The ElGamal cryptosystem over circulant matrices

In this paper we study extensively the discrete logarithm problem in the group of non-singular circulant matrices. The emphasis of this study was to find the exact parameters for the group of circulant matrices for a secure implementation. We tabulate these parameters. We also compare the discrete logarithm problem in the group of circulant matrices with the discrete logarithm problem in finite fields and with the discrete logarithm problem in the group of rational points of an elliptic curve.

💡 Research Summary

The paper investigates the discrete logarithm problem (DLP) in the group of non‑singular circulant matrices over a finite field of characteristic two and proposes an ElGamal public‑key cryptosystem built on this group. A d × d circulant matrix is completely determined by its first row; the set of all such invertible matrices is denoted C(d,q), while the subset with determinant 1 is SC(d,q). Because SC(d,q) is a subgroup of the special linear group SL(d,q), the standard ElGamal key‑generation, encryption, and decryption algorithms for SL(d,q) apply directly to SC(d,q).

Security analysis distinguishes two attack families. Generic black‑box attacks (Pollard’s rho, Pohlig‑Hellman) have complexity roughly the square‑root of the group order, so choosing a sufficiently large prime dimension d and field size q thwarts them. The more serious threat is the index‑calculus attack, whose sub‑exponential runtime on an extension field F_{q^k} becomes exponential when the extension degree k exceeds log₂ q. Since the circulant ring R = F_q