Public Key, Set-(bi)partition
From: Kiuhnm (invalid_at_invali.it)
Date: 04/23/04
- Next message: Peter Fairbrother: "Re: Pin generation algorithm question"
- Previous message: Andrew Swallow: "Re: Pin generation algorithm question"
- Next in thread: Peter Fairbrother: "Re: Public Key, Set-(bi)partition"
- Reply: Peter Fairbrother: "Re: Public Key, Set-(bi)partition"
- Reply: David Wagner: "Re: Public Key, Set-(bi)partition"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 Apr 2004 18:25:11 GMT
The set-(bi)partition problem [SBP] consists in splitting a finite set S
of (real) numbers into two disjoint sets A and B such that the sum of the
elements in A is equal to that of the elements in B.
SBP can be reformulated this way:
let A = {a_0, ..., a_n} and X = {x_0, ..., x_n} be two finite vectors of 'n'
(real) numbers. Estimate X such that <A, X> = 0 and x_i^2 = 1.
Given a unique solution X, it's easy to generate 's' vectors A_i such
that <A_i, X> = 0.
This version of SBP should be as hard as the normal version with max(n-s, 0)
elements.
Let 'k' be an integer number, A_i "SBP-vectors" with the same solution,
B_i random vectors, M the plaintext and C(X) the encrypted text defined as
C(X) = <A_0, X>*<B_0, X> + ... + <A_k, X>*<B_k, X> + M
The polynomial C(X) "should" have n(n+1)/2 terms:
x_1 x_1, x_1 x_2, x_1 x_3, ....., x_1 x_n,
x_2 x_2, x_2 x_3, ......, x_2 x_n,
.
.
.
x_n x_n.
We are interested in the relative coefficients.
The vectors A_i belong to the Public Key while the vectors B_i are unknown
and completely random.
When 'n' is small enough, it should be impossible to estimate the unknown
coefficients of the vectors B_i, but we want to use a big 'n'.
First of all let's "eliminate" the quadratic terms x_i^2 by noting that
x_i^2 = 1. I (probably in my ignorance!) think this is the tricky part :-)
This way all the coefficients of the terms x_i^2 will perturb M.
The correct number of terms is therefore n(n-1)/2 + 1 (considering also the
"perturbed" M).
We used 'k' SBP-vectors in C(x) then the eventual linear system used
to estimate the random coefficients will have kn variables and n(n-1)/2
equations. If k > (n-1)/2, the system will have infinite solutions.
Definitively we want to choose 'k' such that (n-1)/2 < k < n and n-k is
sufficiently big.
Note that if x_i^2 <> 1 for some 'i' then the probability to be able to
reobtain M is very low.
Note also that C(X) = C(-X) in fact x_i x_j = (-x_i)(-x_j).
The Private Key is obviously represented by the unique solution to the
'k' SBP-vectors.
Kiuhnm
-- 171df91e41c28448937c01c489acb61291215253
- Next message: Peter Fairbrother: "Re: Pin generation algorithm question"
- Previous message: Andrew Swallow: "Re: Pin generation algorithm question"
- Next in thread: Peter Fairbrother: "Re: Public Key, Set-(bi)partition"
- Reply: Peter Fairbrother: "Re: Public Key, Set-(bi)partition"
- Reply: David Wagner: "Re: Public Key, Set-(bi)partition"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
