KR20020003059A - A Public Key Cryptosystem using Matrix which is composed of Integers and Polynomials - Google Patents

Abstract

PURPOSE: An open key password system using an integer or polynomial matrix is provided so that encryption and decryption can be performed at a high speed by using a small number of numbers. CONSTITUTION: An open key password system enables two persons to communicate with each other without using a path for exchanging secret keys for safety. A general RSA password system is inefficient in a key generation time, a key size and an encryption and decryption time in spite of safety. In addition, an ECC password system has a complicated structure, a low speed and a long key generation time. An NTRU password system using a polynomial operation has a high speed and a short key generation time, and efficiently performs operations. However, the NTRU password system is not always successful in decryption, and inefficient in electronic signing. An open key password system using an integer or polynomial matrix is similar to the NTRU password system in encryption and decryption principles, but implements a different trap door one directional function. Accordingly, the open key password system is efficient in encryption, decryption, message authentication and electronic signing.

Description

A public key cryptosystem using matrix which is composed of Integers and Polynomials}

The present invention finds a new one-way function and is a kind of public key cryptosystem made using this function. The following two public key cryptosystems will be described using different one-way functions and similar message spaces.

A. Public Key Cryptography System Using Integer Matrices.

As an example, consider the 2x2 matrix H.

First integerQ2²¹³Let's say -1. AndPThe value of about 2¹⁴⁰Degree of gcd (Q,PLet's set it to an integer with = 1. And a 2 × 2 matrixfEach member of 2⁷²Let's get it to consist of the following positive integers: And the integer replacement of this matrixZ/ <Q> Inverse forf _Q Let's do it. MatrixP ^* =WhenP ^* ×f _Q modQTo create a matrixHIfHHas the form At this timeHWowQTo the public.

H = The attacker would then use f ^* = P values less than or equal to d for any positive integer PP

ax + bz mod Q = PP, cx + dz mod Q = PP

Based on the safety of the problem that it would be difficult to find x , y , z , w , PP where ay + bw mod Q = PP, cy + dw mod Q = PP and x , y , z , w are all less than 2 ^72. have.

B. Public-Key Cryptography Using Polynomial Matrices.

It will be described in detail as an example.

Let p = 2 And let polynomial Q be x ¹⁶¹ -1. Then randomly select the polynomial P with order 100 and gcd ( Q , P ) = 1 in S. And let each element of the 2x2 matrix f be a polynomial of order 60 or less. Let f _{Q be} the inverse of the integer S of this matrix. Matrix P ^* = Suppose that the matrix generated by P ^* × f _Q mod Q is H. H has the following shape. At this time, H and Q are disclosed.

H=The attacker would then be able tof ^* =For any element PP of S with an order of 100 or less

ax + bz mod Q = PP, cx + dz mod Q = PP

The basis for safety is that it will be difficult to find x , y , z , w , and PP that satisfy ay + bw mod Q = PP, cy + dw mod Q = PP and the order of x , y , z , w are all below 6O. I put it.

The public key cryptosystem known in the world can be divided into two types. One is a cryptographic system called RSA that provides efficient digital signatures with a slightly larger key size, and the second is an ECC cryptographic system that can be used on smart cards because of its smaller key size.

However, both have limitations in reality because their own algorithms do not provide the speed to encrypt voice.

The cryptographic system using integers proposed in the present invention is a system that enables very fast encryption and decryption by using a relatively small number. The digital signature is also more efficient than the conventional cryptographic system. By using numbers, operations can be performed on low 8-bit processes, supporting digital signatures faster than ECC. The key size is also relatively small, so it can be useful in general communication devices. And unlike similar NTRU encryption system, it is considered to be very efficient because it can support digital signature with the same algorithm used for encryption. Therefore, this cryptosystem is a public key cryptosystem that can provide real-time encryption without using a secret key cryptosystem.

A public key cryptosystem is a cryptographic system that does not require a path for exchanging separate secret keys for secure communication. The RSA cryptosystem, the most widely used public key cryptosystem, is based on the difficulty of factoring integers, but its security is guaranteed, but it is very inefficient in many aspects such as key generation time, key-size, encryption, and decryption time. There is a limit. As another system, an excellent elliptic curve cryptosystem (ECC) was proposed in 1985 in terms of key-size, and it is currently in use, but it also has the disadvantage of being difficult to implement and slow. I have it. However, in 1996, NTRU, a public key cryptographic system using polynomial operations in non-inverse polynomials, was proposed. This system is much shorter in speed and key generation time than the previous public key cryptosystem. And because it is easy to implement, it is possible to operate efficiently. However, because it is a stochastic cryptosystem, it is not always successful and the digital signature method is inefficient. The encryption system proposed here is similar to NTRU only in terms of the principle of encryption and decryption, but the trap-door one-way function, which is the core of encryption, is completely different. The advantage of the present invention is that it is very efficient in encryption, decryption, message authentication and signature.

We support the development of a very fast encryption, decryption, digital signature public key cryptosystem that can send and receive text data as well as voice data in real time, and support secure information exchange and real-time digital signature using a very fast key generation function in wireless LAN communication. will be.

A. Public key cryptosystem using integer matrix.

[1] Key generation

First, the positive integers n1, n2, n3, n4 and n5 satisfying the following values are determined.

N3-1 + n1 + int (log ₂ k ) <n4

N5 + n3 + n2 + int (log ₂ k) < n4

＊ n ₁ * m ≥60 ( f complexity)

＊ n ₅ * k ≥60 (complexity of R )

N ₃ ≥60 ( P complexity), n ₁ < n ₃

First, m × m matrix f is randomly constructed as follows.

f = Herein, an integer of 0 ≦ f _ij ≦ 2 ^{n 1} is used.

Second, the k × m matrix P is constructed as follows.

P = ,

Gcd (det (P), Q ) = 1 is ideal.

Where 0 ≤c _ij <2 ^{n 2}And 2 ^{n 3-1}≤P _One<2 ^{n 3}

Where i ∈ {1, 2, 3, 4, ..., k }, j ∈ {1, 2, 3, 4, ..., m }

And size 2 ^{n 4}≤Q<2 ^{n 4 + 1}Positive integerQSelect. At this timeQMay be random, but in some cases it may be chosen as the product or fraction of two prime numbers and used for digital signatures.

Then, the secret key matrix f _Q and the public key matrix H are generated as follows.

Let f _{Q be} the inverse of f in the integer ring Z / < Q >. Then f _Q * f ≡ f * f _Q ≡ I mod Q. (Where I is the unit matrix)

And P * f _Q mod Q ≡ H in the integer ring Z / < Q >.

Likewise, if the inverse of the matrix f is f _{P 1} in the integer Z / < P ₁ >, then f _{P 1} * f ≡ f * f _{P 1} ≡ I mod P ₁ . Where I is the unit matrix.

Among the keys created so far

The public keys are Q , H , n ₃ , n ₄ , n _5, and the private keys are f , f _Q , P ₁ , f _{P 1} .

[2] constructing messages

Express the message M = (M1, M2, ..., M m ). At this time, each Mi value is a positive integer less than P ₁ , and the message to be sent is expressed as a 1 × m matrix of integers.

Specifically 2 ^{n 3-2}≤Mi ≤2 ^{n 3-1}To be configured.

[3] encryption

messageMIn order to encrypt a message, the message sender is first composed of a random integer 1 ×kArrayR= (R1, R2, ....., Rk) (Only 2 ^{n 5-1}≤ Ri ≤2 ^{n 5})

The message M is encrypted using the public key Q and H of the message receiver, which is created in the above way.

M + R * H mod Q ≡ E is the result of the encryption resulting in a 1 × m matrix.

Send this value to the person you want to send.

[4] decrypt

The message receiver can obtain the original message M by using its private key from the E value as follows.

1. E * f mod Q = A = (A1, A2, ...., A m)

Ai mod P ₁ = AAi (where i ∈ {1, 2, 3, 4, ..., m })

AA = (AA1, AA2, ...., AA m )

3. Obtain AA * f _{P 1} mod P ₁ ≡ MM .

At this time, the receiver can confirm that MM = M.

[5] digital signatures

There are the following ways to establish an electronic signature.

[5-1] Probabilistic Digital Signature

The probabilistic digital signature provides a relatively faster digital signature method than the existing digital signature method of the existing encryption system by using a relatively small key size.

In general, number the number k ≥ m for faster decoding.

In the first case, n ₁ -1 ≤ n ₅ + n ₂ , n ₄ = n ₅ + n ₃ + n ₂ + int (log ₂ k ).

The probability that the digital signature will be established

(Number of message cases × number of R cases) / (encrypted message space) = = Becomes In the cryptosystem, however, n ₂ and log ₂ k values are generally set to 2 or less, so it is not a problem. if

Secondly, if n ₁ -1 ≥ n ₅ + n ₂ , set n ₄ = n ₃ -1+ n ₁ + int (log ₂ k ).

In this case, the probability that the digital signature is established

= to be. Therefore, to increase the probability of becoming a digital signature, we set the coefficients so that | n ₁ - n ₅ | and int (log ₂ k ) are small integers.

Here is how A electronically signs message M and sends it to B:

Definition: M is an integer and 2 ^{n -One}≤M<2 ⁿ If len (M) =nThis is defined as. And M = (M _One, M _2,...,M _m ), Len (M) = len(M _i It is defined as Suppose two people A and B use the same hash function h. B is messsage to AMLet's say you asked for an electronic signature. First, let A calculate h (M). Then, digitally sign as follows.

CASE A> len (h (M)) ≥ len ( Q _A )

(1) len (h (M))-Cut the number of bits by len ( Q _A ) from the right side of h (M). Let the result be MM.

(2) Then, using A's own secret key, the matrix f and the integer P ₁ , we obtain the matrix M and R which satisfy the following equation.

MM = M ^* + R ^* × H _A mod Q _A

If the obtained M ^* and R ^* are larger than A's public keys len (M) and len (R), the process of obtaining M ^* and R ^{* is} performed by performing an exclusive or operation with 1 on the right 1 bit of the MM. If you do this for about 5 bits to the right of the MM, you will get M ^* and R ^* values that satisfy the above conditions.

(3) The M ^* and R ^* values obtained above are encrypted and transmitted using the B's public key. Of course, the h (M) value is passed to B in the normal path.

(4) Then, B decrypts and finds M ^* and R ^* , and as a result, checks that the values of deg ( M ^* ) and deg ( R ^* ) are less than or equal to the values of deg (M) and deg (R), which are the public keys of A. do. (If not, the signature is not trusted.) Then compare the values of MM and h (M), which are again encrypted with A's public key. As a result, if the difference between two values is about 5 bits or less on the right, the digital signature is considered reliable and the rest of the digital signature is considered unreliable.

CASE B> len (h (M)) <len ( Q _A )

(1) When the first bits of h (M) are extracted in order and concatenation, the result x is len (h (M) x) Let the value be the open len ( Q _B ) of _B. (If len (h (M) Even if (h (M)) is less than B's published message length, h (M) until the size condition is met (h (M) Continue transforming to the x shape. ) And the resulting h (M) Let x be MM.

(2) Perform steps (2) and (3) in CASE A>.

(3) Then, B decrypts and finds M ^* and R ^* , and as a result, checks that the values of deg ( M ^* ) and deg ( R ^* ) are less than or equal to deg (M) and deg (R), the public keys of A. do. (If not, the signature is unreliable.) Again, the public key of _A is calculated as follows: M ^* + R ^* × H _A mod Q _A to obtain the MM. H (M) or h (M), which is the hash value of message M that you want to receive the original digital signature. x or h (M) h (M) Check if x looks like or similar. The criterion of the similarity is that if the right 5 bits is less than the difference, the digital signature is regarded as reliable, otherwise A's digital signature is rejected.

[5-2] Signature method using classical digital signature method.

In the classic digital signature method, we propose the method of digital signature by applying the digital signature method used in RSA appropriately in our case.

First let Q be the product of two prime numbers. Then, to apply the RSA digital signature method, RSA's public key e and secret key d are created. Then, digitally sign the message M as follows.

First we put message M into a hash function to get the result. The result is text with a relatively small number of bits. This is digitally signed in the same way as in RSA.

It should be noted that when sending a message, encryption can be done using the method suggested in "Public Key Cryptography System Using Integer Matrix."

There is a cryptographic system called RSA that uses only multiplications in noninteger integers. This cryptosystem is based on the safety of the so-called difficulty of factoring a sufficiently large integer N = p * q, even though N, the product of two prime numbers p and q, is known. However, the present invention uses the multiplication operation and the addition operation at the same time in the integer ring.

The present invention is a cryptographic system that supports message authentication and digital signature. Message authentication and digital signature using this encryption system is more efficient than the existing encryption system.

B. Public key cryptosystem using polynomial matrix.

[1] Key generation

First, let's define the polynomial ring S = Z [ x ] / < p , Q >. (Where p is a positive integer, Q is a weak polynomial, or x ^N -c shaped polynomial).

Circle SSZ[x] / <p,P _One> Let's define (P _OneIs a polynomial that satisfies the following order conditions:GIs a polynomial, "deg (G)= PolynomialGLet's define the order of "ifG= (G _One,G ₂, ...,G _k ) And eachG _i If is a polynomial, deg (G) = max {deg (G _One), deg (G ₂), ..., deg (G _k )}

First let's set the non-negative integer deg (C). Usually deg (C) ∈ {0,1,2,3}.

For example, when deg (C) is 2, it means a second or lower polynomial having elements of Z / < p > as coefficients. 0 ≤ deg ( c _ij ) ≤ deg (C).

And k is a positive integer catches the 1≤ k. In general, the larger the integer, the slower the execution speed.

Now set each deg value to satisfy the following orders and other conditions.

deg (M) + deg (f) <deg (Q).

deg (M) <deg ( P ₁ )

deg (R) + deg ( P ₁ ) + deg (C) <deg (Q).

p ^{deg ( f ) * m} ≥ 2 ¹²⁸

p ^{deg ( R ) * k} ≥ 2 ¹²⁸

p ^{deg ( M ) * m} ≥ 2 ¹²⁸

For example, if p = 2, k = m = 2, and deg (C) = 1, deg (f), deg (R), and deg (M) are all integers having 64 or more. As a result, deg (Q) will be an integer of at least 130.

Now define the 1 × m matrix M and 1 × k matrix R of the polynomial as

M = ( M ₁ , M ₂ , ..., M _m ), R = ( r ₁ , r ₂ , ..., r _k ). Where the components of M, R, f are selected to satisfy the above order conditions. Hold deg ( r ₁ ) = ... = deg ( r _k ) = deg ( R ) where possible.

H = , f =

P =

Gcd (det ( P ), Q ) = 1 is ideal.

The above three columns have the following relationship.

First, the matrix f is randomly constructed until there is an inverse of the m × m matrix f . In this case, the inverse matrix exists when the matrix value of the matrix f is a unit circle in the ring S. Then, let the inverse of the matrix f be F _Q by mathematical calculation. Then define H as the resulting k × m matrix resulting from multiplying P * F _Q in the ring S by constructing P from P ₁ and c _ij values satisfying the above order condition. For each of the resulting H elements, check whether the following conditions are met.

For each j = 1, 2, 3, ..., m

Determine if min {deg ( H _{1 j} ), deg ( H _{2 j} ), ..., deg ( H _kj )}> deg (Q)-10. If this condition is not met, select f randomly and repeat the above procedure.

Then, the inverse of f in the ring SS is obtained from the matrix f thus obtained. If it does not exist, select f randomly and repeat the above procedure. Assume that the obtained inverse is f _{P 1} .

Public keys: H , Q , deg (M), deg (R)

Secret key: P ₁ , f

[2] constructing messages

messageM= (M _One,M ₂, ...,M _m ) Where eachM _i The value is an element of S less than or equal to deg (M).mIt is expressed as a matrix.

[3] encryption

When we want to encrypt message M , the message sender is first represented by R = ( r ₁ , r ₂ , ..., r _k ), which is a 1 × k array of random integers.

The message M is encrypted using the public key Q and H of the message receiver, which is created in the above way. (+ And ＊ are operations in the ring S.)

M + R ＊ H ≡ E results in an encrypted result in a 1 × m matrix.

Send this value to the person you want to send.

[4] decrypt

The message receiver can obtain the original message M by using its private key from the E value as follows.

1. E * f mod Q = A = (A1, A2, ...., A m)

Ai mod P ₁ = AAi (where i ∈ {1, 2, 3, 4, ..., m })

AA = (AA1, AA2, ...., AA m )

3. Obtain AA * f _{P 1} mod P ₁ ≡ MM .

At this time, the receiver can confirm that MM = M.

[5] digital signatures

In general, deg (M) = deg (P) -1, deg (f) = deg (R), m = k, deg (C) = 0, deg (M) + deg (P) = deg (Q) If you choose, you can digitally sign as follows:

However, in general, deg (M) = deg (P) -1, deg (R) = deg (Q) -deg (P) -deg (C) -1, deg (M) + deg (P) = deg (Q ), The probability of becoming a digital signature is as follows.

(Number of message cases × number of R cases) / (encrypted message space) = to be. As a special case, when m = k , the probability of becoming digital signature is to be.

The following is the procedure that A digitally signs message M and sends it to B.

Suppose two people A and B are using the same hash function h, where B asks A to digitally sign messsage M.

First, let A calculate h (M). Then, digitally sign as follows.

CASE A> log _p (h (M)) ≥ log _p ( Q _A )

(1) When h (M) expressed as an integer is expressed in p- number, only the number of digits int [log _p Q _A ] are left on the left side, and all others are discarded. The resulting value is called hh (M). The hh (M) values in p are evenly distributed in a 1 × m matrix on a digit basis. The resulting 1 × m matrix is called hhh (M).

(2) Then, using his private key f and polynomial P ₁ , we get the matrices M ^* and R ^* which satisfy the following equation:

hhh (M) = M ^* + R ^* × H _A mod Q _A

If the values of M _i and R _i , which are the members of M ^* and R ^* , are larger than the values of deg (M) and deg (R), which are the public keys of A, the right 1 bit of hhh (M) is set to 1 and exclusive or The result produced by the operation is called hhh (M) and the process of obtaining M ^* and R ^* is repeated. If this process is performed for about 5 bits to the right of hhh (M) for, M that satisfies the above condition You will get ^* and R ^* values.

(3) The M ^* and R ^* values obtained above are encrypted and transmitted using the B's public key. Of course, the h (M) value is passed to B in the normal path.

(4) Then, B decrypts and finds M ^* and R ^* , and as a result, checks that the values of deg ( M ^* ) and deg ( R ^* ) are less than or equal to the values of deg (M) and deg (R), which are the public keys of A. do. (If not, the signature is not trusted.) And compare the values of hhh (M) and h (M) obtained by encrypting with A's public key. As a result, if the difference between two values is about 5 bits or less on the right, the digital signature is considered reliable and the rest of the digital signature is considered unreliable.

CASE B> len (h (M)) <len ( Q _A )

(1) h (M) expressed as an integerpInt [log from left when expressed in decimal _p Q _A Until you get the number of digitspThe left part of the h (M) value expressed in decimal numbers for each digit.pRepeat pasting to the decimal number h (M). (E.g. h (M) x, h (M) h (M) x, etc.). Let's call the resulting value hh (M). And thispDecimal hh (M) Value 1 ×mDistribute the rows evenly by digits. The resulting 1 ×mLet the matrix be hhh (M).

(2) Perform steps (2) and (3) in CASE A>.

(3) Then, B decrypts and finds M ^* and R ^* , and as a result, checks that the values of deg ( M ^* ) and deg ( R ^* ) are less than or equal to deg (M) and deg (R), the public keys of A. do. (If it doesn't, the signature is not reliable.) And again with A's public key, we compute hhh (M) with the following formula M ^* + R ^* × H _A mod Q _A. The value of hhh (M) is h (M) or h (M), which is the hash value of message M that you want to receive the original digital signature on. x or h (M) h (M) Checks to see if x is similar to the p representation. The criterion of the similarity is that if the right 5 bits is less than the difference, the digital signature is regarded as reliable, otherwise A's digital signature is rejected.

Conventional cryptographic systems using polynomials include ECC and NTRU. However, the system presented here is similar to NTRU in encryption and decryption, but the key to encryption is one-way function. Also, digital signatures are completely different.

It can be used to build a very fast PKI by overcoming the limitations of encryption and decryption speed of existing cryptosystems. And a very fast key generation time can be applied with one time password.

And since the public key cryptosystem using polynomial can use very small number, it can be applied to memory efficient smart card.

Claims (4)

Encryption and decryption process in public key cryptosystem using matrix [1] Key generation First, the positive integers n1, n2, n3, n4 and n5 satisfying the following values are determined. N3-1 + n1 + int (log ₂ k ) <n4 N5 + n3 + n2 + int (log ₂ k ) <n4 ＊ n ₁ * m ≥60 ( f complexity) ＊ n ₅ * k ≥60 (complexity of R ) N ₃ ≥60 ( P complexity), n ₁ < n ₃ First, m × m matrix f is randomly constructed as follows. f = Herein, an integer of 0 ≦ f _ij ≦ 2 ^{n 1} is used. Second, the k × m matrix P is constructed as follows. P = Gcd (det ( P ), Q ) = 1 is ideal. Where 0 ≤c _ij <2 ^{n 2}And 2 ^{n 3-1}≤P _One<2 ^{n 3} Where i ∈ {1, 2, 3, 4, ..., k }, j ∈ {1, 2, 3, 4, ..., m } And size 2 ^{n 4}≤Q<2 ^{n 4 + 1}Positive integerQSelect. At this timeQMay be random, but in some cases it may be chosen as the product or fraction of two prime numbers and used for digital signatures. Then, the secret key matrix f _Q and the public key matrix H are generated as follows. Let f _{Q be} the inverse of f in the integer ring Z / < Q >. Then f _Q * f ≡ f * f _Q ≡ I mod Q. (Where I is the unit matrix) And integer ringZ/ <Q> InP*f _Q modQ≡HIt is called. Likewise, if the inverse of the matrix f is f _{P 1} in the integer Z / < P ₁ >, then f _{P 1} * f ≡ f * f _{P 1} ≡ I mod P ₁ . Where I is the unit matrix. Among the keys generated so far, the public keys are Q , H , n ₃ , n ₄ , n ₅ and the secret keys are f , f _Q , P ₁ , f _{P 1} . [2] constructing messages Express the message M = (M1, M2, ..., M m ). In this case, each Mi value is a positive integer less than P ₁ , and the message to be sent is represented by a 1 × m matrix of integers. Specifically 2 ^{n 3-2}≤ Mi ≤2 ^{n 3-1}To be configured. [3] encryption messageMIn order to encrypt a message, the message sender is first composed of a random integer 1 ×kArrayR= (R1, R2, ....., Rk) (Only 2 ^{n 5-1}≤ Ri ≤2 ^{n 5}) The message M is encrypted using the public key Q and H of the message receiver, which is created in the above way. M + R * H mod Q ≡ E is the result of the encryption resulting in a 1 × m matrix. Send this value to the person you want to send. [4] decrypt The message receiver can obtain the original message M by using its private key from the E value as follows. 1. E * f mod Q = A = (A1, A2, ...., A m) Ai mod P ₁ = AAi (where i ∈ {1, 2, 3, 4, ..., m }) AA = (AA1, AA2, ...., AA m ) 3. Obtain AA * f _{P 1} mod P ₁ ≡ MM . At this time, the receiver can confirm that MM = M. Electronic signature method using the encryption and decryption method of claim 1 There are the following ways to establish an electronic signature. [1] stochastic digital signatures The probabilistic digital signature provides a relatively faster digital signature method than the existing digital signature method of the existing encryption system by using a relatively small key size. In general, number the number k ≥ m for faster decoding. In the first case, n ₁ -1 ≤ n ₅ + n ₂ , n ₄ = n ₅ + n ₃ + n ₂ + int (log ₂ k ). The probability that the digital signature will be established (Number of message cases × number of R cases) / (encrypted message space) = = Becomes In the cryptosystem, however, n ₂ and log ₂ k values are generally set to 2 or less, so it is not a problem. if Secondly, if n ₁ -1 ≥ n ₅ + n ₂ , set n ₄ = n ₃ -1+ n ₁ + int (log ₂ k ). In this case, the probability that the digital signature is established = to be. Therefore, to increase the probability of becoming a digital signature, we set the coefficients so that | n ₁ - n ₅ | and int (log ₂ k ) are small integers. The following is how A electronically signs message M and sends it to B. Definition: M is an integer and 2 ^{n -One}≤M<2 ⁿ If len (M) =nThis is defined as. M = (M _One,M ₂, ...,M _m ), Len (M) = len(M _i It is defined as Suppose two people A and B are using the same hash function h, where B asks A to digitally sign messsage M. First, let A calculate h (M). Then, digitally sign as follows. CASE A> len (h (M)) ≥ len ( Q _A ) (1) len (h (M))-Cut the number of bits by len ( Q _A ) from the right side of h (M). Let the result be MM. (2) Then, using A's own secret key, the matrix f and the integer P ₁ , we obtain the matrix M and R which satisfy the following equation. MM = M ^* + R ^* × H _A mod Q _A If the obtained M ^* and R ^* are larger than A's own public keys, len (M) and len (R), repeat the process of obtaining M ^* and R ^* by performing an exclusive or operation with 1 on the right 1 bit of MM. If the process is performed for about 5 bits to the right of the MM, M ^* and R ^* values satisfying the above conditions will be obtained. (3) The M ^* and R ^* values obtained above are encrypted and transmitted using the B's public key. Of course, the h (M) value is passed to B in the normal path. (4) Then, B decrypts and finds M ^* and R ^* , and as a result, checks that the values of deg ( M ^* ) and deg ( R ^* ) are less than or equal to the values of deg (M) and deg (R), which are the public keys of A. (If not, the signature is untrusted.) Then compare the values of MM and h (M), which are again encrypted with A's public key. As a result, if the difference between two values is about 5 bits or less on the right, the digital signature is considered reliable and the rest of the digital signature is considered unreliable. CASE B> len (h (M)) <len ( Q _A ) (1) When the first bits of h (M) are extracted in order and concatenation, the result x is len (h (M) Let x be the value of B's public len ( Q _B ) (if len (h (M) Even if (h (M)) is less than B's published message length, h (M) until the size condition is met (h (M) continue transforming to x shape) and consequently h (M) Let x be MM. (2) Perform steps (2) and (3) in CASE A>. (3) Then, B decrypts and finds M ^* and R ^* , and as a result, checks that the values of deg ( M ^* ) and deg ( R ^* ) are less than or equal to deg (M) and deg (R), the public keys of A. do. (If not, the signature is unreliable.) Again, with A's public key, we compute MM by computing M ^* + R ^* × H _A mod Q _A. H (M) or h (M), which is the hash value of message M that you want to receive the original digital signature. x or h (M) h (M) Check if x looks like or similar. The criterion of the similarity is that if the right 5 bits is less than the difference, the digital signature is regarded as reliable, otherwise A's digital signature is rejected. [2] Signature method using classical digital signature method. In the classic digital signature method, we propose the method of digital signature by applying the digital signature method used in RSA appropriately in our case. First let Q be the product of two prime numbers. Then, to apply the RSA digital signature method, RSA's public key e and secret key d are created. Then, digitally sign the message M as follows. First we put message M into a hash function to get the result. The result is text with a relatively small number of bits. This is digitally signed in the same way as in RSA. It should be noted that when sending a message, encryption can be done using the method suggested in "Public Key Cryptography System Using Integer Matrix." Encryption and decryption process in public key cryptosystem using polynomial [1] Key generation First let's define the polynomial S = Z [ x ] / < p , Q> . (Where p is a positive integer, Q is a weak polynomial, or x ^N - c shaped polynomial). Define the ring SS as Z [ x ] / < p, P ₁ >. ( P ₁ is a polynomial that satisfies the following order conditions) If G is a polynomial, define "deg ( G ) = degree of polynomial G ". If G = ( G ₁ , G ₂ , ..., G _k ) and each G _i is polynomial deg ( G ) = max {deg ( G ₁ ), deg ( G ₂ ), ..., deg ( G _k )}. First let's set the non-negative integer deg (C). Usually deg (C) ∈ {0,1,2,3}. For example, if deg (C) is 2, a quadratic or lower-order polynomial having elements of Z / < p > as coefficients. 0 ≤ deg ( c _ij ) ≤ deg (C). And k is a positive integer catches the 1≤ k. In general, the larger the integer, the slower the execution speed. Now set each deg value to satisfy the following orders and other conditions. deg (M) + deg (f) <deg (Q). deg (M) <deg (P ₁ ) deg (R) + deg ( P ₁ ) + deg (C) <deg (Q). p ^{deg ( f ) * m} ≥ 2 ¹²⁸ p ^{deg ( R ) * k} ≥ 2 ¹²⁸ p ^{deg ( M ) * m} ≥ 2 ¹²⁸ For example, if p = 2, k = m = 2, and deg (C) = 1, deg (f), deg (R), and deg (M) are all integers having 64 or more. As a result, deg (Q) will be an integer of at least 130. Now define the 1 × m matrix M and 1 × k matrix R of the polynomial as M = ( M ₁ , M ₂ , ..., M _m ), R = ( r ₁ , r ₂ , ..., r _k ). Where the components of M, R, f are selected to satisfy the above order conditions. Hold deg ( r ₁ ) = ... = deg ( r _k ) = deg ( R ) where possible. H = , f = P = Gcd (det ( P ), Q ) = 1 is ideal. The above three columns have the following relationship. First, the matrix f is randomly constructed until there is an inverse of the m × m matrix f . In this case, the inverse matrix exists when the matrix value of the matrix f is a unit circle in the ring S. Then, let the inverse of the matrix f be F _Q by mathematical calculation. We define H as the k × m matrix resulting from constructing P from P ₁ and c _ij values satisfying the above order condition and multiplying P * F _Q in S. For each of the resulting H elements, check whether the following conditions are met. For each j = 1, 2, 3, ..., m Determine if min {deg ( H _{1 j} ), deg ( H _{2 j} ), ..., deg ( H _kj )}> deg (Q)-10. If this condition is not satisfied, select f randomly and repeat the above procedure. Then, the inverse of f in the ring SS is obtained from the matrix f thus obtained. If it does not exist, select f randomly and repeat the above procedure. Assume that the obtained inverse is f _{P 1} . Public keys: H , Q , deg (M), deg (R) Secret key: P ₁ , f [2] constructing messages messageM= (M _One,M ₂, ...,M _m ) Where eachM _i The value is an element of S less than or equal to deg (M).mIt is expressed as a matrix. [3] encryption When we want to encrypt message M , the message sender is first represented by R = ( r ₁ , r ₂ , ..., r _k ), which is a 1 × k array of random integers. Using the message receiver's public keys Q and H , the message M is encrypted using the following procedure (where + and × are operations within ring S): M + R × H ≡ E results in an encrypted result in a 1 × m matrix. Send this value to the person you want to send. [4] decrypt The message receiver can obtain the original message M by using its private key from the E value as follows. 1. E * f mod Q = A = (A1, A2, ...., A m) Ai mod P ₁ = AAi (where i ∈ {1, 2, 3, 4, ..., m }) AA = (AA1, AA2, ...., AA m ) 3. Obtain AA * f _{P 1} mod P ₁ ≡ MM . At this time, the receiver can confirm that MM = M. Electronic signature method using the encryption / decryption method of claim 3 In general, deg (M) = deg (P) -1, deg (f) = deg (R), m = k, deg (C) = 0, deg (M) + deg (P) = deg (Q) If you choose, you can digitally sign as follows: However, in general, deg (M) = deg (P) -1, deg (R) = deg (Q) -deg (P) -deg (C) -1, deg (M) + deg (P) = deg (Q ), The probability of becoming a digital signature is as follows. (Number of message cases × number of R cases) / (encrypted message space) = to be. As a special case, when m = k , the probability of digital signature is to be. The following is the procedure that A digitally signs message M and sends it to B. Suppose two people A and B are using the same hash function h, where B asks A to digitally sign messsage M. First, let A calculate h (M). Then, digitally sign as follows. CASE A> log _p (h (M)) ≥ log _p ( Q _A ) (1) When h (M) expressed as an integer is expressed as a p- number, only the number of digits int [log _p ( Q _A )] are left on the left side, and the rest are discarded. The resulting value is hh (M). . And disperse evenly in a p-adic number hh (M) based on the digit values to 1 × m matrix. The resulting 1 × m matrix is called hhh (M). (2) Then, using his private key f and polynomial P ₁ , we get the matrices M ^* and R ^* which satisfy the following equation: hhh (M) = M ^* + R ^* × H _A mod Q _A If the values of M _i and R _i , which are the members of M ^* and R ^* , are larger than the values of deg (M) and deg (R), which are the public keys of A, the right 1 bit of hhh (M) is 1 and exclusive or The result produced by the operation is called hhh (M) and the process of obtaining M ^* and R ^* is repeated. If this process is performed for about 5 bits to the right of hhh (m) for, M which satisfies the above condition You will get ^* and R ^* values. (3) The M ^* and R ^* values obtained above are encrypted and transmitted using the B's public key. Of course, the h (M) value is passed to B in the normal path. (4) Then, B decrypts and finds M ^* and R ^* , and as a result, checks that the values of deg ( M ^* ) and deg ( R ^* ) are less than or equal to the values of deg (M) and deg (R), which are the public keys of A. do. (If not, the signature is not trusted.) And compare the values of hhh (M) and h (M) obtained by encrypting with A's public key. As a result, if the difference between two values is about 5 bits or less on the right, the digital signature is considered reliable and the rest of the digital signature is considered unreliable. CASE B> log _p (h (M)) <log _p ( Q _A ) (1) expressed as an integer h (M) of p binary to have, when expressed as a p-adic number until there digits to the right of the by int [log _p Q _A] in the left representation h (M) on the left part of each of the value digits to p Repeat pasting to decimal h (M) (eg, h (M)) x, h (M) h (M) x, etc.). Let's call the resulting value hh (M). The hh (M) values in p are evenly distributed in a 1 × m matrix on a digit basis. The resulting 1 × m matrix is called hhh (M). (2) Perform steps (2) and (3) in CASE A>. (3) Then, B decrypts and finds M ^* and R ^* , and as a result, checks that the values of deg ( M ^* ) and deg ( R ^* ) are less than or equal to deg (M) and deg (R), the public keys of A. and (if not satisfied signature is not reliable), and the public key of the operation back to a, as shown in the following expression _{^{M * + R * × H a}} mod Q a gets hhh (M). The value of hhh (M) is h (M) or h (M), which is the hash value of message M that you want to receive the original digital signature on. x or h (M) h (M) Checks to see if x is similar to the p representation. The criterion of the similarity is that if the right 5 bits is less than the difference, the digital signature is regarded as reliable, otherwise A's digital signature is rejected.