Implementation of Merkle Hellman

Knapsack Cryptosystem

By- Subharthi Das -12000112108

Narendra Kumar -12000112059

Introduction
The Merkle-Hellman Knapsack algorithm is

apublic key asymmetric cryptosystembased

on theNP-Complete problemof the nonsuperincreasing knapsack.
It was invented by Ralph Merkle and Martin
Hellman in 1978.

Assymetric Cryptosystem- An asymmetric

cryptosystem requires two keys, one for
encryption and the other for decryption, unlike
symmetric cryptosystems which use the same
key to encrypt as well as decrypt.

Public Key- Public key cryptography refers to a

system which is asymmetric, where the private
key is based on a NP-Easy problem which can be
solved, whereas the public-key is based on a NPhard problem.

Knapsack Problem- Theknapsack

problemorrucksack problemis a problem
incombinatorial optimization: Given a set of
items, each with a weight and a value, determine
the number of each item to include in a collection
so that the total weight is less than or equal to a
given limit and the total value is as large as
possible.

Superincreasing Knapsack Problem- It is a

type of Knapsack Problem where every element
of the sequence is greater than the sum of all
previous elements in the sequence.

Mathematical Description
Key Generation- In Merkle-Hellman, the keys are
two knapsacks. The public key is a 'hard'
knapsackA, and the private key is an 'easy', or
superincreasing, knapsackB, combined with two
additional numbers, a multiplier and a modulus. The
multiplier and modulus can be used to convert the
superincreasing knapsack into the hard knapsack.
These same numbers are used to transform the sum
of the subset of the hard knapsack into the sum of
the subset of the easy knapsack, which is a problem
that is solvable in polynomial time.

Encryption- To encrypt a message, a subset of the

hard knapsackAis chosen by comparing it with a set
of bits (the plaintext) equal in length to the key. Each
term in the public key that corresponds to a 1 in the
plaintext is an element of the subsetA_m, while terms
that corresponding to 0 in the plaintext are ignored
when constructingA_m- they are not elements of the
key. The elements of this subset are added together
and the resulting sum is the ciphertext.

Decryption- Decryption is possible because the

multiplier and modulus used to transform the easy
knapsack into the public key can also be used to
transform the number representing the ciphertext into
the sum of the corresponding elements of the
superincreasing knapsack. Then, using a simple

Example
Lets consider a superincreasing sequence w
w = {2, 7, 11, 21, 42, 89, 180, 354}
w = 706
Then, choose a numberqthat is greater than
the sum.
q = 881
Also, choose a numberrthat is in the
rangeand iscoprimetoq.
r = 588

The private key consists ofq,wandr.

To calculate a public key, generate the
sequenceby multiplying each element
inwbyrmodq
= {295, 592, 301, 14, 28, 353, 120, 236}
Since;
(2 * 588) mod 881 = 295
(7 * 588) mod 881 = 592
(11 * 588) mod 881 = 301
(21 * 588) mod 881 = 14
(42 * 588) mod 881 = 28
(89 * 588) mod 881 = 353
(180 * 588) mod 881 = 120
(354 * 588) mod 881 = 236
The sequence makes up the public key.

Let the message to be encrypted is (01100001)

multiplies each respective bit by the corresponding
number in
0 * 295
+ 1 * 592
+ 1 * 301
+ 0 * 14
+ 0 * 28
+ 0 * 353
+ 0 * 120
+ 1 * 236 = 1129
1129 is sent to the reciptent

To decrypt, one multiplies 1129 byr1modq

1129 * 442 mod 881 = 372
Now we decompose 372 by selecting the largest
element inwwhich is less than or equal to 372. Then
selecting the next largest element less than or equal
to the difference, until the difference is0
372 - 354 = 18
18 - 11 = 7
7-7=0
The elements we selected from our private key
correspond to the 1 bits in the message
01100001 is therefore the decrypted message.

Thank You for you kind

attention