See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/236035461

Knapsack Cryptosystem and its reduction to 3CNF

Conference Paper · February 2011

CITATIONS READS

0 210

2 authors:

Jaya Thomas Narendra Chaudhari

State University of New York, Korea Visvesvaraya National Institute of Technology
22 PUBLICATIONS   86 CITATIONS    225 PUBLICATIONS   982 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Security Challenges in VANET Cloud Architecture View project

Multimedia and Information Security Research Group, ABV-IIITM Gwalior, India View project

All content following this page was uploaded by Jaya Thomas on 25 December 2015.

The user has requested enhancement of the downloaded file.

Knapsack Cryptosystem and its reduction to 3CNF
Jaya Thomas1 and Narendra S Chaudhari2
1,2
Department of Computer science & Engineering, Indian Institute of Technology,
M-Block I.E.T D.A.V.V Campus, Khandwa Road, Indore-452011, India.
Emails: 1:jayat@iiti.ac.in 2:nsc183@gmail.com, narendra@iiti.ac.in
Abstract—We study a methodology for reducing the Knapsack
Cryptosystem algorithm for key generation to 3CNF. Knapsack
problem is well known NP Complete problem. Due to polynomial
solvability of Factorization and discrete logarithm problem in
quantum computers[1] a need arisen for development of more
secure cryptosystem. Knapsack cryptosystem is one step in this
direction.
Keywords— 3CNF, NP Complete, Knapsack cryptosystem, key,
3SAT.
I. INTRODUCTION
In the era of information technology, the possibility that
the information stored in a person’s computer or the
information that are being transferred through network of
computers or internet being read by other people is very high.
This causes a major concern for privacy, identity theft,
electronic payments, corporate security, military
communications and many others. We need an efficient and
simple way of securing the electronic documents from being
read or used by people other than who are authorized to do it.
Cryptography is a standard way of securing the electronic
documents. Cryptographic algorithms are mathematical
functions that are used in the encryption and decryption
process. A cryptographic algorithms works in combination
with a key (a number, word or phrase), to encrypt the plain
text. Same plain text encrypts to different cipher texts for
different keys. Strength of a cryptosystems depends on the
strength of the algorithm and the secrecy of the key. There are
two kinds of cryptosystems: symmetric and asymmetric.
Symmetric cryptosystems use the same key (the secret key) to
encrypt and decrypt a message, and asymmetric cryptosystems
use one key (the public key) to encrypt a message and a
different key (the private key) to decrypt it. Symmetric
cryptosystems are also called as private key cryptosystems
and asymmetric cryptosystems are also called as public key
cryptosystems. To break a message encrypted with private-
key cryptography, an adversary must either exploit a
weakness in the encryption algorithm itself, or else try an
exhaustive search of all possible keys (brute force method). If
the key is large enough (e.g., 128 bits), such a search would
take a very long time (few years), even with very powerful
computers.
Private-key methods are efficient and difficult to break.
However, one major drawback is that the key must be
exchanged between the sender and recipient beforehand,
raising the issue of how to protect the secrecy of the key.
Public Key cryptography uses two keys Private key (known
only by the recipient) and a Public key (known to everybody).
The public key is used to encrypt the message and then it is
sent to the recipient who can decrypt the message using the
private key. The message encrypted with the public key
cannot be decrypted with any other key except for its
corresponding private key. The public-key algorithm uses a
one-way function to translate plaintext to ciphertext. Then,
without the private key, it is very difficult for anyone
(including the sender) to reverse the process (i.e., translate the
ciphertext back to plaintext). A one-way function is a function
that is easy to apply, but extremely difficult to invert. The
most common one-way function used in public-key
cryptography involves factoring very large numbers. The idea
is that it is relatively easy to multiply numbers, even large
ones, with a computer; however, it is very difficult to factor
large numbers. The only known algorithms basically have to
do a sort of exhaustive search. With numbers 128 bits long,
such a search requires performing as many tests as there are
particles in the universe for a simple system. However for the
quantum computer this factorization is polynomial solvable[1].
Thus, in this paper we study an algorithm based on NP-
Complete problem of 0/1 Knapsack to perform the task of
secret key generation.
The paper is organized as follows, Section II gives the basic
knapsack technique. Section III highlights the objective of our
study. Finally in section IV, we draw the basic inference based
on the study.
II. KNAPSACK TECHNIQUE
The Merkle Knapsack cryptosystem was the first one to be
constructed[2][3]. In this system, knapsack cipher encrypts a
messages a knapsack problem. The plaintext block transforms
into binary string (the length of block is equal number of
elements in knapsack sequence). One value determines that an
element will be in target sum. This sum is a ciphered message.
The knapsack problem is categorized as easy knapsack and
Hard Knapsack. Easy knapsacks have a sequence of numbers
that are superincreasing - that is, each number is greater than
i 1
the sum of previous numbers: ai   j
a j for i = 2…...n
where ai is i-th element of the sequence). The knapsack
solution with the superincreasing sequence proceeds as
follows. The target sum is compared with a greatest number in
the sequence. If the target sum is smaller, than this number,
the knapsack will not fill, otherwise it will. Then the smaller
element is subtracted from the target sum, and the result of the
subtraction, is compared with next element. Such operation is
done until the smallest number of sequence is reached. If the Algorithm I KnapSack(n,W)
target sum is reduced to 0 value, than solution exists. In other n Total number of samples
case solution doesn’t exist. The superincreasing knapsack is WTotal Weight
easy to decode, which means that it does not protect the data. I=Choice(x1,x2….xn)
Anyone can recover the bit pattern from the target sum for a If(sum(xi )=W) then
superincreasing knapsack if the elements of the SUCCESS
superincreasing knapsack are known. Else
FAILURE
The various important studies have been made for the Public- In order to reduce the given problem to 3CNF we need to
Key Cryptosystem (PKC). The security of the PKC’s consider various decision possibility of the sample to be
proposed so far, in most cases, depends on the difficulty of included in the function sum(). The number of clauses
discrete logarithm problem or factoring problem. It is well generated depend on the number of elements in the sample set.
known that the quantum computer can easily solve these To illustrate let us take an example with sample set containing
problems[1]. For this reason, it is desired to investigate say 3 elements X={x1,x2,x3} and weight W.
another classes of PKC’s that do not rely on the difficulty of 1. x1 >W & x2+x3=WSUCCESS
those two problems. 2. x1 <W & x1+x2=WSUCCESS
One such problem is the subset sum problem, in which, it is etc..
to find the solution(x1, x2, . . . , xn) xi ε {0, 1}n such that C = Thus the given Knapsack problem can be reduced to 3CNF by
a1x1 + a2x2 + ・ ・ + anxn for given positive integers a1, a2, . . considering all possible permutations and combinations.
. , an and C which is the sum of a subset of the ai. This B. New Knapsack Cryptosystem –Key Generation
problem is known to be NP-hard. This fact has motivated
researchers to investigate, the knapsack public-key In this paper, we study an algorithm[4] that construct, an
cryptosystems based on the subset sum problem. Concerning easy knapsack problem to design a knapsack public key
knapsack-type PKC, the various interesting schemes have cryptosystem. The algorithm is NP-Complete in nature. It is
been proposed. In this paper we study one of those seen that the cryptosystem obtains a relatively high knapsack
scheme[4]. density, and hence is secure against low-density attack.
Moreover, it is secure against some known attacks on the
III. OBJECTIVE OF STUDY proposed cryptosystem, such as Shamir’s attack and the
It is found that the cryptosystem based on factorization Diophantine approximation attack[5]. It offers a fast
and discrete logarithms are no more, a secure system as their encryption and decryption technique. Furthermore, the
strength is compromised in quantum computers. Thus, a more cryptosystem is suited for both software and hardware
secure cryptosystem was required. Here, we study a implementations
cryptosystem based on Knapsack problems which are NP- The easy knapsack problem can be used to derive a
Complete[4]. Thus, using them for constructing a secure and knapsack cryptosystem, which consists of three sub-
efficient cryptosystem is a research topic since decades. In this algorithms: key generation, encryption, and decryption[4].We
section, we start by discussing the generalized Knapsack have taken key generation section of this algorithm for
problem and its various possibilities to reduce it to 3CNF. reduction to 3CNF. The algorithm is formalized as given
This reduction to 3CNF helps us to transform the problem to below
3SAT, which is the first NP-Complete problem[6][7][8]. Then, 1. Randomly choose n odd positive integers
we extend the discussion to Knapsack Cryptosystem and c1,c2...cn where cn=1
i-1
illustrate its reducibility to 3CNF and finally to 3SAT. 2. Set a i=2 c i , where i=1..n
n
A. KnapSack Problem 3. Randomly Choose M > a
i 1
i
Given a pile of items, each with different weights, is it
possible to put some of those items into a knapsack so that the 4. Choose w with 0<w<M and gcd(w,M)=1
knapsack weighs a given amount? More formally: Given a set [The public key is B=b1,b2,....bn ]
of values x1, x2,..., xn , and a sum W, compute the values of bi 5. bi=wai mod M
such that if bi=1 then
W = b1x1 + b2x2 + ...+ bnxn SUCCESS
The values of bi can be either zero or one. one indicates that else
the item is in the knapsack; zero indicates that it isn’t. FAILURE
In general, the time required to solve this problem seems to 6. RETURN
grow exponentially with the number of items in the pile. In
order to change the given problem to 3CNF, lets write a B.1 3CNF Conversion Technique
simplified non-deterministic algorithm for the same. The Algorithm step 5 & step 6 are important to generate
the required clauses.
1. bi =1  bi=0 &
2. bi =1  bi !=0 &
 3. bi =1 & wai !=M  SUCCESS & Satisfiability is the problem of determining if the
4. bi =0 & wai=M FAILURE & variables of a given Boolean formula can be assigned in such
5. bi !=1 & wai =MFAILURE & a way as to make the formula evaluate to TRUE. Equally
6. bi !=0 & wai !=M  SUCCESS & important is to determine whether no such assignments exist,
7. FAILURE  ! SUCCESS & which would imply that the function expressed by the formula
8. SUCCESS is identically FALSE for all possible variable assignments. In
this latter case, we would say that the function is unsatisfiable;
Thus the above given statements will help in the process, otherwise it is satisfiable.
of reducing the given algorithm for the knapsack cryptosystem Now in our reduction shown in equation 1. The possible
to 3CNF. The knapsack problem is based on selecting the assignment of values for which the clauses in the expression
appropriated samples from sample set which will be summed turns to be true are to be determined.
to give the desired weight W. For any given samples bi there Taking literals to represent bi, !bi, wai=M,
are only two cases either the sample will be selected that is _  
bi=1, and if not selected bi=0. This is indicated by the first wai!=M ,FLAG,!FLAG respectively as x1, x 1,x 2, x 2 ,x3, x 3.
clause. Hence our clause changes to ,
The second clause indicate that if bi=1 that is selected _ _ _ _ _
means !bi=0. The first two clauses are in 2SAT. In the third ( x 1  x 2  x3 ) (x1  x 2  x 3) ( x 1  x 2  x3) (3)
clause we consider the case, that if bi=1 then it means So, there are three clauses c1,c2,c3.
product(w,ai )!=M and its a SUCCESS as that sample would be To find the equivalent literal values to satisfy the clause let us
included. Similarly, the fourth clause is in 3DNF, showing consider the 3SAT reducible approach for Knapsack.
that if sample is not selected then bi=0 that is product(w,ai )=M
and its a FAILURE, sample will not be included. c3 c2 c1 x3 x2 x1
Similarly, we can interpreted the derived mentioned clauses. 0 1 0 0 0 1 u1
1 0 1 0 0 1 
B.2 Equivalent 3CNF Statements u1
The clauses derived in the above section are in 2-3 DNF. 1 0 0 0 1 0 u2
So, it is required to find its equivalent 3CNF. The equivalent 0 1 1 0 1 0 
3CNF clauses for obtained 3DNF will be as follows u2
1. bi !=1  wai !=M  SUCCESS 1 0 1 1 0 0 u3
2. bi =1  wai !=M  FAILURE 0 1 0 1 0 0 
3. bi =0  wai =M  SUCCESS u3
0 0 1 0 0 0 a1
Here we consider, 3 Clause and 3 literals problems where the 0 0 1 0 0 0 b1
three literals are initially considered to be three expression 0 0 1 0 0 0 c1
given as bi, wai!=M,SUCCESS/FAILURE, where bi can be 0 1 0 0 0 0 a2
either TRUE or FALSE. 0 1 0 0 0 0 b2
If bi=TRUE, i.e the weight being selected then wai!=M will 0 1 0 0 0 0 c2
also TRUE, else if bi=FLASE i.e the weight not being selected 1 0 0 0 0 0 a3
then wai!=M will also FALSE. The third literal SUCCESS is 1 0 0 0 0 0 b3
TRUE and FAILURE is FALSE. 1 0 0 0 0 0 c3
Thus for the given system, the equivalent 3CNF clause will be 3 3 3 1 1 1
(bi !=1  wai !=M  SUCCESS)  ( bi =1  wai !=M  B.3.1 Interpretation Of Example
FAILURE )  ( bi =0  wai =M  SUCCESS ) (1)
The obtained expression can be further simplified by replacing Form a number in each row by filling the blank with
SUCCESS and FAILURE by a Common literal FLAG. The 0’s. The highlighted row numbers add up to W:
FLAG will be TRUE for SUCCESS and FALSE for FAILURE. _ _
Thus the obtained 3CNF is u 1 + u 2 + u3 + b1 + b2 + c2 + a3 =333111=W (4)
Checking of ui indicates we should set xi=1 and checking
(bi!=1  wai!=M  FLAG)  (bi =1  wai!=M  !FLAG )   
 (bi =0  wai =M  FLAG ) (2) off u i indicates we should set xi=0. We marked of u 1, u 2,
u3., so set (x1,x2,x3)=(0,0,1) to satisfy the original formula in
For the bi to be included in the sum(W) all the 3CNF 3SAT. The values for the literals are (false, false, true).
expression must turn to be true. On substituting the values in the obtained equation each
clause turn to be true and finally we conclude that the
B.3 Reducible to 3SAT expression is satisfiable for, the obtained values of the literals.
 IV. CONCLUSIONS
In this paper we have studied and has given a simple
approach to convert the given Knapsack cryptosystem
algorithm to 3CNF. Furthermore, we have converted it to
3SAT. This conversion to 3SAT is possible as Knapsack is
NP-Complete class problem. Further, the algorithm could be
enhanced by suggesting some changes to increase its crypto
graphical strength.

REFERENCES
[1] Peter W. Shor, Polynomial-Time Algorithms for Prime Factorization
and Discrete Logarithms on a Quantum Computer, ACM, SIAM
Journal on Computing archive Volume 26 Issue 5, Oct. 1997,pp 1484
– 1509.
[2] Merkle R. C, Martin E. Hellman. Hiding Information and Signatures
in Trapdoor Knapsacks. IEEE transaction on Information Theory, vo
IT- 24, 1978, pp. 525-530.
[3] A. Shamir. A polynomial-time algorithm for breaking the basic
Merkle-Hellman cryptosystem. IEEE Transactions on Information
Theory, 1984, 30(5): 699-704.
[4] Weidong Zhang Baocang Wang Yupu Hu ,A New Knapsack Public-Key
Cryptosystem. Information Assurance and Security, 2009. IAS '09
Volume : 2 Issue Date : 18-20 Aug. 2009,pp:53
[5] M.J. Coster, A. Joux, B.A. LaMacchia B A, et al. Improved low-density
subset sum algorithms. Computational Complexity, 1992, 2(2): 111-
128.
[6] http://en.wikipedia.org/wiki/Boolean_satisfiability_problem
[7] http://www.soe.ucsc.edu/classes/cmps102/Spring10/lect
[8] Hopcroft Ullman & Motwani - Introduction to Automata Theory,
Languages and Computation

View publication stats