On the cryptosystems based on two Eulerian transformations defined over the commutative rings Z2s, s>1
DOI:
https://doi.org/10.20535/tacs.2664-29132024.1.317960Abstract
We suggest the family of ciphers sEn, n = 2, 3, ... with the space of plaintexts (Z2^s)^n, s > 1, such that the encryption map is the composition of kinds G = G1 A1 G2 A2, where Ai are the affine transformations from AGLn(Z2^s) preserving the variety (Z*2^s)^n. Eulerian endomorphisms Gi, i = 1, 2, of K[x1, x2, ..., xn] move xi to the monomial term M x1^d(1) x2^d(2) ... xn^d(n), M in Z2^s, and act on (Z2^s)^n as bijective transformations. The cipher is converted to a protocol-supported cryptosystem. Protocols of Noncommutative Cryptography implemented on the platform of Eulerian endomorphisms are used for the delivery of Gi and Ai from Alice to Bob. One can use twisted Diffie-Hellman protocols, which security rests on the complexity of the Conjugacy Power problem, or the hidden tame homomorphism protocol, which security rests on the word decomposition problem. Instead of delivering Gi, Alice and Bob can elaborate these transformations via the inverse twisted Diffie-Hellman protocol, implemented on the platform of tame Eulerian transformations of (Z*2^s)^n. The cost of a single protocol is O(n^3), and the cost of computing the reimage of the used nonlinear map is O(n^2). So, the verification of nt, t ≥ 1, signatures takes time O(nt + 2). Instead of the inverse twisted Diffie-Hellman protocol, correspondents can use the inverse hidden tame homomorphism protocol, which rests on the complexity of word decomposition for tame Eulerian transformations. We use natural bijections between Z2^s and Z2^(s-1), Z2^s and finite field F2^(s-1), and Z2^s and Boolean ring B(s-1) of order 2^(s-1) to modify the family of ciphers or cryptosystems via the change of AGLn(Z2^s) for AGLn(K), where K is one of the rings Z2^(s-1), F2^(s-1), or B(s-1). New ciphers are defined via the multiplication of two different commutative rings Z2^s and K. This does not allow treating them as stream ciphers of multivariate cryptography and using corresponding cryptanalytic techniques. An adversary is not able to use known cryptanalytical methods such as linearization attacks. We discuss the option of changing the elements of AGLn(Z2^s) or AGLn(K) for nonlinear multivariate transformations F of (Z2^s)^n or K^n with a symmetric trapdoor accelerator T, i.e., a piece of information such that the knowledge of T allows computing the value F(p) for an arbitrarily chosen p in P in time O(n^2) and solving the equation of the form F(x) = c for each c in C in time O(n^2).
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).