Embed Size (px)
DESCRIPTION
This article approaches the possibility of the use of irrational numbers in cryptography. We introduce a family of stream ciphers, whose stream keys are generated through a chosen irrational number. We shall prove that these stream ciphers possess the perfect secrecy (Shannon) property under non-restrictive general conditions.
Citation preview
Stream Keys by Irrational Numbers
MIHAI CĂTĂLIN NEAGOE
Faculty of Applied Sciences,
University "Politehnica" of Bucharest,
Splaiul Independenţei nr. 313, sector 6, Bucureşti, Cod Postal: 060042,
ROMANIA
Abstract: This article approaches the possibility of the use of irrational numbers in cryptography. We
introduce a family of stream ciphers, whose stream keys are generated through a chosen irrational
number. We shall prove that these stream ciphers possess the perfect secrecy (Shannon) property under
non-restrictive general conditions.
Key words: cryptosystem, plaintext space, space of cryptograms, stream cipher, stream key, cryptanalysis, perfect secrecy, irrational numbers, uniform distribution, Vernam's one-time-pad.
1. Introduction
The main problem in the design of a secure stream cipher consists in the manner by which the stream keys are generated. The stream keys have to satisfy conditions such as: (C1) the key length must theoretically comprise infinitely many items, and it must cover the length of the plaintext which will be encrypted; (C2) the key structure must realize both confusion and diffusion of the symbols in the resulting cryptogram: it has to look like a "random" sequence of letters; (C3) in order to guarantee a higher (or highest, or a perfect) secrecy, it is desirable that the use of the stream key is one-time-pad, i.e. the key is used only one time and changed each time a new encryption session comes in order for a new plaintext. Stream ciphers have some disadvantages: (D1) when the randomness of a stream key is realized by a natural physical phenomenon, it is difficult to realize the same random
phenomenon in order to obtain -at the receiving point- the key for decryption; therefore such stream keys are realized by the use of pseudo-random number generators; (D2) the stream ciphers are vulnerable to attacks by known plaintext; (D3) the secret key must be known both at the sender point and at the receiving point of the messages; (D4) the confidential communication of the effective encryption-decryption key, whose length is as long as the length of the message, may itself be vulnerable to attacks. The later possibility is usually avoided providing that the stream keys generating algorithm is known in advance to both sender point and receiver point. Therefore, in such a case, there is no need to communicate the effective encryption-decryption long key. For an introduction in the design of a secure stream cipher, the reader may consult [2], [8], [1], and [6].
Our paper presents a manner to obtain stream keys by irrational numbers. The set of irrational numbers has uncountable infinitely many elements. These elements provide us with a potential set of uncountable infinitely many stream keys. Moreover, each irrational number has infinitely many decimals (in any base), and its sequence of decimals neither terminates nor shows periodicity. Consequently, both conditions on the infinite length of the key and on its unique use per message are fulfilled. One question arises. Can we send an infinite sequence of decimals in a message coded by a finite string of symbols? "Of course, not!" the answer will be. However, the "no" is not so strictly. We may send a message containing a description -by finitely many names, or by finitely many words- of an irrational or transcendental number. This is possible at least for a countable infinite set of irrational numbers. Moreover, previously to sending such a message, it can be coded by a standard encryption since the stream cryptosystem we propose is capable of infinitely many ways of encryption by the use of the same irrational number. The stream key will be obtained by convenient transformations on the sequence of decimals that belong to the chosen irrational number. The idea of the use of irrational numbers in problems concerning cryptography came to us as a sequel to the comments made in a lecture [4] on the answers to the question "it is possible to send, in a finite amount of time, and by a finite sequence of symbols, an infinite amount of information?”. The descriptive character by finite symbols of some irrational numbers (square roots or other n
th roots, as well as the transcendental
numbers π – called "pi"- or e) imposed themselves as positive answers. The next query was "look for manners in which we may take the benefit of this opportunity in
problems concerning codes and privacy of information”. This context came naturally to us to match stream ciphers and the generation of their stream keys. The paper is organized as follows: in section 2 are reviewed some terms and definitions for a self-containment of the paper. In section 3 we describe three methods to obtain stream ciphers using an irrational number. The methods are presented mainly by the aid of a case study. A family of stream ciphers depending on several discrete parameters is defined. In section 4 we prove that uncountable many stream ciphers of that family guarantee perfect secrecy. This result depends on the distribution of the decimal digits in the decimal expansion of an irrational number. In section 5, we investigate by software at hand the distribution of the
decimal digits of 7 . Section 6 comprises
some conclusions and further directions suggested by our research. The author wishes to acknowledge C. Ioniţă for discussions on the subject and for the indication of the main lines of proofs in theorems T1 and T2 in section 4. In addition, the author acknowledges E. Simion for very useful discussions concerning this paper. 2. Preliminaries
We shall review some terms for later use ([2], [4], [5], [1], and [6]). A cryptosystem Q = (P, C, K, e, E, d, D) consists of the sets: P the space of plaintexts, C the space of cryptograms, K the space of keys, E a set of injective mappings P→C called encryptions, D a set of onto mappings C→P called decryptions, and the mappings e:K→E, d:K→D. The mappings e(k): P→C and d(k): C→P will be denoted by ek , respectively, dk and will be called the encryption in the key k,
respectively the decryption in the key k. The above data must fulfill the condition:
1,, wwwwkk kk edPK
Sometimes E and D are sets of partial mappings. In this case, condition (1) still must hold for those w which belong to the domain of ek and also it is required that the domain of dk contains the range of ek for each key k. Both P and C usually will be sets of words over a given (finite) alphabet V; and each of the sets P and C equals the class V
+ of all the
nonempty words over V (or equals Vm where
m is a convenient positive integer). A stream key for Q is any (infinite) sequence k=k1k2k3... of elements in K, [2], [7]. We shall denote by K the class of stream keys for Q. The stream cipher or stream cryptosystem Q associated to Q is Q = (P, C, K, e, E, d, D) where for
each plaintext P nj wwww 1 the
conditions are given:
nkjkk wwwwnj
eeeek 11
nkjkk wwwwnj
ddddk 11
The main problem concerning a stream cipher Q consists in the manners (algorithm) which generate the stream keys. Such an algorithm is called a stream key generator (SKG) algorithm ([2],[5],[6]). It usually starts with a small finite sequence over K which is enriched by a recursive procedure [7] returning the values of a linear recurrent sequence of numbers. Vernam's one time pad cryptosystem Vn is build, [7], over the binary alphabet V={0;1}, P = =C = V
n = K and
kcckww kk )(,)( de
where denotes bit-wise addition mod.2
(i.e., addition in the nth Cartesian power ring
of integers mod.2) or, equivalently, the bit-wise XOR operation. A cryptosystem Q is said to guarantee a perfect secrecy ([2],[7],[8]) if the whole
process is considered as a system such that the elements of P which are to be encrypted are produced accordingly to a probability law
p1(w), Pw , and the elements of K which
are used as keys for encryption are produced accordingly to a probability law p2(k),
Kk , and the two random variables
whose values are distributed by p1, respectively p2, are independent random variables (i.e. the probability of the event "the plain-text w is encrypted by the key k" is p(w, k)= p1(w) p2(k)) and, furthermore, the following condition is fulfilled:
2,, wpcwpccww CP
where )( cwp is the probability of the event
"the plain-text w is encrypted into c when the cryptogram c was sent to the receiver
point". Obviously )( cwp is the probability of
the encryption of w by c conditioned by the event of sending the cryptogram c. The condition (2) simply asks that an intruder intercepting the message c gains no additional information on the original plaintext w which was encrypted and sent as c. Shannon's theorem on perfect secrecy cryptosystems [7] asserts that if C, K are finite sets of the same cardinal and if all the
values p1(w), w P, are positive (i.e. >0) then: Q, p1, p2 guaranties a perfect secrecy if and only if the following two conditions hold:
3
!,,
cw
kkccww
k
e
KCP
the keys are uniformly distributed (4)
We use " ! " for "there exists only one".
Obviously (3) is equivalent to the requirement
that the family K
Pekk is a family of
pairwise disjoint sets. Therefore, it follows
that Vernam's one-time-pad cryptosystem Vn guaranties perfect secrecy, since the keys are all n-bit words and the chances to choose a certain key are 1/(2
n) -hence the keys are
equally probable- and
cwkwc k e
3. Stream keys by irrational numbers The set of all irrational numbers has infinitely many elements. Sometimes, a finite string of letters related to a name or to one of the description of an irrational number can codify that irrational number although it contains infinitely many decimal digits (in any base). This feature avoids the disadvantage of a confidential transmission of a key whose length equals the length of the plaintext. The infinite sequence of decimals of an explicitly given irrational number may be obtained -step by step- up to each given index counting the place of the decimals. There are in use many numerical recipes or lists which give us the value of the n
th decimal place, for each given
n less than a suitable rank (e.g., representation by infinite series and their approximate summation, programming platforms -like Mathematica, and suitable web-sites). A list of the first 10
6 decimal digits
of and of is available in [9]. In what
follows, irrational numbers will be written in the base 10. The alphabet of the plaintexts intended for encryption by a stream key, will be the English (Latin) alphabet of 26 letters. The letters from A to Z will be counted from 0 to 25, and the numbers attached to letters will be considered as residuals mod.26. In order to obtain a stream key by an irrational number, we have to: (s1) chose an irrational number, let it be called
Β = B,b1 b2 b3 .... bN ..... whose list of the first N decimal digits (written in base 10) is at hand, by an algorithm or by
an effective list, for a large value of N; (s2) select a rank i; it will be called the value of the parameter n0; the value of i will be the first decimal place considered to obtain -from that place on- a sequence of digits (in base 10); e.g., for the value i we shall obtain the sequence
q = bi bi+1 bi+2 .... (s3) transform the sequence q by various algorithms, which will result in substitution, confusion, and diffusion of the symbols appearing in q. This step will avoid the guess of the initial irrational number by using a plaintext cryptanalysis. The new sequence k obtained through steps (s1)-(s3) will be the stream key we looked for. There are many possibilities offered by the step (s3). We shall consider, mainly by examples, three methods whose room is offered by the steps (s1)-(s3). In a first method, the stream key is just the sequence q depending on the value i of the parameter n0. In a second method, we shall extract from the sequence q a sequence of numbers -each less than 100- and any such number consists in two digits located in consecutive positions in the sequence q. The sequence of these numbers, not exceeding 100, after a reduction mod.26, will form the stream key. Since the same recipe may be applied to extract n1 consecutive digits from the sequence q, then the stream key will be in that case a sequence of residuals mod.26 of
natural numbers less than 110n
. Hence, in the
second method, n1 is a second parameter. In the third method, the sequence q will be transformed under a suitable algorithm (e.g., that given by the formulae (7) below) and after that its residuals mod 26 will give the stream key. Method 1. An example of application to the plaintext w="CRIPTANALIZA". Its length is 12. The letters, from A to Z, are coded -in
order- by the corresponding residuals mod.26 from 0 to 25. Hence V = K = Z26 and CRIPTANALIZA corresponds to
w=(2, 17, 8, 15, 19, 0, 13, 0, 11, 8, 25, 0) in (Z26)
12.
In step (s1), we chose an irrational number. We shall consider [9]:
=2.64575131106459059050161575363926042571025918308245018036833445920106... In step (s2), we select i=1 (i.e., n0=1) and we extract the first twelve decimal digits of the considered surd,
q = 6 4 5 7 5 1 3 1 1 0 6 4 = k. The encryption is made by componentwise addition mod.26 w to k. We get:
c=(8, 21, 13, 22, 24, 1, 16, 1, 12, 8, 5, 4) corresponding to the letter cryptogram
IVNWYBQBMIFE Remark that any twelve consecutive digits may be used by increasing n0. The decryption is obtained by applying componentwise the inverse function (i.e., substraction of k from c) to the cryptogram IVNWYBQBMIFE. Method 2. An example of application to the plaintext w="CRIPTANALIZA". Its length is
12. In step (s1) we shall consider [9]. In step (s2), if n0=i is chosen, then,
beginning with the thi decimal place, we
retain the digits of the considered surd and we shall obtain q = bi bi+1 bi+2 .... In step (s3) we shall form numbers by taking consecutively and pairwise disjoint pairs of two consecutive digits (n1=2) from q. We obtain a sequence m1, m2,... of numbers less than 100. Since w has 12 letters, we will need 12 numbers in order to built the stream key
12
261221 )( Zkkkk
The extracted sequence m1, m2,..., m12 of 12 pairs of consecutive digits, according to the previous described procedure, has the form:
nnn kkmkkm 212211 ,,
where n = 24, k1 has the value of bi , and
0,
0,1
j
j
jj kifnumberdigitone
kifnumberdigittwokk
where k i= 0, 1, 2,…,9. The stream key k consists of the residuals mod.26 of m1, m2,..., m12, that is kj =(mj mod.26). As a rule, if the plaintext is x = x1 x2 x3…xn, then the components of the stream key are applied to the letters xj of the plaintext for encryption according to (5), and according to (6) to decrypt:
)5(26.modek jjjj xmcxj
626.moddk jjj mccj
For the case in study x = 2 17 8 15 19 0 13 0 11 8 25 0
we shall obtain, using , n0 = 1, n1 = 2 (i.e., the number of consecutive digits which will be taken):
=2.64575131106459059050161575363926042571025918308245018036833445920…
q = 64 57 51 31 10 64 59 05 90 50 16 15 k = 12 5 25 5 10 12 7 5 12 24 16 15
and k is the stream key. The encryption is made by componentwise addition mod.26 to x, cf. (5). We get the cryptogram c
14 22 07 20 03 12 20 05 23 06 15 15
corresponding to OWHUDMUFXGPP
Remarks. The methods 1 and 2 are polyalphabetic ciphers. There is a similitude to Vigenère cryptosystem. The difference consists in the use of a key of length equal to
the length of the plaintext message. There are some disadvantages steaming from that the possibility to find the irrational number used when n0 is known. In addition, the complexity of these methods remains to be studied. To avoid such disadvantages, we may transform the decimal sequence in various manners aiming to realize the substitution, confusion and diffusion of the cryptogram Method 3 will be exemplified by an application to the plaintext CRIPTANALIZA. Its length is 12. The steps 1 and 2 are the same as in the methods 1 and 2. In step (s1), we chose the irrational, [9],
=2.6457513110645905905016157536392604257102591830824501803683… Step (s2): we chose the value i of n0 (e.g., i=1). The decimal sequence to be used for the given 12 letters plaintext consists in the sequence of the twelve decimals located in the positions i, i+1, i+2, ..., i+12. The sequence of decimals, which we shall use, is
54321
95095460113157546
bbbbb
q
In step (s3), we shall transform q into a sequence h by performing the following operations: (i) a decimal of numerical value 0 located into the n
th position is transformed
into the value of the decimal located into the (n -1)
th position; (ii) a decimal of a non-null
numerical value "p” where
9,8,7,6,5,4,3,2,1p
located in the nth position in q is transformed
into the numerical value of the decimal located in the p
th position counted from the
(n+1)th place to the right (i.e. it is transformed
into the numerical value of the decimal located in the (n+p)
th position). Therefore, bn
will produce the value of provided
0nb ; and if bn =0 then it will produce the
value of bn -1. The indicated transformation produces the sequence h = (hn)n=1,2,3… given by
7
0,
0,
1 nn
nbn
nbifb
bifbh n
By convention, b0 is the last digit of the integral part of the considered irrational number (e.g., for the irrational number 32.00458763... the above method yields h1 = 2, h2 = 0, h3="the value of the 7
th position"=6).
Finally, the sequence h is the support of the stream key we look for as simply k=h or k is obtained from h as in method 2 by taking the residuals mod.26 of the numbers mj given by taking consecutive disjoint groups of n1 consecutive digits from h
21 kkk
For CRIPTANALIZA, we shall obtain using
, n0 = 1, n1=2, and applying (7):
w=(2, 17, 8, 15, 19, 0, 13, 0, 11, 8, 25, 0)
q=6457513110645905905016157536392604257102591830824501803683…
h=31160301019509159556653624…
m=31 16 03 01 01 95 09 15 95 56 65 36 24 ...
k =5 16 3 1 1 17 9 15 17 4 13 10 24 ...
c = 7 7 11 16 20 17 22 15 2 12 12 10
corresponding to HHLQURWPMMK. It easy to describe now, in formulae comprising only the digits bj and hj, the algorithm used for encryption and decryption when the
parameters , n0, n1 are known. 4. Perfect Secrecy: a theorem and some problems
It is a natural question to ask if there are irrational numbers for which at least one of the above methods produces a perfect secrecy stream cipher for plaintexts of given length m. Let Q = (P, C, K, e, E, d, D) be a cryptosystem over the alphabet V = Z26 where P = K = C = V
m.
The encryption-decryption mappings are
kccwkw kk de ,
where the addition and subtraction are the componentwise arithmetical operations mod.26, i.e. they are the arithmetical
operations in the commutative ring m26Z .
By Shannon's theorem, Q will guarantee perfect secrecy if and only if the conditions (3) and (4) are fulfilled. Condition (3) holds as a consequence of the encryption method, because of
kwckwc
(if wcandkwc for two keys
K,k , then wck ). Therefore,
condition (4) remains to be fulfilled. Let β be
an irrational number, and let ,...3,2,1
jjbb
be its decimal sequence of digits (base 10). Each of the methods 1-3 in the previous section produces, by the aid of β, a set of stream keys k whose restriction to their first m terms combined with the reduction mod.26 of the values of those m terms give a subset K(β) of K. Thus, the stream keys produced by β merely are a random variable key B with values in K and the events on which B takes values depend on the parameters n0, n1. Hence, Shannon's condition (4) holds for the original Q if and only if both K(β) = K and the uniform distribution of B hold. We shall denote by (Q,β) the stream cipher whose keys are chosen accordingly to the random variable B. As a subsequent problem, we may ask under what conditions the stream cipher Qβ whose key space is restricted to
K(β) but keeps the same spaces P, C, guaranties perfect secrecy. Now, it is plain that K(β) = K if and only if the stream keys obtained by taking sequences of m consecutive decimal digits of β, so that n1=m, and further applying reduction mod.26, the elements obtained will cover all the m-strings of residuals mod.26. Put in that way, a new problem arises. Which are the modules M and the irrationals β, such that replacing 26 by M, then, for the corresponding QM , the equality K(β) = K holds? (only 26 is replaced by M). On the other hand, some results concerning the distribution of the digits in the decimal sequence of an irrational number, [3], will help us to prove the following
Theorem. (T1) For almost all irrational numbers β the stream cipher (Q,β) has perfect secrecy.
(T2) For almost all irrational numbers β and all modules M, the stream ciphers (QM,β) guaranties perfect secrecy.
Proof. We recall that if A is a property applicable to the real numbers, true for some and false for the others, then we say that almost all numbers possess the property A if the set S of those numbers which do not has the propriety A is negligible (i.e., the Lebesgue measure of S is 0). Any interval has as its Lebesgue measure its length. Consequently, a set of null measure -a negligible set of numbers- cannot exhaust all numbers. On the other hand, the following theorems are true: (i) almost all numbers contains in their decimal (base 10) sequence all digits, and contains also any given finite sequence of digits [3., p. 154, theorem 143]; (ii) almost all numbers, when written in any base R, contains in their R-decimal sequence every possible R-digit and any possible finite sequence of R-digits [3, p. 154, theorem 143];
(iii) almost all numbers, when written in any base R, have the property that each R-
digit has the frequency R
1 in their R-
decimal expansion and any finite
sequence of R-digits mrrr 21
(no matter
how large m is) has its frequency m
R
1 in
their R-decimal expansion. [3, p.160, theorem 148]. The numbers which have the property (iii), are called normal numbers [3]. All normal numbers are irrational: a rational number, by the periodicity of its decimals, does not possess the property (iii). Particularly, almost all irrational numbers have in their decimal expansion (base 10) each digit with the frequency 1/10 and they have in their decimal expansion (base 10)
each group of 2 digits 21kk with the
frequency 1/100, and each group of three
digits 321 kkk occurring with the frequency
1/1000. Furthermore, these results are true for any other enumeration base R, hence for the enumeration base 26 too. Therefore: if we shall chose an irrational number β belonging to that class of numbers, then in the decimal expansion of β each m-tuple (i.e., each element of K) occurs with the frequency
K..
1
26
1
elemnom , hence if such tuples are
selected by method 2 then the corresponding stream keys cover all K (i.e., K(β)=K) and the stream keys are uniformly distributed. Consequently, (T1) follows. For (T2) the same arguments, repeated for M this time (remember that M replaces the modulus 26), prove the assertion.
Remark. We do not know if 7 is a normal
irrational number or nor. Some evidence is
contained in the next section. But the irrational number
β = 0.123456789 10 11 12 .....100 101 .... whose decimal part is obtained by writing all positive integers in their natural order, is a normal number ([3], p. 163). Hence, for this irrational β each stream cipher obtained by our method 2 has perfect secrecy.
5. On the distribution of decimals in 7
The previous section pointed the relations between an irrational number designed for a stream cipher, and between -as strongly depends- the distribution of digits and group of such digits through the decimal expansion of that number. All previous examples we worked have as support for the stream keys,
the irrational number 7 . Since little is
usually known on the distribution of its decimals, some software devices could be used to gain some insight concerning its decimal distribution. The idea on the perfect secrecy theorem in section 4 was firstly induced by a brute investigation attack on the statistic of decimals. Comprehensive lists of
decimals of 7 and 5 are available ([9]).
In this section, some views on the statistics
concerning the decimals of 7 are shown.
The lack of space offers no room for most of the tables -which show a possible uniform distribution. Decimal distribution in the
irrational number is represented in Table 1 and Chart 1. Analysis by "Scatter" of the decimals distribution in the decimal expansion of the
irrational number is represented in Chart 2.
Table 1
Decimal Frequency
0 99767
1 99640
2 100506
3 100216
4 99801
5 100190
6 99826
7 100196
8 99943
9 99939
Total 1000024
Chart 1
Chart 2
The distribution of the groups of two decimal
digits in the decimal expansion of (an amount of 500,012 groups of two decimals digits was considered) is represented in Chart 3, and analysis by "Scatter" of the decimals distribution in the decimal expansion of the
irrational number taken in groups of two consecutive digits as they are appearing in the irrational number (500,012 groups of two digits were considered) is represented in Chart 4.
Chart 3
Chart 4
6. Conclusions
The proposed method produces a family F
of stream ciphers which depend on many parameters, such as irrational numbers, n0, n1. It is based on the possibility to communicate an infinite amount of information in a finite interval of time using a finite list of symbols. The decimal sequence-processing algorithm (method 3) increases the number of parameters. The family F contains uncountable many stream ciphers witch guarantees perfect secrecy. The research we have started leads to the following tasks that can be pursued: (i) the study of the decimals digit distribution in algebraic and transcendental numbers; (ii) the investigation of those methods and algorithms that can modify decimal sequences in order to obtain new random distribution sequences minding the character distribution in the original plaintext; (iii) the cryptanalysis of those systems of the family F that does not guarantee perfect secrecy; (iv) design of encryption software using irrational numbers in the binary digit system; (v) find methods that eliminate the possibility of breaking a code -which belongs to F- by using decrypted texts which were encrypted with the same key. (vi) if n0 and n1 are known, then under what conditions can be recovered the irrational used? If the irrational is known, then under what conditions the parameters n0, n1 can be recovered?
References [1] Andraşiu, M., Naccache, D., Simion, E., Simion, Gh., Operational Research, Probability and Cryptology. Applications; Ed. Millitary Technical Academy, 2011 [2] Atanasiu, A., Securitatea informatiei [Information Protection, in Romanian] Vol.1, Ch.4, Ed. INFODATA, Cluj, 2008. [3] Hardy, G.H. and Wright, E.M., An Introduction to the Theory of Numbers, 6th ed., Oxford Univ. Press, 2008 [4] Ioniţă, C., Lecture notes on the mathematics used in cryptography [in Romanian, manuscript], TCSI, 2010 [5] Menezes,A., Oorschot,P., Vanstome,S., Handbook of Applied Cryptography, CRC Press, 1996 [6] Popescu, A., Preda, V., Simion, E., Cryptanalysis. Techniques and mathematical methods, Ed. Univ. Bucuresti, 2004 [7] Rothe, J., Complexity Theory and Cryptology -An Introduction to Cryptocomplexity, Springer-Verlag, 2005 [8] Shannon, C. E. (1946), Communication Theory of Secrecy Systems (A Mathematical Theory of Cryptography), http://202.38.64.11/~whli/lecture-crypto-pb/materials/ [9] http://apod.nasa.gov/htmltest/gifcity/sqrt7.1mil
This paper was published in Proceedings
of the 4th
International Conference on
Security for Information Technology and
Communications – Bucharest, 2011.
