On the use of continued fraction for stream ciphers ver1
Transcript of On the use of continued fraction for stream ciphers ver1
![Page 1: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/1.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Presentation: On the use of continued fractionsfor stream cipher
Amadou Moctar Kane
May 4, 2015
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 2: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/2.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
1 Introduction
2 Continued Fractions
3 On the use of continued fractions for stream cipherContinued fraction cipherKhinchin’s AttackApplications
4 Questions
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 3: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/3.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Goals
After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .
Continued Fraction
How to use?Quadratic irrational?Γ?
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 4: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/4.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Goals
After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .
Continued Fraction
How to use?Quadratic irrational?Γ?
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 5: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/5.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Goals
After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .
Continued Fraction
How to use?
Quadratic irrational?Γ?
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 6: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/6.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Goals
After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .
Continued Fraction
How to use?Quadratic irrational?
Γ?
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 7: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/7.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Goals
After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .
Continued Fraction
How to use?Quadratic irrational?Γ?
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 8: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/8.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued Fractions
An expression of the form
α := a0 +b0
a1 +b1
a2 +b2
. . .
is called a generalized continued fraction. Typically, the numbersa1, . . . , b1, . . . may be real or complex, and the expansion may befinite or infinite.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 9: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/9.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Preliminaries
It is not possible to find an irrational number α simply on thebasis of knowledge of the partial quotients [am+1, . . . , am+n].
The knowledge of a = [am+1, . . . , am+n] does not allow toknow any other partial quotients of continued fractionexpansion.r√
log(A) is transcendental.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 10: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/10.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Preliminaries
It is not possible to find an irrational number α simply on thebasis of knowledge of the partial quotients [am+1, . . . , am+n].
The knowledge of a = [am+1, . . . , am+n] does not allow toknow any other partial quotients of continued fractionexpansion.
r√
log(A) is transcendental.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 11: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/11.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Preliminaries
It is not possible to find an irrational number α simply on thebasis of knowledge of the partial quotients [am+1, . . . , am+n].
The knowledge of a = [am+1, . . . , am+n] does not allow toknow any other partial quotients of continued fractionexpansion.r√
log(A) is transcendental.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 12: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/12.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Stream Ciphers
First Algorithm:Stream Cipher
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 13: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/13.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Stream Ciphers
One time pad.random key ⊕ plaintext
Unbreakable system.Easy to implement.
Stream Ciphers.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 14: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/14.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Stream Ciphers
One time pad.random key ⊕ plaintext
Unbreakable system.Easy to implement.
Stream Ciphers.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 15: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/15.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Continued fraction cipher
We suppose that z ∈R N , and m is the secret message.
Table: Continued fraction cipher.
Alice Bob
computes t ≡ ze mod nt
=⇒ computes z ≡ td mod n.
Computes X = e√
log(z) Computes X = e√
log(z)Computes the CFE of X Computes the CFE of X .Concatenates some PQ’s Concatenates some PQ’s.Produces the keystream k1 Produces the keystream k1.
Computes m1 := m ⊕ k1m1=⇒ receives m1.
Computes m := m1 ⊕ k1
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 16: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/16.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Efficiency analysis
Table: Comparison with Blum-Blum-Shub.
Number of bits producted Computing time in secondsBBS 150000 2.358Our algorithm 150000 0.007
We worked with an irrational X ∈ Γ, and the number of digits ofthe partial numerator (bi ’s) was around 5000. For BBS, n had 949digits, the results are listed below.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 17: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/17.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Khinchin
Aleksandr Khinchin proved in 1935 that for almost all real numbersx , the infinitely many partial quotients ai of the continued fractionexpansion of x have an astonishing property: their geometric meanis a constant, known as Khinchin’s constant, which is independentof the value of x . That is, for
x = a1 +1
a2 +1
. . .
limn→∞
(n∏
i=1
ai
)1/n
= K ≈ 2, 6854520010 . . .
where K is Khinchin’s constant.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 18: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/18.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Khinchin’s Attack
The attacker Eve needs the cipher only to find a part of themessage in these following steps:
Eve eavesdrops a long cipher text Tn, splits it in bytes andcomputes
K1 = limn→∞
(n∏
i=1
di
)1/n
.
where di is the integer corresponding to the byte i .
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 19: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/19.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Example of Khinchin’s Attack on π
The first partial quotients of π are :[3, 7, 15, 1, 292, 1, 1, 1, 2, 1, 3, 1, 14, 2, 1, 1, 2, 2...](
17∏i=1
ai
)1/17
≈ 2.6929721 . . .
let’s suppose that the plaintext is 11111111111111111.
keystream : 0111 1111 0001 100100100 .....0010 0010
plaintext : 0001 0001 0001 0001 .....0001 0001
cipher : 0110 1110 0000 100100101 ....0011 0011
In base 10, the cipher will be: 6 14 1 293 1 1 1 3 1 2 1 15 3 11 3 3.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 20: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/20.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Example of Khinchin’s Attack on π
The first partial quotients of π are :[3, 7, 15, 1, 292, 1, 1, 1, 2, 1, 3, 1, 14, 2, 1, 1, 2, 2...](
17∏i=1
ai
)1/17
≈ 2.6929721 . . .
let’s suppose that the plaintext is 11111111111111111.
keystream : 0111 1111 0001 100100100 .....0010 0010
plaintext : 0001 0001 0001 0001 .....0001 0001
cipher : 0110 1110 0000 100100101 ....0011 0011
In base 10, the cipher will be: 6 14 1 293 1 1 1 3 1 2 1 15 3 11 3 3.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 21: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/21.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Example of Khinchin’s Attack on π
The first partial quotients of π are :[3, 7, 15, 1, 292, 1, 1, 1, 2, 1, 3, 1, 14, 2, 1, 1, 2, 2...](
17∏i=1
ai
)1/17
≈ 2.6929721 . . .
let’s suppose that the plaintext is 11111111111111111.
keystream : 0111 1111 0001 100100100 .....0010 0010
plaintext : 0001 0001 0001 0001 .....0001 0001
cipher : 0110 1110 0000 100100101 ....0011 0011
In base 10, the cipher will be: 6 14 1 293 1 1 1 3 1 2 1 15 3 11 3 3.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 22: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/22.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Khinchin’s Attack
Eve computes the geometric mean of the cipher:
(6∗14∗1∗293∗1∗1∗1∗3∗1∗2∗1∗15∗3∗1∗1∗3∗3)(1/17) = 2.867
Eve Makes a conclusion, for example there are a lot of zerosin the plain text.
She modifies the cipher and computes the geometric mean ofthe new cipher
K2 = (6 ∗ 14 ∗ 1 ∗ 292 ∗ · · · ∗ 2)(1/17) = 2.595
. . .
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 23: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/23.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Khinchin’s Attack
Eve computes the geometric mean of the cipher:
(6∗14∗1∗293∗1∗1∗1∗3∗1∗2∗1∗15∗3∗1∗1∗3∗3)(1/17) = 2.867
Eve Makes a conclusion, for example there are a lot of zerosin the plain text.
She modifies the cipher and computes the geometric mean ofthe new cipher
K2 = (6 ∗ 14 ∗ 1 ∗ 292 ∗ · · · ∗ 2)(1/17) = 2.595
. . .
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 24: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/24.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Khinchin’s Attack
Eve computes the geometric mean of the cipher:
(6∗14∗1∗293∗1∗1∗1∗3∗1∗2∗1∗15∗3∗1∗1∗3∗3)(1/17) = 2.867
Eve Makes a conclusion, for example there are a lot of zerosin the plain text.
She modifies the cipher and computes the geometric mean ofthe new cipher
K2 = (6 ∗ 14 ∗ 1 ∗ 292 ∗ · · · ∗ 2)(1/17) = 2.595
. . .
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 25: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/25.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Khinchin’s Attack
Eve computes the geometric mean of the cipher:
(6∗14∗1∗293∗1∗1∗1∗3∗1∗2∗1∗15∗3∗1∗1∗3∗3)(1/17) = 2.867
Eve Makes a conclusion, for example there are a lot of zerosin the plain text.
She modifies the cipher and computes the geometric mean ofthe new cipher
K2 = (6 ∗ 14 ∗ 1 ∗ 292 ∗ · · · ∗ 2)(1/17) = 2.595
. . .
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 26: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/26.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Applications
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 27: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/27.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Applications
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 28: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/28.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Conclusion
1 Goal 1: I tried to find new techniques using continuedfraction in cryptography.
Result: I designed a new pseudo random generatorstatistically tested.
2 Goal 2: I was interested in finding new methods ofcryptanalysis.
Result: I designed a weak version which can be attacked bythe Khinchin constant.
3 Goal 3: I tried to create a renewal of interest aroundcontinued fractions.
Result: I introduced the works of Khinchin, Kuzmin, Levy, andLochs in cryptology.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 29: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/29.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Conclusion
1 Goal 1: I tried to find new techniques using continuedfraction in cryptography.
Result: I designed a new pseudo random generatorstatistically tested.
2 Goal 2: I was interested in finding new methods ofcryptanalysis.
Result: I designed a weak version which can be attacked bythe Khinchin constant.
3 Goal 3: I tried to create a renewal of interest aroundcontinued fractions.
Result: I introduced the works of Khinchin, Kuzmin, Levy, andLochs in cryptology.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 30: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/30.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Conclusion
1 Goal 1: I tried to find new techniques using continuedfraction in cryptography.
Result: I designed a new pseudo random generatorstatistically tested.
2 Goal 2: I was interested in finding new methods ofcryptanalysis.
Result: I designed a weak version which can be attacked bythe Khinchin constant.
3 Goal 3: I tried to create a renewal of interest aroundcontinued fractions.
Result: I introduced the works of Khinchin, Kuzmin, Levy, andLochs in cryptology.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 31: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/31.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
Continued fraction cipherKhinchin’s AttackApplications
Conclusion
1 Goal 1: I tried to find new techniques using continuedfraction in cryptography.
Result: I designed a new pseudo random generatorstatistically tested.
2 Goal 2: I was interested in finding new methods ofcryptanalysis.
Result: I designed a weak version which can be attacked bythe Khinchin constant.
3 Goal 3: I tried to create a renewal of interest aroundcontinued fractions.
Result: I introduced the works of Khinchin, Kuzmin, Levy, andLochs in cryptology.
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher
![Page 32: On the use of continued fraction for stream ciphers ver1](https://reader030.fdocuments.in/reader030/viewer/2022032620/55c960afbb61eb20748b47f2/html5/thumbnails/32.jpg)
OutlineIntroduction
Continued FractionsOn the use of continued fractions for stream cipher
Questions
For your attention
Thank you!
Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher