Another Cryptanalytic Attack on 'A Cryptosystem for Multiple Communication'

Reference [l] proposed a clypta6ystem for communication in a network, ln [2] Meijer demonstrated that it is sometimes possible to cryptanalyze that system under a chosen text attack [3]. In this note we show that the system is extremely weak and can always be cryptanalyzed under a known plaintext attack [3]* In the proposed cryptosystem there are n t 1 messages ml, mz, . . . . m,+l intended for users 1 through n + 1 respectively. The transmitter fits an nth degree polynomial f(x) through the n + 1 points (ki, cimi) for i = 1,2, . . . . n t f and broadcasts the resulting coefficients (fi)$o * The parameters (ki, ci) are a secret key known only to the transmitter and the ith receiver. The i* receiver obtains rni as