CN1396741A - Public key cipher system based on classical matrix analysis - Google Patents

Abstract

A public key cipher system based on the classical analysis problem of matrix, that is, using similarity transform to converte high-order matrix to standard diagonal problem is disclosed. Its advantages are high unidirectional nature of encryption operation and high security.

Description

Public-key cryptosystem based on matrix canonical correlation problem

One, technical field

The invention belongs to information security field, specially refer to a kind of public-key cryptosystem based on the matrix canonical correlation.

Two, background technology

Existing 26 years of the appearance of public-key cryptosystem, but general in the world so far main public-key cryptosystem has only two big classes, a class is based on the public-key cryptosystem of factor resolution problem (IFP), and its algorithm is defined in an integer item Z _nGo up (as RSA and Rabin); The another kind of public-key cryptosystem that is based on discrete logarithm problem (DLP), its algorithm are defined in a Galois territory GF (p) and go up (as ElGamal).Above-described several public-key cryptosystem all obtained patent (patent No. as RSA is 4-405-829) in countries such as the U.S..Along with the development of the computing technique and the algebraic theory of numbers, the fail safe of this two classes public-key cryptosystem all is subjected to the threat that increases day by day.In recent years, people utilize the elliptic curve that is defined on integer item or the integer field to set up the new public-key cryptosystem similar to this two classes public-key cryptosystem, and they are collectively referred to as elliptic curve cryptosystem.The public-key cryptosystem that is based on elliptic curve discrete logarithm problem (EDLP) that using value is wherein relatively arranged.Introduce fail safe that whether elliptic curve can fundamentally improve public-key cryptosystem and be present people still in a problem of research, but the someone finds at least in theory to crack with the same attack that might be used quantum algorithm of public-key cryptosystem based on DLP, IFP based on the public-key cryptosystem of EDLP.We can not get rid of a kind of like this possibility: promptly pass through the analysis and research of decades, in fact the someone finds the effective ways that crack based on the public-key cryptosystem of IFP, DLP (comprising EDLP), but this fact is concealed by a few peoples or a few countries.Therefore, the new public-key cryptosystem of research is significant in the practice of information security field.

Three, summary of the invention

The technical issues that need to address of the present invention are to break existing main public-key cryptosystem all to be based on IFP or DLP, comprise the limitation of EDLP, work out a kind of public-key cryptosystem of brand-new practicality.Purpose of the present invention utilizes high level matrix canonical correlation the complex nature of the problem to realize, it is characterized in that:

What (a) information encryption was adopted is following multidimensional trap door onr way function:

F (k ₁, k ₂... k _r)=(k ₁A ^R-1+ k ₂A ^R-2+ k _rI) ²b ₁+ (k ₁A ^R-1+ k ₂A ^R-2+ k _rI) b ₂(1) wherein A is the r that calculates according to a PKI * r matrix, b ₁And b ₂Be two optional r dimension constant vectors, r＞4;

(b) function f (k ₁, k ₂... k _r) one-way ensure by the difficulty of the canonical correlation problem (promptly it being turned to the problem of diagonal form) of matrix A by similarity transformation;

(c) to function f (k ₁, k ₂... k _r) trapdoor of inverting provides by the characteristic value or the characteristic vector of matrix A.

The invention has the beneficial effects as follows that it has stronger defensive ability/resistance ability for some attack methods that threaten existing public-key cryptosystem safety for the information security practice provides a kind of brand-new public-key cryptosystem.

Four, description of drawings

Figure one is implementing procedure figure of the present invention.

Five, embodiment

Below in conjunction with accompanying drawing, to concrete enforcement of the present invention, comprise algorithm for design, make key, set up trap door onr way function, encryption and decrypting process be described in detail.(1) algorithm for design

As shown in drawings, algorithm for design is to implement the first step of the present invention, and it comprises following two contents:

1. the domain of definition of algorithm for design, and define corresponding addition and multiplying.The domain of definition of proposed algorithm is taken as real number field, and adopts common addition and multiplication, but the rule of round off keeps certain decimal digits in the actual mechanical process that multiplication calculates.

2. design each parameter and the span that adds, deciphers various data in the calculating.When the domain of definition is taken as real number field, also to determine the decimal digits that each intermediate data and result of calculation should keep.The selection of decimal digits should make unnecessary decimal mantissa in time be given up to save computational resource, guarantees the correctness of data significance bit in the result of calculation simultaneously.(2) make key

Making key is to implement second step of the present invention, and it comprises chooses private key and calculate two contents of PKI:

1. according to the design of the first step, choose r suitable arithmetic number λ ₁, λ ₂λ _rAs private key, r＞4 wherein.These numbers that require to constitute private key have nothing in common with each other.

2. be constructed as follows proper polynomial according to private key:

ψ(λ)＝(λ-λ ₁)(λ-λ ₂)...(λ-λ _r)

=λ ^r+ σ ₁λ ^R-1+ σ _R-1λ+σ _r(2) determine r arithmetic number σ by comparing the every coefficient in equation (2) both sides ₁, σ ₂σ _rAs PKI.(3) set up trap door onr way function

From accompanying drawing as can be seen, this step also is the public operation that information encryption person and deciphering person will finish.Because the trap door onr way function that the present invention adopts can be represented the calculating to the effect that in this step or definite A, b with (1) ₁And b ₂Three parameters.A is chosen as the adjoint matrix of ψ (λ), and according to PKI (σ ₁, σ ₂... σ _r) be calculated as follows: $A=\left[\begin{array}{cccc}-{\mathrm{\σ}}_1& {-\mathrm{\σ}}_2& \·\·\·& -{\mathrm{\σ}}_r\\ 1& & & 0\\ & 1& & 0\\ & & \·\·\·& 0\end{array}\right]------\left(3\right)$ A is the important parameter matrix of trap door onr way function, and the confidentiality of its characteristic value and characteristic vector is the safety guarantee of this cryptographic system.Parameter vector b ₁And b ₂Choose certain arbitrariness arranged, for example desirable

b ₁＝[10…0] ^T (4)

b ₂=[11 ... 1] ^T(5) (four) encrypt

It is to implement core of the present invention that user profile is encrypted, and this step can be subdivided into following five little steps, and wherein the 3rd step can be selected 3a or 3b for use:

1. produce r secret positive integer k at random ₁, k ₂... k _r

2. calculate

Y＝(k ₁A ^r-1+k ₂A ^r-2+…+k _rI) (6)

3a. certain the integer scalar function with Y obtains the user profile ciphertext as session key and with known symmetric cryptographic algorithm.Suggestion session key κ is taken as

κ=int[θ tr (Y ^TY)] (7) wherein int () represent rounding operation, tr (Y ^TY) representing matrix Y ^TThe mark of Y, θ are constants.

3b. all elements to matrix Y carries out rounding operation, order

X=int (θ Y) (8) also adopts X that user profile is encrypted.

4. calculate

D=(Y ²b ₁+ Yb ₂) (9) d will be used to as the password of session key κ or scrambled matrix X the deciphering.(5) deciphering

The basic principle of deciphering is that Y can be expressed as

Y=Hdiag (μ ₁, μ ₂, μ ₃μ _r) H ^-1(mod n) (10) wherein H are the modal matrix that all characteristic vectors by A constitute, $H=\left[\begin{array}{cccc}{{\mathrm{\λ}}_1}^{r-1}& {{\mathrm{\λ}}_2}^{r-1}& \·\·\·& {{\mathrm{\λ}}_r}^{r-1}\\ \·\·\·& \·\·\·& \·\·\·& \·\·\·\\ {\mathrm{\λ}}_1& {\mathrm{\λ}}_2& \·\·\·& {\mathrm{\λ}}_4\\ 1& 1& \·\·\·& 1\end{array}\right]-----\left(11\right)$ At equation (9) both sides while premultiplication H ^-1It can be reduced to r quadratic equation with one unknown, therefrom can solve μ ₁, μ ₂... μ _rThereby, determine Y or directly calculate session key by equation (10).Concrete decrypting process can further be subdivided into following three steps, and wherein the 3rd step was divided into 3a and 3b, corresponded respectively to two options encrypting for the 3rd step:

1. calculate

H ^-1d＝[δ ₁δ ₂δ ₃δ ₄] ^T (12)

H ^-1b ₁＝[α ₁α ₂…α _r] ^T (13)

H ^-1b ₂＝[β ₁β ₂…β _r] ^T (14)

2. find the solution

α _iμ _i ²+β _iμ _i＝δ _i，i＝1，2，...r (15)

3a. when in ciphering process, adopting 3a, session key κ as follows:

κ＝int[θtr(Y ^TY)]

＝int[θ(μ ₁ ²+μ ₂ ²…+μ _r ²)] (16)

3b. when in ciphering process, adopting 3b, determine scrambled matrix X by (8) and (10) two formulas.

Claims (2)

1. public-key cryptosystem is characterized in that:

What (a) information encryption was adopted is following multidimensional trap door onr way function:

F (k ₁, k ₂... k _r)=(k ₁A ^R-1+ k ₂A ^R-2+ k _rI) ²b ₁+ (k ₁A ^R-1+ k ₂A ^R-2+ k _rI) b ₂(1) wherein A is the r that calculates according to a PKI * r matrix, b ₁And b ₂Be two optional r dimension constant vectors, r＞4;

(b) function f (k ₁, k ₂... k _r) one-way ensure by the difficulty of the canonical correlation problem (promptly it being turned to the problem of diagonal form) of matrix A by similarity transformation;

(c) to function f (k ₁, k ₂... k _r) trapdoor of inverting provides by the characteristic value or the characteristic vector of matrix A.

2. the adding of public-key cryptosystem as claimed in claim 1, decipherment algorithm is characterized in that: choose r arithmetic number λ ₁, λ ₂λ _rAs private key, be constructed as follows proper polynomial according to private key:

ψ(λ)＝(λ-λ ₁)(λ-λ ₂)…(λ-λ _r)

=λ _r+ σ ₁λ _R-1+ σ _R-1λ+σ _r(2) determine r arithmetic number σ by comparing the every coefficient in equation (2) both sides ₁, σ ₂σ _rAs PKI; First during encryption according to PKI compute matrix A: $A=\left[\begin{array}{cccc}-{\mathrm{\σ}}_1& {-\mathrm{\σ}}_2& \·\·\·& -{\mathrm{\σ}}_r\\ 1& & & 0\\ & 1& & 0\\ & & \·\·\·& 0\end{array}\right]------\left(3\right)$ Produce r secret positive integer k at random again ₁, k ₂... k _r, calculate a random matrix with them:

Y=(k ₁A ^R-1+ k ₂A ^R-2+ ... + k _rI) (6) and a vector

D=(Y ²b ₁+ Yb ₂) (9) utilize Y to calculate a session key or scrambled matrix, and with d as its password; During deciphering, earlier Y is expressed as

Y=Hdiag (μ ₁, μ ₂, μ ₃μ _r) H ^-1(mod n) (10) wherein H are the modal matrix that all characteristic vectors by A constitute, $H=\left[\begin{array}{cccc}{{\mathrm{\λ}}_1}^{r-1}& {{\mathrm{\λ}}_2}^{r-1}& \·\·\·& {{\mathrm{\λ}}_r}^{r-1}\\ \·\·\·& \·\·\·& \·\·\·& \·\·\·\\ {\mathrm{\λ}}_1& {\mathrm{\λ}}_2& \·\·\·& {\mathrm{\λ}}_4\\ 1& 1& \·\·\·& 1\end{array}\right]-----\left(11\right)$ Pass through on equation (9) both sides premultiplication H simultaneously again ^-1It is reduced to r quadratic equation with one unknown, therefrom solves μ ₁, μ ₂... μ _rThereby, determine Y or directly calculate session key by equation (10).