Cryptanalysis and Improvement of Akleylek et al.'s cryptosystem

TL;DR

This paper analyzes the security flaws of Akleylek et al.'s P2P cryptosystem, demonstrating vulnerabilities through ciphertext-only attacks and lack of completeness, then proposes a secure, efficient CCA2 variant in the standard model.

Contribution

It provides a cryptanalysis of Akleylek et al.'s scheme and introduces a new, more secure encryption scheme with proven CCA2 security in the standard model.

Findings

The original scheme is vulnerable to ciphertext-only attacks.

The scheme lacks completeness, preventing unique decryption.

The modified scheme achieves CCA2 security in the standard model.

Abstract

Akleylek et al. [S. Akleylek, L. Emmungil and U. Nuriyev, A mod ified algorithm for peer-to-peer security, journal of Appl. Comput. Math., vol. 6(2), pp.258-264, 2007.], introduced a modified public-key encryption scheme with steganographic approach for security in peer-to-peer (P2P) networks. In this cryptosystem, Akleylek et al. attempt to increase security of the P2P networks by mixing ElGamal cryptosystem with knapsack problem. In this paper, we present a ciphertext-only attack against their system to recover message. In addition, we show that for their scheme completeness property is not holds, and therefore, the receiver cannot uniquely decrypts messages. Furthermore, we also show that this system is not chosen-ciphertext secure, thus the proposed scheme is vulnerable to man-in-the-middle-attack, one of the most pernicious attacks against P2P networks. Therefore, this scheme is not suitable to implement in the P2P networks. We modify this cryptosystem in order to increase its security and efficiency. Our construction is the efficient CCA2-secure variant of the Akleylek et al.'s encryption scheme in the standard model, the de facto security notion for public-key encryption schemes.