Asymmetric Public Key Cryptography by Using Logicbased Optical Processing
 Author: Gil Sang Keun
 Publish: Journal of the Optical Society of Korea Volume 20, Issue1, p55~63, 25 Feb 2016

ABSTRACT
In this paper, a new asymmetric public key cryptography based on the modified RSA algorithm is proposed by using logicbased optical processing. The proposed asymmetric public key algorithm is realized into an optical schematic, where AND, OR and XOR logic operations are implemented by using free space digital optics architecture. Schematically, the proposed optical configuration has an advantage of generating the public keys simultaneously. Another advantage is that the suggested optical setup can also be used for message encryption and decryption by simply replacing data inputs of SLMs in the optical configuration. The last merit is that the optical configuration has a 2D array data format which can increase the key length easily. This can provide longer 2D key length resulting in a higher security cryptosystem than the conventional 1D key length cryptosystem. Results of numerical simulation and differential cryptanalysis are presented to verify that the proposed method shows the effectiveness in the optical asymmetric cryptographic system.

KEYWORD
Optical encryption , Optical logic , RSA cryptosystem , Asymmetrical public key , Cryptography

I. INTRODUCTION
Nowadays as public communication networks such as the internet and mobile networks develop, there has been a strong need for information security. However, because the public network is not secure from information cracking, important personal information such as IDs and passwords are hacked. For this reason, information security of the public network has become a great issue. In order to solve this security problem, various kinds of cryptography algorithms have been proposed for cipher systems. One of the cryptography protocols was a symmetric key encryption method. In this method, two users share a secret private key in advance, and then they transmit cipher messages over the public network by using this private key in plain message encryption. However, the symmetric private key may be intercepted by an unauthorized user because this type of cryptosystem has only onekey. To solve this problem, public key cryptography such as DiffieHellman key exchange protocol was introduced [1]. In this protocol, two users unknown to each other can set up a public key for their asymmetric key(twokey) exchange cryptosystem and share a secret key. However, this private key can be attacked because this shared secret key is used to encrypt messages by applying the symmetric cryptography. Therefore, an advanced algorithm such as 3DES(triple Data Encryption Standard) [2] or asymmetric RSA public key cryptography [3] was introduced to enhance security strength, using twokey encryption.
In general, the electronic cryptosystem is slow and requires much time to compute the encryption procedure if the key length is very long and twokey encryption is adopted. In contrast the optical cryptosystem has advantages of fast processing and vast data encryption. In recent years, there have been a number of optical encryption methods for cryptographic systems [416] and several optical asymmetric key cryptosystems have been presented [1721]. Also, we have presented several papers on the optical encryption technique by using Boolean logicbased operations [2223], and we have recently reported on the optical modified DiffieHellman key exchange protocol [24]. These asymmetric cryptographic methods enhance the security greatly against attacks. Therefore, there is still interest in research to present an optical method of asymmetric public key cryptography.
In this paper, a modified asymmetric RSA public key cryptography by using logicbased optical processing is proposed and the performance of the proposed method is shown. The proposed algorithm is implemented into an optical schematic by using dual freespace interconnected optical logic operations. Section II is organized as three parts. In the first part, the RSA public key cryptography algorithm is overviewed. The second part explains the proposed asymmetric cryptography. In the third part, the optical schematic of the proposed asymmetric cryptosystem is proposed and the optical cryptographic process is explained. In Section III, numerical simulations and differential cryptanalysis prove the performance by showing results of the proposed optical asymmetric cryptosystem with the modified algorithm. Finally, conclusions are briefly summarized in Section IV.
II. THEORY
2.1. RSA Public Key Cryptography
The idea of an asymmetric publicprivate key cryptosystem is attributed to Diffie and Hellman, who published the concept in 1976 [1]. However, they left open the problem of realizing a oneway function, possibly because the difficulty of factoring was not well studied at the time. R. Rivest, A. Shamir, and L. Adleman made several attempts to create a oneway function that is hard to invert. This asymmetrical public key cryptography is now known as the RSA algorithm. RSA is made of the initial letters of the surnames in the same order as on their paper where they first publicly described the algorithm in 1978 [3]. RSA is one of the first practical public key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and differs from the decryption key, which is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem. A user of the RSA cryptosystem creates and then releases a public key based on two large prime numbers, along with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key to encrypt a message, but the encrypted cipher message cannot be decrypted without knowing the private decryption key.
The RSA public key algorithm allows two users to transmit a cipher text over an insecure communications medium. For example, two users (i.e., Alice and Bob) wish to exchange messages each other but do not want an eavesdropper (i.e., Eve) to know their message. To do this, they will agree upon and set up a random publicprivate key for their cryptosystem. RSA involves a public key and a private key. The public key can be known by everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted by using the corresponding private key. The RSA algorithm involves three steps as follows: key generation, encryption and decryption.
1. Bob chooses two distinct prime numbers
andp . Note that not anyone can access these numbers in public. For security purposes, the integersq andp should be chosen at random.q 2. Bob computes
=n , wherepq is used as the modulus for both the public and private keys. Its length, usually expressed in onedimensional (1D) bits, is the key length.n 3. Bob computes
f ( ) = (n  1)(p  1), whereq f (• ) is Euler’s totient function. This value is kept secret.4. Bob chooses an integer
and determines an integere such thatd = 1 moded f ( ); i.e.,n ande f ( ) are coprime andn is the modular multiplicative inverse ofd (moduloe f ( )). Bob releases {n } as a public key exponent, and {e } is kept secret as a private key exponent.d 5. Alice encrypts a plain text
P with public key { ,n } by moduloe and sends it to Bob.n 6. Bob decrypts a cipher text
C with private key { ,n } by modulod .n Figure 1 shows the asymmetric RSA public key cryptography algorithm. As you see in Fig. 1, Bob chooses two distinct prime numbers
,p and sends the computed values {q ,n } to Alice as public key while he keeps {e f ( ),n } secret as private key. With these public keys, Alice encrypts a plain textd P and sends it to Bob. After receiving Alice’s cipher text, Bob decrypts a cipher textC with the private key { } by modulod . If Eve wants to decrypt the cipher textn C , she would need both the random number and the random numberp . Even though Eve notices the public key set {q ,n }, it is not easy to get Alice’s plain texte P from the set { ,n } because she doesn’t know the private key {e }. Besides, there is no known algorithm to accomplish this problem in a reasonable amount of time. If the prime numbersd andp are large enough, a fair amount of time is needed to solve this RSA problem and it is not efficient and practical to calculate solution by using brute force attack.q 2.2. Proposed Asymmetric Cryptography
Basically, it is very difficult for the RSA algorithm to be implemented by optical means due to two main reasons. The first one is that there is no proper method to perform modulo arithmetic by optical techniques. The second is that it is hard to represent a prime number onto an optical device properly. It may be possible to encode the prime number into binary digits by conversion. Despite these difficulties, an optical asymmetric public key cryptographic method is proposed in this paper by modifying the conventional RSA algorithm. In the proposed method, the conventional RSA algorithm can be modified to an optically realizable algorithm, where modulo arithmetic can be simply substituted with a logicbased optical processing. Therefore, modulo arithmetic is mathematically replaced by the XOR logic operation, that is, modulo two addition. Specifically, XORonly encryption schemes will be perfectly secure if and only if the key data is perfectly random and never reused [23]. When the logicbased optical processing such as AND, OR and XOR operations is applied to the above RSA algorithm, the modified asymmetric algorithm can be described as follows.
1. Alice and Bob agree upon and share a common key number
secretly.S 2. Bob chooses two distinct random numbers
andA , whereB andA are generated randomly instead of as prime numbers. Note that anyone cannot access these numbers in public. For security purposes, the integersB andA should be chosen at random.B 3. Bob computes
=N by Boolean AND logic operation.A•B is used as modulo of the XOR logicbased operation for both the public and private keys. Its length, usually expressed in twodimensional (2D) bits, is the key length.N 4. Bob computes
=F +A by Boolean OR logic operation. This value is kept secret.B 5. Bob computes
=K ⊕N ⊕F by Boolean XOR logic operationS 6. Bob chooses a random number
as a decryption key and determine a random numberD such thatE ⊕E =D , i.e.,K =E ⊕K andD =D ⊕K . Bob releases {E ,N } as public keys, and {E ,F } are kept secret as private keys.D 7. Alice encrypts a plain text
P with the public keys { ,N } and shared key {E } by the XOR logicbased operation and sends it to Bob.S 8. Bob decrypts a cipher text
C with private keys { ,F } by the XOR logicbased operation.D Figure 2 shows the modified asymmetric public key cryptography algorithm by using logicbased processing, and Fig. 3 shows the flow charts for the proposed asymmetric cryptographic method. As shown in Fig. 2 and Fig. 3, suppose that Alice and Bob agree upon and share a common key number
. First step is public key generation which is shown as Fig. 3(a). Firstly, Bob generates two distinct random numbersS andA which are not open to the public. Secondly, with these numbers, Bob computesB =N •A andB =F +A by logic operations. Thirdly, Bob computesB by XOR logic operation as follows.K In order to get publicprivate key pairs, Bob chooses a random number
as a decryption key and determines a random numberD such thatE Now, Bob releases {
,N } as public keys and keeps {E ,F } secret as private keys.D The second step is Alice’s encryption of plain text which is shown as Fig. 3(b). With Bob’s public keys {
,N }, Alice computes an encryption keyE and encrypts a plain textA_{k} P into a cipher textC by XOR logic operation as follows.Equation (10) means that the plain text cannot be decrypted if we do not know the private keys
andF , which are not open to the public as Bob’s private keys.D The third step is Bob’s decryption of the cipher text which is shown as Fig. 3(c). In the proposed asymmetric cryptography algorithm, the decryption can be easily accomplished by using the similar procedure as key generation which is shown as Fig. 3(a). Bob uses still two distinct random numbers
andA which are already set in the key generation step, and computesB =F +A . Next, by replacing the common keyB with the cipher textS C , Bob computes a decryption key and decrypts the cipher textB_{k} C into the plain textP by XOR logic operation as follows.Also, Fig. 3 shows that the proposed asymmetric cryptography has a realizable optical schematic by using logicbased optical processing. In the proposed method, an XORbased double encryption technique is used. This technique is very similar to the 3DES algorithm and was reported in the previous paper [22]. From Eq. (10), the cipher text
C contains two security keys. One is the decryption key , the other is the private keyD =F +A . Double encryption by two security keys gives us much security strength and is much harder to break the key. If an eavesdropper wants to compute the private keyB , he/she must know both the random numberF and the random numberA . Although eavesdropper notices the public key set {B }, which is now open to public, it is hard to getN, E andA from the set {B ,N } because these secret random numbers are preencrypted by AND logicbased operation and XOR logicbased operation, respectively. Another important view on the security strength concerns the key length. The security of a cryptosystem is a function of the length of the key. Assuming there is no better way to break the cryptosystem, other than to try every possible key with a brute force attack, the longer the key is, the longer it will take to make the number of attacks necessary to find the correct key. In fact, every extra key bit generally doubles the number of possible keys and therefore increases the effort required for a successful brute force attack against most key algorithms. Generally, a key length of N bits means that 2^{N} attempts are required. About the proposed asymmetric algorithm in this paper, the longer the length of these random numbers (A and B) are, then the more time the eavesdropper requires to break. Thus increase of key length improves the security and results in the robustness against the ciphertextonly attack.E 2.3. Optical Implementation of the Proposed Cryptosystem
Inherently, an optical information processing system has an advantage of 2D data processing and fast parallel information processing time. This implies that the optical cryptosystem can have very long key length and massive data processing by expanding the key to 2D array, but this 2D key expansion does not increase processing time due to parallel processing of all bits in the array. Moreover, a cryptosystem has a key length of M×N bits with 2D arrayed format, it means that 2^{M×Ν} brute force attacks are required. With these properties, an asymmetrical public key cryptosystem by using logicbased optical processing is proposed, which uses 2D pagetyped input format in the publicprivate key pair and then results in the same 2D arrayed output format in the cipher text. In this paper, the main idea of the proposed asymmetric method is that the modified RSA algorithm is implemented in an optical way by using the bitwise logicbased and freespace interconnected optical processing technique.
The advantage of the bitwise 2D arrayed optical logic processing technique is that no pixel encodingdecoding process is required because the output has the same format as the input. In order to implement optically the logicbased operations, 2D binary input variables are spatially dual encoded by using two’s complement [2224]. Referring to the modified RSA algorithm by using logicbased optical processing as shown in Fig. 2 and Fig. 3, an optical configuration of the proposed asymmetric cryptography is designed with optical components such as mirrors (M), beam splitters (BS), and spatial light modulators (SLM). In this configuration, all the SLMs are used as freespace interconnected optical logic gates. Figure 4 shows the optical schematic of the proposed asymmetric public key cryptography using dual freespace interconnected logic operations. Schematically, the optical setup contains MachZehnder type interferometer architecture. Four beam splitters BS1, BS2, BS3 and BS4 divide a collimated light into two lights, and two beam splitters BS4 and BS8 combine these divided lights into one light. Two beam splitters BS2 and BS3 perform optical AND, OR and XOR logic operations, while two beam splitters BS4 and BS8 perform optical OR logic operations and the resultant combined lights from BS8 are recorded on two CCDs. In addition, three beam splitters BS5, BS6 and BS7 are used for performing XOR logic operations. Also, this architecture is composed of eight SLMs which are used for displaying data inputs and one aperture which is used for logic control.
In order to investigate the operating principles of the optical schematic of the modified RSA algorithm, the flow charts for the proposed asymmetric cryptography method shown in Fig. 3 are considered. As to public key generation, let us consider the public keys generation procedure shown in Fig. 3(a). Figure 4(a) shows the optical configuration for the proposed asymmetric cryptosystem so as to generate the public keys {
} simultaneously, which is based on dual freespace interconnected AND, OR and XOR logic operations for 2D binary data. In Fig. 4(a), the collimating light after being reflected by the beam splitters and the mirrors illuminates and passes through the SLMs, where all the SLMs and one aperture are arranged with a purpose of operating optical AND, OR and XOR logic operations as freespace interconnected optical logic gates. When the light continuously passes two SLMs in series, optical AND logic operation is obtained by inner production pixel by pixel. On the other hand, the combining beam splitter performs optical OR logic operation by adding two lights in parallel. In this public keys generation step, two random numbersN, E andA , the common keyB , and Bob’s private keyS are displayed on the appropriate SLMs. For the purpose of operating XOR logic, dual freespace interconnected logic operation is done by using the complements of these values. The logically processed and combined light of the first row and the third row of SLMs is recorded on CCD2 as the public key {D }, and the logically processed and combined light of the second row and the fourth row of SLMs is recorded on CCD1 as the public key {E }. The detailed representations of input SLMs’ data and output CCDs’ data are shown in Fig. 5(a).N With these public keys {
}, Alice performs the encryption procedure shown in Fig. 3(b). Figure 4(b) shows the optical configuration for the proposed asymmetric cryptosystem so as to encrypt a plain textN, E P into a cipher textC by the public keys { }. In Alice’s encryption step shown in Fig. 4(b), the public keys {N, E }, the common keyN, E , and a plain textS are displayed on the appropriate SLMs. The logically processed and combined light of the first row and the third row of SLMs is recorded on CCD2 as a cipher textP C , while the processing of the second row and the fourth row of SLMs is not carried out. The detailed representations of input SLMs’ data and output CCDs’ data are shown in Fig. 5(b).As to Bob’s decryption step, the same optical configuration shown in Fig. 4(a) is used for decrypting the cipher text
C into the plain textP . In this paper, the optical schematic for Bob’s decryption is omitted because of duplication. According to the flow chart shown in Fig. 3(a), Bob’s decryption can be done simply by replacing the common key with the private keyS . The detailed representations of input SLMs’ data and output CCDs’ data are shown in Fig. 5(c).D III. NUMERICAL SIMULATIONS AND ANALYSIS
3.1. Security Strength
For the purpose of verifying the modified RSA algorithm and of showing the effectiveness in the proposed optical asymmetric cryptosystem, the proposed cryptosystem is analyzed and computer numerical simulations are carried out. In the proposed method, input data to be processed is binary bit data or a binary image. In numerical simulation, all input data have the form of pagetyped 2D array which consists of 64 × 64 binary pixels for convenience. Also, this means that the security key length has 64 × 64 = 4,096 bits which is very much longer key length compared to the conventional electronic cryptography. For example, the conventional 1D key length for the RSA public key cryptosystem has 512 bits, 768 bits or 1,024 bits. According to the pilot examples of metrics for cryptographic algorithms of the reference[25], if the key length is 1,024 bits in the conventional RSA cryptography, then 2.4 × 10^{17} years of attack time is needed. In this paper, the key length is assumed to be 64 × 64 = 4,096 bits so that 2^{64×64} = 2^{4,096} brute force attacks are required to find the correct key, which implies very huge attack time. Moreover, if we expand the data size to 128×128 pixels array, then the key length increases to 16,384 surprisingly. This means that 2^{128×128} = 2^{16,384} brute force attacks are required to find the correct key. In addition to the 2D arrayed longer key length, the proposed asymmetric cryptosystem has a difficulty in finding the decryption private key
andD =F +A even if the public keys {B ,N } are known. Furthermore, the exactly correct decryption key is also encrypted as Eq. (11). Therefore, if two secret random numbersE andA have 64×64 bits of 2D arrayed format, the combination between random numbers A and B (2^{64×64})×(2^{64×64})= 2^{4,096×4,096} attempts are required in order to findB =F +A . Also, even if the attacker might knowB =F +A , the attacker should need to know the decryption keyB for perfect decryption as Eq. (11). If three random numbersD ,A andB are used only once in the encryption session and never used in the next encryption session, then it is hard to deduce the encryption key from the whole data by knownplain text and chosenplain text attack.D A shared common key
between Alice and Bob is shown in Fig. 6(a). For convenience, a randomly generated numberS is suggested in this paper, where white areas have value of 1 and black areas are 0 numerically. This key is initially stored in both users’ memory like a DiffieHellman shared secret key. Figures 6(b) and (c) show two randomly generated numbersS andA , respectively, which is used for producing the resultant public and private keys. Figure 6(d) is a plain textB P to be encrypted, which is chosen as a binary image intentionally in order to show the processing data patterns visually. Figure 6(e) shows another randomly generated binary number which is also used in encryption and decryption. Figure 6(f) expresses AND logicbased operation resultD =N •A and Fig. 6(g) expresses OR logicbased operation resultB =F +A . Figures 6(h) and (i) represent continuously XOR logicbased operation resultsB = (K ⊕N ) ⊕F andS =E ⊕K according to Eqs. (6) and (7), respectively. Through the optical key generation step, the resultant public keys {D ,N } are open to the public. Figures 6(j) and (k) represent continuously XOR logicbased operation resultsE = (A_{k} ⊕N ) ⊕E andS =C ⊕P according to Eqs. (9) and (10), respectively. The pattern of the cipher textA_{K} C looks like a random pattern due to the randomlike encryption key . Figure 6(l) represents XOR logicbased operation resultA_{k} =B_{k} ⊕F according to Eq. (11), which shows the combination of two private keys {D ,F }. Figure 6(m) represents XOR logicbased operation resultD =R ⊕C _{k} =B according to Eq. (12). From the figure shown as Fig. 6(m), the reconstructed dataP is exactly the same as the original plain textR , which is correctly decrypted by the private decryption keys {P ,F }.D On the other hand, in order to analyze ciphertextonly key attack, some possible key attacks which should be made from the open public keys {
,N } are assumed as follows: (1) whenE =B_{k} (a randomly generated number),X =R ⊕C , (2) whenX =B_{k} ,N =R ⊕C , (3) whenN =B_{k} ,E =R ⊕C , (4) whenE =B_{k} •N ,E =R ⊕ (C •N ), (5) whenE =B_{k} +N ,E =R ⊕ (C +N ), (6) whenE =B_{k} ⊕N ,E =R ⊕ (C ⊕N ). Figures 7(a)~(f) show the reconstructed data imageE which are not the same as the original plain textR when attacking decryption keys are as the above cases, respectively. To analyze the differences between the plain text shown in Fig. 6(d) and the decrypted text image with ciphertextonly key attack shown in Figs. 7(a)~(f), the average mean square error (AMSE) is calculated as follows.P Table 1 shows numerical results for AMSE for some ciphertextonly key attacks. These AMSE are average values calculated from 1,000 evaluations for each case. For the binary text cryptographic system, MSE value of 0% means that the decrypted text is exactly the same as the original plain text and MSE value of 100% means that the decrypted text represents the reversed data of the original plain text. From the table, MSE is close to 50% for each attack, which means that the decryption is almost incorrect because MSE of 50% means that the decrypted text is the same as a half of the plain text.
3.2. Differential Cryptanalysis
In image encryption, the cipher resistance to differential attacks is commonly analyzed via the NPCR (number of pixel changing rate) test [26]. The NPCR
N (C _{1},C _{2}) can be mathematically defined by Eqs. (14) and (15).Here, C_{1} and C_{2} are cipher text image before and after one pixel change in a plain text image, respectively, and T is total pixels in the cipher text. If two test cipher text images of size M×Ν are ideally encrypted, then the theoretical expectation and the variance of a random variable are
F denotes the largest pixel value compatible with the cipher text format. For the binary image case, F=1. In this paper, C_{1} and C_{2} are cipher texts of size M × Ν encrypted by Boolean logic combination of random numbers
,A andB . In this paper, these random numbers are generated by a pseudorandom number generator which is a builtin function in MATLAB. To show the simulated expectation and the variance of cipher texts C_{1} and C_{2}, C_{1} and C_{2} are obtained from Eq. (10) by choosing differentD for each plain text P_{1} and P_{2}, where P_{1} and P_{2} have the difference of one pixel change. The simulated expectation and the variance are calculated from 10,000 pairs of C_{1} and C_{2}. More specifically, the estimated statistics are obtained byD Here,
I denotes the number of iterations and M × Ν is total pixels in the cipher text. Table 2 shows numerical results for NPCR randomness test for the proposed asymmetric cryptosystem. From the table, the simulated expectation and the variance of cipher texts C_{1} and C_{2} are very close to the theoretical values.IV. CONCLUSION
In this paper, a novel asymmetric public key cryptography based on the modified RSA algorithm is proposed by using logicbased optical processing. The proposed asymmetric algorithm is realized by optical logicbased operations to modify the conventional RSA algorithm, where AND, OR and XOR logic operations are implemented by using free space digital optics architecture. The optical schematic of the proposed method consists of dual freespace interconnected logic operation to perform Boolean logic operations. Schematically, the proposed optical configuration has an advantage of generating the public keys simultaneously. The proposed asymmetric cryptosystem can provide higher secure cryptosystem than the conventional RSA algorithm because the proposed algorithm uses a kind of XOR logicbased double key encryption technique which consequently enhances security strength. Also, the proposed optical configuration has 2D array data format which can increase the key length easily to strengthen the security system. In addition, 2D expansion of data size does not increase information processing time owing to the parallel processing property despite increase in 2D data. Another advantage of the proposed method is that it is convenient to alter the user’s two secret random numbers and the decryption key in generating the public keys, which means the proposed method has a property that users can change three random numbers at their own discretion. Computer numerical simulations and differential cryptanalysis verifies that the proposed cryptographic method is effective and suitable for the asymmetric data encryption system.

[]

[]

[FIG. 1.] Asymmetric RSA public key cryptography algorithm.

[]

[]

[FIG. 2.] Modified asymmetric public key cryptography algorithm by using logicbased processing.

[FIG. 3.] Flow charts for the proposed asymmetric cryptography method: (a) public keys generation, (b) Alice’s encryption, (c) Bob’s decryption.

[]

[]

[]

[]

[]

[]

[]

[]

[FIG. 4.] Optical schematic of the proposed asymmetric public key cryptography using dual freespace interconnected logic operations: (a) public keys generation, (b) Alice’s encryption.

[FIG. 5.] Representations of input SLMs’ data and output CCDs’ data on the optical schematic of the proposed asymmetric public key cryptography: (a) public keys generation, (b) Alice’s encryption, (c) Bob’s decryption.

[FIG. 6.] Numerical simulation for the proposed method: (a) a shared common key S between Alice and Bob, (b) a randomly generated number A, (c) a randomly generated number B, (d) Alice’s binary image P to be encrypted as a plain text, (e) a randomly generated number D as Bob’s decryption key, (f) A？B=N, (g) A + B = F, (h) (N ？ F) ？ S=K, (i) K ？ D = E, (j) (N ？ E) ？ S = Ak, (k) P ？ Ak = C, (l) F ？ D = Bk, (m) R = C ？ Bk = P.

[FIG. 7.] Numerical simulation for the ciphertextonly attack: Reconstructed data are shown when (a) R = C ？ X, (b) R = C ？ N, (c) R = C ？ E, (d) R = C ？ (N？E), (e) R = C ？ (Ν + Ε), (f) R = C ？ (Ν ？ Ε).

[]

[TABLE 1.] Numerical results for AMSE for ciphertextonly key attacks

[]

[]

[]

[]

[]

[]

[TABLE 2.] Numerical results for NPCR randomness test for the proposed cryptosystem