Crackng of the Merkle Hellman Cryptosystem Usng Genetc Algorthm Zurab Kochladze 1 * & Lal Besela 2 1 Ivane Javakhshvl Tbls State Unversty, 1, I.Chavchavadze av 1, 0128, Tbls, Georga 2 Sokhum State Unversty, 9, Anna Poltkovskaya Street, 0186, Tbls, Georga *Correspondng author. E-Mal: zurab.kochladze62@gmal.com; Tel: +995 32 2 224712; Fax: +995 32 2 223874 Receved: 30 March 2016 Revsed: 1 June 2016 Accepted: 21 June 2016 Onlne: 30 June 2016 Keywords: Genetc algorthm; cryptanalyss; Merkle- Hellman cryptosystem; Shamr s algorthm; Cryptanalytc attack A b s t r a c t The artcle consders the possblty of usng genetc algorthms n cryptanalyss, namely for crackng the Merkle-Hellman cryptosystem. The obtaned analyss results lead us to concluson that the use of genetc algorthms n cryptanalyss may be effectve. For example, the genetc algorthm descrbed n the artcle fnds a cpher key faster than the wellknown Shamr algorthm. Transactons on Scence and Technology 2016 Introducton In 1978 the famous Merkle & Hellman (1978) artcle was publshed, whch descrbed an open key (asymmetrc) cryptosystem based on a concrete case of the knapsack problem (Martello & Toth, 1990). We can formulate t as follows: there s a knapsack of V volume and a set of B b, b,... b } subects, whch have certan volumes. Our goal s to fnd such B B subset of B { 1 2 n set, for the elements of whch the followng equaton s worked out: V n 1 b x (1) where x {0,1 }, 1,2,..., n n case x 1. Ths means that we should place subect nto the knapsack, and n case x 0 -, then we should not place the subect nto the knapsack. As t s known, the knapsack problem belongs to the NP grade task groups (Martello & Toth, 1990). However, n ths concrete case, f B set s an extremely ncreasng sequence,.e. each fulfls the condton. b member of the sequence 1 b b, (2) 1 Then there s a lnear algorthm for the soluton of the problem (Martello & Toth, 1990). Kochladze & Besela, 2016. Transactons on Scence and Technology. 3(1-2), 291-296
Kochladze & Besela, 2016. Transactons on Scence and Technology. 3(1-2), 291-296 292 Usng ths feature, Merkle and Hellman (1978) developed an open key cryptosystem, n whch the open cpher key s A { a1, a2,... an} non-extremely ncreasng sequence, where each a member of A sequence s obtaned by the followng rule: a b t(mod m), (3) where m, t Z and the followng condtons are fulflled: m n b 1, ( t, m) 1. (4) The key of the cpher s the ( B, m, t) three. The open text, whch represents a sequence of zeroes and ones, durng encrypton s dvded nto a block of n length and L quantty and acts as x {0,1 } set. The encrypted text s represented wth S,..., 1, S2 SL sums, whch are calculated by the formula: S n 1 x For restorng the open text t s necessary to solve the above mentoned verson of the knapsack problem by a lnear algorthm when B extremely ncreasng sequence and m and t parameters are known. For ths purpose each sum s multpled by a 1 t modulo m (5) S / 1 S t (mod m) (6) and the knapsack problem s solved by the above mentoned lnear algorthm for each / S sum separately, when B extremely ncreasng sequence s known. In case an opponent desres to crack the system and fnd the open text he/she wll have to solve NP problem that s qute mpossble as far as the quantty of the members n B sequence changes from two hundred to three hundred elements. At a glance ths system seemed to be protected from any cyber attacks and was the fastest open key system, the use of whch was possble for encrypton of vast texts. However, t turned out to have certan trapdoors (Salomaa, 1996), by use of whch famous cryptologst A. Shamr (1984) created the polynomal algorthm and cracked the system. Among the weak ponts the most noteworthy s that unlke other open key cryptosystems, the open key s obtaned from the cpher key not by means of a sngle-drecton functon. Moreover, seemngly, t s not at all necessary to fnd exactly the (t 0, m 0 ) par, by whch the open key A nonextremely ncreasng sequence s obtaned from B extremely ncreasng sequence. As t appears, any B extremely ncreasng sequence, from whch t s possble to obtan the gven A non-extremely ncreasng sequence, may be used as a cpher key,.e. t s possble to make an attack on the key. Usng these trapdoors A. Shamr (1984) created a two-stage algorthm to attack aganst cryptosystems. In the frst stage the algorthm looks for such ntegers, for whch the followng ISSN 2289-8786. http://transectscence.org/
Kochladze & Besela, 2016. Transactons on Scence and Technology. 3(1-2), 291-296 293 condton s fulflled: u/m value for several a -s s located n the common mnmal space of these functons. After fndng such numbers by the Dophantne approxmaton method the algorthm looks for the (u,m) par, by means of whch t becomes possble to calculate the cpher key from the open key. Usng the Genetc algorthm to Crack the Merkle-Hellman cryptosystem Genetc algorthms were frst used for the soluton of optmzaton problems (Goldberg, 1989). After some tme they were also used n dfferent felds of scences. Genetc algorthms are based on one of the basc prncples of bologcal evoluton: struggle for populaton savng by maxmal adustment to the envronment that s reached by mprovement and development of the best features n new generatons. One of the most sgnfcant advantages of the genetc algorthms compared to other search algorthms s the possblty of ther parallelzaton. Ths sgnfcantly decreases the attack tme. Use of genetc algorthms for cryptanalyss of cryptographc algorthms s a new trend, whch has not yet developed n practcal cryptology. There are several hundreds of works, the authors of whch make ther efforts to show that ths approach may have advantages compared to other ones (Garg & Shastr, 2006; Garg, et al., 2007; Muthuregunathan, 2009; Tadors et al., 2010; Raman & Balasubramanan, 2011; Mshra & Bal, 2013). In regard to ths we tred to crack the already cracked Merkle-Hellman cryptosystem by means of genetc algorthms. Then we compared the results obtaned by us to the results obtaned by the Shamr algorthm. There are works where the Merkle- Hellman cryptosystem s cracked by genetc algorthms, though n all cases the attack s carred out on the bass of cphertext (Splman, 1993; Splman et al., 1993; Garg & Shastr, 2006; Garg et al., 2007; Muthuregunathan, 2009; Raman & Balasubramanan, 2011; Raman, 2011). Unlke these works and lke the Shamr method, we search for the cpher key by attackng aganst the open key. We elaborated new heurstc methods, by whch made the use of genetc algorthms more precse and faster. The research results and software gven n ths artcle may be used for cryptanalyss of other asymmetrc cryptosystems as well. The problem formulaton and results Our method of attack s qute dfferent from the methods used n the above mentoned works. Besdes, we created a genetc algorthm qute dfferent from other genetc algorthms (dfferent n the selecton crteron and crossover process). Our genetc algorthm s descrbed n fle genetc2.h created by us. In genetc class of the fle four functons are descrbed: the ftness functon (bool ftness (vector<populatca>&v)), the crossover functon (vod crossover (vector<populatca>&v)), the mutaton functon (vod ftness(vector<populatca>&v)) and the selecton functon (vod selektca(vector<populatca>&v)). algorthm s as follows: ISSN 2289-8786. http://transectscence.org/
Kochladze & Besela, 2016. Transactons on Scence and Technology. 3(1-2), 291-296 294 1. The ftness functon determnes the extreme ncrease n each member (soluton-canddate) of the populaton transmtted to t. The ftness value of the soluton-canddate n the sequence s equal to the quantty of the extremely ncreasng members. 2. The selecton functon chooses the selecton-canddates, whch the most fulfll the ftness functon,.e. ther ftness values are hgher than those of others. In case the populaton sze s L we choose only L/5 soluton-canddates. Exactly these soluton-canddates form new generatons. 3. The crossover functon receves the populaton of the soluton-canddates. From ths populaton we choose soluton-canddates wth t1 and t2 numbers n pars by means of a random generator takng nto account that t1 and t2 do not concde wth each other and the used par s not repeated. Each soluton-canddate s dvded n two parts (at the md pont). 4. The mutaton functon changes one byte of each soluton-canddate. We choose the ndex by the random generator and change the relevant bt,.e. f the bt value s zero t s changed n 1, and on the contrary, f t s 1, then t s changed n zero. Our goal s, usng the above descrbed algorthm, to fnd such (u,m) par, by whch we wll be able to fnd the extremely ncreasng sequence by the followng formula: b au(mod m), where u=t -1 modulo m (7) The algorthm s realzed on C++ language base. It conssts of the preparaton and man parts. In the preparaton part the nformaton-to-be-transmtted s cphered by the Merkle-Hellman algorthm. We took b, b,... b } extremely ncreasng sequence, m modulo root and selected t multpler, by means { 1 2 n of whch we calculated open key a b t(mod m) and cphered the nformaton-to-be-transmtted by (3) formula algorthm s as follows: 1. The ntal populaton s represented by m root, whch s ntalzed by random generator (t s represented n bnary system). The sze of each member (soluton-canddate) of the populaton s d*n, where n s equal to the length of the open key and d=2; The soluton-canddates are transformed nto bnary system. 2. Lke the Shamr algorthm we take the frst four members of the open key and calculate the 1 nverse of t multpler by m root u p m/ a, where u t (mod m), 1 p a, * 0 4.Thus, we receve the populaton all probable multplers. We set lmts for selectng u multpler. Besdes (u,m)=1 and u<m, u multpler multpled by the thrd member of the open key must exceed m root. By addng ths lmt we reduce the soluton-canddates of u multpler,.e. make the algorthm more purposeful. We fnd the relevant closed key by (4) formula for all probable canddates of (u,m) par. 3. We determne the crteron for selecton by the ftness functon. In ths case the crteron for selecton s the extreme ncrease n the closed key obtaned as a result of the fourth phase. In case ISSN 2289-8786. http://transectscence.org/
Kochladze & Besela, 2016. Transactons on Scence and Technology. 3(1-2), 291-296 295 the sequence s extremely ncreasng,.e. the value of the ftness functon s less than n, we pass to the followng phase. 4. By means of the crossover functon we carry out the crossover operaton for the chosen solutoncanddates. 5. For the receved soluton-canddates the second, thrd and fourth phases are repeated. In case the ftness functon of any soluton-canddate s equal to n, t means the desred result s obtaned and the program stops functonng. Otherwse, we pass to the followng phase. 6. The selecton functon chooses the L/5 (L s the sze of the ntal populaton) number solutoncanddates, the ftness functons of whch are hgher. 7. We have ndcated that the process wll repeat 10 tmes. If ths process s repeated, 10 tmes and we don t get the desred result, only n ths case we use a mutaton, or change the functon of the gene, and then repeat the 2nd, 3rd and 4th steps. When we get the desred results, we stop workng. But tests showed that non f the mutatons feature s not needed, and the hybrdzaton of a maxmum of 5 tmes usng we get the desred result. No Table 1 shows the result obtaned n the experment. Knapsack sequence sze Populaton sze Table 1. The results of the experments. The number of experments carred out Repeatng the average number of genetc operators (crossover operaton) 1. 8 10 10 2 3.41st 2. 16 20 5 3 4.52st 3. 16 30 5 4 7.41 st 4. 20 50 5 5 8.71 st Average executon tme Dscusson and Concluson Accordng to the experment results, t s obvous that by usng genetc algorthm, the Merkle- Hellman cryptosystem s cracked qute quckly. Experments show that our algorthm s almost twce faster than Shamr (1984) algorthm. Therefore, we can conclude that attackng of the open key cryptographc systems through the genetc algorthms can be done only on the bass of publc key, even n cases when the polynomal algorthms of the attack are unknown. Reference [1] Goldberg, D. E. (1989). Genetc Algorthm n Search, Optmzaton and Machne Learnng. Boston: Addson-Wesley Longman Publshng. [2] Garg, P. & Shastr, A. (2006). An Improved Cryptanalytc Attack on Knapsack Cpher usng Genetc Algorthm. Internatonal Journal of Informaton Technology, 3(3), 145-152. [3] Garg, P., Shastr, A. & Agarwal, D. C. (2007). An Enhanced Cryptanalytc Attack on Knapsack Cpher Usng Genetc Algorthm. Word Academy of Scence, Engneerng and Technology, 12, 829-832. [4] L, T., L, J., & Zhang, J. (2014). A Cryptanalyss Method Based on Nche Genetc Algorthm. Appled Mathematcs & nformaton Scences. An Internatonal Journal, 8(1), 279-285. [5] Martello, S. & Toth, P. (1990). Knapsack Problems: Algorthms and Computer Implementatons. New York: John Wley & Sons. [6] Merkle, R. & Hellman, M. (1978). Hddng nformaton and sgnatures n trapdoor Knapsak. IEEE Transactons on Informaton Theory, 24(5), 535-530. ISSN 2289-8786. http://transectscence.org/
Kochladze & Besela, 2016. Transactons on Scence and Technology. 3(1-2), 291-296 296 [7] Mshra, S. & Bal, S. (2013). Publc Key Cryptography Usng Genetc Algorthm. Internatonal Journal of Recent Technology and Engneerng. 2(2), 150-154. [8] Muthuregunathan, R., Vekataraman, D. & Raasekaran, P. (2009). Cryptanalyss of Knapsack Cpher Usng Parrallel Evolutonary Computng. Internatonal Journal of Recent Trends n Engneerng, 1(1), 260-263. [9] Raman, G. & Balasubramanan, L. (2011). Genetc Algorthm Soluton for Cryptanalyss of Knapsack Cpher wth Knapsack Sequence of Sze 16. Internatonal Journal of Computer Applcatons, 35(11), 17-23. [10] Raman, G. (2011). Genetc Algorthm soluton for Cryptanalyss of Knapsack Cpher wth Knapsack Sequence of Sze 16. Internatonal Journal of Computer Applcatons, 35(11), 17-23. [11] Salomaa, A. (1996). Publc-Key Cryptography (2 nd Enlarged Edton). Berln Hedelberg: Sprnger-Verlag. [12] Shamr, A. (1984). A Polnomal-Tme Algorthm for Breakng the Basc Merkle-Hellman Cryptosystem. IEEE Transactons on Informaton Theory, 30(5), 699-704. [13] Splman, R. (1993). Cryptanalyss of Knapsack Cpher Usng Genetc Algorthms. Cryptologa, 17(4), 367-377. [14] Splman, R., Janssen, M., Nelson, B. & Kepner, M. (1993). Use of a Cenetc algorthm n the Cryptanalyss of Smple Substtuton Cphers. Cryptologa, 17(1), 31-44. [15] Tadors, T., Hegazy, A. E. F. & Bard, A. (2010). Genetc Algorthm for DES Cryptanalyss. Internatonal Journal of Computer Scence and Network Securty, 10(5), 5-11. ISSN 2289-8786. http://transectscence.org/