On the use of continued fraction for stream ciphers

$Page 1: On the use of continued fraction for stream ciphers$
OutlineIntroduction

Continued FractionsOn the use of continued fractions for stream cipher

Questions

Presentation: On the use of continued fractionsfor stream cipher

Amadou Moctar Kane

[email protected]

May 4, 2015

Amadou Moctar Kane Presentation: On the use of continued fractions for stream cipher

OutlineIntroduction


Questions

1 Introduction

2 Continued Fractions

3 On the use of continued fractions for stream cipherContinued fraction cipherKhinchin’s AttackApplications

4 Questions


OutlineIntroduction


Questions

Goals

After Diffie-Hellman: Fermat’s little theorem, LinearizationXL, graph theory. . .

Continued Fraction

How to use?Quadratic irrational?Γ?


OutlineIntroduction


Questions

Goals


Continued Fraction



OutlineIntroduction


Questions

Goals


Continued Fraction

How to use?

Quadratic irrational?Γ?


OutlineIntroduction


Questions

Goals


Continued Fraction

How to use?Quadratic irrational?

Γ?


OutlineIntroduction


Questions

Goals


Continued Fraction



OutlineIntroduction


Questions

Continued Fractions

An expression of the form

α := a0 +b0

a1 +b1

a2 +b2

. . .

is called a generalized continued fraction. Typically, the numbersa1, . . . , b1, . . . may be real or complex, and the expansion may befinite or infinite.


OutlineIntroduction


Questions

Preliminaries

It is not possible to find an irrational number α simply on thebasis of knowledge of the partial quotients [am+1, . . . , am+n].

The knowledge of a = [am+1, . . . , am+n] does not allow toknow any other partial quotients of continued fractionexpansion.r√

log(A) is transcendental.


OutlineIntroduction


Questions

Preliminaries


The knowledge of a = [am+1, . . . , am+n] does not allow toknow any other partial quotients of continued fractionexpansion.

r√



OutlineIntroduction


Questions

Preliminaries


The knowledge of a = [am+1, . . . , am+n] does not allow toknow any other partial quotients of continued fractionexpansion.r√



OutlineIntroduction


Questions

Continued fraction cipherKhinchin’s AttackApplications

Stream Ciphers

First Algorithm:Stream Cipher


OutlineIntroduction


Questions


Stream Ciphers

One time pad.random key ⊕ plaintext

Unbreakable system.Easy to implement.

Stream Ciphers.


OutlineIntroduction


Questions


Stream Ciphers

One time pad.random key ⊕ plaintext

Unbreakable system.Easy to implement.

Stream Ciphers.


OutlineIntroduction


Questions


Continued fraction cipher

We suppose that z ∈R N , and m is the secret message.

Table: Continued fraction cipher.

Alice Bob

computes t ≡ ze mod nt

=⇒ computes z ≡ td mod n.

Computes X = e√

log(z) Computes X = e√

log(z)Computes the CFE of X Computes the CFE of X .Concatenates some PQ’s Concatenates some PQ’s.Produces the keystream k1 Produces the keystream k1.

Computes m1 := m ⊕ k1m1=⇒ receives m1.

Computes m := m1 ⊕ k1


OutlineIntroduction


Questions


Efficiency analysis

Table: Comparison with Blum-Blum-Shub.

Number of bits producted Computing time in secondsBBS 150000 2.358Our algorithm 150000 0.007

We worked with an irrational X ∈ Γ, and the number of digits ofthe partial numerator (bi ’s) was around 5000. For BBS, n had 949digits, the results are listed below.


OutlineIntroduction


Questions


Khinchin

Aleksandr Khinchin proved in 1935 that for almost all real numbersx , the infinitely many partial quotients ai of the continued fractionexpansion of x have an astonishing property: their geometric meanis a constant, known as Khinchin’s constant, which is independentof the value of x . That is, for

x = a1 +1

a2 +1

. . .

limn→∞

(n∏

i=1

ai

)1/n

= K ≈ 2, 6854520010 . . .

where K is Khinchin’s constant.


OutlineIntroduction


Questions


Khinchin’s Attack

The attacker Eve needs the cipher only to find a part of themessage in these following steps:

Eve eavesdrops a long cipher text Tn, splits it in bytes andcomputes

K1 = limn→∞

(n∏

i=1

di

)1/n

.

where di is the integer corresponding to the byte i .


OutlineIntroduction


Questions


Example of Khinchin’s Attack on π

The first partial quotients of π are :[3, 7, 15, 1, 292, 1, 1, 1, 2, 1, 3, 1, 14, 2, 1, 1, 2, 2...](

17∏i=1

ai

)1/17

≈ 2.6929721 . . .

let’s suppose that the plaintext is 11111111111111111.

keystream : 0111 1111 0001 100100100 .....0010 0010

plaintext : 0001 0001 0001 0001 .....0001 0001

cipher : 0110 1110 0000 100100101 ....0011 0011

In base 10, the cipher will be: 6 14 1 293 1 1 1 3 1 2 1 15 3 11 3 3.


OutlineIntroduction


Questions




17∏i=1

ai

)1/17

≈ 2.6929721 . . .


keystream : 0111 1111 0001 100100100 .....0010 0010

plaintext : 0001 0001 0001 0001 .....0001 0001

cipher : 0110 1110 0000 100100101 ....0011 0011



OutlineIntroduction


Questions




17∏i=1

ai

)1/17

≈ 2.6929721 . . .


keystream : 0111 1111 0001 100100100 .....0010 0010

plaintext : 0001 0001 0001 0001 .....0001 0001

cipher : 0110 1110 0000 100100101 ....0011 0011



OutlineIntroduction


Questions


Khinchin’s Attack

Eve computes the geometric mean of the cipher:

(6∗14∗1∗293∗1∗1∗1∗3∗1∗2∗1∗15∗3∗1∗1∗3∗3)(1/17) = 2.867

Eve Makes a conclusion, for example there are a lot of zerosin the plain text.

She modifies the cipher and computes the geometric mean ofthe new cipher

K2 = (6 ∗ 14 ∗ 1 ∗ 292 ∗ · · · ∗ 2)(1/17) = 2.595

. . .


OutlineIntroduction


Questions


Khinchin’s Attack


(6∗14∗1∗293∗1∗1∗1∗3∗1∗2∗1∗15∗3∗1∗1∗3∗3)(1/17) = 2.867



K2 = (6 ∗ 14 ∗ 1 ∗ 292 ∗ · · · ∗ 2)(1/17) = 2.595

. . .


OutlineIntroduction


Questions


Khinchin’s Attack


(6∗14∗1∗293∗1∗1∗1∗3∗1∗2∗1∗15∗3∗1∗1∗3∗3)(1/17) = 2.867



K2 = (6 ∗ 14 ∗ 1 ∗ 292 ∗ · · · ∗ 2)(1/17) = 2.595

. . .


OutlineIntroduction


Questions


Khinchin’s Attack


(6∗14∗1∗293∗1∗1∗1∗3∗1∗2∗1∗15∗3∗1∗1∗3∗3)(1/17) = 2.867



K2 = (6 ∗ 14 ∗ 1 ∗ 292 ∗ · · · ∗ 2)(1/17) = 2.595

. . .


OutlineIntroduction


Questions


Applications


OutlineIntroduction


Questions


Applications


OutlineIntroduction


Questions


Conclusion

1 Goal 1: I tried to find new techniques using continuedfraction in cryptography.

Result: I designed a new pseudo random generatorstatistically tested.

2 Goal 2: I was interested in finding new methods ofcryptanalysis.

Result: I designed a weak version which can be attacked bythe Khinchin constant.

3 Goal 3: I tried to create a renewal of interest aroundcontinued fractions.

Result: I introduced the works of Khinchin, Kuzmin, Levy, andLochs in cryptology.


OutlineIntroduction


Questions


Conclusion








OutlineIntroduction


Questions


Conclusion








OutlineIntroduction


Questions


Conclusion








OutlineIntroduction


Questions

For your attention

Thank you!


Technology

On the use of continued fraction for stream ciphers