses a combnaton permutaton algorthm n the encrypton phase to avod the low densty attack by keepng the densty hgh. Ths cryptosystem s vulnerable to LLL-lattce bass reducton algorthm, snce t uses a super-ncreasng sequence as a prvate key and attempt to hde ths sequence wth modular multplcaton for constructng the publc key. But as we showed, the modular multplcaton cannot hde the superncreasng sequence. To avod ths attack we can choose another easy knapsack problem that s not a superncreasng sequence or we do not use modular multplcaton for producng the publc key from the prvate key. References [1] Aboud j. Sattar, An mproved knapsack publc key cryptography system, Internatonal Journal of Internet Technology and Secured Transactons, Vol.3 (3), pp , [2] M. J. Coster, B. A. LaMaccha, A. M. Odlyzko, and C. P. Schnorr, An mproved low-densty subset sum algorthm, n Advances n Cryptology, EUROCRYPT 91, Lecture Notes n Computer Scence, vol. 547, pp , [3] Y. G. Desmedt, J. P. Vandewalle, and R. J. M. Govaerts, A crtcal analyss of the securty of knapsack publc-key algorthms, IEEE Transactons on Informaton Theory, vol.it-30(4), pp , July [4] R. Eer and H. Lagger, Trapdoors n knapsack cryptosystems, (In T. Beth, edtor), Advances n Cryptology Proceedngs of CRYPTO 82, Lecture Notes n Computer Scence, vol.149, pp , Sprnger- Verlag, [5] S. Galbrath, Mathematcs of Publc Key Cryptography, verson 0.2. Avalable n: [6] M. S. Hwang, C. C. Lee, and S. F. Tzeng, A New Knapsack Publc-Key Cryptosystem Based on Permutaton Combnaton Algorthm, Internatonal Journal of Appled Mathematcs and Computer Scences vol. 5; 1, pp , Wnter [7] J.C. Lagaras, The computatonal complexty of smultaneous dophantne approxmaton problems, SIAM Journal of Computng vol.14, pp , [8] J. C. Lagaras and A. M. Odlyzko, Solvng low-densty subset sum problems, J. Ass. Comput. Much. vol. 32, no. 1, pp Jan [9] J. C. Lagaras, Performance Analyss of Shamr s Attack on the Basc Merkle-Hellman Knapsack Publc Key Cryptosystem, Proc. 11th Intern. Colloquum on Automata, Languages and Programmng (ICALP), Lecture Notes n Computer Scence, vol. 172, pp , Sprnger-Verlag, Berln, [10] H. W. Lenstra, Jr, Integer programmng wth a fxed number of varables, Report (Second verson), Unversty of Amsterdam, November [11] K. Lenstra, H. W. Lenstra Jr., and L. Lovász, Factorng Polynomals wth ratonal coeffcents, Math. Ann., vol.261, pp , [12] R. Merkle and M. E. Hellman, Hdng nformaton and sgnatures n trapdoor knapsack, IEEE Trans. Inform. Theory, vol. IT-24, pp , Sept [13] Menezes, P. van Oorschot and S. Vanstone, Handbook of Appled Cryptography. CRC Press, [14] R. Mchael, and S. Davd, Computers and Intractablty: A gude to the theory of NP-completeness. W. H. Freeman & Co., San Francsco, [15] P. Nguyen, J. Stern, Merkle-Hellman revsted: A cryptanalyss of the Qu-Vanstone cryptosystem based on group factorzatons, n: Proceedngs of Crypto'97, LNCS, vol. 1294, pp , Sprnger-Verlag, [16] Shamr, A Polynomal-tme Algorthm for Breakng the Basc Merkle-Hellman Cryptosystem, Proceedngs of the IEEE Symposum on Foundatons of Computer Scence, New York, pp , [17] P.W. Shor, Polynomal-tme algorthms for prme factorzaton and dscrete logarthms on a quantum computer, SIAM Journal of Computng, vol. 26, pp , [18] S. Vaudenay, Cryptanalyss of the Chor-Rvest cryptosystem, Advances n Cryptology CRYPTO 98, LNCSe, vol. 1462, pp , Sprnger- Verlag, Berln, Roohallah Rastagh has receved hs BSc degree n electrcal engneerng and MSc degrees n secure communcaton from the Aeronautcal Unversty of snce and Technology, Iran n 2003 and 2010, respectvely. Hs research nterests nclude cryptology especally desgn and analyze of publckey cryptography. Hamd Reza Dall Oskoue receved hs BSc and MSc degrees n electrcal engneerng from the Unversty of Aeronautcal Scence & Technology and the Trabat Modares Unversty, Iran n 2002 and 2004, respectvely. He obtaned hs PhD degree n electrcal engneerng from Trabat Modares Unversty, Tehran, Iran. He then joned the Unversty of Aeronautcal Scence & Technology, Tehran, Iran, as an assstant professor n 2006, hs research areas are Communcaton, Radar,Mcrowave component, Antenna and wave propagaton. Dr. Oskoue has served as a revewer for a number of journals and conferences.