No-Key Cryptography
Nathan Marks
Based on Massey-Omura US Patent # 4,567,600
Overview
Introduction and Overview
Analogy of No-Key Cryptography
Basic over-view of No-Key Cryptography
Original Massey-Omura Algorithm
Variations of Massey-Omura
Conclusion
Questions
Briefcase Analogy of No-Key
Alice wishes to pass Bob information.
Alice locks one lock on case.
Bob receives case, and locks other half.
Alice then unlocks her half.
Bob unlocks his half.
Bob is able to easily open case.
No-Key Cryptography Overview
Alice wishes to send Bob a message.
Alice encrypts message with secret key.
Bob encrypts message with secret key.
Alice decrypts message with her key.
Bob decrypts message with his key.
Bob can easily retrieve original
message.
Differences of Case and Crypto
Transferring a physical case much different
than digital data.
Brute force on case easy (break the case
open).
Brute force on cipher hard because of
encryption with completely secret key.
Locks on case do not interfere with each
other.
Encrypting twice and then decrypting in same
order may cause interference.
Problems with No-Key Crypto
There are 3 public transfers the size of the
message – not one.
Not all encryption/decryption algorithms are
associative with each other – meaning that
encrypting and then decrypting in the
incorrect order causes interference.
Need of separate authentication for all
transmissions.
Original Massey-Omura
An algorithm that satisfies necessary
mathematical requirements to make
No-Key work.
Uses finite fields.
Relies on Discrete Log Problem for
security.
Original Massey-Omura (cont.)
Operates in finite field world of GF(2m)
As shown by Diffie and Hellman in “New
Directions in Cryptography”
exponentiation in GF(2m) is easy (>m,
but <2m operations).
Taking the logarithm in GF(2m) is hard
DLP (approx. 2m/2 operations)
Original Massey-Omura (cont.)
The message M is encoded as an element of
GF(2m) and represented as m binary digits in
the manner:
M=[bm-1, bm-2,…,b1,b0]
such that bm-1 is the first bit of the message.
Both Alive and Bob generate a random # E
such that 0<E<2m-1
Both calculate D for their respective E’s such
that:
E*D=1 mod 2m-1
Original Massey-Omura (cont.)
Alive calculates MEA (in GF(2m))=M1
Bob receives this value M1 and calculates M1EB
(in GF(2m))=M2
Alice receives this value M2 and calculates
M2DA (in GF(2m))=M3
This decrypts her part of the encryption.
Bob receives this value M3 and calculates
M3DB (in GF(2m))=M4
This decrypts his part of the encryption.
M4 = M, therefore Bob has Alice’s message.
Variations of Massey-Omura
Elliptic curve version where multiplication of a
constant (secret keys) times a point (the
encoded message) takes the place of
exponentiation.
L(D,N) is a LUCAS group where N is a large
prime. M is encoded as a point in L(D,N) and
the order of L(D,N) is used as the modulus. M
is then raised to the power of the secret keys
(as in normal Massey-Omura) based on the
rules of exponentiation of LUCAS groups.
Conclusions
Massey-Omura is a good way of making the
No-Key algorithm work mathematically and
practically.
No-Key systems are Zero-Knowledge, which
means they are just as secure as whatever
encryption algorithm is used.
Even so No-Key seems are not used in
practice very much because of the
impracticality of having to transfer the entire
message three times.
Questions?
Questions anyone?
References
US Patent #4,567,600 submitted by
James L. Massey (Swiss) & Jimmy K
Omura(USA) on September 14, 1982.
Boise State University Mathematics
Department
Dr. J. von zur Gathen und Dr. J. Teich