Text Multilevel Encryption Using New Key Exchange Protocol

: The technological development in the field of information and communication has been accompanied by the emergence of security challenges related to the transmission of information. Encryption is a good solution. An encryption process is one of the traditional methods to protect the plain text, by converting it into inarticulate form. Encryption implemented can be occurred by using some substitute techniques, shifting techniques, or mathematical operations. This paper proposed a method with two branches to encrypt text. The first branch is a new mathematical model to create and exchange keys, the proposed key exchange method is the development of Diffie-Hellman. It is a new mathematical operations model to exchange keys based on prime numbers and the possibility of using integer numbers. While the second branch of the proposal is the multi-key encryption algorithm. The current algorithm provides the ability to use more than two keys. Keys can be any kind of integer number (at least the last key is a prime number), not necessarily to be of the same length. The Encryption process is based on converting the text characters to suggested integer numbers, and these numbers are converted to other numbers by using a multilevel mathematical model many times (a multilevel process depending on the number of keys used), while the decryption process is a one-level process using just one key as the main key, while the other keys used as secondary keys. The messages are encoded before encryption (coded by ASCII or any suggested system). The algorithm can use an unlimited number of keys with a very large size (more than 7500 bytes), at least one of them a prime number. Exponentiation is also used for keys to increase complexity. The experiments proved the robustness of the key exchange protocol and the encryption algorithm in addition to the security. Comparing the suggested method with other methods ensures that the suggested method is more secure and flexible and easy to implement.


Introduction:
Digital information transferred over communications channels increased rapidly with the development of computers, and this may be monitored by electronic eavesdroppers, where in general it is the ideal communication pass from the sender to the receiver directly without an interpreter from the third party. There are many applications of cryptography with various degrees of security 1 .
In general, cryptography aims to achieve many goals. It is possible to achieve all these goals or some of them at the same time in one application. The first goal is authentication; it means that the systems or users can prove their own identities to other parties who don't have personal knowledge of their identities 2 . The second goal is confidentiality, which is the most important goal. Confidentiality ensures that nobody other than the authorized person can decrypt the message. The third goal is data integrity, which confirms that the received message has not been modified intentionally or accidentally. The fourth goal is non-repudiation; this is the technique used to ensure that the message is sent and received by the authorized party. The last goal is access control, which controls the persons that can access the resources 3 .
Public key cryptography was introduced in 1976 by Diffie and Hellman (DH) as one of the greatest contributions to solving the problem of key exchange 4 . There are many applications of publickey encryption schemes; one of them allows secure communication between two parties over public channels without needing to know each other to establish a shared secret key 5 .
The public key is also called (asymmetrickey). It is one of two schemes of encryption algorithms, while the other scheme is a private key called an asymmetric key 6 .
The symmetric scheme uses one key for encryption and decryption; it is called a private key. Anyone possessing the private key will be able to encrypt and decrypt the message. Thus, the private key must be kept secret all the time. This might cause some disadvantages and give way for attacks on algorithm 7 .
The asymmetric scheme uses pairs of keys (public and private); one for encryption, while the other for decryption. The public key is used for encryption of the message and the private key for the decryption of the message. Anyone can use the public key which is works in conjunction with its equivalent private key. Asymmetric key Cryptography needs more processing since encryption and decryption use different keys 8 .
Hellman's algorithm and the RSA algorithm fail to find a simple way of deriving the cryptographic keys. Existing encryption algorithms fail to find and implement easy and inexpensive ways in software and hardware for producing asymmetric cryptography. The current encryption methods which fail to find a secure method can use integer numbers (not prime numbers) in the cryptographic process 9,10 .
The present method for attacking Diffie-Hellman (DH) depends on compromising one of the private keys by calculating the discrete log of the corresponding public value in the DH group 10 .
This attack takes advantage of the fact that an adversary can perform a single huge computation to crack a particular prime and then easily break any individual connection that uses that prime. The attacker can start with the phase of the attack which depends only on the prime. This can be done in advance, which leaves only the second phase to be done on the fly for any particular connection.
Multi-level Data Encryption describes the improvement of data encryption complexity due to multiple operations of single-phase encryption techniques in cryptography. Better security can be achieved by multiple encryptions because even if some component ciphers are exposed or some of the secret keys are detected, the confidentiality of the original data can still be maintained by the multiple encryptions 11 .
Many algorithms are used for protecting the information and keeping it secured. These algorithms vary in their ability to resist and avoid attacks. Popularly used algorithms include DES (key size 56 bits), Rijndael (AES) (key size 128, 192, 256 bits), Triple-DES (key size 112, 168 bits), SEAL (key size 160 bit), Blowfish (key size 128 bits) 12 , RC2 (key size 128 bits), RC4 (variable key size), Twofish (key size 128, 192, 256 bits), RSA (the key size of an RSA key (1024 bits) specifies the number of bits in the modulus) 13 , and HiSea (the key size 1 -4096 set of integers) 14 . Many researchers work in this field, such as: Mahalakshmi and Kuppusamy suggested a way used asymmetric key encryption. The authors used multiple keys for encryption. They generate one hybrid key from improved cipher block chaining encryption and the second one from a genetic algorithm. This algorithm is used for plain text and images 15 .
Madhvi and Gagandeep tried to get the best optimization for improving cloud security by introducing a hybrid algorithm that combines flower pollination and DNA cryptography. The first algorithm stemmed from nature to find the best solution, while the second algorithm helps to encrypt big data by using a very small amount of DNA 16 .
Lipi Nski proposed a key exchange method based on octonion algebra. The authors suggested three protocols for key exchange used for cryptography. The authors generalize the RSA algorithm to the octonion arithmetics by using the totient function defined for integral octonions 17 . David Adrian and colleagues showed that, in practice, applications that use Diffie-Hellman tend to choose a universally fixed prime p (and fixed g). For example, several SSH servers and IPsec VPNs use a fixed universal 1,024-bit prime p. Same thing for HTTPS Web servers, despite a less extent. The authors proved that the 1024 bit prime p is not safe to use everywhere. This is due to two steps of the precomputation attack on the discrete-log problem modulo a prime. In the first step, and before attacking the victim, the attacker works on creating a specific table based on the fixed p and g. this table will be used in the second step to compute the discrete log and break session 18 .
The rest of the paper is organized as follows: Section two presents the contribution of this paper, followed by the summary of the proposed method which includes key exchange, encryption process, and decryption process. Where section four is focused on the experimental results. Finally, the conclusion comes out with section five.

Contributions:
Our contribution is constructing a service application to provide security as a service to its users when encrypting any type of data. Two main new algorithms are suggested in this work. A new key exchange algorithm is suggested to offer a highly secure encryption process, this algorithm is an improved algorithm of Diff-Helman's algorithm. The secure keys are determined in a different way which is more secure.
The second proposed algorithm is a new encryption algorithm based on multiple keys (two or more keys) which increases the complexity. The key size can be more than 7500 bytes. For more complexity, the encryption process is modified by raising the key's values to specific exponents. The novelty of this paper is the use of a hybrid scheme (symmetric and asymmetric schemes), where several public keys are used for encryption, and one private key is used for decryption, at the same time all the keys used to calculate the base value which is used in encryption and decryption.

Summary of the Proposed Algorithms:
The current proposal provides the ability to use more than two keys. Keys can be prime numbers and any kind of integer numbers, not necessarily just prime numbers and not necessarily of the same length (whole keys' values may be positive, negative, or a combination of positive and negative values). Two of the keys' values must be greater than one or less than (-1), or at least one of the key's values should be greater than two or less than (-2). The whole suggested keys except the last one are used for encryption, while the last key is used for decryption in addition to the other keys. Some of the keys are used as public keys while the others are used as private keys. The last key must be a private key and prime number. The proposed algorithm suggests many encryption levels based on the number of keys.
The current suggestion consists of setting up a process and three main functions that process data in various ways. In the setup process of the preferred embodiment, the sender and receiver agree upon a set of initial public parameters and the authorities generate an escrowing public key and corresponding private keys. The functions are key generation, encryption process, and decryption process.

Key generation
This algorithm uses arithmetic modulus as the basis of its calculation. Thus, establishing a shared secret over an unsecured communication channel.
The first protocol suggested by Diffie and Hellman works by choosing a large prime number p and determining certain exponentiations reminder of this prime number. The protocol will be secure if at the very least difficult solving the discrete-log problem modulo the prime number p. This problem is quite easy to state: fix a large prime p, and an integer 0 < g < p (a generator). Next, select an integer 0< x < p and determine the remainder (h) of dividing g x on p.
The problem of discrete-log is to determine (x) when we have p, g, and h only. the Diffie-Hellman protocol regards as insecure for selected (p, g) when this problem for most (h) will be efficiently solved 18 .
In this paper, the suggested key exchange algorithm is based on the agreement between the sender and the receiver on a key, in such a way that an eavesdropper cannot obtain the key.
Steps of the suggested protocol ( Fig. 1): 1. The sender and receiver agree on an integer number (g) and a base number (n), whether they are prime or not. 2. The sender selects a private random natural number (a) and sends (g a mod n) to the receiver. do 3. The receiver selects a secret number (b) and sends (g b mod n) to the sender. 4. The sender computes (((g b mod n) × g a-1 ) mod n). 5. The receiver computes (((g a mod n) × g b-1 ) mod n). 6. Both sender and receiver can use this number as their key. Notice that (g) and (n) do not need to be protected. The receiver picks random numbers (b), and: The receiver determines (Y) Y = g b mod n (2) The protocol just exchanges these numbers: Sender → Receiver: X (3) Receiver → Sender: Y (4) Sender calculates private key x = (Y × g a-1) mod n (5) The receiver calculates the private key y = (X × g b-1 ) mod n (6) Both (x, y) are equal.

Encryption process
In this method, the first step is encoding the messages before the encryption process, by a mapping technique that converts the plain text into ASCII values or any vector of suggested numbers. The data encrypting is based on finding the base value. The base value is calculated by multiplying the key values (k 1 , k 2 , k 3 , …, k n ) and then subtracting one from the product or adding one to the product (when the base value is a negative value) as in Fig. 2. The keys (k 1 , k 2 , k 3 , …, k n ) are generated using the key generated process or they are picked randomly. At least one of these keys should be a prime number. The value of the message to encrypt may be any integer numbers positive or negative (text can be represented by numbers, either ASCII numbers or suggested numbers for each character). The range of the value to encrypt (message) is related to the sign and value of the base value. When the base value is positive then the range of message value must be from (-the base value minus one to the base value minus one), while in the case of a negative base value then the range of the message must be from (the base value minus one to absolute value of the base value minus one).

-B < M < B When (base value (B) >0) (9) B < M < | B | When (base value (B) < 0) (10)
The value to be encrypted is multiplied by the first key-value, then the remainder of dividing the product on the base values is determined by the modulus, which represents the first sub-encrypted value.
The first sub-encrypted value is multiplied again with the second key-value, the remainder of dividing the product on the base value is determined by a modulus operation, which represents the second sub-encrypted value. This process is repeated; every time the result from the previous step is encrypted with a new key until all keys have been processed (k 1 …k n-1 ) (the last key specified for decryption). The result after encrypting the subencrypted value with key (k n-1 ) is the final encrypted message. The sign of the encrypted message must be the same as the sign of the message. So, when the sign of the message is negative the sign of the encrypted message changes to be negative. The Encrypted message is sent to the receiver (Fig. 3).

Modified method:
A modified method for finding the encryption value is implemented by choosing an exponent value, the range of exponent value is the entire positive integers; raising each key-value (k 1 … k n-1 ) to the exponent value and then multiplying each key by the message or sub enciphered value as explained previously (Fig. 4). The result is a newly enciphered message.

Decryption process:
To decrypt the encrypted message, the receiver should calculate the base value. The base value is calculated by multiplying the keys' values (k 1 , k 2 , k 3 , …, k n ) and then subtracting one from the product. The encrypted value can be decrypted by multiplying it by the last key value (k n ). Then, the remainder of dividing the result of multiplication on the base value is the decrypted value. Check the sign of encrypted value. If it was a negative value, then the sign of the decrypted value must be changed to a negative value. Figure 5 clarifies the decryption process. If the encryption process uses an exponent value, then the same exponent value is selected in the decryption process; raise the last key (k n ) to the exponent value and then multiply it by the encrypted value. Then the remainder of dividing the result of multiplication on the base value is the decrypted value as in Fig. 6.

Example 5
This example clarifies different cases for the signs of keys, messages, and the base. The calculating of encrypted and decrypted values are summarized in Table 1. The sign of (E2) changed according to the sign of (M), and the sign of (D) changed according to the sign of (E2). The above examples showed the ability of the suggested algorithm and how it is flexible to work with a different number of keys, different lengths of keys, and values, also prove the possibility to work with positive and negative numbers, prime and nonprime numbers.
The suggested algorithm is compared with other encryption algorithms. The suggested algorithm has several advantages over many other encryption algorithms as shown in Table 2. Also, the suggested key exchange algorithm compared with two of the most popular key exchange algorithms, it is clear that each algorithm has its advantage, and all of them are robust against attacks. The three key exchange algorithms are shown in Figs. 7, 8, and 9 allow the reader to compare between them. Where in Fig. 7 Diffe-Helmin algorithms are shown, and the ID-KEX protocol is shown in Fig. 8. and finally, the proposed key exchange (Nidhal algorithm) is shown in Fig. 9.   One important advantage of this proposed algorithm is the robustness to attack. The supercomputer with about 10 17 FLOPS needs more than 10 800 years to find the key value in the simple form.
Finally, the performance of the suggested algorithm compared with other algorithms suggested by other authors is shown in Table 3. The comparing results prove that the suggested algorithm has promised and dependable results.