Post-Quantum Cryptography(PQC): Generalized ElGamal Cipher over GL(8,F251)

📝 Abstract

Post-quantum cryptography (PQC) attempts to find cryptographic protocols resistant to attacks using for instance Shor’s polynomial time algorithm for numerical field problems like integer factorization (IFP) or the discrete logarithm (DLP). Other aspects are the backdoors discovered in deterministic random generators or recent advances in solving some instances of DLP. Using alternative algebraic structures like non-commutative or non-associative partial groupoids, magmas, monoids, semigroups, quasigroups or groups, are valid choices for these new protocols. This paper focuses on an asymmetric cipher based on a generalized ElGamal non-arbitrated protocol using a non-commutative general linear group. The developed protocol forces a hard subgroup membership search problem into a non-commutative structure. The protocol involves at first a generalized Diffie-Hellman key interchange and further on the private and public parameters are recursively updated each time a new cipher session is launched. Security is based on a hard variation of the Generalized Symmetric Decomposition Problem (GSDP). Working with GL(8, F251) 64-bit security is achieved, and if GL(16, F251) is chosen, the security rises to 127-bit. An appealing feature is that there is no need for big number libraries as all arithmetic is performed in Z_251. Therefore the new protocol is particularly useful for computational platforms with very limited capabilities like smartphones or smartcards.

💡 Analysis

Post-quantum cryptography (PQC) attempts to find cryptographic protocols resistant to attacks using for instance Shor’s polynomial time algorithm for numerical field problems like integer factorization (IFP) or the discrete logarithm (DLP). Other aspects are the backdoors discovered in deterministic random generators or recent advances in solving some instances of DLP. Using alternative algebraic structures like non-commutative or non-associative partial groupoids, magmas, monoids, semigroups, quasigroups or groups, are valid choices for these new protocols. This paper focuses on an asymmetric cipher based on a generalized ElGamal non-arbitrated protocol using a non-commutative general linear group. The developed protocol forces a hard subgroup membership search problem into a non-commutative structure. The protocol involves at first a generalized Diffie-Hellman key interchange and further on the private and public parameters are recursively updated each time a new cipher session is launched. Security is based on a hard variation of the Generalized Symmetric Decomposition Problem (GSDP). Working with GL(8, F251) 64-bit security is achieved, and if GL(16, F251) is chosen, the security rises to 127-bit. An appealing feature is that there is no need for big number libraries as all arithmetic is performed in Z_251. Therefore the new protocol is particularly useful for computational platforms with very limited capabilities like smartphones or smartcards.

📄 Content

Abstract— Post-Quantum Cryptography (PQC) attempts to find cryptographic protocols resistant to attacks by means of for instance Shor’s polynomial time algorithm for numerical field problems like integer factorization (IFP) or the discrete logarithm (DLP). Other aspects are the backdoors discovered in deterministic random generators or recent advances in solving some instances of DLP. The use of alternative algebraic structures like non-commutative or non- associative partial groupoids, magmas, monoids, semigroups, quasigroups or groups, are valid choices for these new kinds of protocols. In this paper, we focus in an asymmetric cipher based on a generalized ElGamal non-arbitrated protocol using a non- commutative general linear group. The developed protocol forces a hard subgroup membership search problem into a non- commutative structure. The protocol involves at first a generalized Diffie-Hellman key interchange and further on the private and public parameters are recursively updated each time a new cipher session is launched. Security is based on a hard variation of the Generalized Symmetric Decomposition Problem (GSDP). Working with GL(8, F251) a 64-bits security is achieved, and if GL(16, F251) is chosen, the security rises to 127-bits. An appealing feature is that there is no need for big number libraries as all arithmetic if performed in ℤ and therefore the new protocol is particularly useful for computational platforms with very limited capabilities like smartphones or smartcards.

Keywords – Post-Quantum Cryptography, Non-Commutative Cryptography, Finite Fields, Asymmetric Cryptography, Generalized ElGamal Protocol

1. INTRODUCTION

ost-Quantum Cryptography (PQC) is a relatively new cryptologic trend that recently acquired an official NIST status [1, 2] and which aims to be resistant to quantum computers attacks (like Shor algorithm). But PQC not only cover against that menace, it works also as a response against side-channel attacks [3], the increasing concern about pseudo- prime generator backdoor attacks (i.e. Dual_EC_DRBG NSA [4]) or the development of quasi-polynomial discrete logarithm attacks [5] which impact severely against current de facto standards [6] of asymmetric cryptography whose security rest on integer-factorization (IFP) and discrete-logarithm (DLP) over numeric fields. And more, sub-exponential time complexity attacks on many instances appear [5][6]. Shor algorithm [7] opened a quantum computing way to break current asymmetric protocols. As a response, there rise an increasing interest in some simple solutions like Lattice-based, Pairing-based, Multi Quadratic, Code-based, Hash-based, Non- Commutative and Non-Associative algebraic cryptography [1, 2, 8 to 13].

1 Pedro Hecht: Maestría en Seguridad Informática, FCE- FCEyN-FI (Universidad de Bs Aires) phecht@dc.uba.ar
A whole branch of new protocols was developed which do not rely on extended precision arithmetic’s and instead exploit internal asymmetry of abstract algebraic structures like partial grupoids, categories, magmas, monoids, quasigroups, groups, rings, loops or neofields [9 to 24]. The new developed one-way trapdoor functions (OWTF) include conjugator search (CSP), decomposition (DP), commutative subgroup search (CSSP), symmetric decomposition (SDP) and generalized symmetric decomposition (GSDP) [9, 15, 17, 25, 26].
This paper focus a simple solution using the general linear multiplicative subgroup over prime field F251, represented as GL(d, F251), d is the square matrix order. All arithmetic operations are into Z251. The prime characteristic 251 is the biggest one fitting into a byte. As advantage, no big number libraries are involved, memory requirement reduced and fast computation expected. As a necessary condition for asymmetric cryptography, a hidden commutative subgroup is developed inside. PQC studies were purposely followed by the author over his past research [27 to 32].

2. ALGEBRAIC CONCEPTS

Let p be a prime, d any integer >1, q=pd and Fp[x] the polynomial extension of the prime field Fp. The number of square matrices of order d and values in Fp is pd^2, and of those pd^2-d are nilpotent [33 to 36]. The number of elements in the general linear group of d-order non-singular square matrices is:

 ,   = ∏  −   (1)

A non-singular matrix or d-order whose monic characteristic polynomial is irreducible in Fp, generates a cyclic (thus commutative) subgroup Pd of  =  ,  . Each d-degree irreducible polynomial f(x) in Fp[x] field has a square companion matrix of d-order who acts as a generator of the multiplicative cyclic subgroup Pd, and each member of this subgroup corresponds to a unique monic characteristic polynomial of at most d-1 degree [ ]. The  number of non- trivial (null or unitary) monic d-degree f(x) over F251 field is:

 =  – 2 (2)

This content is AI-processed based on ArXiv data.