A new key exchange cryptosystem

A new key exchange cryptosystem Li An-Ping Beijing 1000 80, P.R. China apli0001@sina.com Abstract: In this paper ， we will pre sent a new key exchan ge system based o n linear algebra, which spend less operations bu t weaker in security than the Dif fie- Hellman’ s one. Keywords: key exchange system, discret e logarithm, finit e field, ring, m atrices, commutative. 1. Introduction The key exchang e system is one of th e main and m ost important publ ic key cryptosystem s, which was firstly proposed by W . Diffie a nd M.E. Hellm an [1] based on discrete logarithm problem (DLP) over a finite group of large order . In which the t wo users of the system take 12 kk g ⋅ as the communicatio n key between them, where 1 k g and 2 k g are the public keys of them respectively . There are an intensi ve researches on this system and discrete l ogarithm problem , for the deta il material, refer to see [2]. In this paper , we will present a new key exchange s ystem based on linear algebra, which wi ll spend less operatio ns but weaker in the security than the one of W . Dif fie and M.E. Hellm an. 2. Constructions and analysis The mechanism of our new key excha nge system is actu ally based on a simple observa tion in linear algebra. Let K be a finite fiel d () GF q , and for a positive integer m , denoted by m V = K the m -di mension vector s pace, and (, ) Mm K the set of all mm × matrices over the finite field K . Let V ζ ∈ , suppose that the two users A and B each takes a matrix , A T (, ) B TM k ∈ K as their privacy keys, and () A T ζ , () B T ζ as their public keys respecti vely . If matrices A T and B T are commutative, AB B A TT TT ⋅ =⋅ , ( 2 . 1 ) then the vector () () AB B A TT TT ζ ζ ⋅= ⋅ can be used as the com municative ke y between the user A and the user B. Maybe, the ea siest way to construct the privacy key matrices is that take privacy key matrices as ,, i ii i Tc A c =∈ ∑ K ( 2 . 2 ) where A is a matrix with constant entries. However , it is clear that for the crypto graphic applications it should prevent t he privacy key T from to be recovered from the public key () T ζ , and so each privacy key T should have suffice m any variable entri es. For example, it is easy to know that the privacy ke ys constructed as the for m (2.2) will be easy recovered wh en the matrix A is known about its Jordan’ s decom position. In the following, we firstly describe our construction for th e privacy keys and then provid e a cryptanalysis for the new system. Let 2, mk = denoted by I the unit m atrix of order k , and {| } I μ μ Γ =∈ K , and Λ the set of kk × m atrices with the form 1 1 λ λ ⎛⎞ ⎜⎟ ⎜⎟ ⎜⎟ ⎜⎟ ⎜⎟ ⎝⎠ %% % , λ ∈ K , and Δ =Γ ∪ Λ . Cle arly , the matrices in Δ are commutative. Moreover , let { } { } 0 | 0 |, , , , , xa b xc d xa b c d ⎛⎞ ⎛ ⎞ ⎜⎟ ⎜ ⎟ ⎝⎠ ⎝ ⎠ =∈ Δ = ∈ Δ A B ( 2 . 3 ) then it is easy to verify that for any , AB ∈ ∈ A B , it has that . A BB A ⋅ =⋅ ( 2 . 4 ) Moreover , denoted by () QA and () QB the rings gen erated by A and B respective ly . Then for any matrices () a ∈ QA and () z ∈ QB , it has za a z ⋅ =⋅ . ( 2 . 5 ) It should be not iced that i n general the produ cts of m atrices in B are not commutative, so a mono-term in () QB is the form 12 1 2 s k kk s B BB " , i B ∈ B , i k 0 ≥ , 1 is ≤ ≤ . Furthermore, for () z ∈ QB , denoted by [] z Q the polynomial ring [] | ( ) i ii i za z a ⎧ ⎫ =∈ ⎨ ⎬ ⎩⎭ ∑ Q Q A . ( 2 . 6 ) Then for any 12 ,[ ] , TT z ∈ Q clearly , 12 21 TT T T ⋅ =⋅ . ( 2 . 7 ) That is, [] z Q is a commutative ri ng. Thereby , the elem ents of [] z Q will be taken as the privacy keys. Next, we give some cryptanalysis for th e system present ed. Suppose that () T ζ ξ = , and A T is another privacy key , () AA T ζ ξ = , then it has () ( ( ) ) ( ( ) ) ( ) AA A A TT T T T T ξ ζζ ξ === . ( 2 . 8 ) Let () AA T ξ ρ = , it follows () AA T ξ ρ = . ( 2 . 9 ) Therefore, if there are m lin early indepe ndent public keys () ii T ξ ζ = , 1 im ≤≤ , then the privacy key T will be recovered. Note . In fact, in general, the num ber of diff erent variable entries of a matrix in [] z Q is equal to 2 m , so it is lik ely that the number of the equa tions as (2.9) re quired to recovery privacy key T will be less than m . Of course, we may take the number of sub-matrices in A more than two, that is, take ,2 . md k d =≥ In this way , the num ber of different variable entr ies of a privacy k ey matrices in general is e qual to dm . Moreover , de noted by Ω the set of all t he public keys , suppose that () , rank s Ω= and a adversary has s pairs of privacy keys an d public keys (, () ) , ii TT ζ 1 is ≤ ≤ , and 1 {() } s i T ζ are linearly independ ent, then the adversary will be able to recovery any communicat ive key of any privacy key T wit hout know t he privacy key T . Suppose that β is a public key , then it can be written as 1 () ii is cT βζ ≤≤ = ∑ . ( 2 . 1 0 ) So, the communicative key () T β for the privacy key T can be represented as 11 ( ) ( ( )) ( ( )) ii ii is is TT c T c T T βζ ζ ≤≤ ≤≤ == ∑ ∑ . ( 2 . 1 1 ) However , the com municative keys ( ( )),1 , i TT i s ζ ≤ ≤ are known for the adve rsary , and so he will recovery the com municative key () T β . The analyses above ha ve demonstrated t hat the new system will be insecure if ones are ab le to access the privacy keys, even includi ng them selves privacy keys. In other words, the privacy keys should be black for t he users of the system . 2. Conclusion The main ad vantage of the key exchange system presented is that spends less operati ons and so the implem entation wil l be faster than D iffie-H ellman’ s one, for the process of key exchange here is only a linear transform ation. But, we also have see n that the new system is weaker in security than Dif fie-Hellman’ s one, and the applicatio ns will be restricted in the situati ons where the privacy keys are un-vis ible for the users, in cluding him self privacy key , e.g. the com munications with hardware. References [1] W. Diffie, M.E. Hellman, “N ew d irections in cryptography”, IEEE Transactions on Information Theor y , 22(1976), 644–654. [2] A. Menezes, P . van Oors chot, S. V anstone, Handbook of A pplied Cryptograpgy , CRC Press, 1997.