Method of Evaluating Encryption Algorithms Using Chaos
Analysis
Field of Invention
The present invention relates to a method of analyzing encryption algorithms. More specifically, the present invention relates to a method of analyzing an encryption algorithm using chaos analysis, which can analyzing non- linearity of the algorithm using the Fractal structure analysis technique in the case where a public key or a secret key become exposed to others.
Background of the Invention
With rapid advances in scientific technology and information environments, major business tasks are being performed by computers networked via a ultra-high-speed information communication network. It has become necessary to protect against theft or illegal disclosure of important information that may be scattered over various areas in a network, or information being transmitted or received through a network.
Information protection methods may be classified into a primary method of restricting physical access to the information to be protected and a secondary method of encrypting the information to be protected in case when the
first method fails.
Encryption converts a plain text to a cipher text whose meaning cannot be discerned. Decryption changes the cipher text received to a plain text using various keys used to encrypt the text. Reliable encryption of a plain text to a cipher text requires the secrecy to allow only the authorized personnel to access the information in the computer system, the integrity to allow only the authorized personal to correct the information, and the availability to allow only the authorized personnel to use the information.
Encryption techniques may be classified into a conventional key system and a public key system, depending on the existence of a public key. In the conventional key system, both encryption and decryption use the same key. A representative example is the Data Encryption Standard (DES) announced by the U.S. Department of Commerce in 1977. In the public key system, different keys are used for encryption and decryption. Although its processing speed is slow, the public key system has an advantage of dispensing with the transmission of keys. Examples are the RAS encryption method, the Merkle-Hellmam encryption method, and the limited-body- phase encryption method, etc. However, such existing encryption systems suffer the problem of lacking data security because the safeness of encryption algorithms cannot be tested due to mathematical difficulties.
Objects of the Invention
Accordingly, it is an object of the present invention to provide reliability in developing an encryption algorithm for encrypting data being transmitted and received, by analyzing linearity or nonlinearity of the encryption algorithm, using the Fractal structure analysis, which tests whether others can predict a new key replacing the old key when a public or a secret key becomes exposed to others.
Summary of the Invention
The above and other objects are satisfied, at least in part, by an embodiment of the present invention, which provides a method including the steps of: reconstructing a new phase space by mapping the output values of an encrypted message with sequentially generated key values into a time series data set; measuring the Lyapunov coefficients of the data set generated with sequential modification of key values in the new phase; measuring the correlation dimension based on the phase space; and analyzing the stability of the algorithm by generating attractors based on the correlation dimension.
Brief Description of the Drawing
Figure 1 is a diagram of an apparatus which evaluates an encryption algorithm using chaos analysis.
Figure 2 is a flow chart showing a preferred embodiment for analyzing an encryption algorithm using chaos chart.
Detailed Description of the Drawing
References will now be made in detail to a preferred embodiment of the present invention, illustrated in the drawings .
Figure 1 illustrates a computer 100 having an encryption key generator 110 connected to an evaluator 120. Encryption key generator 110 generates encryption keys using encryption algorithms to encrypt text. Evaluator 120 determines the stability of encryption algorithms. A display device 130 being connected to computer 100 displays outputs from the computer.
When a public or secret key generated by encryption key generator 110 becomes exposed to unauthorized users, a new public or secret key must be generated. Encryption key generator
110 generates a new key to replace the old key using the encryption algorithm. In order to determine the integrity of the new key, evaluator 120 analyzes a rescaled range (R/S) of
the keys to determine the possibility of predicting the new key. Evaluator 120 generates an output displayed on display 130 which displays the stability of the encryption algorithm and will show the possibility of determining whether the new key can be predicted by others.
If an encryption algorithm does not possess the random walk property, ie, the algorithm possess the linear property, the keys generated by the algorithm may be predicted. Thus, the random walk property may be used to gauge the possibility of cracking.
Two methods are suggested for identifying the random walk property: a method based on the classical statistics and a method based on the chaos analysis which can prove nonlinearity of the system. The present invention uses chaos analysis to verify an encryption algorithm. If a system has the chaotic property , it is possible to explain and predict the system's nonlinearity because the system is deterministic.
But, a reliable encryption algorithm requires, in addition to the non-linearity element, that others may not be able to predict a new key replacing the old key when the old key was exposed to others. To determine the possibility of predicting the replacement key by others when a secret or a public key becomes exposed to others, a text encrypted using the algorithm is mapped into a continuous-time series pattern, and its property is analyzed using chaos analysis.
As shown in Fig. 1, when a public or secret key or a particular encryption algorithm used to encrypt a text becomes exposed to others and the old key is replaced by a new key, the rescaled range (R/S) of the keys for maintaining the security of a randomly selected encryption algorithm is analyzed to determine the possibility of prediction of the key by others.
The rescaled range (R/S) of the corresponding key is defined as follow:
[Equation 1]
(R/S) n = C • nH (where H is the Hurst exponent)
The average value of the rescaled range from the above equation becomes "0" meaning a local variation. Taking logarithms of both sides of the above equation yields the following:
[Equation 2] log { R/S) n = H log(n) + log (C)
Since R/S in the above equation increases as fast as the increment of a square root of R/S, it is obtained through the following steps.
First, in the case of a time series of length M, it is transformed into a log ratio having the length N = M - 1 as follows :
[Equation 3]
N = log (Mu÷u /Mi ) , where i = 1,2,...., (M - 1 )
From the above equation, a subperiod of "A", having length n and satisfying the relation A • n = N is obtained. Then, the label la (a = 1,2,...., A) is attached to each subperiod. After the value of Nk,a ( k = 1,2,...., n) are defined on each elements of label la, the following equation is used to calculate an average value over the length n and the label la :
[Equation 4]
e> = n <=>
where βa is the average value of N, that has the length n and includes la.
In addition, the time series {Xk,a) representing the accumulated departures from the average values over each label la, is defined as follows: [Equation 5]
∑(M.β-e.) Xk = '=' , where £=1,2, •••—• , n
Therefore, from equation 4, the rescaled range Ria of the other key can be obtained from the difference between the maximum and minimum value of Xk.a within the subperiod la as follows :
[Equation 6]
Ria = Max [ Xk.a ) - Min { Xk.a ) , where k = 1 , 2 , . . . . , n .
Also, the standard deviation Sia on each side label la is defined as follows: [Equation 7]
Since the rescaled range defined in equation 6 is normalized by the ratio of standard deviation Sia as defined in equation 7, the rescaled range (R/S) is the same as Ria / Sia on each label la.
Since the sequential value "A" of length n can be obtained by equation 3 above, it follows that
[Equation 8]
(RJS)„ -
(
\)ln is an integer.
Here, since (M - l ) /n is an integer and the length n increases to a next value, n can be used at the starting and ending points of the time series by repeating the above process up to n - (M - 1 ) / 2. Accordingly, least squared regression is performed on a graph plotted using log(n) as an independent variable and log ( R/Sa ) as a dependent variable, and the Hurst exponent " " can be obtained from the slope of the graph.
After obtaining the Hurst exponent " #" in the rescaled range R/S through the same process as stated above, measurement of
Lyapunov exponents is conducted at step 102. The Lyapunov exponent ( ) in i dimension (pι(t)) is measured as follows: [Equation 9]
,1, pit)
(^)
L, = L '—ϋ>0'°V ,l«og,: X°>
Since one must have input data, the embedding dimension, the time lag, the evolution time, the max/min distance, and the mean orbital period to measure the Lyapunov exponents, the embedding dimension is obtained from the correlation integral Cm; the time lag from the relation m *t { delay) = Q {period) ; the mean orbital period from the analysis of the reconstruction range; the max/min distance from the embedding dimension.
Once the input data, the embedding dimension, the time lag, the evolution time, the max/min distance, and the mean orbital period are determined, the distance between two points [ DI) - Lι {Xo) , separated at least by the mean orbital period, is measured, and the interval for measuring the Lyapunov exponent, ( DF) - Lι (Xo) , is determined. Then the Lyapunov exponent is initialized as follows:
[Equation 10]
-jMogsC -)
SUM= t j= (x) + SUM zLyap = [ SUM / Itera tion ]
In the above, if the measurement distance of Lyapunov exponent DF > DistJMax and DF < Dis t_min , a new point, " DN" is selected. In this case, the time interval of the newly selected point must be at least one period. The new point must be between the min and the max distances, and the angle between DN and DF must be minimum in the phase space. If a new point is selected, DI is set to DN, and the steps of initializing the Lyapunov coefficient are repeated.
Once the measurement of Lyapunov exponents is completed using the steps above, measurement of a correlation dimension is performed at step 103. Although the correlation dimensions are observed as one of the coefficients of the time series, it has a limitation of having value between 1 and 2. However, in the case of reconstructing a time series in a phase space, since it is possible to observe all independent coefficients, the correlation dimension ( ) , starting from m=2, is measured, by increasing the diameter of Fractal structure using the following equation:
[Equation 11]
N" 1
Cm(R) = where Z { x) = 1 if R - I xi - J I > 0; otherwise N is the observation constant, R is the distance, and Cm is the correlation dimension integral function m.
Z { x) is called a Heaviside function. A correlation
dimension means a probability that there will be two points within the Fractal diameter between t and t-1. The correlation dimension is derived by measuring the slope of a graph of log {Cm[R}) versus log([i?]) based on the above result .
Once the correlation dimension is derived, attractors are reconstructed at step 104. For example, a random time series pattern having n numbers of data with their sampling interval of δt is expressed as X{t) , X{t + δt) , X{t + 2 • δt) , X{t + 3 • δt) , .... , X{t + (n-1) • δt) . After setting the time lag (T) to twice the sampling time <5t(T = 2 δt) , a three-dimensional vector column is obtained, expressed as X(t), X(t + 2 • δt) , X{t + 4 • δt) , X{t + 1 • δt) , X(t + 3 • δt) , ... , X{t + (π-5) • δt) , X(t + (n-3) • δt) , X{t + {n-1) • δt) .
By plotting these points in the three-dimensional space, a three-dimensional attractor may be obtained showing the dynamic property of the system. If the value of n equals or is larger than the original dimension and is properly selected, the vector column will show the same dynamic property as the original movement.
The strange attractor reconstructed by the same method described above, in general, has a transformed shape, not precisely the same shape as the original attractor. However, since the Lyapunov exponent and the Fractal dimension are not
altered by such a transformation, these values can be calculated from the reconstructed attractor.
As explained above, the present invention provides reliability and safeness in developing an encryption algorithm by providing a method for determining the safeness of the algorithm where a new key replaces the old when a public key or secret key becomes exposed to others.