A Novel Approach to Communicate Secret Message Between Users Using Sponge Function Technique on NTRU

This paper presents a novel approach for a (key distribution) for secret message communication among a group (G). In order to increase security to distribute secret message (key), we introduce sponge functions using these at a specific permutation. We generate a key and distribute this key using (PKCS)(public key crypto systems), the absorbing, squeezing functions are used. In this paper an introduction part which briefs regarding sponge functions, key distribution centre, group communication and NTRU, key generation authentication, in literature review we describe about the research states of sponge functions, lightweight hash functions-KDC – NTRU. In proposed work we propose how the group communication establishes registration of users, entry and exit of a user. The encryption and decryption algorithm are used between sender and receiver. The entire proposed work is verified in VHDL and ‘MATLABS'. doi: http://dx.doi.org/10.12777/ijse.4.2.2013.44-51 [How to cite this article: Varaprasad, S., Rao, K. V., & Avadhani, P. S. (2013). A Novel Approach to Communicate Secret Message between Users Using Sponge Function Technique on NTRU. INTERNATIONAL JOURNAL OF SCIENCE AND ENGINEERING, 4(2), 44-51; doi: http://dx.doi.org/10.12777/ijse.4.2.2013.44-51]


I. INTRODUCTION
Designers of lightweight cryptographic algorithms or protocols have to trade off between two opposite design phi mlosophies. The first consists in creating new schemes from scratch, whereas the second consists in reusing available schemes and adapting them to system constraints. They are more in line with the latter approach-as illustrated by their DM-PRESENT proposal-we ten more towards the former. Although QUARK borrows components from previous works, it integrates a number of innovations that make it unique and that optimize its light weightness. As explained in this section, QUARK combines a sponge construction with a capacity c equal to the digest length n, a core permutation inspired by previous primitives, optimized for reduced resources consumption. This design strategy as an attempt to optimize its security-performance ratio. Subsequent proposals of lightweight hash functions followed a similar strategy, with PHOTON and SPONGENT respectively building their core permutations on AES-and SERPENT-like algorithms.

I. Separating digest length and security level
We observe that the digest length of a hash function has generally been identified with its security level, with (say) nbit digests being equivalent to n-bit security against preimage attacks. However, this rule restricts the variety of designs, as it forces designers to exclude design paradigms that may otherwise increase usability or performance the notation introduced in the context of sponge finctions [13] was first step towards a separation of digest length and security level, and thus towards more inventive designs. In particular, the necessity of n-bit (second) preimage resistance is questionable from a pragmatic standpoint, when one needs to assume that 2 n / 2 is an infeasible effort, to avoid birthday collision search. Designers may thus relax the security requirements against (second) preimages-as informally suggested by several researchers in the context of the SHA-3 Competition-so as to propose more efficient algorithms [13].

III Working with shift registers
In cryptography, linear or non-linear feedback shift registers have been widely used as a building block of stream ciphers, thanks to their simplicity and efficiency of implementation (be it in terms of area or power consumption). In the design of QUARK, we opt for an algorithm based on bit shift registers combined with(non-linear) Boolean functions, rather than for a design based on S-boxes combined with a linear layer (as PHOTON and SPONGENT). This is motivated by the simplicity of description and of implementation, and by the close-to-optimal area requirements it induces. Indeed, the register serves both to store the internal state (mandatory in any construction) and to perform the operations bringing confusion and diffusion .

IV Description of the QUARK hash family
This section gives a complete specification of QUARK and of its three proposed instances: U-QUARK, D-QUARK, and S-QUARK. In particle physics, the u-quark is lighter than the dquark, which itself is lighter than the s-quark; our eponym hash functions compare similarly.  Fig. 1, and a 6-bit permutation P (that is, a bijective function over {0,1} b ). Following the notations introduced a QUARK instance is parameterized by a rate (or block length) r, a capacity c, and an output length n. The width b = r+c of a sponge construction is the size of its internal state. We denote this internal state s = (S 0 . .., S b-1 ), where S 0 is referred to as the first bit of the state. Given a predefined initial state of b bits (specified for each instance of Quark) the sponge construction processes a message m in three steps [4].
1. Initialization: the message is padded by appending a '1' bit followed by the minimal (possibly zero) number of '0' bits to reach a length that is a multiple of r. 2. Absorbing phase: the r-bit message blocks are XOR's with the last r bits of the state (that is S b-r ,….. S b-2, , S b-1 ) interleaved with applications of the permutation P. The absorbing phase starts with an XOR between the first block and the state, and it finishes with a call to the permutation P. 3. Squeezing phase: the last r bits of the state are returned as output, interleaved with applications of the permutation P, until n bits are returned. The squeezing phase starts with the extraction of r bits, and also finishes with the extraction of r bits.

2.1.Permutation
As depicted in Fig Given a b-bit input, P proceeds in three stages, as described below. e. Initialization. Upon input of the b-bit internal state of the sponge construction s = (S 0 , .. ., s b-1 ), P initializes its internal state as follows:

State update
From an internal state (X t , Y t , L t ), the next state (X t+1 ,Y t+1 , L t+1 ) is determined by clocking the internal mechanism as follows a. The function h is evaluated upon input bits from X t ,Y t , and L t , and the result is written h t : is clocked using the function p: (L 0 t+1 ,…..L t │log4b│-1 ):= (L 1 t ,….. L t │log4b│-1 ,p(L t )). Table 1 summarizes the parameters of the three instances proposed. U-QUARK is the lightest flavor of QUARK. It was designed to provide 128-bit preimage resistance and at least 64-bit security against all other attacks, and to admit a parallelization degree of 8. It has parameters r=8,c=128, b=136,n=136.

3.Keying QUARK
As a sponge function, all results known on the sponge construction apply to QUARK. This includes proofs of security for keyed modes of operation, as described in . A keyed sponge function processes its input by simply hashing the string composed of the key followed by the said input. The following primitives can then be realized: Message authentication code (MAC); Pseudorandom generator; Stream cipher; Random-access stream cipher; Key derivation function. Furthermore, the QUARK instances can easily be modified to operate in the duplex construction (a variant of the sponge construction), to allow the realization of functionalities as authenticated encryption or

3.1.A Brief Description of the Present Block Cipher
Present is a 31-round SPN structure block cipher with block size of 64 bits, the cipher is described in fighre-. It supports 80 and 128 -bit secret key. Firstly, the plaintext Xored subkey K ‫|‬ as the input of the 1 st round alter 31 rounds iterations, the 31 st round output Xored with the subkey K 32 is the cipher text. Encryption Procedure. Each encryption round consists of the following 3 steps :-(1). Add RoundKey -AK : At the beginning of each round 64 bits output of the last round function is Xored with the subkey.

KEY DISTRIBUTION
Cryptography has for a long time conformed to the idea that the techniques used to protect sensitive data had themselves to be kept secret. Such principle, known as "cryptography by obscurity" has however become inadequate in our modern era. Cryptography, that has developed as a science in the 1970s and 1980s allowed to move away from this historical picture and most of the modern cryptographic systems are now based on publicly announced algorithms while their security lies in the use of secret keys Distributing keys among a set of legitimate users while guaranteeing the secrecy of these keys with respect to any potential opponent is thus a central issue in cryptography, known as the Key Establishment Problem.

Fig 3. Over view of Present Encryption Algorithm
There are currently five families of cryptographic methods that can be used to solve the Key Establishment Problem between distant users: 1. Classical Information-theoretic schemes 2. Classical public-key cryptography 3. Classical computationally secure symmetric-key cryptographic schemes 4. Quantum Key Distribution 5. Trusted couriers We will present how each of those cryptographic families can provide solutions to the Key Establishment problem and discuss, in each case, the type of security that can be provided. We will also consider a sixth type of Key Establishment schemes: hybrid schemes built by combining some of the methods listed above.

4.1.Key Establishment based on public-key cryptography:-
As shown by Whitfield Diffie and Martin Hellman in 1976 , public-key cryptography can be used to establish a shared secret key over an unprotected classical communication channel, without using a prior shared secret. It thus provides a practical way to implement key distribution over open networks.

4.1.1.Security of public-key cryptography
Current asymmetric classical cryptographic schemes, such as RSA, are based on the difficulty to compute logarithms within a finite field. Today's implementations of RSA require to use private and public keys of at least 1024 bits, in order to offer a reasonable security margin against the computational efforts of an eavesdropper 1 , and asymmetric keys of 2048 bits are preferable. It is also important to note that most of the currently used public-key cryptographic schemes (for example RSA) could be cracked in polynomial time with a quantum computer: this results from Shor's algorithm for discrete log and factoring, that has a complexity of O(n 3 ) [13].

Performance of public-key cryptography.
Making the computations relative to the asymmetric cryptographic protocols (over keys longer than 1024 bits) is a rather computational intensive and time-consuming task. The performance of RSA-based key distribution implementations depend heavily on hardware : for RSA 2048 implemented on a recent PC (Pentium IV with a 2.1 GHz processor running under Windows XP), the computations needed for one key exchange (essentially one RSA encryption and one decryption) take roughly 30 ms . The same key exchange would be approximately 10 times faster (thus in the ms range) on dedicated coprocessors and 10 times slower (in the time range of a few tens of a second) on smart card coprocessors , Because of those relatively low exchange rates, public-key cryptography is most commonly used solely for initial session key distribution (in network protocols like SSL for example), and classical symmetric-key cryptography is then generally used for symmetric encryption and/or authentication of data.

4.1.3.ClassicalComputationally Secure Symmetric key Cryptography and key Establishment
Symmetric-key cryptography refers to cryptography methods in which both the sender and receiver share the same key. Symmetric-key encryption was the only kind of encryption publicly known until the discovery of public-key cryptography in 1976. Symmetric-key ciphers are used to guarantee the secrecy of the encrypted messages. The modern study of symmetric-key ciphers relates mainly to the study of block ciphers and stream ciphers and to their applications. AES is a block cipher that had been designed by a team of Belgium cryptographers (Joan Daemen et Vincent Rijmen) and has been adopted as an encryption standard by the US government (in replacement of DES). Block ciphers can be used to compute Message Authentication Codes (MACs) and can thus also be used to guarantee integrity and authenticity of messages. Stream ciphers, in contrast to the block ciphers, create an arbitrarily long stream of key material, which is combined with the plaintext bit-by-bit or character-bycharacter, somewhat like the One-Time-Pad. We will not consider stream ciphers in the remaining part of this subsection, since, unlike block ciphers, they cannot be easily used to perform Key Establishment.

4.1.4..Key
Establishment based on Classical Computationally. Secure Symmetric-Key Cryptography Key Establishment can be realised by making use of only symmetric-key cryptographic primitives. Indeed, the combination of a symmetric-key encryption scheme with a symmetric-key authentication scheme allows one to build a Key Establishment primitive. Provided that a secret key is previously shared, symmetrically, by Alice and Bob, one can use a symmetric-key cipher to encrypt a message that will constitute the secret key for the key distribution protocol (this message can be random or not). Part of the previously shared symmetric key material can also be used to symmetrically compute (on Alice's side) and check (on Bob's side) a message authentication tag. Key Establishment based on symmetric-key cryptographic primitives are always based on a pre-established symmetric secret, needed for authentication. In this sense, they only allow Key Expansion more than Key Establishment. 4.1.5. Security of classical computationally secure symmetric-key cryptography. The security of key distribution based on classical symmetric-key cryptography depends on the security of the cryptographic primitives that are used, and on the composability of those crypto primitives. Shannon has proven that there is no unconditionally secure encryption scheme which requires less key than a One-Time Pad, i.e., the number of key bits is at least as large as the length of the message . Hence, if we consider the possibility of building an unconditionally secure symmetric key expansion scheme, i.e v a method to symmetrically generate secret key out of a short initial symmetric shared secret key, the former results from Shannon tell us that such a scheme is impossible to achieve in the framework of classical cryptography. This is a fundamental limitation of any communication scheme relying solely on the exchange of classical messages since, in contrast to quantum messages, classical messages can be copied without errors. It is however possible to use classical symmetric-key encryption and authentication schemes, that are not unconditionally secure, to build a Key Establishment scheme. AES can for example be used for symmetric-key encryption and can be also used to compute message authentication codes (using AES-MAC). Note that the security model that applies to such symmetric-key classical encryption schemes (symmetric-key block ciphers and stream ciphers) is not unconditional security (the entropy of the key is smaller than the entropy of the message) and not even "provable computational security" (based on some proven upper bounds or on some equivalence between the complexity of the cryptanalysis of a given cipher and another well-studied problem 2 ). The security model that applies to classical symmetric-key cryptography can be called "practical computational security": a cryptographic scheme is considered "practically computationally secure" if the best-known attacks require too much resource (such as computation power, time, memory) by an acceptable margin The main problem with such a security model is that it is unable to guarantee anything about yet unknown attacks . There are no publicly known efficient quantum attacks on classical symmetric-key cryptographic schemes (but no proof that efficient attacks cannot be found), and the crypt-analysis of symmetric-key classical cryptography on a quantum computer reduces to exhaustive search. Here a quantum computer would thus still give an advantage: the complexity of exhaustive search in a unsorted database of N elements is of O(N) on a classical computer but only of O(VN) on a quantum computer.
Performances In terms of performance, symmetric-key classical cryptography is much faster and less computational intensive than asymmetric cryptography 3 . In terms of speed, there are now 128-bit AES encryptors able to encrypt data at rates in the Gbit/s range , This is the reason why it is widely preferred to use symmetric-key schemes for encryption and/or authentication over currently deployed communication networks. AES is currently the chosen standard for symmetrickey classical block ciphers. Under the assumption that the best way to break a symmetric-key cryptographic scheme is exhaustive search within the key space 4 , then, a symmetric key modulus of 77 bits is roughly comparable, in terms of computational requirements, to an asymmetric key modulus of 2048 bits . Note that doubling the length of a symmetric key implies squaring the computational efforts needed for exhaustive search; on the other hand, the computational efforts scale not as fast with key length in the case of asymmetric cryptography.

5.NTRU
Description of NTRU :-NTRU is based on the algebraic structures of certain polynimal rings.The 'hard problem" on which NTRU is based is the Short Vector Problem (finding a short vector in a lattice). a. Notation. Before we proceed, we set some notation. The following are all part of the domain parameters for an implementation of NTRU. n The dimension of the polynomial ring used in NTRU. (The polynominals will have degree n-1.) p A positive integer specifying a ring Z/ P Z over which the coefficients of a certain product of polynomials will be reduced during the encryption and decryption processes. q A positive integer specifying a ring Z/ q Z over which the coefficients of a certain product of polynomials will be reduced during the encryption and decryption processes, also used in the construction of the public key. k A security parameter which controls resistance to certain types of attack including plain text awareness. d f The distribution of the coefficients of the polynomial f, below (f is part of the private key). d g The distribution of the coefficients of the polynomial g, below(g is used to construct the public key). d r The number of 1s and -1s used in a certain random polynomial r, below , in the encryption process. We will also use the following notation.
this is part of the private key). This polynomial is obtained by reducing the coefficients of f modulo p.

A polynomial in
[ ] X Z /(q,X n -1) (used with f q to construct the public key).

L g The set of polynomials in
[ ] X Z /(x n -1) whose cofficients satisfy d g .

L r The set of polynomials in
[ ] X Z /(x n -1) whose coefficients satisfy d r . Case 2 and 3 show that none of the operations used in the key generation process is effective if the cipher key is made of all 0's or all 1's. These types of cipher keys need to be avoided, as discussed in Chapter 6. S-DES is very vulnerable to brute-force attack because of its key size (10bits) Throughout this paper, we work in the ring . An element f R Î will be written as a polynormal or a vector.
In addition to this convolution product, there are two other operations we need to define on rings of polynomials. These are a generating function and a hashing function. They are required in order to build a digital envelope into the NTRU protocol. We first let ( ) p P n = {polynomials of degree at most 1 nwith mode p coefficients}, and we will write.
[ ] p g { g with its coefficients reduced modulo p into the range ( ) We may now describe more precisely what we mean by a generating function G and a hashing function H,   Otherwise he rejects the message as invalid. Remark. For appropriate parameter values, there is an extremely high probability that the decryption procedure will recover the original message. However, some parameter choices may cause occasional decryption failure, so one should probably include a few check bits in each message block. The usual cause of decryption failure will be that the message is improperly centered. In this case Bob will be able to recover the message by choosing the coefficients of a f e º Ä mod q in a slightly different interval, for example from / 2 q x -+ to / 2 q x + for some small (positive or negative) value of .
x If not value or x works, then we say that we have gap failure and the message cannot be decrypted as easily. For well-chosen parameter values, this will occur so rarely that it can be ignored in practice.

6.Why Decryption
To describe the other sample spaces, we will use sets of the form  In this paper we propose the secret message transmission between group using sponge function technique, every user has to register in order to communicate in the group. This entire process will be examined in KDC(Key Distribution Center) based on NTRU Technique. The Encryption and Decryption will be taken place.