STRU: A Non Alternative and Multidimensional Public Key Cryptosystem
|
|
- Randolf Hicks
- 5 years ago
- Views:
Transcription
1 Global Journal of Pure and Applied Mathematics. ISS Volume 13, umber 5 (2017), pp Research India Publications STRU: A on Alternative and Multidimensional Public Key Cryptosystem Khushboo Thakur Department of Mathematics, Govt..P.G. College of Science, Raipur (C.G.), India. B.P. Tripathi Department of Mathematics, Govt..P.G. College of Science, Raipur (C.G.), India. Abstract In this paper, we propose STRU by using sedenion algebra which is a non alternative and multi-dimensional public key cryptosystem based on the TRU. Our scheme STRU encrypts sixteen data vectors in each encryption procedure. The underlying algebraic structure of STRU is a non associative and non alternative but power-associative 16 dimensional algebra with a quadratic form and whose element are constructed from real number R by iterations of the Cayley Dickson Process. Moreover, it is neither a composition algebra nor a division algebra because it has zero divisors. Further, we provide the details of the key generation, encryption and decryption algorithms and discuss the object about key security, message security, and probability of successful decryption. AMS subject classification: 94A60, 2005, 17A45. Keywords: TRU, STRU, sedenion algebra, zero divisors, Cayley-Dickson Process, Encryption, Decryption.
2 1448 Khushboo Thakur and B.P. Tripathi 1. Introduction TRU is a probabilistic public key cryptosystem that was first proposed by Jeffrey Hoffstein, Jill Pipher and Joseph H. Silverman in the rump session of Crypto 96 and the first official paper was published in 1998 [15]. Compared to more well-known systems such as RSA or ECC, the greatest advantage of TRU is that it is based on a class of basic arithmetic operations whose inherent complexity is rather low, amounting to O( 2 ) in worst-case. Computational efficiency along with low cost of implementation have turned TRU into a very suitable choice for a large number of applications such as embedded systems, mobile phones, portable devices and resource constrained devices [1]. As a rough comparison, TRU is hundreds of times faster than RSA and has a much faster key generation algorithm. However, there is an obvious drawback in using TRU in that sometimes the decryption process fails to give the plaintext back with a very small probability (e.g., smaller than 2 80 ) [3]. TRU is classified as a lattice-based cryptosystem since its security is based on difficulty of hard-problems in certain types of lattices, contrary to RSA and ECC. On the other hand, TRU is also classified as a probabilistic cryptosystem as each encryption involves a random vector (ephemeral key) and, hence, messages do not have unique encryptions. During the past ten years, TRU has been strictly analyzed by researchers and its main core is still assumed to be safe. Most sophisticated attacks against TRU are based on lattice reduction techniques. Two famous lattice problems, Shortest Vector Problem (SVP) and Closest Vector Problem (CVP), have shown to be among P-hard problems [12, 5, 7, 4]. However, the lattice problem arising in TRU is classified as a Convolution Modular Lattice (CML) and it is not determined, yet, whether or not the cyclic structure of CML is going to help reducing the complexity of CVP or SVP. This issue has been considered in new versions of TRU [8, 9]. In this paper by introducing a non-alternative and multidimensional public key cryptosystem. We will prove that a lattice based public key cryptosystem based on nonalternative algebra is not sufficient but also possibly more secure then tru, because its lattice does not completely fit within Circular and Convolutional Modular Lattice. In completely even circumstances, i.e., choosing the same parameters for both TRU and STRU, STRU works sixteen times slower than TRU and the data are encrypted simultaneously as sixteen vectors. Other than changing the underlying algebra, no other change has been made. In particular, STRU keeps the probabilistic properties of TRU. Hence the main advantages of the proposed cryptosystem would be higher security and the increase of parallelism levels. Since sixteen vectors of data are encrypted simultaneously in each system call, STRU can be considered as a multidimensional cryptosystem. As a result of high complexity of the STRU lattice, the dimension can be reduced. Hence, the imposed speed reduction caused by sedenionic processing, can be compensated. This paper is organized as follows: Section 2 summarizes the TRU cryptosystem. Then, Section 3 includes a brief introduction to sedenion algebras. We dedicate Section 4 to introducing the algebraic structure of STRU. Then, Sections 5 and 6 are devoted to the description of STRU and general analysis of the scheme.
3 STRU: A on Alternative and Multidimensional Public Key Cryptosystem The TRU Cryptosystem The basic operations in TRU take place in the ring Z[x]/(x 1), which is known as the ring of convolution polynomial of rank, where is a prime [16]. Let define the following three rings: R = Z[x]/(x 1), R p = (Z/pZ)[x]/(x 1), and R q = (Z/qZ)[x]/(x 1). An element f of the rings R, R p, R q can be written as a polynomial or a vector of coefficients: f = i=0 1 f i.x i [f 0,f 1,...,f 1 ]. In the convolution rings, addition corresponds to the ordinary polynomials addition, i.e., element-wise vector addition. But multiplication, is denoted by is explicitly defined as follows, f(x):= g(x) := h(x) := h k := 1 i=0 1 i=0 1 i=0 f i.x i =[f 0,f 1,...,f 1 ] 1,f i Z. g i.x i =[g 0,g 1,...,g 1 ] 1,g i Z. h i.x i =[h 0,h 1,...,h 1 ] 1,h i Z. k f i.g k i + i=0 1 i=k+1 f i.g +k i = i+j=k f i.g j. Clearly, addition and multiplication in R p or R q are equivalent to performing the same operations in R and ultimately reducing the resulting coefficients mod p or mod q. Let d f, d g, d φ, and d m be constant integers less than. These are the public parameters of the cryptosystem and determine the distribution of the coefficients of the polynomials. Based on these constants, we shall define the subsets L f,l m,l Á,L g Raccording to the criteria presented in Table 1. With this notations and definitions, the tru public key cryptosystem can now be described as follows. Public Parameters: The public parameters (,p,q,d) in TRU are assumed to be fixed and must be agreed upon by both the sender and the receiver. and p are prime numbers such that gcd(p, q) = gcd(, q) = 1 and q >> p. Usual value include = 167 for moderate security, = 251 for high security, and = 503 for very high security along with p=3 and d 3. Key Generation: To create an TRU key, first two small polynomials g L g and f L f are randomly generated. The polynomial f must be invertible in R p and R q. When f is randomly selected from the subset L f, the probability for this polynomial to be invertible in R p and R q is very high. However, in rare event that f is not invertible, a new polynomial f can be easily generated. The inverse of f over R p and R q are computed using the extended Euclidian algorithm. We call those two inverses fp 1 and fq 1, respectively. Hence, we have f fp 1
4 1450 Khushboo Thakur and B.P. Tripathi Table 1: Definition of public parameters of TRU otation Definition Typical Value for =167, p=3, q=128 L f {f R f has d f coefficients equal d f = 61 to +1, (d f 1) equal to 1, the rest 0} L g {g R g has d f coefficients equal to d g = 61 +1, (d g 1) equal to 1, the rest 0} L φ {φ R φhas d f coefficients equal to d φ = 61 +1, (d φ 1) equal to 1, the rest 0} L m {m R coefficients of m are chosen modulo p, between p/2 and p/2} 1(modp) and f fq 1 1(modq). While f, g, fp 1 1 and fq are kept private, the public key h is computed in the following manner h = f 1 q g(modq). Encryption: The system initially selects a random polynomial φ L φ, called the ephemeral key, and cipher the input message to a polynomial m L m. The ciphertext is computed as follows: e = p.h φ + m(modq). ote that p is a constant parameter and we can pre-compute the polynomial p.h. Hence, disregarding the time required for generating the ephemeral key and transforming the incoming message into the polynomial m, the encryption process demands 2 multiplication and addition mod q. Decryption: The first step of the decryption process starts by multiplying (convolving) the received polynomial e by the private key f a = f e(modq). a = f (p.h φ + m)(modq) a = p.f h φ + f m(modq) a = p.f fq 1 g φ + f m(modq) a = p.g φ + f m(modq) In the second step, the coefficients of a R q are identified with the equivalent representatives in the interval [ q/2, +q/2]. Assuming that the public parameters have been chosen properly, the resulting polynomial is exactly equal to p.g φ + f m(modq) in R. With this assumption, when we reduce the coefficients of a mod p, the term p.g φ vanishes and f m(modp) remains. In order to extract the message m, it is enough to
5 STRU: A on Alternative and Multidimensional Public Key Cryptosystem 1451 multiply f m(modp) by f 1 p. Decryption Failure: If the public parameters (,p,q,d) are chosen to satisfy q> (6d +1)p then decryption process will never fail. However, to have a better performance and also to reduce the size of the public key, smaller value of q may be chosen for q such that the probability of decryption failure be very small of order 2 80 [3]. Successful decryption depends on whether or not p.g φ + f m < q. Through a few simple probabilistic calculations [17], the approximate bound for successful decryption probability can be calculated as follows P r(successf uldecryption) = ( 2φ ( ) q 1 2σ ) 1 where φ denotes the distribution of the standard normal variable and 36df.d g σ + 8d f A Brief Introduction to Sedenion Algebra The algebras C (complex numbers), H (quaternions), and O (octonions) are real division algebras obtained from the real numbers R by a doubling procedure called the Cayley-Dickson Process. By doubling R (dim 1), we obtain C (dim 2), then C produces H (dim 4), and H yields O (dim 8), The next doubling process applied to O then yields an algebra S (dim 16) called the sedenions. The world sedenion is derived from sexdecim, meaning sixteen.the real sedenion or hexadecanions is denoted by S. The sedenion is a non-commutative, non-associative, non-alternative, but power-associative 16 dimensional algebra with a quadratic form and whose elements are constructed from real numbers R by iterations of the Cayley-Dickson Process [10, 11]. Moreover, it is neither a composition algebra nor a division algebra because it has zero divisors. This means that there exist sedenions a,b = 0 such that ab = 0. The sedenions have multiplicative identity element and multiplicative inverse. otation: Let 2 4 = 16 basis elements of the sedenion algebra S be represented by the set S E ={e 0,e 1,e 2,...,e 15 }, where e 0 is the identity element and e 1,...,e 15 are called imaginaries. Then every sedenion is a linear combination of the unit sedenions e 0,e 1,e 2,...,e 15, which form a basis of the vector space of sedenions. Every sedenion can be represented in the form, S = x 0 e 0 + x 1 e 1 + x 2 e 2 + x 3 e 3 + +x 14 e 14 + x 15 e 15 S ={x 0 + x i e i x 0,...,x 15 R}
6 1452 Khushboo Thakur and B.P. Tripathi where x i R. Here x 0 is called the real part of S while x i e i is called its imaginary part. The addition of two sedenion is performed by adding corresponding coefficients (i.e., element-wise) but multiplication is defined by bilinearity and the multiplication rule of the base elements. Thus, if x,y S, wehave: xy = ( i=0 )( ) x i e i y j e i = i=0 i,j=0 x i y j (e i e j ) i,j,k=1 f ij γ k ij e k where e i,e j,e k E 16, f ij = x i y j R, and the quantities γ k ij Rare called structure constants. The multiplication rule of the sedenion base elements is given by and is summarized in Table 2 [13] e i e j = k=0 γ k ij e k Table 2: The multiplication Table Of The Sedenion element e 0 e 1 e 2 e 3 e 4 e 5 e 6 e 7 e 8 e 9 e 10 e 11 e 12 e 13 e 14 e 15 e 0 e 0 e 1 e 2 e 3 e 4 e 5 e 6 e 7 e 8 e 9 e 10 e 11 e 12 e 13 e 14 e 15 e 1 e 1 e 0 e 3 e 2 e 5 e 4 e 7 e 6 e 9 e 8 e 11 e 10 e 13 e 12 e 15 e 14 e 2 e 2 e 3 e 0 e 1 e 6 e 7 e 4 e 5 e 10 e 11 e 8 e 9 e 14 e 15 e 12 e 13 e 3 e 3 e 2 e 1 e 0 e 7 e 6 e 5 e 4 e 11 e 10 e 9 e 8 e 15 e 14 e 13 e 12 e 4 e 4 e 5 e 6 e 7 e 0 e 1 e 2 e 3 e 12 e 13 e 14 e 15 e 8 e 9 e 10 e 11 e 5 e 5 e 4 e 7 e 6 e 1 e 0 e 3 e 2 e 13 e 12 e 15 e 14 e 9 e 8 e 11 e 10 e 6 e 6 e 7 e 4 e 5 e 2 e 3 e 0 e 1 e 14 e 15 e 12 e 13 e 10 e 11 e 8 e 9 e 7 e 7 e 6 e 5 e 4 e 3 e 2 e 1 e 0 e 15 e 14 e 13 e 12 e 11 e 10 e 9 e 8 e 8 e 8 e 9 e 10 e 11 e 12 e 13 e 14 e 15 e 0 e 1 e 2 e 3 e 4 e 5 e 6 e 7 e 9 e 9 e 8 e 11 e 10 e 13 e 12 e 15 e 14 e 1 e 0 e 3 e 2 e 5 e 4 e 7 e 6 e 10 e 10 e 11 e 8 e 9 e 14 e 15 e 12 e 13 e 2 e 3 e 0 e 1 e 6 e 7 e 4 e 5 e 11 e 11 e 10 e 9 e 8 e 15 e 14 e 13 e 12 e 3 e 2 e 1 e 0 e 7 e 6 e 5 e 4 e 12 e 12 e 13 e 14 e 15 e 8 e 9 e 10 e 11 e 4 e 5 e 6 e 7 e 0 e 1 e 2 e 3 e 13 e 13 e 12 e 15 e 14 e 9 e 8 e 11 e 10 e 5 e 4 e 7 e 6 e 1 e 0 e 3 e 2 e 14 e 14 e 15 e 12 e 13 e 10 e 11 e 8 e 9 e 6 e 7 e 4 e 5 e 2 e 3 e 0 e 1 e 15 e 15 e 14 e 13 e 12 e 11 e 10 e 9 e 8 e 7 e 6 e 5 e 4 e 3 e 2 e 1 e 0 Multiplication is neither commutative nor associative but is power-associative and have zero divisors. The conjugate and square norm of an sedenion x = x 0 + are given by [18] x = x 0 x i e i and (x)= x.x = x.x = i=0 x i e i x 2 i respectively. Every non-zero element in S has a unique multiplicative inverse which is given by x 1 =(x) 1.x. ow, suppose that R is an arbitrary finite ring of odd characteristic. We can define the sedenion algebra A over R as follows 15 A ={x 0 + x i e i x 0,...,x 15 R} (3.1)
7 STRU: A on Alternative and Multidimensional Public Key Cryptosystem 1453 with the same multiplication defined for the real sedenion. The algebra A is a nonassociative algebra with a norm and multiplicative inverse that has much the same properties as the real sedenion algebra S. ote that the sedenion algebra is non-associative and consequently does not have any matrix representation because ordinary matrix multiplication is always associative. 4. Algebraic Structure of STRU Consider the convolution polynomial rings R:=Z[x]/(x 1), R p := Z p [x]/(x 1), and R q := Z q [x]/(x 1) that are used in tru. 'We define three sedenion algebrasa, A p and A q as follows A := {a 0 (x) + A p := {a 0 (x) + A q := {a 0 (x) + a i (x).e i a 0 (x),...,a 15 (x) R} (4.1) a i (x).e i a 0 (x),...,a 15 (x) R p } (4.2) a i (x).e i a 0 (x),...,a 15 (x) R q } (4.3) For simplicity, p, q and are assumed to be prime numbers and q >> p. Since Z p [x]/(x 1) and Z q [x]/(x 1) are finite rings with characteristics p and q, respectively, one can easily conclude that A p and A q are sedenionic nonassociative split algebras similar to S. Let us detailed more on algebras A p and A q. A p :={a 0 (x) + a i (x).e i a 0 (x),...,a 15 (x) R p } ={f 0 + f 1.e 1 + +f 15.e 15 f 0...f 15 A p } A q :={a 0 (x) + a i (x).e i a 0 (x),...,a 15 (x) R q } ={g 0 + g 1.e 1 + +g 15.e 15 g 0...g 15 A q } ow assume that s 1, s 2 A p (or A q ) where, s 1 = f 0 (x) + f 1 (x).e 1 + +f 15 (x).e 15, s 2 = g 0 (x) + g 1 (x).e 1 + +g 15 (x).e 15. Then, the Addition, Multiplication, orm, Trace and Multiplicative Inverse are defined in the below:
8 1454 Khushboo Thakur and B.P. Tripathi Addition: The addition of two sedenions corresponds to the usual addition of sixteen polynomials including 16 modular addition mod p (mod q), i.e., s 1 + s 2 = (f 0 (x) + g 0 (x)) + (f 1 (x) + g 1 (x)).e 1 + (f 2 (x) + g 2 (x)).e 2 + (f 3 (x) + g 3 (x)).e 3 + (f 4 (x) + g 4 (x)).e 4 + (f 5 (x) + g 5 (x)).e 5 + (f 6 (x) + g 6 (x)).e 6 + (f 7 (x) + g 7 (x)).e 7 + (f 8 (x) + g 8 (x)).e 8 + (f 9 (x) + g 9 (x)).e 9 + (f 10 (x) + g 10 (x)).e 10 + (f 11 (x) + g 11 (x)).e 11 + (f 12 (x) + g 12 (x)).e 12 + (f 13 (x) + g 13 (x)).e 13 + (f 14 (x) + g 14 (x)).e 14 + (f 15 (x) + g 15 (x)).e 15. Multiplication: The multiplication of two sedenions is defined by s 1 s 2 =(f 0 g 0 f 1 g 1 f 2 g 2 f 3 g 3 f 4 g 4 f 5 g 5 f 6 g 6 f 7 g 7 f 8 g 8 f 9 g 9 f 10 g 10 f 11 g 11 f 12 g 12 f 13 g 13 f 14 g 14 f 15 g 15 ) +(f 0 g 1 + f 1 g 0 + f 2 g 3 f 3 g 2 + f 4 g 5 f 5 g 4 f 6 g 7 + f 7 g 6 + f 8 g 9 f 9 g 8 f 10 g 11 + f 11 g 10 f 12 g 13 + f 13 g 12 + f 14 g 15 f 15 g 14 ).e 1 +(f 0 g 2 f 1 g 3 + f 2 g 0 + f 3 g 1 + f 4 g 6 + f 5 g 7 f 6 g 4 f 7 g 5 + f 8 g 10 + f 9 g 11 f 10 g 8 f 11 g 9 f 12 g 14 f 13 g 15 + f 14 g 12 + f 15 g 13 ).e 2 +(f 0 g 3 + f 1 g 2 f 2 g 1 + f 3 g 0 + f 4 g 7 f 5 g 6 + f 6 g 5 f 7 g 4 + f 8 g 11 f 9 g 10 + f 10 g 9 f 11 g 8 f 12 g 15 + f 13 g 14 f 14 g 13 + f 15 g 12 ).e 3 +(f 0 g 4 f 1 g 5 f 2 g 6 f 3 g 7 + f 4 g 0 + f 5 g 1 + f 6 g 2 + f 7 g 3 + f 8 g 12 + f 9 g 13 + f 10 g 14 + f 11 g 15 f 12 g 8 f 13 g 9 f 14 g 10 f 15 g 11 ).e 4 +(f 0 g 5 + f 1 g 4 f 2 g 7 + f 3 g 6 f 4 g 1 + f 5 g 0 f 6 g 3 + f 7 g 2 + f 8 g 13 f 9 g 12 + f 10 g 15 f 11 g 14 + f 12 g 9 f 13 g 8 + f 14 g 11 f 15 g 10 ).e 5 +(f 0 g 6 + f 1 g 7 + f 2 g 4 f 3 g 5 f 4 g 2 + f 5 g 3 + f 6 g 0 f 7 g 1 + f 8 g 14 f 9 g 15 f 10 g 12 + f 11 g 13 + f 12 g 10 f 13 g 11 f 14 g 8 + f 15 g 9 ).e 6 +(f 0 g 7 f 1 g 6 + f 2 g 5 + f 3 g 4 f 4 g 3 f 5 g 2 + f 6 g 1 + f 7 g 0 + f 8 g 15 + f 9 g 14 f 10 g 13 f 11 g 12 + f 12 g 11 + f 13 g 10 f 14 g 9 f 15 g 8 ).e 7 +(f 0 g 8 f 1 g 9 f 2 g 10 f 3 g 11 f 4 g 12 f 5 g 13 f 6 g 14 f 7 g 15 + f 8 g 0 + f 9 g 1 + f 10 g 2 + f 11 g 3 + f 12 g 4 + f 13 g 5 + f 14 g 6 + f 15 g 7 ).e 8 +(f 0 g 9 + f 1 g 8 f 2 g 11 + f 3 g 10 f 4 g 13 + f 5 g 12 + f 6 g 15 f 7 g 14 f 8 g 1 + f 9 g 0 f 10 g 3 + f 11 g 2 f 12 g 5 + f 13 g 4 + f 14 g 7 f 15 g 6 ).e 9 +(f 0 g 10 + f 1 g 11 + f 2 g 8 f 3 g 9 f 4 g 14 f 5 g 15 + f 6 g 12 + f 7 g 13 f 8 g 2 + f 9 g 3 + f 10 g 0 f 11 g 1 f 12 g 6 f 13 g 7 + f 14 g 4 + f 15 g 5 ).e 10 +(f 0 g 11 f 1 g 10 + f 2 g 9 + f 3 g 8 f 4 g 15 + f 5 g 14 f 6 g 13 + f 7 g 12 f 8 g 3 f 9 g 2 + f 10 g 1 + f 11 g 0 f 12 g 7 + f 13 g 6 f 14 g 5 + f 15 g 4 ).e 11 +(f 0 g 12 + f 1 g 13 + f 2 g 14 + f 3 g 15 + f 4 g 8 f 5 g 9 f 6 g 10 f 7 g 11 f 8 g 4 + f 9 g 5 + f 10 g 6 + f 11 g 7 + f 12 g 0 f 13 g 1 f 14 g 2 f 15 g 3 ).e 12 +(f 0 g 13 f 1 g 12 + f 2 g 15 f 3 g 14 + f 4 g 9 + f 5 g 8 + f 6 g 11 f 7 g 10 f 8 g 5 f 9 g 4 + f 10 g 7 f 11 g 6 + f 12 g 1 + f 13 g 0 + f 14 g 3 f 15 g 2 ).e 13 +(f 0 g 14 f 1 g 15 f 2 g 12 + f 3 g 13 + f 4 g 10 f 5 g 11 + f 6 g 8 + f 7 g 9 f 8 g 6 f 9 g 7 f 10 g 4 + f 11 g 5 + f 12 g 2 f 13 g 3 + f 14 g 0 + f 15 g 1 ).e 14 +(f 0 g 15 + f 1 g 14 f 2 g 13 f 3 g 12 + f 4 g 11 + f 5 g 10 f 6 g 9 + f 7 g 8 f 8 g 7 + f 9 g 6
9 STRU: A on Alternative and Multidimensional Public Key Cryptosystem 1455 f 10 g 5 f 11 g 4 f 12 g 3 + f 13 g 2 f 14 g 1 + f 15 g 0 ).e 15, Here denotes the convolution product. sedenion multiplication in A p (or A q ) needs 256 polynomial convolutions and 240 polynomial addition modulo p(q), which together account for modular multiplications and (256(-1)+240) modular additions. Conjugate: The conjugate of sedenions which is defined as below needs 15 negations mod p or q. s =+f 0 (x) f 1 (x)e 1 f 2 (x)e 2 f 3 (x)e 3 f 15 (x)e 15 orm: we define the norm of a sedenion S, defined as follows (s 1 ) = s 1 s 1 = s 1 s 1 = (f 0 (x)) 2 + (f 1 (x)) 2 + (f 2 (x)) 2 + (f 0 (x)) 2 + +(f 15 (x)) 2 Totally, 16 2 multiplications and (16(-1)+15) additions are required for calculating the squared norm of an sedenions. Multiplicative inverse: (s 1 ) = 0 s 1 = s 1 (s 1 ) = ((f 0(x)) 2 + (f 1 (x)) 2 + (f 2 (x)) 2 + (f 0 (x)) (f 15 (x)) 2 ) 1.(f 0 (x) f 1 (x).e 1 f 2 (x).e 2 f 3 (x).e 3 f 15 (x).e 15 ) Thus, the following operations will be needed for calculating the multiplicative inverse of an element in A p or A q 1. Calculation of g(x) (s)over the ground ring (Z/pZ)[x]/(x 1) and (Z/qZ)[x]/(x 1) at the total cost of 16 2 multiplications and (16(- 1)+15) additions. 2. Finding the inverse of g(x) over the ground ring using the extended Euclid algorithm with a running time of O( 2 ) [14]. 3. Conjugation of s including 15 negations. 4. Calculation of g 1 (x).s including 16 2 multiplication and 16( 1) addition modulo p or q. After setting up the required notation and algebras A, A p and A q, we describe STRU.
10 1456 Khushboo Thakur and B.P. Tripathi 5. Proposed Scheme: STRU In the STRU cryptosystem, encryption and decryption are taken place in a multi-dimensional vector space and similar to tru, the security of the cryptosystem depends on three parameters (,p,q)and four subsets L f, L m, L ƒ, L g A as defined in Table I., p and q, d f, d g, d ƒ are constant parameters which play a similar role as in tru except that for simplicity these constants are supposed to be all prime numbers. ow proposed scheme is divided into three parts: Key Generation, Encryption and Decryption as follows, a) Key Generation: In order to generate a pair of public and private keys, initially, two small sedenion F and G are randomly generated. F := f 0 + f 1.e 1 + f 2.e 2 + +f 15.e 15 A f 0...f 15 L f A G := g 0 + g 1.e 1 + g 2.e 2 + +g 15.e 15 A g 0...g 15 L g A The sedenion F must be invertible over A p and A q. If such an inverse does not exist i.e., when i=0 f 2 i (x) is not invertible in Z p[x]/(x 1), and Z q [x]/(x 1), a new sedenion F will be generated. The inverses of F over the algebras A p and A q are denoted by F p 1 and F q 1 The public key, which is an sedenion, is computed as follows H = F q G (5.1) The sedenions F, F p and F q are kept secret in order to be used in the decryption phase. One can estimate that the key generation of STRU is 256 times slower than that of tru, when the same parameters (,p,q)are used in both cryptosystems. However, in STRU, we can definitely work with a lower dimension, without reducing the system security. b) Encryption: In the encryption process, the cryptosystem initially generates a random sedenion, called the blinding sedenion. Incoming data must be converted into a sedenion including sixteen polynomial in L φ based on a simple conversion. The ciphertext E is then calculated as follows E = p.h φ + M A q (5.2) c) Decryption: The received encryption E is first multiplied by the private key F F E= (F (p.h φ + M))modq = (F p.h φ + F M)modq = (p.f F q G φ+ F M)modq = (p.g φ + F M). The coefficients of the sixteen polynomials in the resulting sedenion must be reduced mod q into the interval ( q/2, +q/2]. Upon suitable selection of the cryptosystem
11 STRU: A on Alternative and Multidimensional Public Key Cryptosystem 1457 constant parameters, the coefficients of the sixteen polynomial in (p.g φ + F M) will most probably be within ( q/2, +q/2] and the last reduction mod q will not be required. With such an assumption, when the result of (p.g φ + F M)is reduced mod p, the term p.g φvanishes and the F M(modp) remains. In order to extract the original message M it will be sufficient to multiply F Mmod p by F p and adjust the resulting coefficients within the interval [ p/2, +p/2]. One can estimate that the encryption and decryption algorithms in STRU with the same dimension are about 16 and 32 times slower than that of tru, however, in STRU we can work with a lower dimension, without reducing the cryptosystem security. Also, similar to tru, STRU can be optimized for efficiency based on the various optimization methods proposed in [6]. In addition, there are multiple parallelism levels in the proposed scheme that can be exploited to improve encryption and decryption speed. 6. Analyzing of STRU cryptosystem In this section, we analyze STRU and discuss the probability of successful decryption, key security, message security, and the message expansion rate. Successful Decryption: Probability of successful decryption in STRU is calculated in the same way as TRU and under the same assumptions considered in [16] and [17]. Moreover, for successful decryption in STRU, all sedenion coefficients of F E= (p.g φ + F M) must lie in the interval [ q + 1/2, +q 1/2]. Hence, we obtain A :=F E=(p.G φ + F M) = a 0 + a 1.e 1 + a 2.e 2 + a 3.e 3 + a 4.e 4 + a 5.e 5 + a 6.e 6 + a 7.e 7 + a 8.e 8 + a 9.e 9 + a 10.e 10 + a 11.e 11 + a 12.e 12 + a 13.e 13 + a 14.e 14 + a 15.e 15 where a 0 = p(g 0 φ 0 g 1 φ 1 g 2 φ 2 g 3 φ 3 g 4 φ 4 g 5 φ 5 g 6 φ 6 g 7 φ 7 g 8 φ 8 g 9 φ 9 g 10 φ 10 g 11 φ 11 g 12 φ 12 g 13 φ 13 g 14 φ 14 g 15 φ 15 + f 0 m 0 f 1 m 1 f 2 m 2 f 3 m 3 f 4 m 4 f 5 m 5 f 6 m 6 f 7 m 7 f 8 m 8 f 9 m 9 f 10 m 10 f 11 m 11 f 12 m 12 f 13 m 13 f 14 m 14 f 15 m 15 )
12 1458 Khushboo Thakur and B.P. Tripathi a 1 = p(g 0 φ 1 + g 1 φ 0 + g 2 φ 3 g 3 φ 2 + g 4 φ 5 g 5 φ 4 g 6 φ 7 + g 7 φ 6 + g 8 φ 9 g 9 φ 8 g 10 φ 11 + g 11 φ 10 g 12 φ 13 + g 13 φ 12 + g 14 φ 15 g 15 φ 14 + f 0 m 1 + f 1 m 0 + f 2 m 3 f 3 m 2 + f 4 m 5 f 5 m 4 f 6 m 7 + f 7 m 6 + f 8 m 9 f 9 m 8 f 10 m 11 + f 11 m 10 f 12 m 13 + f 13 m 12 + f 14 m 15 f 15 m 14 ) a 2 = p(g 0 φ 2 g 1 φ 3 + g 2 φ 0 + g 3 φ 1 + g 4 φ 6 + g 5 φ 7 g 6 φ 4 g 7 φ 5 + g 8 φ 10 + g 9 φ 11 g 10 φ 8 g 11 φ 9 g 12 φ 14 g 13 φ 15 + g 14 φ 12 + g 15 φ 13 + f 0 g m f 1 m 3 + f 2 m 0 + f 3 m 1 + f 4 m 6 + f 5 m 7 f 6 m 4 f 7 m 5 + f 8 m 10 + f 9 m 11 f 10 m 8 f 11 m 9 f 12 m 14 f 13 m 15 + f 14 m 12 + f 15 m 13 ) a 3 = p(g 0 φ 3 + g 1 φ 2 g 2 φ 1 + g 3 φ 0 + g 4 φ 7 g 5 φ 6 + g 6 φ 5 g 7 φ 4 + g 8 φ 11 g 9 φ 10 + g 10 φ 9 g 11 φ 8 g 12 φ 15 + g 13 φ 14 g 14 φ 13 + g 15 φ 12 + f 0 m 3 + f 1 m 2 f 2 m 1 + f 3 m 0 + f 4 m 7 f 5 m 6 + f 6 m 5 f 7 m 4 + f 8 m 11 f 9 m 10 + f 10 m 9 f 11 m 8 f 12 m 15 + f 13 m 14 f 14 m 13 + f 15 m 12 ) a 4 = p(g 0 φ 4 g 1 φ 5 g 2 φ 6 g 3 φ 7 + g 4 φ 0 + g 5 φ 1 + g 6 φ 2 + g 7 φ 3 + g 8 φ 12 + g 9 φ 13 + g 10 φ 14 + g 11 φ 15 g 12 φ 8 g 13 φ 9 g 14 φ 10 g 15 φ 11 + f 0 m 4 f 1 m 5 f 2 m 6 f 3 m 7 + f 4 m 0 + f 5 m 1 + f 6 m 2 + f 7 m 3 + f 8 m 12 + f 9 m 13 + f 10 m 14 + f 11 m 15 f 12 m 8 f 13 m 9 f 14 m 10 f 15 m 11 ) a 5 = p(g 0 φ 5 + g 1 φ 4 g 2 φ 7 + g 3 φ 6 g 4 φ 1 + g 5 φ 0 g 6 φ 3 + g 7 φ 2 + g 8 φ 13 g 9 φ 12 + g 10 φ 15 g 11 φ 14 + g 12 φ 9 g 13 φ 8 + g 14 φ 11 g 15 φ 10 + f 0 m 5 + f 1 m 4 f 2 m 7 + f 3 m 6 f 4 m 1 + f 5 m 0 f 6 m 3 + f 7 m 2 + f 8 m 13 f 9 m 12 + f 10 m 15 f 11 m 14 + f 12 m 9 f 13 m 8 + f 14 m 11 f 15 m 10 ) a 6 = p(g 0 φ 6 + g 1 φ 7 + g 2 φ 4 g 3 φ 5 g 4 φ 2 + g 5 φ 3 + g 6 φ 0 g 7 φ 1 + g 8 φ 14 g 9 φ 15 g 10 φ 12 + g 11 φ 13 + g 12 φ 10 g 13 φ 11 g 14 φ 8 + g 15 φ 9 + f 0 m 6 + f 1 m 7 + f 2 m 4 f 3 m 5 f 4 m 2 + f 5 m 3 + f 6 m 0 f 7 m 1 + f 8 m 14 f 9 m 15 f 10 m 12 + f 11 m 13 + f 12 m 10 f 13 m 11 f 14 m 8 + f 15 m 9 ) a 7 = p(g 0 φ 7 g 1 φ 6 + g 2 φ 5 + g 3 φ 4 g 4 φ 3 g 5 φ 2 + g 6 φ 1 + g 7 φ 0 + g 8 φ 15 + g 9 φ 14 g 10 φ 13 g 11 φ 12 + g 12 φ 11 + g 13 φ 10 g 14 φ 9 g 15 φ 8 + f 0 m 7 f 1 m 6 + f 2 m 5 + f 3 m 4 f 4 m 3 f 5 m 2 + f 6 m 1 + f 7 m 0 + f 8 m 15 + f 9 m 14 f 10 m 13 f 11 m 12 + f 12 m 11 + f 13 m 10 f 14 m 9 f 15 m 8 ) a 8 = p(g 0 φ 8 g 1 φ 9 g 2 φ 10 g 3 φ 11 g 4 φ 12 g 5 φ 13 g 6 φ 14 g 7 φ 15 + g 8 φ 0 + g 9 φ 1 + g 10 φ 2 + g 11 φ 3 + g 12 φ 4 + g 13 φ 5 + g 14 φ 6 + g 15 φ 7 + f 0 m 8 f 1 m 9 f 2 m 10 f 3 m 11 f 4 m 12 f 5 m 13 f 6 m 14 f 7 m 15 + f 8 m 0 + f 9 m 1 + f 10 m 2 + f 11 m 3 + f 12 m 4 + f 13 m 5 + f 14 m 6 + f 15 m 7 )
13 STRU: A on Alternative and Multidimensional Public Key Cryptosystem 1459 a 9 = p(g 0 φ 10 + g 1 φ 11 + g 2 φ 8 g 3 φ 9 g 4 φ 14 g 5 φ 15 + g 6 φ 12 + g 7 φ 13 g 8 φ 2 + g 9 φ 3 + g 10 φ 0 g 11 φ 1 g 12 φ 6 g 13 φ 7 + g 14 φ 4 + g 15 φ 5 + f 0 m 10 + f 1 m 11 + f 2 m 8 f 3 m 9 f 4 m 14 f 5 m 15 + f 6 m 12 + f 7 m 13 f 8 m 2 + f 9 m 3 + f 10 m 0 f 11 m 1 f 12 m 6 f 13 m 7 + f 14 m 4 + f 15 m 5 ) a 10 = p(g 0 φ 10 + g 1 φ 11 + g 2 φ 8 g 3 φ 9 g 4 φ 14 g 5 φ 15 + g 6 φ 12 + g 7 φ 13 g 8 φ 2 + g 9 φ 3 + g 10 φ 0 g 11 φ 1 g 12 φ 6 g 13 φ 7 + g 14 φ 4 + g 15 φ 5 + f 0 φ 10 + f 1 φ 11 + f 2 m 8 f 3 m 9 f 4 m 14 f 5 m 15 + f 6 m 12 + f 7 m 13 f 8 m 2 + f 9 m 3 + f 10 m 0 f 11 m 1 f 12 m 6 f 13 m 7 + f 14 m 4 + f 15 m 5 ) a 11 = p(f 0 φ 11 f 1 φ 10 + f 2 φ 9 + f 3 φ 8 f 4 φ 15 + f 5 φ 14 f 6 φ 13 + f 7 φ 12 f 8 φ 3 f 9 φ 2 + f 10 φ 1 + f 11 φ 0 f 12 φ 7 + f 13 φ 6 f 14 φ 5 + f 15 φ 4 + (f 0 m 11 f 1 m 10 + f 2 m 9 + f 3 m 8 f 4 m 15 + f 5 m 14 f 6 m 13 + f 7 m 12 f 8 m 3 f 9 m 2 + f 10 m 1 + f 11 m 0 f 12 m 7 + f 13 m 6 f 14 m 5 + f 15 m 4 ) a 12 = p(g 0 φ 12 + g 1 φ 13 + g 2 φ 14 + g 3 φ 15 + g 4 φ 8 g 5 φ 9 g 6 φ 10 g 7 φ 11 g 8 φ 4 + g 9 φ 5 + g 10 φ 6 + g 11 φ 7 + g 12 φ 0 g 13 φ 1 g 14 φ 2 g 15 φ 3 + f 0 m 12 + f 1 m 13 + f 2 m 14 + f 3 m 15 f 4 m 8 f 5 m 9 f 6 m 10 f 7 m 11 f 8 m 4 + f 9 m 5 + f 10 m 6 + f 11 m 7 + f 12 m 0 f 13 m 1 f 14 m 2 f 15 m 3 ) a 13 = p(g 0 φ 13 g 1 φ 12 + g 2 φ 15 g 3 φ 14 + g 4 φ 9 + g 5 φ 8 + g 6 φ 11 g 7 φ 10 g 8 φ 5 g 9 φ 4 + g 10 φ 7 g 11 φ 6 + g 12 φ 1 + g 13 φ 0 + g 14 φ 3 g 15 φ 2 + f 0 m 13 f 1 m 12 + f 2 m 15 f 3 m 14 + f 4 m 9 + f 5 m 8 + f 6 m 11 f 7 m 10 f 8 m 5 f 9 m 4 + f 10 m 7 f 11 m 6 + f 12 m 1 + f 13 m 0 + f 14 m 3 f 15 m 2 ) a 14 = p(g 0 φ 14 g 1 φ 15 g 2 φ 12 + g 3 φ 13 + g 4 φ 10 g 5 φ 11 + g 6 φ 8 + g 7 φ 9 g 8 φ 6 g 9 φ 7 g 10 φ 4 + g 11 φ 5 + g 12 φ 2 g 13 φ 3 + g 14 φ 0 + g 15 φ 1 + f 0 m 14 f 1 m 15 f 2 m 12 + f 3 m 13 + f 4 m 10 f 5 m 11 + f 6 m 8 + f 7 m 9 f 8 m 6 f 9 m 7 f 10 m 4 + f 11 m 5 + f 12 m 2 f 13 m 3 + f 14 m 0 + f 15 m 1 ) a 15 = (g 0 φ 15 + g 1 φ 14 g 2 φ 13 g 3 φ 12 + g 4 φ 11 + g 5 φ 10 g 6 φ 9 + g 7 φ 8 g 8 φ 7 + g 9 φ 6 g 10 φ 5 g 11 φ 4 g 12 φ 3 + g 13 φ 2 g 14 φ 1 + g 15 φ 0 + f 0 m 15 + f 1 m 14 f 2 m 13 f 3 m 12 + f 4 m 11 + f 5 m 10 f 6 m 9 + f 7 m 8 f 8 m 7 + f 9 m 6 f 10 m 5 f 11 m 4 f 12 m 3 + f 13 m 2 f 14 m 1 + f 15 m 0 )
14 1460 Khushboo Thakur and B.P. Tripathi ow, according to the definition of the subsets L f, L g, L φ and L m from Table 1, we obtain P r (f i,j = 1) = d f, P r(f i,j = 1) = d f 1 P r (g i,j = 1) = P r (g i,j = 1) = d g, where P r (φ i,j = 1) = P r (φ i,j = 1) = d φ, P r (m i,j = j) = 1 p d f,, i = j = p P r(f i,j = 0) = 2d f P r(g i,j = 0) = 2d g, P r(φ i,j = 0) = 2d φ,... +p 1. 2, f i =[f i,0,f i,1,...,f i, 1 ] i = 0,...15 g i =[g i,0,g i,1,...,g i, 1 ] i = 0,...15 φ i =[φ i,0,φ i,1,...,φ i, 1 ] i = 0,...15 (6.1) Under the above assumptions, we get E[f i,j ] 0, E[g i,j ] = 0, E[r ij ] = 0, and E[m i,j ]=0. Therefore, we have E[a ij ]=0 i = j = In order to calculate Var[a i,j ], analogous to TRU, it is sufficient to write Var[φ i,k.g j,l ]= 4d φ.d g 2 i, j = 0, 1,..., 15 k, l = 0,..., 1, Var[f i,k.m j,l ]= d f (p 1).(p + 1) 6. i, j = 0, 1,..., 15 k, l = 0,..., 1. As a result, [ Var[a 0,k ]=Var (p(g 0 φ 0 g 1 φ 1 g 2 φ 2 g 3 φ 3 g 4 φ 4 g 5 φ 5 g 6 φ 6 i+j=k g 7 φ 7 g 8 φ 8 g 9 φ 9 g 10 φ 10 g 11 φ 11 g 12 φ 12 g 13 φ 13 g 14 φ 14 g 15 φ 15 + f 0 m 0 f 1 m 1 f 2 m 2 f 3 m 3 f 4 m 4 f 5 m 5 f 6 m 6 f 7 m 7 f 8 m 8 ] f 9 m 9 f 10 m 10 f 11 m 11 f 12 m 12 f 13 m 13 f 14 m 14 f 15 m 15 )).
15 STRU: A on Alternative and Multidimensional Public Key Cryptosystem 1461 Upon insertion of Var[φ i,k.g j,l ] and Var[f i,k.m j,l ] values, we obtain ( ) ( ) Var[a 0,k ]=256p 2 4df d g df (p 1)(p + 1) ( 256 4p 2 ) d f d g = + 128d f (p 1)(p + 1) 3 Similarly, we have = 1024p2 d f d g Var[a 1,k ]=Var[a 2,k ] d f (p 1)(p + 1). 3 = Var[a 15,k ] 1024p2 d f d g + 128d f (p 1)(p + 1). 3 [ q + 1 It is desirable to calculate the probability that a i,k lies within... +q 1 ], 2 2 which implies successful decryption. With the assumption that a i,k have normal distribution with zero mean and the variance calculated as above, we have ( P r = a i,k q 1 ) 2 ( = P r = q 1 a i,k q 1 ) 2 2 ( ) q 1 = 2φ 1, i = 0,..., 15, k = σ where φ denotes the distribution of the standard normal variable and 1024p 2 d f d g σ = + 128d f (p 1)(p + 1). 3 Assuming that a i,k s are independent random variables, the probability for successful decryption in STRU can be calculated through the following two observations: The probability for each of the messages m 0, m 1, m 2,...,m 16 to be correctly decrypted is ( ( ) q 1 2φ 1), (6.2) 2σ The probability for all the messages m 0, m 1, m 2,...,m 16 to be correctly decrypted is ( ( ) q φ 1), (6.3) 2σ
16 1462 Khushboo Thakur and B.P. Tripathi Brute Force Attack: In STRU, an attacker knows the constant and public parameters,namely dφ, d g, d f, q, p and, as well as, the public key H = F q G=h 0 + h 1 + +h 15. If the attacker finds one of the sedenions G L g or F L f, the private key can be easily computed. In order to find G or F using a brute force attack, the attacker can try all possible values and check to see if F H (G H 1 ) turns into a sedenion with small coefficients or not. The total state space for the two subsets L f and L g is calculated as follows L f = ( d f + 1 ) 16 ( df 1 d f ( ) 16 L g = ( df + 1 d f d g ) 16 = ( ) 16 =! (d f + 1)!d f!( 2d f 1)! 16 (d g )! 32 ( 2d g )! 16 Since d g is generally considered to be smaller than d f, L g is smaller than L f and by trying all possible values of G L g in G H 1, the attacker can find the private key through searching a space of order L g. Using a Meet-In-The-Middle attack approach, the order of the search space can be reduced through searching a space of order! 4 L g = (d g )! 16 [2].Similarly, in order to find the original 4 ( 2d g )! message from the corresponding ciphertext, the attacker must search in L φ. On average, the search must be done in a space of order! 4 L φ = (d φ )! 16 ( 2d φ )! 4. However, with the typical values for d φ, d g and, finding the private key or plaintext using brute force attack is computationally infeasible. ) 16 Message Expansion: Analogous to tru, the length of the encrypted message in STRU is more than the original message and that is part of the price one has to pay for gaining more encryption speed in both cryptosystems. The expansion ratio can be easily calculated as log C =logq16 =logq, where C and P are ciphertext space and plaintext log P 16 logp logp space, respectively. For both tru and STRU, it seems that this ratio depends merely on p and q, however, we have to choose q in such a way that the probability of decryption failure be very small (e.g., smaller than 2 80 ). Thus, the maximum expansion ratio in STRU is at most about 17. Advantages of STRU: The advantages of using the non-associative algebra in the proposed public key cryptosystem can be summarized as follows: The encryption process in STRU compared with tru (with an equal dimension) is almost sixteen times slower than tru and its decryption process runs almost 32 times slower. On the other hand, considering that the complexity of the convolution multiplication is O( 2 ), the reduction of with the power of two affects the speed
17 STRU: A on Alternative and Multidimensional Public Key Cryptosystem 1463 of the calculations. Therefore, the tru cryptosystem with a dimension of 16. is almost 256 times slower than tru with a dimension of and is also naturally much slower than the STRU. Hence, we claim that with the reduction of within a reasonable range, one can compensate for the decrease of the speed of STRU in such a way that a higher security is achieved. One can also compensate for the fact that the length of the parameter q in the STRU is larger and also that it is not prime, with an insignificant cost. The STRU lattice is not completely convolutional and the open problems and doubts which exist with respect to the cyclic structure of the tru lattice are not there in the case. The open problem is whether the cyclic structure of the convolutional lattices can possibly contribute to the improvement of lattice reduction algorithms and finding the shortest vector in polynomial time. The STRU is an operational instance of a public key cryptosystem with a nonassociative algebra which relies for its security on the intractability of finding shortest vector problem in a lattice. On the other hand, its core (or in other words, basic operations in the underlying algebraic structure) is fast, efficient and cost effective, just like the tru public key cryptosystem. 7. Conclusion In this paper, we have introduced sedenion algebra, analogue of TRU, which is called STRU. It is non-associative, non-alternative, non division algebra and non-composition algebra. The sedenion algebra do not have any matrix isomorphic representation because it is a non-associative and this feature causes for its cryptanalysis with the help of the system of linear equations, also if the sedenion algebra is represented in the form of lattice then the dimension of the lattice increases to 32. To achieve such a level of security in the tru,the parameter shall be considered sixteen times larger, something that will cause the decrease of the speed of the cryptosystem at a rate of about 256. Therefore, even though STRU, with a dimension () equal to tru, is slower than tru, this decrease of speed can be compensated by the reduction of Instead. The increase of parameter q in STRU will lead to the increase of the message expansion ratio and the reduction of the speed of the modular operations. The complexity of encryption and decryption is the same in both the cryptosystem (STRU, TRU) for the same parameter. References [1] D. V. Bailey, D. Coffin, A. Elbirt, J. H. Silverman, and A. D. Woodbury, TRU in constrained devices. In CHES 01: Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems. London, UK: Springer- Verlag, 2001, pp
18 1464 Khushboo Thakur and B.P. Tripathi [2]. H. Graham, J. H. Silverman, and W. Whyte. A meet-in-the-middle attack on an TRU private key [3] J. Hffstein, J. Pipher, and J. H. Silverman, TRU: A ring-based public key cryptosystem. In Lecture otes in Computer Science Springer-Verlag, 1998, pp [4] D. Micciancio and S. Goldwasser, Complexity of Lattice Problems. A cryptographic perspective, volume 671 of The Kluwer International Series in Engineering and Computer Science. Kluwer Academic Publishers, Boston, Massachusetts, [5] D. Micciancio. The hardness of the closest vector problem with preprocessing. IEEE Transactions on Information Theory, 2001, pp [6] J. Hoffstein and J. Silverman, Optimizations for ntru. In In Public Key Cryptography and Computational umber Theory, 2000, pp [7] D. Micciancio. The shortest vector problem is P-hard to approximate to within some constant. SIAM Journal on Computing, 2001, pp [8] A. May and J. H. Silverman. Dimension reduction methods for convolution modular lattices. In CaLC 01: Revised Papers from the Internationa Conference on Cryptography and Lattices, London, UK: Springer-Verlag, 2001, pp [9] H.Graham, J. Hoffstein, J. Pipher, W. Whyte, and tru Cryptosystems, On estimating the lattice security of TRU, [10] R.D. Schafer, An Introduction to onassociative Algebras, Academic Press, ew York, [11] L.E. Dickson, J. de Math. Pures et Appliq. 2 (1923) 281. [12] M. Ajtai. The shortest vector problem in l2 is np-hard for randomized reductions. In STOC 98: Proceedings of the thirtieth annual ACM symposium on Theory of computing, ew York, Y: USA, 1998, pp [13] R.E. Cawagas, On the structure and zero divisors of the cayley-dickson sedenion algebra. Discussiones Mathematicae General Algebra and Applications, 2004, pp [14] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of applied cryptography. Boca Raton, Florida: CRC Press, [15] Hoffstein J., Pipher J. and Silverman J.H., TRU : A Ring Based Public Key Cryptosystem, Lecture notes in Computer Science, Springer-Verlag, Berlin 1433, pp , [16] J. Pipher and tru Cryptosystems. Lectures on the TRU encryption algorithm and digital signature scheme, [17] R. Kouzmenko. Generalizations of the TRU cryptosystem. Master s thesis, Polytechnique, Montreal, Canada, [18] K. Imaeda and M. Imaeda, Sedenions: algebra and analysis.appl. Math. Comput. 115 (2000), pp
NTRU Cryptosystem and Its Analysis
NTRU Cryptosystem and Its Analysis Overview 1. Introduction to NTRU Cryptosystem 2. A Brief History 3. How the NTRU Cryptosystem works? Examples 4. Why the Decryption Works? 5. The Advantages of NTRU 6.
More informationQTRU: A Lattice Attack Resistant Version of NTRU PKCS Based on Quaternion Algebra
QTRU: A Lattice Attack Resistant Version of NTRU PKCS Based on Quaternion Algebra Ehsan Malekian 1, Ali Zakerolhosseini 1, Atefeh Mashatan 2 1 Faculty of Electrical & Computer Engineering Shahid Beheshti
More informationCryptanalysis of a Public Key Cryptosystem Proposed at ACISP 2000
Cryptanalysis of a Public Key Cryptosystem Proposed at ACISP 2000 Amr Youssef 1 and Guang Gong 2 1 Center for Applied Cryptographic Research Department of Combinatorics & Optimization 2 Department of Electrical
More informationImplementation of Automatic Invertible Matrix Mechanism in NTRU Matrix Formulation Algorithm
Implementation of Automatic Invertible Matrix Mechanism in NTRU Matrix Formulation Algorithm Mohan Rao Mamdikar, Vinay Kumar & D. Ghosh National Institute of Technology, Durgapur E-mail : Mohanrao.mamdikar@gmail.com,
More informationHOMOMORPHIC ENCRYPTION AND LATTICE BASED CRYPTOGRAPHY 1 / 51
HOMOMORPHIC ENCRYPTION AND LATTICE BASED CRYPTOGRAPHY Abderrahmane Nitaj Laboratoire de Mathe matiques Nicolas Oresme Universite de Caen Normandie, France Nouakchott, February 15-26, 2016 Abderrahmane
More informationLattices. A Lattice is a discrete subgroup of the additive group of n-dimensional space R n.
Lattices A Lattice is a discrete subgroup of the additive group of n-dimensional space R n. Lattices have many uses in cryptography. They may be used to define cryptosystems and to break other ciphers.
More informationLattice Reduction of Modular, Convolution, and NTRU Lattices
Summer School on Computational Number Theory and Applications to Cryptography Laramie, Wyoming, June 19 July 7, 2006 Lattice Reduction of Modular, Convolution, and NTRU Lattices Project suggested by Joe
More informationIdeal Lattices and NTRU
Lattices and Homomorphic Encryption, Spring 2013 Instructors: Shai Halevi, Tal Malkin April 23-30, 2013 Ideal Lattices and NTRU Scribe: Kina Winoto 1 Algebraic Background (Reminders) Definition 1. A commutative
More informationMaTRU: A New NTRU-Based Cryptosystem
MaTRU: A New NTRU-Based Cryptosystem Michael Coglianese 1 and Bok Min Goi 2 1 Macgregor, 321 Summer Street Boston, MA 02210, USA mcoglian@comcast.net 2 Centre for Cryptography and Information Security
More informationComputing the RSA Secret Key is Deterministic Polynomial Time Equivalent to Factoring
Computing the RSA Secret Key is Deterministic Polynomial Time Equivalent to Factoring Alexander May Faculty of Computer Science, Electrical Engineering and Mathematics University of Paderborn 33102 Paderborn,
More informationAn Algebraic Approach to NTRU (q = 2 n ) via Witt Vectors and Overdetermined Systems of Nonlinear Equations
An Algebraic Approach to NTRU (q = 2 n ) via Witt Vectors and Overdetermined Systems of Nonlinear Equations J.H. Silverman 1, N.P. Smart 2, and F. Vercauteren 2 1 Mathematics Department, Box 1917, Brown
More informationApplications of Lattice Reduction in Cryptography
Applications of Lattice Reduction in Cryptography Abderrahmane Nitaj University of Caen Basse Normandie, France Kuala Lumpur, Malaysia, June 27, 2014 AK Q ËAÓ Abderrahmane Nitaj (LMNO) Applications of
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationElliptic curves: Theory and Applications. Day 4: The discrete logarithm problem.
Elliptic curves: Theory and Applications. Day 4: The discrete logarithm problem. Elisa Lorenzo García Université de Rennes 1 14-09-2017 Elisa Lorenzo García (Rennes 1) Elliptic Curves 4 14-09-2017 1 /
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationComputers and Mathematics with Applications
Computers and Mathematics with Applications 61 (2011) 1261 1265 Contents lists available at ScienceDirect Computers and Mathematics with Applications journal homepage: wwwelseviercom/locate/camwa Cryptanalysis
More informationRandom Small Hamming Weight Products with Applications to Cryptography
Random Small Hamming Weight Products with Applications to Cryptography Jeffrey Hoffstein, Joseph H. Silverman NTRU Cryptosystems, Inc., 5 Burlington Woods, Burlington, MA 01803 USA, jhoff@ntru.com, jhs@ntru.com
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 13 March 3, 2013 CPSC 467b, Lecture 13 1/52 Elliptic Curves Basics Elliptic Curve Cryptography CPSC
More informationLower bounds of shortest vector lengths in random knapsack lattices and random NTRU lattices
Lower bounds of shortest vector lengths in random knapsack lattices and random NTRU lattices Jingguo Bi 1 and Qi Cheng 2 1 Lab of Cryptographic Technology and Information Security School of Mathematics
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer 1 Lecture 13 October 16, 2017 (notes revised 10/23/17) 1 Derived from lecture notes by Ewa Syta. CPSC 467, Lecture 13 1/57 Elliptic Curves
More informationAn Introduction to Probabilistic Encryption
Osječki matematički list 6(2006), 37 44 37 An Introduction to Probabilistic Encryption Georg J. Fuchsbauer Abstract. An introduction to probabilistic encryption is given, presenting the first probabilistic
More informationDouble-Moduli Gaussian Encryption/Decryption with Primary Residues and Secret Controls
Int. J. Communications, Network and System Sciences, 011, 4, 475-481 doi:10.436/ijcns.011.47058 Published Online July 011 (http://www.scirp.org/journal/ijcns) Double-Moduli Gaussian Encryption/Decryption
More informationQuantum-resistant cryptography
Quantum-resistant cryptography Background: In quantum computers, states are represented as vectors in a Hilbert space. Quantum gates act on the space and allow us to manipulate quantum states with combination
More informationMATH 158 FINAL EXAM 20 DECEMBER 2016
MATH 158 FINAL EXAM 20 DECEMBER 2016 Name : The exam is double-sided. Make sure to read both sides of each page. The time limit is three hours. No calculators are permitted. You are permitted one page
More informationShortest Vector Problem (1982; Lenstra, Lenstra, Lovasz)
Shortest Vector Problem (1982; Lenstra, Lenstra, Lovasz) Daniele Micciancio, University of California at San Diego, www.cs.ucsd.edu/ daniele entry editor: Sanjeev Khanna INDEX TERMS: Point lattices. Algorithmic
More informationNew Cryptosystem Using The CRT And The Jordan Normal Form
New Cryptosystem Using The CRT And The Jordan Normal Form Hemlata Nagesh 1 and Birendra Kumar Sharma 2 School of Studies in Mathematics,Pt.Ravishankar Shukla University Raipur(C.G.). E-mail:5Hemlata5@gmail.com
More informationKTH, NADA , and D1449 Kryptografins grunder. Lecture 6: RSA. Johan Håstad, transcribed by Martin Lindkvist
Lecture 6: RSA Johan Håstad, transcribed by Martin Lindkvist 2006-01-31, 2006-02-02 and 2006-02-07 1 Introduction Using an ordinary cryptosystem, encryption uses a key K and decryption is performed by
More informationAsymmetric Cryptography
Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a
More informationChapter 4 Asymmetric Cryptography
Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationKnown-plaintext cryptanalysis of the Domingo-Ferrer algebraic privacy homomorphism scheme
Information Processing Letters 97 2006) 8 23 wwwelseviercom/locate/ipl Known-plaintext cryptanalysis of the Domingo-Ferrer algebraic privacy homomorphism scheme Jung Hee Cheon a, Woo-Hwan Kim b,, Hyun
More informationAn Efficient Broadcast Attack against NTRU
An Efficient Broadcast Attack against NTRU Jianwei Li, Yanbin Pan, Mingjie Liu, Guizhen Zhu Institute for Advanced Study, Tsinghua University Beijing 00084, China {lijianwei0, liu-mj07, zhugz08}@mailstsinghuaeducn
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationCosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks
1 Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks Michael Albert michael.albert@cs.otago.ac.nz 2 This week Arithmetic Knapsack cryptosystems Attacks on knapsacks Some
More informationCryptanalysis of a Fast Public Key Cryptosystem Presented at SAC 97
Cryptanalysis of a Fast Public Key Cryptosystem Presented at SAC 97 Phong Nguyen and Jacques Stern École Normale Supérieure, Laboratoire d Informatique 45, rue d Ulm, F 75230 Paris Cedex 05 {Phong.Nguyen,Jacques.Stern}@ens.fr
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationReview. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm
Review CS311H: Discrete Mathematics Number Theory Instructor: Işıl Dillig What does it mean for two ints a, b to be congruent mod m? What is the Division theorem? If a b and a c, does it mean b c? What
More informationChosen-Ciphertext Attacks on Optimized NTRU
Chosen-Ciphertext Attacks on Optimized NTRU Jin Hong, Jae Woo Han, Daesung Kwon, and Daewan Han December 9, 2002 Abstract NTRU([3]) is an efficient public-key cryptosystem proposed by Hoffstein, Pipher,
More informationAN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM
AN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM VORA,VRUSHANK APPRENTICE PROGRAM Abstract. This paper will analyze the strengths and weaknesses of the underlying computational
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationCryptography. pieces from work by Gordon Royle
Cryptography pieces from work by Gordon Royle The set-up Cryptography is the mathematics of devising secure communication systems, whereas cryptanalysis is the mathematics of breaking such systems. We
More informationPolynomial Interpolation in the Elliptic Curve Cryptosystem
Journal of Mathematics and Statistics 7 (4): 326-331, 2011 ISSN 1549-3644 2011 Science Publications Polynomial Interpolation in the Elliptic Curve Cryptosystem Liew Khang Jie and Hailiza Kamarulhaili School
More informationRSA ENCRYPTION USING THREE MERSENNE PRIMES
Int. J. Chem. Sci.: 14(4), 2016, 2273-2278 ISSN 0972-768X www.sadgurupublications.com RSA ENCRYPTION USING THREE MERSENNE PRIMES Ch. J. L. PADMAJA a*, V. S. BHAGAVAN a and B. SRINIVAS b a Department of
More informationOpen problems in lattice-based cryptography
University of Auckland, New Zealand Plan Goal: Highlight some hot topics in cryptography, and good targets for mathematical cryptanalysis. Approximate GCD Homomorphic encryption NTRU and Ring-LWE Multi-linear
More informationRABIN PUBLIC-KEY CRYPTOSYSTEM IN RINGS OF POLYNOMIALS OVER FINITE FIELDS
RABIN PUBLIC-KEY CRYPTOSYSTEM IN RINGS OF POLYNOMIALS OVER FINITE FIELDS A. N. El-Kassar * Ramzi Haraty Y. A. Awad Department of Division of Computer Department of Mathematics Science and Mathematics Mathematics
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationWeaknesses in Ring-LWE
Weaknesses in Ring-LWE joint with (Yara Elias, Kristin E. Lauter, and Ekin Ozman) and (Hao Chen and Kristin E. Lauter) ECC, September 29th, 2015 Lattice-Based Cryptography Post-quantum cryptography Ajtai-Dwork:
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationImplementation of the RSA algorithm and its cryptanalysis. Abstract. Introduction
Implementation of the RSA algorithm and its cryptanalysis Chandra M. Kota and Cherif Aissi 1 University of Louisiana at Lafayette, College of Engineering Lafayette, LA 70504, USA Abstract Session IVB4
More informationNew attacks on RSA with Moduli N = p r q
New attacks on RSA with Moduli N = p r q Abderrahmane Nitaj 1 and Tajjeeddine Rachidi 2 1 Laboratoire de Mathématiques Nicolas Oresme Université de Caen Basse Normandie, France abderrahmane.nitaj@unicaen.fr
More informationCourse MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography
Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationNew Chosen-Ciphertext Attacks on NTRU
New Chosen-Ciphertext Attacks on NTRU Nicolas Gama 1,Phong Q. Nguyen 1 École normale supérieure, DI, 45 rue d Ulm, 75005 Paris, France nicolas.gama@ens.fr CNRS/École normale supérieure, DI, 45 rue d Ulm,
More informationMathematics of Public Key Cryptography
Mathematics of Public Key Cryptography Eric Baxter April 12, 2014 Overview Brief review of public-key cryptography Mathematics behind public-key cryptography algorithms What is Public-Key Cryptography?
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 10 February 19, 2013 CPSC 467b, Lecture 10 1/45 Primality Tests Strong primality tests Weak tests of compositeness Reformulation
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationCurves, Cryptography, and Primes of the Form x 2 + y 2 D
Curves, Cryptography, and Primes of the Form x + y D Juliana V. Belding Abstract An ongoing challenge in cryptography is to find groups in which the discrete log problem hard, or computationally infeasible.
More informationIntroduction to Cybersecurity Cryptography (Part 5)
Introduction to Cybersecurity Cryptography (Part 5) Prof. Dr. Michael Backes 13.01.2017 February 17 th Special Lecture! 45 Minutes Your Choice 1. Automotive Security 2. Smartphone Security 3. Side Channel
More informationInternational Electronic Journal of Pure and Applied Mathematics IEJPAM, Volume 9, No. 1 (2015)
International Electronic Journal of Pure and Applied Mathematics Volume 9 No. 1 2015, 37-43 ISSN: 1314-0744 url: http://www.e.ijpam.eu doi: http://dx.doi.org/10.12732/iejpam.v9i1.5 ON CONSTRUCTION OF CRYPTOGRAPHIC
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationA new security notion for asymmetric encryption Draft #8
A new security notion for asymmetric encryption Draft #8 Muhammad Rezal Kamel Ariffin 1,2 1 Al-Kindi Cryptography Research Laboratory, Institute for Mathematical Research, 2 Department of Mathematics,
More informationAll-Or-Nothing Transforms Using Quasigroups
All-Or-Nothing Transforms Using Quasigroups Stelios I Marnas, Lefteris Angelis, and George L Bleris Department of Informatics, Aristotle University 54124 Thessaloniki, Greece Email: {marnas,lef,bleris}@csdauthgr
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationNNRU, a noncommutative analogue of NTRU
NNRU, a noncommutative analogue of NTRU Nitin Vats Indian Institute of Science, Bangalore, India nitinvatsa@gmail.com arxiv:0902.1891v1 [cs.cr] 11 Feb 2009 Abstract. NTRU public key cryptosystem is well
More informationLattices, Cryptography, and NTRU. An introduction to lattice theory and the NTRU cryptosystem. Ahsan Z. Zahid
Lattices, Cryptography, and NTRU An introduction to lattice theory and the NTRU cryptosystem Ahsan Z. Zahid A thesis presented for the degree of Bachelor of Science School of Science St. Mary s College
More informationCryptanalysis of a Message Authentication Code due to Cary and Venkatesan
Cryptanalysis of a Message Authentication Code due to Cary and Venkatesan Simon R. Blackburn and Kenneth G. Paterson Department of Mathematics Royal Holloway, University of London Egham, Surrey, TW20 0EX,
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 13 (rev. 2) Professor M. J. Fischer October 22, 2008 53 Chinese Remainder Theorem Lecture Notes 13 We
More informationLower Bounds of Shortest Vector Lengths in Random NTRU Lattices
Lower Bounds of Shortest Vector Lengths in Random NTRU Lattices Jingguo Bi 1,2 and Qi Cheng 2 1 School of Mathematics Shandong University Jinan, 250100, P.R. China. Email: jguobi@mail.sdu.edu.cn 2 School
More informationA new security notion for asymmetric encryption Draft #12
A new security notion for asymmetric encryption Draft #12 Muhammad Rezal Kamel Ariffin 1,2 1 Al-Kindi Cryptography Research Laboratory, Institute for Mathematical Research, 2 Department of Mathematics,
More informationPseudo-random Number Generation. Qiuliang Tang
Pseudo-random Number Generation Qiuliang Tang Random Numbers in Cryptography The keystream in the one-time pad The secret key in the DES encryption The prime numbers p, q in the RSA encryption The private
More informationAspect of Prime Numbers in Public Key Cryptosystem
Aspect of Prime Numbers in Public Key Cryptosystem Md.Mehedi Masud, Huma Galzie, Kazi Arif Hossain and Md.Minhaj Ul Islam Computer Science and Engineering Discipline Khulna University, Khulna-9208, Bangladesh
More informationAitken and Neville Inverse Interpolation Methods over Finite Fields
Appl. Num. Anal. Comp. Math. 2, No. 1, 100 107 (2005) / DOI 10.1002/anac.200410027 Aitken and Neville Inverse Interpolation Methods over Finite Fields E.C. Laskari 1,3, G.C. Meletiou 2,3, and M.N. Vrahatis
More informationBreaking Plain ElGamal and Plain RSA Encryption
Breaking Plain ElGamal and Plain RSA Encryption (Extended Abstract) Dan Boneh Antoine Joux Phong Nguyen dabo@cs.stanford.edu joux@ens.fr pnguyen@ens.fr Abstract We present a simple attack on both plain
More informationA New Attack on RSA with Two or Three Decryption Exponents
A New Attack on RSA with Two or Three Decryption Exponents Abderrahmane Nitaj Laboratoire de Mathématiques Nicolas Oresme Université de Caen, France nitaj@math.unicaen.fr http://www.math.unicaen.fr/~nitaj
More informationCourse 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography
Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups
More informationA Knapsack Cryptosystem Based on The Discrete Logarithm Problem
A Knapsack Cryptosystem Based on The Discrete Logarithm Problem By K.H. Rahouma Electrical Technology Department Technical College in Riyadh Riyadh, Kingdom of Saudi Arabia E-mail: kamel_rahouma@yahoo.com
More informationThe RSA cryptosystem and primality tests
Mathematics, KTH Bengt Ek November 2015 Supplementary material for SF2736, Discrete mathematics: The RSA cryptosystem and primality tests Secret codes (i.e. codes used to make messages unreadable to outsiders
More informationCryptography. P. Danziger. Transmit...Bob...
10.4 Cryptography P. Danziger 1 Cipher Schemes A cryptographic scheme is an example of a code. The special requirement is that the encoded message be difficult to retrieve without some special piece of
More informationComputers and Electrical Engineering
Computers and Electrical Engineering 36 (2010) 56 60 Contents lists available at ScienceDirect Computers and Electrical Engineering journal homepage: wwwelseviercom/locate/compeleceng Cryptanalysis of
More informationComputational complexity of lattice problems and cyclic lattices
Computational complexity of lattice problems and cyclic lattices Lenny Fukshansky Claremont McKenna College Undergraduate Summer Research Program ICERM - Brown University July 28, 2014 Euclidean lattices
More informationA new security notion for asymmetric encryption Draft #10
A new security notion for asymmetric encryption Draft #10 Muhammad Rezal Kamel Ariffin 1,2 1 Al-Kindi Cryptography Research Laboratory, Institute for Mathematical Research, 2 Department of Mathematics,
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationOutline Proxy Re-Encryption NTRU NTRUReEncrypt PS-NTRUReEncrypt Experimental results Conclusions. NTRUReEncrypt
NTRUReEncrypt An Efficient Proxy Re-Encryption Scheme based on NTRU David Nuñez, Isaac Agudo, and Javier Lopez Network, Information and Computer Security Laboratory (NICS Lab) Universidad de Málaga, Spain
More information8.1 Principles of Public-Key Cryptosystems
Public-key cryptography is a radical departure from all that has gone before. Right up to modern times all cryptographic systems have been based on the elementary tools of substitution and permutation.
More informationIn fact, 3 2. It is not known whether 3 1. All three problems seem hard, although Shor showed that one can solve 3 quickly on a quantum computer.
Attacks on RSA, some using LLL Recall RSA: N = pq hard to factor. Choose e with gcd(e,φ(n)) = 1, where φ(n) = (p 1)(q 1). Via extended Euclid, find d with ed 1 (mod φ(n)). Discard p and q. Public key is
More informationNew Variant of ElGamal Signature Scheme
Int. J. Contemp. Math. Sciences, Vol. 5, 2010, no. 34, 1653-1662 New Variant of ElGamal Signature Scheme Omar Khadir Department of Mathematics Faculty of Science and Technology University of Hassan II-Mohammedia,
More informationLecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004
CMSC 858K Advanced Topics in Cryptography February 5, 2004 Lecturer: Jonathan Katz Lecture 4 Scribe(s): Chiu Yuen Koo Nikolai Yakovenko Jeffrey Blank 1 Summary The focus of this lecture is efficient public-key
More informationModular Multiplication in GF (p k ) using Lagrange Representation
Modular Multiplication in GF (p k ) using Lagrange Representation Jean-Claude Bajard, Laurent Imbert, and Christophe Nègre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier
More information8 Elliptic Curve Cryptography
8 Elliptic Curve Cryptography 8.1 Elliptic Curves over a Finite Field For the purposes of cryptography, we want to consider an elliptic curve defined over a finite field F p = Z/pZ for p a prime. Given
More informationCryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage
Cryptosystem Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage f(m). The receiver computes f 1 (f(m)). Advantage: Cannot
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationLattice-Based Cryptography
Liljana Babinkostova Department of Mathematics Computing Colloquium Series Detecting Sensor-hijack Attacks in Wearable Medical Systems Krishna Venkatasubramanian Worcester Polytechnic Institute Quantum
More informationElliptic Curve Cryptosystems
Elliptic Curve Cryptosystems Santiago Paiva santiago.paiva@mail.mcgill.ca McGill University April 25th, 2013 Abstract The application of elliptic curves in the field of cryptography has significantly improved
More informationHOMEWORK 11 MATH 4753
HOMEWORK 11 MATH 4753 Recall that R = Z[x]/(x N 1) where N > 1. For p > 1 any modulus (not necessarily prime), R p = (Z/pZ)[x]/(x N 1). We do not assume p, q are prime below unless otherwise stated. Question
More informationPublic Key Cryptography
Public Key Cryptography Ali El Kaafarani 1 Mathematical Institute 2 PQShield Ltd. 1 of 44 Outline 1 Public Key Encryption: security notions 2 RSA Encryption Scheme 2 of 44 Course main reference 3 of 44
More information