No-Key Cryptography Nathan Marks Based on Massey-Omura US Patent # 4,567,600

Overview Introduction and Overview Analogy of No-Key Cryptography Basic over-view of No-Key Cryptography Original Massey-Omura Algorithm Variations of Massey-Omura Conclusion Questions

Briefcase Analogy of No-Key Alice wishes to pass Bob information. Alice locks one lock on case. Bob receives case, and locks other half. Alice then unlocks her half. Bob unlocks his half. Bob is able to easily open case.

No-Key Cryptography Overview Alice wishes to send Bob a message. Alice encrypts message with secret key. Bob encrypts message with secret key. Alice decrypts message with her key. Bob decrypts message with his key. Bob can easily retrieve original message.

Differences of Case and Crypto Transferring a physical case much different than digital data. Brute force on case easy (break the case open). Brute force on cipher hard because of encryption with completely secret key. Locks on case do not interfere with each other. Encrypting twice and then decrypting in same order may cause interference.

Problems with No-Key Crypto There are 3 public transfers the size of the message – not one. Not all encryption/decryption algorithms are associative with each other – meaning that encrypting and then decrypting in the incorrect order causes interference. Need of separate authentication for all transmissions.

Original Massey-Omura An algorithm that satisfies necessary mathematical requirements to make No-Key work. Uses finite fields. Relies on Discrete Log Problem for security.

Original Massey-Omura (cont.) Operates in finite field world of GF(2 m ) As shown by Diffie and Hellman in “New Directions in Cryptography” exponentiation in GF(2 m ) is easy (>m, but <2m operations). Taking the logarithm in GF(2 m ) is hard DLP (approx. 2 m /2 operations)

Original Massey-Omura (cont.) The message M is encoded as an element of GF(2 m ) and represented as m binary digits in the manner: M=[b m-1, b m-2,…,b 1,b 0 ] such that b m-1 is the first bit of the message. Both Alive and Bob generate a random # E such that 0<E<2 m-1 Both calculate D for their respective E’s such that: E*D=1 mod 2 m-1

Original Massey-Omura (cont.) Alive calculates M E A (in GF(2 m ))=M 1 Bob receives this value M 1 and calculates M 1 E B (in GF(2 m ))=M 2 Alice receives this value M 2 and calculates M 2 D A (in GF(2 m ))=M 3 This decrypts her part of the encryption. Bob receives this value M 3 and calculates M 3 D B (in GF(2 m ))=M 4 This decrypts his part of the encryption. M 4 = M, therefore Bob has Alice’s message.

Variations of Massey-Omura Elliptic curve version where multiplication of a constant (secret keys) times a point (the encoded message) takes the place of exponentiation. L(D,N) is a LUCAS group where N is a large prime. M is encoded as a point in L(D,N) and the order of L(D,N) is used as the modulus. M is then raised to the power of the secret keys (as in normal Massey-Omura) based on the rules of exponentiation of LUCAS groups.

Conclusions Massey-Omura is a good way of making the No-Key algorithm work mathematically and practically. No-Key systems are Zero-Knowledge, which means they are just as secure as whatever encryption algorithm is used. Even so No-Key seems are not used in practice very much because of the impracticality of having to transfer the entire message three times.

Questions? Questions anyone?

References US Patent #4,567,600 submitted by James L. Massey (Swiss) & Jimmy K Omura(USA) on September 14, Boise State University Mathematics Department Dr. J. von zur Gathen und Dr. J. Teich