International Journal of Network Security & Its Application (IJNSA), Vol.2, No.1, January SYSTEL, SUPCOM, Tunisia.

Similar documents
Efficient Large Integers Arithmetic by Adopting Squaring and Complement Recoding Techniques

Understanding the Spike Algorithm

A thesis presented to. the faculty of. the Russ College of Engineering and Technology of Ohio University. In partial fulfillment

Review: Our Approach 2. CSC310 Information Theory

PRACTICAL, COMPUTATION EFFICIENT HIGH-ORDER NEURAL NETWORK FOR ROTATION AND SHIFT INVARIANT PATTERN RECOGNITION. Evgeny Artyomov and Orly Yadid-Pecht

A Comparison of Two Equivalent Real Formulations for Complex-Valued Linear Systems Part 2: Results

Space Time Equalization-space time codes System Model for STCM

Chaotic Filter Bank for Computer Cryptography

Parameter Free Iterative Decoding Metrics for Non-Coherent Orthogonal Modulation

Side-Match Vector Quantizers Using Neural Network Based Variance Predictor for Image Coding

Fast Code Detection Using High Speed Time Delay Neural Networks

A study of turbo codes for multilevel modulations in Gaussian and mobile channels

Adaptive Modulation for Multiple Antenna Channels

Chinese Remainder. Discrete Mathematics Andrei Bulatov

IEE Electronics Letters, vol 34, no 17, August 1998, pp ESTIMATING STARTING POINT OF CONDUCTION OF CMOS GATES

TECHNICAL NOTE TERMINATION FOR POINT- TO-POINT SYSTEMS TN TERMINATON FOR POINT-TO-POINT SYSTEMS. Zo = L C. ω - angular frequency = 2πf

Rejection of PSK Interference in DS-SS/PSK System Using Adaptive Transversal Filter with Conditional Response Recalculation

熊本大学学術リポジトリ. Kumamoto University Repositor

Graph Method for Solving Switched Capacitors Circuits

Error Probability of RS Code Over Wireless Channel

Accelerated Modular Multiplication Algorithm of Large Word Length Numbers with a Fixed Module

Digital Transmission

Calculation of the received voltage due to the radiation from multiple co-frequency sources

Inverse Halftoning Method Using Pattern Substitution Based Data Hiding Scheme

antenna antenna (4.139)

EMA. Education Maintenance Allowance (EMA) Financial Details Form 2017/18. student finance wales cyllid myfyrwyr cymru.

c 2009 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media,

AN EFFICIENT SECURE UNIVERSAL BLOCK SOURCE CODING ALGORITHM FOR INTEGERS

Performance Analysis of Multi User MIMO System with Block-Diagonalization Precoding Scheme

To: Professor Avitabile Date: February 4, 2003 From: Mechanical Student Subject: Experiment #1 Numerical Methods Using Excel

Control Chart. Control Chart - history. Process in control. Developed in 1920 s. By Dr. Walter A. Shewhart

Walsh Function Based Synthesis Method of PWM Pattern for Full-Bridge Inverter

High Speed ADC Sampling Transients

Latency Insertion Method (LIM) for IR Drop Analysis in Power Grid

Joint Power Control and Scheduling for Two-Cell Energy Efficient Broadcasting with Network Coding

A General Framework for Codes Involving Redundancy Minimization

Comparative Analysis of Reuse 1 and 3 in Cellular Network Based On SIR Distribution and Rate

Application of Intelligent Voltage Control System to Korean Power Systems

Low-Delay 16 kb/s Wideband Speech Coder with Fast Search Methods

SIMULATED PERFORMANCE A MATLAB IMPLEMENTATION OF LOW-DENSITY PARITY- CHECK CODES. By: Dan Dechene Kevin Peets. Supervised by: Dr.

ANNUAL OF NAVIGATION 11/2006

King s Research Portal

Equivalent Circuit Model of Electromagnetic Behaviour of Wire Objects by the Matrix Pencil Method

A High-Speed Multiplication Algorithm Using Modified Partial Product Reduction Tree

ALICE AND BOB GO TO DINNER: A VARIATION ON MÉNAGE

Performance Comparison of Product Codes and Cubic Product Codes using FRBS for Robust Watermarking

Hierarchical Generalized Cantor Set Modulation

29. Network Functions for Circuits Containing Op Amps

LOCAL DECODING OF WALSH CODES TO REDUCE CDMA DESPREADING COMPUTATION

Spread Spectrum based M-ary Modulated Robust Image Watermarking

Low Sampling Rate Technology for UHF Partial Discharge Signals Based on Sparse Vector Recovery

Fall 2018 #11 Games and Nimbers. A. Game. 0.5 seconds, 64 megabytes

Steganography in JPEG2000 Compressed Images

NATIONAL RADIO ASTRONOMY OBSERVATORY Green Bank, West Virginia SPECTRAL PROCESSOR MEMO NO. 25. MEMORANDUM February 13, 1985

Uncertainty in measurements of power and energy on power networks

Optimizing Transmission Lengths for Limited Feedback with Non-Binary LDPC Examples

High Speed, Low Power And Area Efficient Carry-Select Adder

EE 508 Lecture 6. Degrees of Freedom The Approximation Problem

Discussion on How to Express a Regional GPS Solution in the ITRF

Multi-sensor optimal information fusion Kalman filter with mobile agents in ring sensor networks

HUAWEI TECHNOLOGIES CO., LTD. Huawei Proprietary Page 1

Optimal Allocation of Static VAr Compensator for Active Power Loss Reduction by Different Decision Variables

LOW-density parity-check (LDPC) codes first discovered

08/20/99 1 T1E1.4/99-333R1. Title: Soft Cancellation via Iterative Decoding to Mitigate the effect of Home-LANs on VDSL (333R1)

A Preliminary Study on Targets Association Algorithm of Radar and AIS Using BP Neural Network

Performance of Modified Iterative Decoding Algorithm for Multilevel Codes in Adaptive OFDM System

Secure Transmission of Sensitive data using multiple channels

POLYTECHNIC UNIVERSITY Electrical Engineering Department. EE SOPHOMORE LABORATORY Experiment 1 Laboratory Energy Sources

PERFORMANCE EVALUATION OF BOOTH AND WALLACE MULTIPLIER USING FIR FILTER. Chirala Engineering College, Chirala.

STATISTICS. is given by. i i. = total frequency, d i. = x i a ANIL TUTORIALS. = total frequency and d i. = total frequency, h = class-size

The Spectrum Sharing in Cognitive Radio Networks Based on Competitive Price Game

Numerical simulations for long range guided waves Nondestructive Testing by a wavelet based two port equivalent.

THE USE OF CONVOLUTIONAL CODE FOR NARROWBAND INTERFERENCE SUPPRESSION IN OFDM-DVBT SYSTEM

Secure Power Scheduling Auction for Smart Grids Using Homomorphic Encryption

NOVEL ITERATIVE TECHNIQUES FOR RADAR TARGET DISCRIMINATION

IN wireless networks, it has always been a challenge to satisfy

communications are increasingly used in a way that they are scrambling and the combination of scrambling frequency and time domain.

Implementation Complexity of Bit Permutation Instructions

Chapter 2 Basics of Efficient Secure Function Evaluation

New Wavelet Based Performance Analysis and Optimization of Scalable Joint Source/Channel Coder (SJSCC & SJSCCN) for Time-Varying Channels.

Double-lock for image encryption with virtual optical wavelength

Multi-Robot Map-Merging-Free Connectivity-Based Positioning and Tethering in Unknown Environments

arxiv: v1 [cs.it] 30 Sep 2008

DESIGN OF OPTIMIZED FIXED-POINT WCDMA RECEIVER

Sensors for Motion and Position Measurement

Reduced Cluster Search ML Decoding for QO-STBC Systems

Fuzzy Authentication Algorithm with Applications to Error Localization and Correction of Images

Chapter 2 Two-Degree-of-Freedom PID Controllers Structures

A Novel Reference Current Generation Algorithm for Harmonic and Reactive Power Compensation in Non Ideal Three-phase Systems

A MODIFIED DIFFERENTIAL EVOLUTION ALGORITHM IN SPARSE LINEAR ANTENNA ARRAY SYNTHESIS

On the Feasibility of Receive Collaboration in Wireless Sensor Networks

Multicarrier Modulation

Chapter 1. On-line Choice of On-line Algorithms. Yossi Azar Andrei Z. Broder Mark S. Manasse

Dynamic Optimization. Assignment 1. Sasanka Nagavalli January 29, 2013 Robotics Institute Carnegie Mellon University

Prevention of Sequential Message Loss in CAN Systems

Generalized Incomplete Trojan-Type Designs with Unequal Cell Sizes

A Novel UWB Imaging System Setup for Computer- Aided Breast Cancer Diagnosis

Solving switched capacitors circuits by full graph methods

DESIGN OF OPTIMIZED FIXED-POINT WCDMA RECEIVER

Beam quality measurements with Shack-Hartmann wavefront sensor and M2-sensor: comparison of two methods

Transcription:

Internatonal Journal of Network Securty & Its Applcaton (IJNSA), Vol.2, No., January 2 WEAKNESS ON CRYPTOGRAPHIC SCHEMES BASED ON REGULAR LDPC CODES Omessaad Hamd, Manel abdelhed 2, Ammar Bouallegue 2, Sam Harar 3 SYSTEL, SUPCOM, Tunsa hamd@unv-tln.fr 2 SYSCOM, ENIT, Tunsa abdelhed manel@yahoo.fr, ammar.bouallegue@ent.rnu.tn 3 SIS, USTV, France harar@unv-tln.fr ABSTRACT We propose a method to recover the structure of a randomly permuted chaned code and how to cryptanalyse cryptographc schemes based on these knds of error codng. As applcaton of these methods s a cryptographc schema usng regular Low Densty Party Check (LDPC) Codes. Ths result prohbts the use of chaned code and partcularly regular LDPC codes on cryptography. KEYWORDS: Cryptography, Chaned Codes, LDPC Codes, Attack, Complexty.. INTRODUCTION RSA and McElece are the oldest publc key cryptosystems. They are based respectvely on ntractablty of factorzaton and syndrome decodng problems []. However, McElece [2] was not qute as successful as RSA, partallydue to ts large publc key and to the belef that could not be used n sgnature. In 2, Courtos, Fnasz and Sendrer [3] show a new method to buld practcal sgnature schemes wth the McElece publc key cryptosystem. Ths scheme has the drawback of a hgh sgnature cost. One dea to counter ths drawback conssts n replacng Goppa code by other codes whch have faster decodng algorthms lke chaned codes. In ths paper, we show an nvarant n the structure of chaned codes whch makes a weakness n cryptographc schemes based on chaned codes. Our approach s based on the fact that any gven chaned equvalent code can be transformed n a systematc code whch has a specal generator matrx representaton. Regular LDPC code s generally a chaned repetton code. We show that these codes are useless n cryptography. 57

Internatonal Journal of Network Securty & Its Applcaton (IJNSA), Vol.2, No., January 2 2. CHAINED CODE A chaned code C s defned as a drect sum of elementary codes N = n and of dmenson = = k = K. C = C = = {( u u ); u C,..., u C },..., C. Ths code s of length To encode an nformaton m = ( m,..., m ), where m s generator matrx to obtan the codeword u = m. G = ( u,..., u ) wth u s the obtaned from m usng the elementary code dagonal s formed by elementary generator matrces k bts, we smply multply t by the n bts codeword C. So, G s a dagonal matrx n blocs and whose G of the code C. We assume that we have an effcent decodng algorthm for each elementary code u ( u,..., u ) decoded word s m ( m,..., ) =, we apply for each codeword m = dec u. C. To decode dec. The u ts correspondent decodng algorthm C ( ) = wth ( ) m We defne the support of a non zero word x ( x,..., x n ) zero postons. sup( ) { {,.., n}, x } = C =, denoted sup(x ), as the set of ts non x and the support of a set S { y,..., } U = as the unon of the supports of ts words sup( S) = sup( y ). So the support of a code C ( N, K) s the unon of ts k 2 codeword supports. y S Two words x and y are sad to be connected f ther supports are not dsjonts.e sup( x ) sup( y) = Θ and two sets I and J are sad to be dsjonts f there s no connecton subset between them. A non zero codeword x of C s sad to be mnmal support f there s no codeword sup( y) sup( x). y y C such that Two codes C ( N, K ) and '( N, K),.., N such as: C' = σ ( C) = { cσ ( ),.., cσ ( N ) }. In other words, C and C' are equvalents f there s a C are sad to be equvalents f there s a permutaton σ of { } permutaton matrx such as for any generator matrx G ofc, the matrx matrx of C '. G '= G. P s a generator 58

Internatonal Journal of Network Securty & Its Applcaton (IJNSA), Vol.2, No., January 2 3. CHAINED CODES AND CRYPTOGRAPHY As we mentoned n the ntroducton, the drawback of the unque dgtal sgnature scheme based on error codng s the hgh sgnature complexty whch s due to Goppa decodng algorthm. One dea to counter ths drawback conssts n replacng Goppa code by chaned code whch have faster decodng algorthm. Generally, the secret key of a cryptographc scheme based on error codng s the code tself, for whch an effcent decodng algorthm s known, and the publc key s a transformaton of the generator or party check matrces. We consder a dgtal sgnature scheme based on chaned code, and then we develop an algorthm to dscover the prvate key from publc key. Ths attack s applcable for each cryptographc scheme snce t s a structural attack. Secret key: Publc key: Sgnature: Verfcaton: o S s a random ( K K ) non sngular matrx called the scramblng matrx. o G s a ( K N) generator matrx of a chaned code o P s a random ( N N ) permutaton matrx o G '= S. G. P s a randomly scrambled et permuted generator matrx. It s a generator matrx of an equvalent non structured code to the chaned code c s the completed correcton capactes calculated as [3]. o h( ) s a hash functon. o The sgner, frst, calculates y = h( M ). P, where h(m ) s the N bt message, P s the nverse of P. Then he uses the completed decodng algorthm [3] for the orgnal chaned code C to obtan x = S. σ. Fnally, the recever obtans the sgnature by computng S σ =. x where S s the nverse of S. o The verfer calculates ρ ' = σ. G' and ρ = h(m ) o The sgnature s vald f d ( ρ, ρ' ) < c We have ntroduced a dgtal sgnature scheme and then we present the weakness of ths scheme. Ths weakness s due to the fact that chaned codes have an nvarant. Code equvalence means that one generator matrx s a permutaton of the other, because matrx S does not change the code but only performs a modfcaton on the bass of the lnear subspace. Canteaut showed that the 59

Internatonal Journal of Network Securty & Its Applcaton (IJNSA), Vol.2, No., January 2 matrx S may be mportant to hde the systematc structure of the Goppa codes, therefore havng an mportant securty role [4]. However, Heman was the frst to study ths pont and states that the random matrx S used n the orgnal McElece scheme serves no securty purpose concernng the protecton [5]. We confrm ths argument and we show that the random matrx S has no securty role for cryptographc schemes based on lnear codes. We state also that dsjont elementary code supports s an nvarant by permutaton. To avod exhaustve attack, we used at least fve dfferent elementary codes and to avod attack by nformaton set, we used a chaned code wth length at least equal to 9 bts. The attack explores the characterstcs of the code transformaton n order to dentfy ts buldng blocks. Its nput s a generatng matrx G' of a randomly permuted chaned code of length N and dmenson K. Its output s a structured chaned code. The algorthm s steps are: o Apply a Gauss elmnaton to the rows of the matrx form G = ( I, d Z ). G' to obtan the systematc Sendrer shows that rows of any systematc generator matrx of a code C are mnmal support codewords of C and that any mnmal support codeword of C s a row of a systematc generator matrx of C [4]. The systematc chaned code support s formed by dsjont sets. Each set represents the support of an elementary code. The transformaton of any randomly permuted chaned code generator matrx nto a systematc matrx by lnear algebrac algorthms wll allow us to fnd these supports and thus elementary codes. o Search the dsjont sets of rows of the systematc matrx G. Each set forms the elementary code support. o Use elementary decodng algorthms to decode every message. As applcaton of these codes, regular LDPC codes whch represent chaned repetton codes. Next sectons represent the propretes of these codes. 4. LOW DENSITY PARITY CHECK CODES Low-densty party-check (LDPC) codes were frst dscovered by Gallager [6] n 962 and have recently been redscovered by Mackay and Neal [7], [8]. In fact, when LDPC codes have been nvented, ther decodng was too complcated for the technology, and so they have been forgotten. These codes delver very good performance when decoded wth the belef-propagaton (BP) algorthm [7]. Bnary LDPC codes, are lnear block codes defned by a sparse party check matrx H ( M N ), where N denotes the codeword length and M the number of party-check equatons. When the numbers of s n each column and row are constant the code s called a regular LDPC code. Otherwse, t s sad to be rregular. 4.. Regular LDPC codes In ths secton, we show that the party check matrx of an LDPC code has a partcular structure. The unqueness of the canoncal matrx provdes us to recover used codes of any equvalent code. 6

Internatonal Journal of Network Securty & Its Applcaton (IJNSA), Vol.2, No., January 2 The support of systematc LDPC code s formed by dsjont sets. Each set represents the support of an elementary repetton code. The transformaton of any randomly permuted LDPC code party check matrx nto a systematc matrx by lnear algebrac algorthms wll allow us to fnd these supports and thus elementary codes. The regular LDPC party check matrx s constructed as follows: t s a concatenaton of permuted repetton code. H = 4.2. Party check matrx propertes We are nterested, n ths secton, on party check matrx propertes whch wll be used to analyse the regular LDPC code structure. The party check matrx H of a lnear code s not unque, any S.H s also a party check matrx. o If the systematc party check matrx exsts then t s unque [4]. o Rows of any systematc party check matrx of a code C are mnmal support codewords of C [4]. o Any mnmal support codeword of C s a row of a systematc party check matrx of C [4]. Consequently, the systematc LDPC code party check matrx rows are dvded n dsjont sets. Each set defnes the support of a repetton code C. Ths property s nvarant by permutaton. Based on ths property, we show that, a randomly permuted LDPC party check matrx H ' = SHP has a partcular structure. Ths structure permts to dscover easly the hdden matrx H '. 5. RESULTS 5.. Attack complexty on chaned lnear codes The securty of cryptographc schemes based on error codng s hghly dependent on the class of used codes. Some class of codes reveal ther characterstcs even when they go through the permutaton used to construct the publc code. It s the case of chaned codes. The startng pont was the observaton that any systematc matrx s formed by small weght codeword and that chaned code contans so many mnmal support codewords. These two propertes lead to a structural attack of dgtal sgnature scheme based on chaned code. Fgure shows the complexty of the attack of some cryptosystems usng chaned codes. The complexty s always 45 less 2 even wth so long codes ( N = 3). Ths complexty prohbts usng chaned code n cryptography. 6

Internatonal Journal of Network Securty & Its Applcaton (IJNSA), Vol.2, No., January 2 Fgure : Attack complexty on chaned lnear codes 5.2. Attack complexty on LDPC Codes The complexty s the number of bnary operatons to dscover a randomly permuted regular LDPC code structure. 2 o N. M / 2 bnary operatons for Gaussan elmnaton. o M. N bnary operatons to compute all lne weghts. Thus, the number of bnary operatons necessary for ths algorthm s equal to 2 N. M / 2 + N. M. Fgure 2: Complexty of the attack on cryptosystem usng regular LDPC 62

Internatonal Journal of Network Securty & Its Applcaton (IJNSA), Vol.2, No., January 2 Fgure 2 shows the complexty of the attack of some cryptosystems usng regular LDPC. The 45 complexty s always less 2 even wth so long codes ( N = 3). Ths complexty prohbts usng LDPC n cryptography. 6. CONCLUSION In ths paper, we dscussed the structure of a randomly permuted chaned code. We explored potental threats from systematc generator matrx that has partcular structure. Chaned code generator matrces have the propertes of dsconnected elementary code supports. Ths property s nvarant by permutaton, whch make ths knd of code useless n cryptography. Regular LDPC codes have ths property. REFERENCES [] E.R. Berlekamp, R.J. McElece, and H.C.A. van Tlborg, On the nherent ntractablty of certan codng problems IEEE Transactons on Informaton Theory, Vol.24, No.3,978, pp.384-386. [2] R.J. McElece, A publc-key cryptosystem based on algebrac codng theory DSN Prog. Rep., Jet Propulson Laboratory, Calforna Inst. Technol., Pasadena, CA, pp. 4-6,January 978. [3] N. Courtos, M. Fnasz, and N. Sendrer, How to acheve a McElece-based dgtal sgnature scheme In C. Boyd, edtor, Asacrypt 2, volume 2248 of LNCS, pages 57-74. Sprnger-Verlag, 2. [4] N.Sendrer, On the structure of a lnear code AAECC, Vol.9, n3, 998, pp.22-242. [5] A. Canteaut, Attaques de cryptosystmes mots de pods fable et constructon de fonctons t-rslentes. PhD thess, Unverst Pars 6, October 996. [6] R. G. Gallager, Low-Densty Party-Check codes PhD thess, MIT, July 963. [7] D. J. C. MacKay, Good error-correctng codes based on very sparse matrces IEEE Transactons on Informaton Theory, vol. 45, pp 399 43, March 999. [8] D. J. C. Mackay, Near shannon lmt performance of low densty party check codes Electron. Lett., vol. 33, pp. 457 458, Mars. 997. [9] J. Chen and M. P. C. Fossorer, Near optmum unversal belef propagaton based decodng of Low- Densty Party Check codes IEEE Transactons on Communcatons, vol. 5, pp. 46 44, March 22. 63

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback