79 CHAPTER 3 THE NEW MMP CRYPTO SYSTEM In this chapter an overview of the new Mixed Mode Paired cipher text Cryptographic System (MMPCS) is given, its three hard mathematical problems are explained, and the block diagrams of encryption and decryption are shown. The new mixed mode- paired cipher text crypto system utilizes the properties of both symmetric and asymmetric systems and incorporates the three hard mathematical problems, Hidden Root Problem, Discrete Logarithm Problem and Factoring Problem. This system is called mixed mode crypto system because it combines the properties of both symmetric and asymmetric crypto system. Paired cipher text systems generate a pair of cipher text characters for a given plain text character. The number of cipher text characters generated by the system will be twice the number of plain text characters given to the system, so that the hackers get more confused in cryptanalysis. ElGamal and Elliptical curve Systems explained in section 2.13 and 2.14 are the examples of paired cipher text crypto systems. The proposed system is also a paired cipher text crypto system. 3.1 Overview In this Mixed Mode-Paired cipher text Cryptographic system, both symmetric and asymmetric encryptions are mixed with the aid of three hard mathematical problems Hidden Root Problem, Discrete Logarithm Problem and Factoring Problem. Here three sets of keys are employed. Symmetric key set { S a, S b } is used for both encryption and decryption. So they must be kept secret while encrypting and decrypting. Public key {e, r, n} is used only for the encryption and that can be accessed by any one. The private key{d, s, n} is used only for the decryption of the cipher text, which had been encrypted using public key, and that also must be kept secret. The cipher text will be containing two
80 components (C f, C s ), which are combined together in a particular way to get the plain text. The block diagram of new mixed mode cryptographic system is as shown in Figure 3.1. If Raman wishes to communicate with Seetha, he has to get a symmetric key from the Seetha through a secure channel. First, the plain text is encrypted with the help of symmetric keys. He then encrypts the symmetric key encrypted data with Seetha s public keys (The public key set consists of three elements). The public key encrypted data is the final cipher text and which is transmitted to the Seetha. Seetha has the symmetric keys (sent by the Raman through secure channel) and Seetha s private key. At the receiver side Seetha decrypts the message with Seetha s private key and again decrypts the message with the shared symmetric keys. Similar way, Seetha can also communicate with Raman. Figure 3.1: New Mixed Mode Cryptographic System
81 3.2 Hard Mathematical Problems As mentioned earlier, most of the public key systems are based on single hard mathematical problems. Discrete logarithm and factoring problems are most commonly used hard problems in public key systems. In the proposed system, three hard mathematical problems Hidden Root Problem, Discrete Logarithm Problem and Factoring Problem are included. 3.2.1 Hidden Root Problem The Hidden Root Problem is a novel computational problem which has several variants like Linear Hidden Root Problem, Non Linear Hidden Root Problem and Subfield Hidden Root Problem. In the proposed system Linear Hidden Root Problem is used. A paper of Vercauteren [Frederik Vercauteren 2008] discusses the hidden root problem, which grew out of pairing inversion. Let F q be a finite field with q = p n elements, where p is prime; and let e be a positive integer with e (q-1). Let e where (a, b) F 2 q For a fixed secret x F q, the Linear Hidden Root Problem (LHRP) is to recover x in expected polynomial time in log q by querying the oracle repeatedly with chosen pairs (ai, bi). The restriction e (q can be explained as follows: be a positive integer with gcd(, q, -powering defines a permutation on Fq with inverse( 1 mod (q -powering. trivial to solve using only one query by computing x e.
82 3.2.2 Discrete Logarithm Problem Widely used public key Algorithms, such as ElGamal, Elliptical curve and Diffie Hellman key Exchange etc are based on discrete logarithm problem. In MMPCS also the problem of discrete logarithm is well utilized. The idea of exponentiation and logarithm and the properties of multiplicative groups are explained in section 2.7.6 and 2.5 respectively. If you are given a prime integer p, a generator g of multiplicative group (Z n *), and an element y (Z n *), to find an integer a such that g a = y is called discrete logarithm problem. In general, let G be a finite cyclic group with n elements. We assume that the group is written multiplicatively. Let b be a generator of G; then every element g of G can be written in the form g = b k for some integer k. Furthermore, any two such integers k 1 and k 2 representing g will be congruent modulo n. We can thus define a function. (where Z n denotes the ring of integers modulo n) by assigning to each g the congruence class of k modulo n. This function is a group isomorphism, called the discrete logarithm to base b. The familiar base change formula for ordinary logarithms remains valid: If c is another generator of G, then we have Discrete logarithms are perhaps simplest to understand in the group (Z * p )This is the set {1,, p 1} of congruence classes under multiplication modulo the prime p. If we want to find the k th power of one of the numbers in this group, we can do so by finding its k th power as an integer and then finding the remainder
83 after division by p. This process is called discrete exponentiation. For example, consider (Z 17 * ). To compute 3 4 in this group, we first compute 3 4 = 81, and then we divide 81 by 17, obtaining a remainder of 13. Thus 3 4 = 13 in the group (Z 17 * ). Discrete logarithm is just the inverse operation. For example, take the equation 3 k the only solution. Since 3 16 then 3 4+16 n n solutions of the form 4 + 16n. Moreover, since 16 is the smallest positive integer m satisfying 3 m order of 3 in (Z * 17 ), these are the only solutions. Equivalently, the solution can be expressed as k No efficient classical algorithm for computing general discrete logarithms log b g is known[la Macchia 1991]. There are three basic types of discrete log algorithms: square-root" algorithms such as Pollard's rho algorithm, the Pohlig-Hellmen Algorithm, and Index Calculus Algorithms. Pollard's rho algorithm can compute discrete logs in a cyclic group of prime order n in time O( ) and negligible space. If n is not prime and the factorization of n is known, then the Pohlig-Hellman algorithm can be used. If n = p e1 1 p e2 ec 2 p c is the prime factorization of n, then the Pohlig- Hellman algorithm computes partial solutions by computing discrete logs in subgroups of order pi for i = 1 c. Typically Pollard's rho algorithm is used as a subroutine to compute these logarithms, and the partial solutions are combined to compute the requested discrete log. The runtime of Pohlig-Hellman is assuming n has the prime factorization given above. In particular, if n is B-smooth, meaning that none of it's prime factors are greater than B, the runtime of the Pohlig-Hellman algorithm is O(ln ln n(log n + )), since the average number of not necessarily distinct prime factors is ln ln n. If n is at most 256 bits and has no factors of more than 16 bits, i.e. n is (2 16-1)
84 smooth, then we can expect the Pohlig-Hellman algorithm to require only O(2 12 ) operations. When Pollard's rho algorithm is used with the Pohlig-Hellman algorithm, the combined algorithm also uses negligible space. If n has a large prime factor neither of these algorithms work well. Index calculus algorithms do not work in a general cyclic group, but they do work in Z p * and they run in sub-exponential time. Index calculus methods do not work directly on subgroups of Z p ; however it can be used to compute logs in subgroups by computing logs in Z p *. For this reason, if n <= p,then a square-root algorithm such as Pollard rho (or Pohlig-Hellman if n is composite) may be faster than index calculus methods, depending on the exact relationship between n and p [Alfred J 1996]. Shank s algorithm is more efficient but still require practical for large p. For example, if log (p). This is not p=170141183460469231731687303715884105727, many calculations). Even using Google s computers which are estimated to perform 300 trillion calculations per second, it would take roughly 5 years to solve. [Douglus R 1995]. No efficient classical algorithm for computing general discrete logarithms log b g is known. 3.2.3 Factoring Problem Given a positive composite integer N, find an integer x, with 1<x<N, such that x divides N is called factoring problem. In number theory, integer factorization or prime factorization is the decomposition of a composite number into smaller non-trivial divisors, which when multiplied together equals the original integer. When the numbers are very large, no efficient, non-quantum integer factorization algorithm is known; an effort concluded in 2009 by several
85 researchers factored a 232-digit number (RSA-768), utilizing hundreds of machines over a span of 2 years. The table 3.1 shows the number of operations and time taken to factorize variable length digits presented by the authors of RSA in 1978. Table 3.1: Time to factorize n The presumed difficulty of this problem is utilized in MMPCS algorithm also. There has been a long search for efficient algorithm to factor large composite numbers. Unfortunately no such perfect algorithm has been found. Although there are several algorithm such as Trial Division Algorithm, Fermat s Factorization Algorithm, Pollard p-1 Algorithm, Pollard Rho algorithm etc,that can factor a number, but none are capable of factoring a very large number in reasonable time[a Lenstra 2000]. The complexities of these algorithms are exponential. The factorization algorithm like Quadratic sieve, number field sieve etc have sub exponential complexity [Forouzan 2010]. 3.3 MMPCS Encryption and Decryption The block diagram of MMPCS encryption is as shown in figure 3.2. It consists of three stages of encryption. The first stage of encryption is by using symmetric keys S a, S b. The encryption of this stage is based on hidden root problem. The second stage of encryption is done with the help of public key {e, r, n} and the encryption is based on factoring problem. In second stage of encryption, a random number k is used and it produces the first component of the cipher text C f. The inputs of the third stage of encryption are the same random number and a primitive element t which satisfies t n-1 =1 mod n.this stage
86 generates the second component of cipher text C s. The third stage of encryption utilizes discrete logarithm problem. The first and second component as a pair is sent to the receiver where decryption is performed. Figure 3.2 : MMPCS Encryption The block diagram of MMPCS decryption is as shown in figure 3.3. After the first stage of decryption with the help of private keys s and d, C h is obtained. C h is undergone second stage of decryption with the help of symmetric keys S a and S b to get original plain text M.
87 Figure 3.3: MMPCS Decryption The private key used is (s, d) where s is an integer from set of multiplicative Z * n, such that 1< s < n and r = t s (mod n). The variable d is the multiplicative inverse of e n).