WO2020169996A1 - Matrix-based cryptographic methods and apparatus - Google Patents
Matrix-based cryptographic methods and apparatus Download PDFInfo
- Publication number
- WO2020169996A1 WO2020169996A1 PCT/HU2019/050045 HU2019050045W WO2020169996A1 WO 2020169996 A1 WO2020169996 A1 WO 2020169996A1 HU 2019050045 W HU2019050045 W HU 2019050045W WO 2020169996 A1 WO2020169996 A1 WO 2020169996A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- matrix
- matrices
- message
- code
- row vectors
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/304—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy based on error correction codes, e.g. McEliece
Definitions
- the present invention relates generally to cryptography, and in particular to matrix-based public-key cryptographic methods and apparatus.
- the document US 8,621,227 discloses a system and method for cryptographic key exchange using matrices.
- Two parties can establish a cryptographic key using a matrix based key exchange protocol, for secure communications without any prior distribution of secret keys or other secret data, and without revealing said key to any third party who may have access to all of the transmissions between them.
- a non-invertable common matrix M shared in advance, is multiplied by a random matrix K on the sending side, and a different random matrix N on the receiving side.
- the matrix product KM is sent from the sending side to the receiving side, and the matrix product MN is sent from the receiving side to the sending side. Both sides produce the common matrix product KMN, and use it for producing a symmetric key for encrypted communications.
- the key matrices are non-invertable, this solution relates to symmetric encryption.
- the public key matrix K is constructed so that the message matrix M can be easily determined from two or more code matrices V.
- the above object is achieved by providing a method for encrypting a digital message, the method comprising the following steps carried out using a processor:
- first key matrix K1 is a product of two integer matrices PI and Ql
- second key matrix K2 is a product of two integer matrices P2 and Q2;
- PI and P2 are invertable at least on their side opposite to where they are multiplied with Ql and Q2, respectively,
- K1 and K2 are non-invertible on their side opposite to where they are multiplied with Ml and M2, respectively, and
- a method for decrypting a digital ciphertext message comprising the following steps carried out using a processor:
- auxiliary matrix H from a set of row vectors selected from the temporary matrices Wl, W2, each row vector of H corresponding, by row position, to a respective row vector of the invertable square matrix R; computing the message matrix M as a product of an inverse R 1 of said invertable square matrix R and said auxiliary matrix H.
- the invention also relates to an apparatus configured to carry the above encryption and decryption methods.
- the invention further relates to a computer-readable storage medium with instructions stored therein which, upon execution by a processor, instruct the processor to carry out the above encryption and decryption methods.
- FIG. 1 is a flow diagram illustrative of the steps of encryption method according to the present the invention.
- FIG. 2 is a flow diagram illustrative of the steps of a preferred embodiment of the decryption method according to the present the invention
- Fig. S illustrates a block diagram of an apparatus adapted for performing the encryption or decryption method according to the present the invention.
- the cryptographic system of the present invention includes three processes, namely a key generation process, an encryption process and a decryption process.
- Key generation a key generation process, an encryption process and a decryption process.
- a first extended message matrix Ml is generated by using an nxr message matrix M of integer elements, where n>l, r>l.
- the elements of the message matrix M form a matrix representation of a digital plaintext message.
- the message matrix M may be a vector.
- the first extended message matrix Ml is a combination of the message matrix M and a first set of freely selected row vectors.
- Ml may include the nxr message matrix M as an upper block and a kxr first extension matrix LI of integer elements as a lower block, where k>l:
- the elements of the LI block may be selected differently or randomly for any message matrix M.
- a second extended message matrix M2 may be generated as a combination of the message matrix M and a second set of freely selected row vectors different from said first set of freely selected row vectors of Ml.
- the second extended message matrix M2 may be generated to include the nxr message matrix M as an upper block and a kxr second extension matrix L2 of integer elements as a lower block:
- the elements of the L2 block may be selected differently or randomly for each message matrix M with the restriction that L2 shall always be different from LI.
- the row vectors of LI are linearly dependent of each other, and the row vectors of L2 are also linearly dependent of each other.
- Any number of extended message matrices may be generated for a particular message matrix M, wherein the number of the extended message matrices corresponds to the number of the encrypting key matrices.
- PI first transformation matrix
- the matrix Ql includes a non-invertable nxn matrix A1 of integer elements, a nxkl null matrix N and a llx(n+kl) matrix B1 of integer elements.
- the matrix Ql includes the matrix A1 as an upper left block, the null matrix N as an upper right block and the matrix B1 as a lower block. Since A1 is non- invertable, its rank is smaller than n, i.e. rank(Al) ⁇ n.
- the elements of the matrix Ql may be selected freely or randomly for any particular key matrix Kl.
- Q1 is non-invertable since its rank is also smaller than (n+kl) due to the linearly dependent rows of Al.
- the second key matrix has a size of (n+l2+j2)x(n+k2).
- the matrix Q2 has the same structure as Ql. Since A2 is also non-invertable, the rank of A2 is smaller than n, i.e. rank(A2) ⁇ n. The elements of the matrix Q2 may be selected freely or randomly for any particular key matrix K2.
- An essential feature of the matrices Ql and Q2 is that the unified set of the row vectors of the matrices Al and A2 should include n linearly independent row vectors, that is
- II and 12 may be both equal or different, and the same applies to kl and k2, as well as to jl and j2.
- Further key matrices may be produced similarly upon demand. Preferably, a different key matrix is produced for each extended message matrix.
- the matrices Ql, Q2 are formed of the following blocks: a non- invertable nxn integer matrix Al, A2, a nxk null matrix N and a kx(n+k) integer matrix Bl, B2.
- the matrices Al, A2 may form an upper left block
- the null matrix N may form an upper right block
- the matrices Bl, B2 may form a lower block in Ql and Q2, respectively.
- the matrices PI, P2, Ql and Q2 have only nonnegative integer entries.
- the key matrices Kl and K2 also have nonnegative integer elements.
- the key matrices Kl and K2 may then be published as the public key for encryption, while the matrices PI, P2 and Ql, Q2 should be kept in secret as the private key for decryption of the messages. It is noted that generation of the key matrices Kl, K2 is computationally easy and for large key matrices, the number of the appropriate variations of the key matrices Kl, K2 is extremely high.
- the plaintext message can be encrypted using the key matrices Kl, K2.
- the digital plaintext message to be ciphered represented by digital data, is converted into an nxr message matrix M of integer elements.
- a first extended message matrix Ml is generated as a combination of the message matrix M and a first set of freely selected row vectors.
- the first extended message matrix Ml may be generated using the message matrix M as an upper block and a kxr first extension matrix LI of integer elements as a lower block.
- the elements of the first extension matrix LI may be selected freely or randomly.
- a second extended message matrix M2 is generated as a combination of the message matrix M and a second set of freely selected row vectors different from said first set of freely selected row vectors of Ml.
- the second extended message matrix M2 may be generated from the message matrix M as an upper block and a second extension matrix L2 of kxr integer elements as a lower block.
- the elements of the second extension matrix L2 may be selected freely with the restriction that the matrix L2 shall be different from the matrix LI.
- the extended message matrices Ml, M2 contain only nonnegative integer elements, i.e. the plaintext message is converted into a nonnegative integer message matrix M and the extension matrices LI, L2 are also nonnegative integer matrices.
- a first code matrix VI is computed as a product of a first non-invertable key matrix Kl of (n+k)x(n+k) integer elements and the first extended message matrix Ml
- a second code matrix V2 of (n+k)x(n+k) integer elements is computed as a product of a second non-invertable key matrix K2 (n+k)x(n+k) integer elements and the second extended message matrix M2, i.e.
- V1 K1 M1
- V2 K2 ⁇ M2
- the key matrices Kl and K2 have been generated as described above.
- the thus obtained code matrices VI and V2 are then output as a ciphertext message in step 130, so they can be transmitted through an insecure communication channel or may be stored on a computer-readable storage medium.
- a different extension matrix LI and/or a different extension matrix L2 may be generated in each encryption process. It is particularly preferred that even in the same encryption process, LI and L2 are different for a particular message matrix M.
- the elements of the extension matrices LI, L2 are selected randomly, the content of the message matrix M cannot be recovered from the code matrices VI, V2 even if the massage matrix M is a specially constructed matrix, such as a null matrix or an identity matrix.
- the matrices Pi should be invertable at least on their side opposite to where they are multiplied with Qi.
- Pi should be left-invertable so that Qi can be produced using the left peseudoinverse P 1 .
- a decryption method for decrypting the ciphered message produced using the encryption method according to the first aspect of the invention.
- the code matrices VI and V2 are obtained for a decrypting entity in step 200.
- the code matrices VI and V2 may be made available for the decrypting entity either by receiving them from a sender entity or by reading them from a computer-readable storage medium.
- the plaintext message matrix M which has been encrypted using the encryption method according to the first aspect of the invention, is determined from the code matrices VI and V2 according to the following algorithm.
- each of the first and second code matrices VI and V2 is multiplied with the multiplicative inverse PI 1 or P2 1 of the respective invertable transformation matrix PI or P2 to obtain temporary matrices W1 and W2 of the size (n+k)x(n+k), i.e.
- PI 1 When PI is not a square matrix, the inverse matrix PI 1 is the left pseudoinverse of PI. The same applies to P2. It is noted that since PI and P2 are known for the decrypting entity, in addition to or instead of PI and P2, their inverses PI 1 and P2 1 may be permanently stored at the decrypting entity for making the computations of the decryption process faster.
- an invertable square matrix R is produced from a specific set of row vectors forming a part Q1 and Q2.
- n linearly independent row vectors x are selected from among the row vectors of the matrices A1 and A2 (which are incorporated in Q1 and Q2, respectively), and an invertable nxn matrix R is generated from said selected row vectors x.
- an auxiliary matrix H is generated from a set of row vectors selected from the temporary matrices W1 and W2 in a manner that each of the selected row vectors corresponds to an associated one of the row vectors obtained from Q1 and Q2.
- Each row vector of W1 and W2 has r elements.
- n row vectors y are selected from among the row vectors of the matrices W1 and W2 that correspond to the selected row vectors x of A1 and A2. From the selected row vectors y of W1 and W2, an nxr matrix H can be generated so that any row vector y included in H and its associated row vector x included in R be in the same row position within H and
- the plaintext message can then be recovered easily from the message matrix M through an inverse conversion from integers into digital data.
- the blocks of Q1 (namely Al, N and Bl), and the blocks of the extended message matrix Ml (namely M and LI) may be re-arranged so that the temporary matrix W1 comprise a block that is a product of Al and M, and further comprise a block that is a product of Bl and [ ⁇ J,
- Q1 and Ml may, for example, be defined as
- Q1 and Ml may, for example, be defined as
- the matrices Q2 and M2 may be re-arranged similarly. Furthermore it is noted that although in the matrix computations described herein, the extended message matrices Ml, M2 are multiplied by the key matrices Kl, K2 on their left side in the encryption process, and the code matrices VI, V2 are also multiplied by appropriate matrices on their left side in the decryption process, it should be appreciated by those skilled in the art that all of the above matrix multiplications can also be performed on the right side of the matrices Ml, M2, VI and V2 while using the transposed forms of all of those matrices.
- any matrix operation applied to the rows of the matrices Ml and M2 should be replaced with corresponding matrix operations applied to the columns of the transposed matrices M1 T , M2 T thereof, and vice versa.
- any matrix operation applied to the rows of VI, V2, PI, P2, R and H should be replaced with corresponding matrix operations relating to the columns of VI, Ml, PI, P2, R and H, and vice versa.
- the encryption and decryption methods described herein may have many equivalents in terms of using re-structured matrices and vectors, all of these equivalents being within the scope of the present invention.
- the rows (columns) of the various blocks in Ml, M2 and the respective rows (columns) in Ql, Q2 may be permuted.
- a method for encrypting a digital message comprises the following steps carried out using a processor:
- each of said plurality of Mi being defined as a combination of the message matrix M and an associated set of freely selected row vectors;
- each of the key matrices Ki is non-invertible on its side opposite to where it is multiplied with Mi;
- the size of the extended message matrices and accordingly, the size of the associated key matrices may be different.
- each extended message matrix Mi and each key matrix Ki are produced in the same way as in the embodiment using two extended message matrices and two key matrices as described above in detail.
- the integer matrices Ai included in the matrices Qi should satisfy the following conditions:
- A* is a block matrix including all of the invertable square matrices Ai as blocks in a column arrangement.
- decryption of a ciphered message which has been encrypted by the generalized version of the encryption method, is carried out in the following steps using a processor:
- the size of the various matrices and the length of digital representation of the integer elements in the various matrices depend on the particular safety requirements and can be adjusted or optimized by those ordinary skilled in the art. As the size of the matrices and the length of integer representation can be scaled arbitrarily, the cryptographic system of the present invention provides very high flexibility.
- the processing units used to perform the techniques may be implemented within one or more ASICs, DSPs, digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), processors, controllers, micro-controllers, microprocessors, electronic devices, other electronic units designed to perform the functions described herein, a computer, or a combination thereof. If implemented in software, the functions may be stored at a computer-readable storage medium.
- Computer-readable storage media include both computer storage media and communication media including any medium that facilitates the transfer of a computer program from one place to another. Storage media may be any available media that can be accessed by a computer.
- Such computer- readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
- Disk and disc includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk and Blu-ray disc, where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
- a computer-readable storage medium may be a non-transitory computer-readable storage device that includes instructions that are executable by a processor.
- an apparatus for encrypting a digital message comprises:
- first key matrix K1 is a product of two integer matrices PI and Ql
- second key matrix K2 is a product of two integer matrices P2 and Q2;
- PI and P2 are invertable at least on their side opposite to where they are multiplied with Ql and Q2, respectively,
- K1 and K2 are non-invertible on their side opposite to where they are multiplied with Ml and M2, respectively, and
- an apparatus for decrypting a ciphered message encrypted by the above mentioned encrypting apparatus comprises: a memory;
- FIG. 3 illustrates an exemplary hardware configuration of an embodiment of the apparatus according to the present invention.
- the apparatus 300 comprises an interface unit 302 adapted for communication with other devices (not shown) through a communication channel, a processor 304 and a memory 306 adapted for storing data, such as intermediary calculation results.
- the apparatus 300 may comprise a program logic 310 including a code 312 (e.g., program code) that may be loaded into the memory 306 and executed by the processor 304.
- the code 312 may comprise instructions that, when loaded into the memory 306 and executed by the processor 304, perform the method of encryption, the method of decryption, or both according to the present invention.
- the program logic 310, including the code 312, may be stored in a storage 308 of the device 300.
- the apparatus 300 may further comprise an I/O unit 316 including, for example, serial or parallel interfaces for various input and output device, such as a mouse, a keyboard, a display, a printer and so on.
- the processor 304 is adapted to encrypt a plaintext message using the encryption method described herein. In another embodiment of the apparatus, the processor 304 is adapted to decrypt a ciphertext message using the decryption method described herein. In a further embodiment of the apparatus, the processor 304 is adapted to encrypt a plaintext message and to decrypt a ciphertext message in accordance with the methods of the present invention.
- a computer-readable storage medium 314 such as a CD-ROM or a DVD may also store instructions that, when read and executed by the processor 304, perform the method of encryption or the method of decryption, or both, in accordance with the present invention.
- the key matrices K1 and K2 are generated in the same way.
- a singular 7x7 matrix Q1 is generated for Kl, the matrix Q1 having the following structure: s a 4x4 matrix:
- the key matrix Kl is the product of PI and Ql:
- P2 be another arbitrary invertable 7x7 (square) matrix which is different from PI:
- the key matrix K2 is the product of P2 and Q2:
- the public key is ⁇ Kl, K2 ⁇
- the private key is ⁇ PI, Ql, P2, Q2 ⁇ .
- the message matrix M be a 4x6 nonnegative integer matrix, for example,
- the message matrix M is then embedded into two extended message matrices Ml, M2 using random integer elements in the extension blocks.
- Ml and M2 be defined as the following 7x6 matrices:
- the first code matrix VI is the product of the first key matrix K1 and the first extended message matrix Ml:
- the second code matrix V2 is produced similarly:
- the encrypted message is the set of the two code matrices VI, M2, i.e. ⁇ VI, V2 ⁇ .
- the first code matrix VI is multiplied with the inverse of PI to obtain a first temporary matrix Wl:
- a second temporary matrix W2 is produced by multiplying the second code matrix V2 with the inverse of P2:
- the matrix R is constructed by selecting four linearly independent rows from A1 and A2. Let these rows be the first and second rows of A1 and the first and fourth rows of A2. Accordingly,
- the inverse of R is then determined:
- the matrix H is constructed by selecting the first and second rows of W1 and the first and fourth rows of W2 in the same order as their associated rows are included in R. Accordingly,
- the key matrices are defined as integer matrices with negative, positive and zero entries, it is obvious for those skilled in the art that the encryption and decryption methods may be carried out with nonnegative integer key matrices in the same way.
- a direct attack against the cryptographic system of the present invention could be to solve the undetermined linear equation systems defined by the public key matrices K1 and K2 serving as coefficient matrices and the code matrices VI and V2 serving as a set of constant vectors to obtain the column vectors of the extended message matrices Ml, M2 as various sets of variables.
- this task is computationally unfeasible within reasonable time.
- the extended message matrices are formed of nonnegative integer elements, finding solutions of the above mentioned undetermined linear equation systems is even more difficult. In the book of A.
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
A method for encrypting a digital message is disclosed. The encryption method comprises the following steps carried out using a processor: converting (100) a digital plaintext message into a matrix M of at least one column vector m of integer elements; generating (110) at least a first extended message matrix M1 as a combination of the message matrix M and a first set of freely selected row vectors, and a second extended message matrix M2 as a combination of the message matrix M and a second set of freely selected row vectors different from said first set of freely selected row vectors; computing (120) at least a first code matrix V1 as a product of a first key matrix K1 of integer elements and the first extended message matrix M1, and a second code matrix V2 as a product of a second key matrix K2 of integer elements and the second extended message matrix M2; and outputting (130) a ciphertext message as a set of at least said first and second code matrices V1 and V2. The first key matrix K1 is a product of two integer matrices P1 and Q1, and the second key matrix K2 is a product of two integer matrices P2 and Q2. The matrices P1 and P2 are invertable at least on their side opposite to where they are multiplied with Q1 and Q2, respectively. The matrices K1 and K2 are non-invertible on their side opposite to where they are multiplied with M1 and M2, respectively. A specific set of row vectors forming a part of the matrices Q1 and Q2 defines an invertable square matrix R. A corresponding method for decrypting the ciphertext message and apparatus for carrying out the encryption and decryption methods are further disclosed.
Description
MATRIX-BASED CRYPTOGRAPHIC METHODS AND APPARATUS
FIELD OF THE INVENTION
The present invention relates generally to cryptography, and in particular to matrix-based public-key cryptographic methods and apparatus.
BACKGROUND OF THE INVENTION
Currently, the most popular public-key algorithms, like RSA or ECC, are assumed to be among those cryptographic algorithms that can be efficiently broken by a sufficiently powerful quantum computer. The problem with these cryptographic algorithms is that their security relies on one of three hard mathematical problems, namely the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem, which can be solved in polynomial time by running Shor's algorithm on a powerful quantum computer.
Therefore there is a need for a new generation of public-key algorithms that are thought to be secure against an attack by a quantum computer. These algorithms are usually called post-quantum cryptographic algorithms. The successful post-quantum cryptographic algorithms are guessed to rely on a mathematical problem that has a computational complexity of NP-complete or preferably NP-hard.
The document US 8,621,227 discloses a system and method for cryptographic key exchange using matrices. Two parties can establish a cryptographic key using a matrix based key exchange protocol, for secure communications without any prior distribution of secret keys or other secret data, and without revealing said key to any third party who may have access to all of the transmissions between them. A non-invertable common matrix M, shared in advance, is multiplied by a random matrix K on the sending side, and a different random matrix N on the receiving side. The matrix product KM is sent from the sending side to the receiving side, and the matrix product MN is sent from the receiving side to the sending side. Both sides produce the common matrix product KMN, and use it for producing a symmetric key for encrypted communications. Although the key matrices are non-invertable, this solution relates to symmetric encryption.
SUMMARY OF THE INVENTION
It is a primary object of the present invention to provide an asymmetric cryptographic system in which the transformation of a plaintext message into a ciphertext message is based on the use of integer matrices as public key matrices that are, in a generic case, non- invertable at least on one side thereof.
The core idea of the encryption is to multiply a specially constructed message matrix M (including a matrix representation of the plaintext message) with a public key matrix K for producing a code matrix V, i.e. V = K M, wherein the public key matrix K has no pseudoinverse K 1 on its left side and therefore the message matrix M cannot be determined using an equation K 1 · V = M, assuming that K and M are not commuting matrices.
Furthermore, the public key matrix K is constructed so that the message matrix M can be easily determined from two or more code matrices V. In particular, the key matrix K is defined as the product of two secret matrices P and Q, i.e. K = P Q, wherein the secret matrix P is an arbitrary matrix that is invertable at least on its left side, i.e. for P there exists at least a left pseuodoinverse P 1, whereas the other secret matrix Q is specially constructed for an easy determination of the plaintext message using two (or more) code matrices V.
Based on the above principles of the encryption, the plaintext message can be easily determined by computing a temporary matrix W from each code matrix V using the left pseudoinverse P-1 of the secret matrix P according to the equation W = P-1 V, which results in W = Q · M, and then the plaintext message can be easily determined from the two or more temporary matrices W and the one or more secret matrices Q, i.e. W plaintext_message, using linear algebraic operations and some specific matrix manipulations.
The above object is achieved by providing a method for encrypting a digital message, the method comprising the following steps carried out using a processor:
converting a digital plaintext message into a matrix M of at least one column vector m of integer elements;
generating at least a first extended message matrix Ml as a combination of the message matrix M and a first set of freely selected row vectors, and a second extended message matrix M2 as a combination of the message matrix M and a second set of freely selected row vectors different from said first set of freely selected row vectors;
computing at least a first code matrix VI as a product of a first key matrix K1 of integer elements and the first extended message matrix Ml, and a second code matrix V2 as a product of a second key matrix K2 of integer elements and the second extended message matrix M2;
wherein the first key matrix K1 is a product of two integer matrices PI and Ql, and the second key matrix K2 is a product of two integer matrices P2 and Q2;
wherein PI and P2 are invertable at least on their side opposite to where they are multiplied with Ql and Q2, respectively,
wherein K1 and K2 are non-invertible on their side opposite to where they are multiplied with Ml and M2, respectively, and
wherein a specific set of row vectors forming a part of the matrices Ql and Q2 defines an invertable square matrix R; and
outputting a ciphertext message as a set of at least said first and second code matrices VI and V2.
According to a second aspect of the invention, a method for decrypting a digital ciphertext message is provided, the method comprising the following steps carried out using a processor:
obtaining at least first and second code matrices VI, V2 as a ciphertext; for each code matrix VI, Ml, computing a temporary matrix Wl, W2 by multiplying the code matrix VI, Ml with an inverse PI 1, P2 1 of a respective transformation matrix PI, P2;
generating an invertable square matrix R using a set of row vectors forming a part of the matrices Ql, Q2;
generating an auxiliary matrix H from a set of row vectors selected from the temporary matrices Wl, W2, each row vector of H corresponding, by row position, to a respective row vector of the invertable square matrix R; computing the message matrix M as a product of an inverse R 1 of said invertable square matrix R and said auxiliary matrix H.
The invention also relates to an apparatus configured to carry the above encryption and decryption methods.
The invention further relates to a computer-readable storage medium with instructions stored therein which, upon execution by a processor, instruct the processor to carry out the above encryption and decryption methods.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention will now be described in more detail with reference to the accompanying drawings, in which:
FIG. 1 is a flow diagram illustrative of the steps of encryption method according to the present the invention.
FIG. 2 is a flow diagram illustrative of the steps of a preferred embodiment of the decryption method according to the present the invention
Fig. S illustrates a block diagram of an apparatus adapted for performing the encryption or decryption method according to the present the invention.
DETAILED DESCRIPTION OF THE EMBODIMENTS
For illustrative purposes, the present invention will be described through various preferred or alternative embodiments of the methods and devices configured to perform encryption and/or decryption based on the use of non-invertable matrices.
The cryptographic system of the present invention includes three processes, namely a key generation process, an encryption process and a decryption process.
Key generation
In order to understand the generation of the key matrices, the structure of a so-called extended message matrix is first introduced. A first extended message matrix Ml is generated by using an nxr message matrix M of integer elements, where n>l, r>l. The elements of the message matrix M form a matrix representation of a digital plaintext message. In a special case, the message matrix M may be a vector.
The first extended message matrix Ml is a combination of the message matrix M and a first set of freely selected row vectors. For example, Ml may include the nxr message matrix M as an upper block and a kxr first extension matrix LI of integer elements as a lower block, where k>l:
The elements of the LI block may be selected differently or randomly for any message matrix M.
Similarly, a second extended message matrix M2 may be generated as a combination of the message matrix M and a second set of freely selected row vectors different from said first set of freely selected row vectors of Ml. The second extended message matrix M2 may be generated to include the nxr message matrix M as an upper block and a kxr second extension matrix L2 of integer elements as a lower block:
The elements of the L2 block may be selected differently or randomly for each message matrix M with the restriction that L2 shall always be different from LI.
Preferably, the row vectors of LI are linearly dependent of each other, and the row vectors of L2 are also linearly dependent of each other.
Any number of extended message matrices may be generated for a particular message matrix M, wherein the number of the extended message matrices corresponds to the number of the encrypting key matrices.
The first key matrix K1 is computed as a product of a first transformation matrix PI, which is a (n+ll+jl)x(n+ll) integer matrix, wherein I1>1, jl>0, and a (n+ll)x(n+kl) integer matrix Ql, wherein kl>l, i.e. K1 = PI Ql. Consequently, the first key matrix K1 is also an integer matrix of the size (n+ll+jl)x(n+kl).
The matrix Ql includes a non-invertable nxn matrix A1 of integer elements, a nxkl null matrix N and a llx(n+kl) matrix B1 of integer elements. When the extended message matrix
Ml is defined as M1=[ ^J, the matrix Ql includes the matrix A1 as an upper left block, the null matrix N as an upper right block and the matrix B1 as a lower block. Since A1 is non- invertable, its rank is smaller than n, i.e. rank(Al)<n. The elements of the matrix Ql may be selected freely or randomly for any particular key matrix Kl.
In the general case, when jl>0, the matrix PI only has a left pseudoinverse (Moore-Penrose pseudoinverse). Consequently, the condition k>ll+jl should be satisfied so that the first key
matrix K1 (having a size of (n+ll+jl)x(n+kl)) have either a right pseudoinverse when kl>ll+jl, or K1 be a non-invertable square matrix when kl=ll+jl.
In one embodiment, the matrix Q1 is a square matrix, meaning that ll=kl, i.e. the matrix Q1 is a (n+kl)x(n+kl) matrix. In this embodiment, Q1 is non-invertable since its rank is also smaller than (n+kl) due to the linearly dependent rows of Al.
In another embodiment, irrespective of the size of Ql, the matrix PI is a (n+ll)x(n+ll) square matrix, meaning that jl=0. If furthermore ll=kl, then both of PI and Ql are square matrices of the size (n+kl)x(n+kl), and the first key matrix K1 is also a (n+kl)x(n+kl) square matrix. Furthermore, since in this embodiment Ql is non-invertable, neither K1 is so, which is an essential requirement for a square key matrix in the present invention.
The second key matrix K2 is to be computed in the same way from a second transformation matrix P2 of the size (n+l2+j2)x(n+l2), and a (n+l2)x(n+k2) matrix Q2, i.e. K2 = P2 · Q2, both of P2 and Q2 being integer matrices. The second key matrix has a size of (n+l2+j2)x(n+k2). When K2 is a square matrix, it should be non-invertable by an appropriate choice of A2 within Q2.
The matrix Q2 has the same structure as Ql. Since A2 is also non-invertable, the rank of A2 is smaller than n, i.e. rank(A2)<n. The elements of the matrix Q2 may be selected freely or randomly for any particular key matrix K2.
An essential feature of the matrices Ql and Q2 is that the unified set of the row vectors of the matrices Al and A2 should include n linearly independent row vectors, that is
It is noted that II and 12 may be both equal or different, and the same applies to kl and k2, as well as to jl and j2.
Further key matrices may be produced similarly upon demand. Preferably, a different key matrix is produced for each extended message matrix.
It is particularly preferred that Il=l2=kl=k2 and jl=j2=0. In this special case, the first key matrix Kl is computed as a product of an invertable (n+k)x(n+k) integer matrix PI and a non- invertable (n+k)x(n+k) integer matrix Ql, i.e. Kl = PI · Ql. Consequently, the first key matrix Kl is also an integer matrix of the size (n+k)x(n+k). A second key matrix K2 is computed in the same way from the integer matrices P2 and Q2 of the same size of (n+k)x(n+k), i.e. K2 = P2 Q2.
In the above special case, the matrices Ql, Q2 are formed of the following blocks: a non- invertable nxn integer matrix Al, A2, a nxk null matrix N and a kx(n+k) integer matrix Bl, B2. For example, the matrices Al, A2 may form an upper left block, the null matrix N may form an upper right block, and the matrices Bl, B2 may form a lower block in Ql and Q2, respectively.
It is particularly preferred that the matrices PI, P2, Ql and Q2 have only nonnegative integer entries. In this case, the key matrices Kl and K2 also have nonnegative integer elements.
The key matrices Kl and K2 may then be published as the public key for encryption, while the matrices PI, P2 and Ql, Q2 should be kept in secret as the private key for decryption of the messages.
It is noted that generation of the key matrices Kl, K2 is computationally easy and for large key matrices, the number of the appropriate variations of the key matrices Kl, K2 is extremely high.
Encryption
The encryption process will now be described with reference to two key matrices K1 and K2. However, the present invention is not limited to the use of two key matrices, and based on the present specification, it will be obvious for a person having ordinary skill in the art how to extend the encryption algorithm to a case with any number of key matrices.
Once the key matrices Kl, K2 have been made available for the encrypting entity, the plaintext message can be encrypted using the key matrices Kl, K2.
As a first step 100 of the encryption method according to a first aspect of the invention, the digital plaintext message to be ciphered, represented by digital data, is converted into an nxr message matrix M of integer elements.
Next, in step 110, a first extended message matrix Ml is generated as a combination of the message matrix M and a first set of freely selected row vectors. Preferably, the first extended message matrix Ml may be generated using the message matrix M as an upper block and a kxr first extension matrix LI of integer elements as a lower block. For each message matrix M, the elements of the first extension matrix LI may be selected freely or randomly.
Still in this step, a second extended message matrix M2 is generated as a combination of the message matrix M and a second set of freely selected row vectors different from said first set of freely selected row vectors of Ml. Preferably, the second extended message matrix M2 may be generated from the message matrix M as an upper block and a second extension matrix L2 of kxr integer elements as a lower block. For each message matrix M, the elements of the second extension matrix L2 may be selected freely with the restriction that the matrix L2 shall be different from the matrix LI.
In one preferred embodiment of the method, the extended message matrices Ml, M2 contain only nonnegative integer elements, i.e. the plaintext message is converted into a nonnegative integer message matrix M and the extension matrices LI, L2 are also nonnegative integer matrices.
As a third step 120, a first code matrix VI is computed as a product of a first non-invertable key matrix Kl of (n+k)x(n+k) integer elements and the first extended message matrix Ml, and a second code matrix V2 of (n+k)x(n+k) integer elements is computed as a product of a second non-invertable key matrix K2 (n+k)x(n+k) integer elements and the second extended message matrix M2, i.e.
V1 = K1 M1, and
V2 = K2 · M2
The key matrices Kl and K2 have been generated as described above.
The thus obtained code matrices VI and V2 are then output as a ciphertext message in step 130, so they can be transmitted through an insecure communication channel or may be stored on a computer-readable storage medium.
In one embodiment, a different extension matrix LI and/or a different extension matrix L2 may be generated in each encryption process. It is particularly preferred that even in the same encryption process, LI and L2 are different for a particular message matrix M.
Furthermore, when the elements of the extension matrices LI, L2 are selected randomly, the content of the message matrix M cannot be recovered from the code matrices VI, V2 even if the massage matrix M is a specially constructed matrix, such as a null matrix or an identity matrix.
Assuming that the matrices used herein are not commute, the matrices Pi should be invertable at least on their side opposite to where they are multiplied with Qi. Hence, when a key matrix Ki is computed by multiplying Qi on its left side with Pi, i.e. Ki=Pi · Qi, then Pi should be left-invertable so that Qi can be produced using the left peseudoinverse P 1. Similarly, when a key matrix Ki is computed by multiplying Qi on its right side with Pi, i.e. Ki=Qi · Pi, then Pi should be right-invertable so that Qi can be produced using the right peseudoinverse P 1.
Furthermore, the key matrices Ki should be non-invertible on the side opposite to where it is multiplied with Mi. It means that when a code matrix Vi is computed by multiplying an extended message matrix Mi on its left side with Ki, i.e. Vi= Ki · Mi, then Ki may not be inverted on its left side. Consequently, Ki may be only right-invertable if Ki is a non-square matrix or Ki should be non-invertable (singular) if it is a square matrix. The same applies to the reverse multiplication of Ki and Mi mutatis mutandis.
Decryption
According to a second aspect of the invention, a decryption method is provided for decrypting the ciphered message produced using the encryption method according to the first aspect of the invention.
The code matrices VI and V2 are obtained for a decrypting entity in step 200. The code matrices VI and V2 may be made available for the decrypting entity either by receiving them from a sender entity or by reading them from a computer-readable storage medium. The plaintext message matrix M, which has been encrypted using the encryption method according to the first aspect of the invention, is determined from the code matrices VI and V2 according to the following algorithm.
In step 210 of the decryption method, each of the first and second code matrices VI and V2 is multiplied with the multiplicative inverse PI 1 or P2 1 of the respective invertable transformation matrix PI or P2 to obtain temporary matrices W1 and W2 of the size (n+k)x(n+k), i.e.
W1 = PI 1 · VI, and
W2 = P2 1 V2
When PI is not a square matrix, the inverse matrix PI 1 is the left pseudoinverse of PI. The same applies to P2.
It is noted that since PI and P2 are known for the decrypting entity, in addition to or instead of PI and P2, their inverses PI 1 and P2 1 may be permanently stored at the decrypting entity for making the computations of the decryption process faster.
In the next step 220, an invertable square matrix R is produced from a specific set of row vectors forming a part Q1 and Q2.
In one embodiment, n linearly independent row vectors x are selected from among the row vectors of the matrices A1 and A2 (which are incorporated in Q1 and Q2, respectively), and an invertable nxn matrix R is generated from said selected row vectors x.
Then, in step 230, an auxiliary matrix H is generated from a set of row vectors selected from the temporary matrices W1 and W2 in a manner that each of the selected row vectors corresponds to an associated one of the row vectors obtained from Q1 and Q2. Each row vector of W1 and W2 has r elements.
Preferably, n row vectors y are selected from among the row vectors of the matrices W1 and W2 that correspond to the selected row vectors x of A1 and A2. From the selected row vectors y of W1 and W2, an nxr matrix H can be generated so that any row vector y included in H and its associated row vector x included in R be in the same row position within H and
R.
Once the matrices R and H have been produced, the message matrix M is computed in step 240 as a product of the inverse matrix R"1 and the auxiliary matrix H, i.e. M = R"1 · H.
The plaintext message can then be recovered easily from the message matrix M through an inverse conversion from integers into digital data.
It is noted that since A1 and A2 (as a part of Q1 and Q2, respectively) are known for the decrypting entity, in addition to or instead of the matrix R, its inverse matrix R"1 may be permanently stored at the decrypting entity for making the computations of the decryption process faster.
In some embodiments of the encryption and decryption methods of the invention, the blocks of Q1 (namely Al, N and Bl), and the blocks of the extended message matrix Ml (namely M and LI) may be re-arranged so that the temporary matrix W1 comprise a block that is a product of Al and M, and further comprise a block that is a product of Bl and [ ^J,
In one embodiment of the encryption and decryption methods of the invention, Q1 and Ml may, for example, be defined as
In one embodiment of the encryption and decryption methods of the invention, Q1 and Ml may, for example, be defined as
Ql=[ B1 l and Ml=[ i
L Al Ni ILI
The matrices Q2 and M2 may be re-arranged similarly.
Furthermore it is noted that although in the matrix computations described herein, the extended message matrices Ml, M2 are multiplied by the key matrices Kl, K2 on their left side in the encryption process, and the code matrices VI, V2 are also multiplied by appropriate matrices on their left side in the decryption process, it should be appreciated by those skilled in the art that all of the above matrix multiplications can also be performed on the right side of the matrices Ml, M2, VI and V2 while using the transposed forms of all of those matrices. It means that any matrix operation applied to the rows of the matrices Ml and M2 should be replaced with corresponding matrix operations applied to the columns of the transposed matrices M1T, M2T thereof, and vice versa. Similarly, when the first and second code matrices VI and V2 are produced from the transposed matrices M1T, M2T, any matrix operation applied to the rows of VI, V2, PI, P2, R and H should be replaced with corresponding matrix operations relating to the columns of VI, Ml, PI, P2, R and H, and vice versa.
The encryption and decryption methods described herein may have many equivalents in terms of using re-structured matrices and vectors, all of these equivalents being within the scope of the present invention. For example, the rows (columns) of the various blocks in Ml, M2 and the respective rows (columns) in Ql, Q2 may be permuted.
Although the encryption and decryption methods of the invention are described above with using two key matrices and two code matrices, the invention is not limited to that scheme and may be generalized for the use of any number of key matrices and at least the same number of code matrices. In one embodiment, a method for encrypting a digital message comprises the following steps carried out using a processor:
converting a digital plaintext message into a matrix M of at least one column vector m of integer elements;
generating a plurality of extended message matrices Mi, each of said plurality of Mi being defined as a combination of the message matrix M and an associated set of freely selected row vectors;
computing a plurality of code matrices Vi, each of said plurality of code matrices Vi being a product of one of a plurality key matrices Ki of integer elements and one of said extended message matrices Mi; i.e. Vi = Ki · Mi;
wherein a key matrix Ki is a product of two integer matrices Pi and Qi, i.e. Ki = Pi · Qi; wherein each of the matrices Pi is invertable at least on its side opposite to where it is multiplied with Qi;
wherein each of the key matrices Ki is non-invertible on its side opposite to where it is multiplied with Mi; and
wherein a specific set of the row vectors forming a part of said plurality of the matrices Qi forms an invertable matrix R; and
outputting a ciphertext message as a set of said plurality of code matrices Vi.
In one embodiment, the size of the extended message matrices and accordingly, the size of the associated key matrices may be different.
In the generalized version of the above encryption method, each extended message matrix Mi and each key matrix Ki are produced in the same way as in the embodiment using two
extended message matrices and two key matrices as described above in detail. The integer matrices Ai included in the matrices Qi should satisfy the following conditions:
rank(Ai)<n and
rank(A*)=n
wherein A* is a block matrix including all of the invertable square matrices Ai as blocks in a column arrangement.
In the generalized version of the decryption method of the invention, decryption of a ciphered message, which has been encrypted by the generalized version of the encryption method, is carried out in the following steps using a processor:
obtaining a plurality of code matrices Vi as a ciphertext;
for each code matrix Vi, computing a temporary matrix Wi by multiplying the code matrix Vi with an inverse Pi'1 of a respective transformation matrix Pi;
generating an invertable square matrix R using a set of row vectors forming a part of said plurality of matrices Qi;
generating an auxiliary matrix H from a set of row vectors selected from the temporary matrices Wi, each row vector of H corresponding, by row position, to a respective row vector of the invertable square matrix R;
computing the message matrix M as a product of an inverse R'1 of said invertable square matrix R and said auxiliary matrix H.
The size of the various matrices and the length of digital representation of the integer elements in the various matrices depend on the particular safety requirements and can be adjusted or optimized by those ordinary skilled in the art. As the size of the matrices and the length of integer representation can be scaled arbitrarily, the cryptographic system of the present invention provides very high flexibility.
The techniques described herein may be implemented by various means. For example, these techniques may be implemented in hardware, firmware, software, or a combination thereof. Those of ordinary skill in the art would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, the various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the invention, as defined by the appended claims.
For a hardware implementation, the processing units used to perform the techniques may be implemented within one or more ASICs, DSPs, digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), processors, controllers, micro-controllers, microprocessors, electronic devices, other electronic units designed to perform the functions described herein, a computer, or a combination thereof.
If implemented in software, the functions may be stored at a computer-readable storage medium. Computer-readable storage media include both computer storage media and communication media including any medium that facilitates the transfer of a computer program from one place to another. Storage media may be any available media that can be accessed by a computer. By way of example, and not limited thereto, such computer- readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. Disk and disc, as used herein, includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk and Blu-ray disc, where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media. For example, a computer-readable storage medium may be a non-transitory computer-readable storage device that includes instructions that are executable by a processor.
According to a further aspect of the invention, an apparatus for encrypting a digital message comprises:
a memory;
one or more processors; and
one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including:
instructions for converting a digital plaintext message into a matrix M of at least one column vector m of integer elements;
instructions for generating at least a first extended message matrix Ml as a combination of the message matrix M and a first set of freely selected row vectors, and a second extended message matrix M2 as a combination of the message matrix M and a second set of freely selected row vectors different from said first set of freely selected row vectors;
instructions for computing at least a first code matrix VI as a product of a first key matrix K1 of integer elements and the first extended message matrix Ml, and a second code matrix V2 as a product of a second key matrix K2 of integer elements and the second extended message matrix M2;
wherein the first key matrix K1 is a product of two integer matrices PI and Ql, and the second key matrix K2 is a product of two integer matrices P2 and Q2;
wherein PI and P2 are invertable at least on their side opposite to where they are multiplied with Ql and Q2, respectively,
wherein K1 and K2 are non-invertible on their side opposite to where they are multiplied with Ml and M2, respectively, and
wherein a specific set of row vectors forming a part of the matrices Ql and Q2 defines an invertable square matrix R; and
instructions for outputting a ciphertext message as a set of at least said first and second code matrices VI and V2.
According to a still further aspect of the invention, an apparatus for decrypting a ciphered message encrypted by the above mentioned encrypting apparatus comprises:
a memory;
one or more processors; and
one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including:
instructions for obtaining at least first and second code matrices VI, V2 as a ciphertext;
instructions for computing a temporary matrix Wl, W2 for each code matrix VI, V2 by multiplying the code matrix VI, V2 with an inverse PI 1, P2 1 of a respective transformation matrix PI, P2;
instructions for generating an invertable square matrix R using a set of row vectors forming a part of the matrices Ql, Q2;
instructions for generating an auxiliary matrix H from a set of row vectors selected from the temporary matrices Wl, W2, each row vector of H corresponding, by row position, to a respective row vector of the invertable square matrix R;
instructions for computing the message matrix M as a product of an inverse R 1 of said invertable square matrix R and said auxiliary matrix H.
FIG. 3 illustrates an exemplary hardware configuration of an embodiment of the apparatus according to the present invention. The apparatus 300 comprises an interface unit 302 adapted for communication with other devices (not shown) through a communication channel, a processor 304 and a memory 306 adapted for storing data, such as intermediary calculation results. The apparatus 300 may comprise a program logic 310 including a code 312 (e.g., program code) that may be loaded into the memory 306 and executed by the processor 304. The code 312 may comprise instructions that, when loaded into the memory 306 and executed by the processor 304, perform the method of encryption, the method of decryption, or both according to the present invention. The program logic 310, including the code 312, may be stored in a storage 308 of the device 300. The apparatus 300 may further comprise an I/O unit 316 including, for example, serial or parallel interfaces for various input and output device, such as a mouse, a keyboard, a display, a printer and so on.
In one embodiment of the apparatus, the processor 304 is adapted to encrypt a plaintext message using the encryption method described herein. In another embodiment of the apparatus, the processor 304 is adapted to decrypt a ciphertext message using the decryption method described herein. In a further embodiment of the apparatus, the processor 304 is adapted to encrypt a plaintext message and to decrypt a ciphertext message in accordance with the methods of the present invention.
A computer-readable storage medium 314 such as a CD-ROM or a DVD may also store instructions that, when read and executed by the processor 304, perform the method of encryption or the method of decryption, or both, in accordance with the present invention.
The foregoing description of disclosed embodiments provides illustration and description, but is not intended to be exhaustive or to limit the invention to the precise form disclosed. Modifications and variations are possible in light of the above teachings or may be acquired from practice of the disclosure. In particular, while exemplary methods of the present invention are described as a series of acts, the order of the acts may vary in other
implementations consistent with the present invention. Non-dependent acts may be performed in any order or in parallel.
Example
In the following example the operation of a cryptographic system is described in accordance with the present invention, wherein n=4, k=l=3, j=0, r=6.
Key generation
The key matrices K1 and K2 are generated in the same way. First, a singular 7x7 matrix Q1 is generated for Kl, the matrix Q1 having the following structure: s a 4x4 matrix:
The rank of A1 is 2, i.e. p(Al)=2, because the first two rows of A1 are linearly independent of each other, whereas the third row is the double of the first row and the fourth row is the double of the second row.
Let B1 be defined as a 3x7 matrix:
Let PI be an arbitrary invertable 7x7 (square) matrix:
The key matrix Kl is the product of PI and Ql:
Kl = PI Q1 =
K2 is generated similarly to Kl.
The rank of A2 is 3, i.e. p(A2) =3, because the first three rows are linearly independent of each other, whereas the fourth row is the sum of the first three rows.
Let B2 be defined as being different from Bl:
Let P2 be another arbitrary invertable 7x7 (square) matrix which is different from PI:
The key matrix K2 is the product of P2 and Q2:
K2 = P2 · Q2 =
The public key is {Kl, K2}, and the private key is {PI, Ql, P2, Q2}.
Encryption
The message matrix M is then embedded into two extended message matrices Ml, M2 using random integer elements in the extension blocks. For example, let Ml and M2 be defined as the following 7x6 matrices:
The last three rows of Ml and M2, which form the extension blocks, are different in Ml and
M2.
The first code matrix VI is the product of the first key matrix K1 and the first extended message matrix Ml:
V1 = K1 - Ml =
The second code matrix V2 is produced similarly:
V2 = K2 M2 =
The encrypted message is the set of the two code matrices VI, M2, i.e. {VI, V2}.
Decryption
The first code matrix VI is multiplied with the inverse of PI to obtain a first temporary matrix Wl:
W1 = PI 1 · VI =
Similarly, a second temporary matrix W2 is produced by multiplying the second code matrix V2 with the inverse of P2:
W2 = P2 1 V2 =
27 16 21 58 30 53
\ 83 98 93 87 107 90 /
Since the message matrix M has four rows, the matrix R is constructed by selecting four linearly independent rows from A1 and A2. Let these rows be the first and second rows of A1 and the first and fourth rows of A2. Accordingly,
The inverse of R is then determined:
The matrix H is constructed by selecting the first and second rows of W1 and the first and fourth rows of W2 in the same order as their associated rows are included in R. Accordingly,
Although in the above example, the key matrices are defined as integer matrices with negative, positive and zero entries, it is obvious for those skilled in the art that the encryption and decryption methods may be carried out with nonnegative integer key matrices in the same way.
Security considerations
First of all, a direct attack against the cryptographic system of the present invention could be to solve the undetermined linear equation systems defined by the public key matrices K1 and K2 serving as coefficient matrices and the code matrices VI and V2 serving as a set of constant vectors to obtain the column vectors of the extended message matrices Ml, M2 as various sets of variables. With applying substantially large key matrices and extended messages matrices, this task is computationally unfeasible within reasonable time. Furthermore, when the extended message matrices are formed of nonnegative integer elements, finding solutions of the above mentioned undetermined linear equation systems is even more difficult. In the book of A. Schrijver, "Theory of linear and integer programming", (John Wiley & Sons, 1998, ISBN 0471982326) it has been proven that solving a system of linear equations in nonnegative integer variables is a mathematical problem that belongs to the complexity class of NP-complete.
Another attack could be to determine the private keys from the public keys. When the public key matrices Kl, K2 are generated as a product of nonnegative integer matrices PI, Ql, and P2, Q2, respectively, factorizing the public key matrices into two matrices is considered to be an extremely difficult mathematical problem. In the paper Stephen A. Vavasis, "On the complexity of nonnegative matrix factorization" (SIAM Journal on Optimization, Volume 20, Issue 3, August 2009, pp. 1364-1377) it has been proven that factorization of a matrix into two matrices of nonnegative entries has a computational complexity that belongs to the class of NP-hard.
Claims
1. A method for encrypting a digital message, comprising the following steps carried out using a processor:
converting (100) a digital plaintext message into a matrix M of at least one column vector m of integer elements;
generating (110) at least a first extended message matrix Ml as a combination of the message matrix M and a first set of freely selected row vectors, and a second extended message matrix M2 as a combination of the message matrix M and a second set of freely selected row vectors different from said first set of freely selected row vectors;
computing (120) at least a first code matrix VI as a product of a first key matrix K1 of integer elements and the first extended message matrix Ml, and a second code matrix V2 as a product of a second key matrix K2 of integer elements and the second extended message matrix M2;
wherein the first key matrix K1 is a product of two integer matrices PI and Ql, and the second key matrix K2 is a product of two integer matrices P2 and Q2;
wherein PI and P2 are invertable at least on their side opposite to where they are multiplied with Ql and Q2, respectively,
wherein K1 and K2 are non-invertible on their side opposite to where they are multiplied with Ml and M2, respectively, and
wherein a specific set of row vectors forming a part of the matrices Ql and Q2 defines an invertable square matrix R; and
outputting (130) a ciphertext message as a set of at least said first and second code matrices VI and V2.
2. The method of claim 1, wherein
the message matrix M is a nxr matrix, where n>l, r>l;
the first extended message matrix Ml includes the message matrix M as an upper block and a kxr first extension matrix LI of integer elements as a lower block, where k>l;
the second extended message matrix M2 includes the message matrix M as an upper block and a kxr second extension matrix L2 of integer elements as a lower block, L2 being different from LI;
the matrices Ql and Q2 are (n+l)x(n+k) matrices and include an nxn matrix Al, A2 of integer elements, respectively, as an upper left block, an nxk null matrix N as an upper right block, and a lx(n+k) matrix Bl, B2 of integer elements, respectively, as a lower block, wherein rank(Al)<n, rank(A2)<n and
said specific set of row vectors includes n linearly independent row vectors selected from the row vectors of the matrices Al, A2,
the matrices PI and P2 are (n+l+j)x(n+l) matrices, where I>1, j>0 and k>l+j.
3. The method of claim 2, wherein
the matrices Q1 and Q2 are (n+k)x(n+k) matrices including kx(n+k) matrices Bl, B2; the matrices PI and P2 are (n+k)x(n+k) invertable matrices; and
the key matrices K1 and K2 are (n+k)x(n+k) non-invertable matrices.
4. The method of claim 2 or 3, wherein the rows of the matrices Ml, M2, Q1 and Q2 are permuted.
5. The method of any one claims 1 to 4, wherein the matrices PI, P2, Q1 and Q2 are nonnegative integer matrices and/or the extended message matrices Ml, M2 are nonnegative integer matrices.
6. The method of any one of claims 1 to 5, further comprising:
transmitting the code matrices VI, V2 through a communication channel, or storing the code matrices VI, V2 on a computer-readable storage medium.
7. The method of any one of claims 1 to 6, further comprising the steps of:
- transposing the extended message matrices Ml, M2 for obtaining transposed matrices M1T, M2T, and
- instead of matrix operations applied to the rows of Ml, M2, performing corresponding matrix operations applied to the columns of M1T, M2T, and vice versa.
8. A method for decrypting a ciphered message encrypted by the method of any one of claims 1 to 5, comprising the following steps carried out using a processor:
obtaining (200) at least first and second code matrices VI, V2 as a ciphertext; for each code matrix VI, V2, computing (210) a temporary matrix Wl, W2 by multiplying the code matrix VI, Ml with an inverse PI 1, P2 1 of a respective transformation matrix PI, P2;
generating (220) an invertable square matrix R using a set of row vectors forming a part of the matrices Ql, Q2;
generating (230) an auxiliary matrix H from a set of row vectors selected from the temporary matrices Wl, W2, each row vector of H corresponding, by row position, to a respective row vector of the invertable square matrix R; computing (240) the message matrix M as a product of an inverse R 1 of said invertable square matrix R and said auxiliary matrix H.
9. The method of claim 8, wherein
- the step of generating (220) the invertable square matrix R comprises:
- selecting n linearly independent row vectors x from among the row vectors of a set of non-invertible nxn matrices Al, A2 included in the matrices Ql, Q2, respectively; and
- generating an nxn square matrix R from said selected row vectors x of Al and A2;
- the step of generating (230) the auxiliary matrix H comprises:
- selecting n row vectors y from among the row vectors of the temporary matrices Wl, W2, each of the selected row vectors y corresponding to a respective one of the row vectors x forming the matrix R;
- generating an nxr auxiliary matrix H from the row vectors y so that any row vector y in H and its associated row vector x in R be in the same row position within H and R.
10. The method of claim 8 or 9, further comprising
receiving the code matrices VI, M2 through a communication channel, or
reading the code matrices VI, M2 from a computer-readable storage medium.
11. The method of any one of claims 8 to 10, wherein the code matrices VI, M2 are produced according to method 6, and the method further comprises:
instead of matrix operations applied to the rows of VI, M2, PI, P2, R and H, performing corresponding matrix operations relating to the columns of VI, M2, PI, P2, R and H, and vice versa, for computing the message matrix M.
12. An apparatus for encrypting a digital message, comprising:
means for converting a digital plaintext message into a matrix M of at least one column vector m of integer elements;
means for generating at least a first extended message matrix Ml as a combination of the message matrix M and a first set of freely selected row vectors, and a second extended message matrix M2 as a combination of the message matrix M and a second set of freely selected row vectors different from said first set of freely selected row vectors;
means for computing at least a first code matrix VI as a product of a first key matrix K1 of integer elements and the first extended message matrix Ml, and a second code matrix M2 as a product of a second key matrix K2 of integer elements and the second extended message matrix M2;
wherein the first key matrix K1 is a product of two integer matrices PI and Ql, and the second key matrix K2 is a product of two integer matrices P2 and Q2;
wherein PI and P2 are invertable at least on their side opposite to where they are multiplied with Ql and Q2, respectively,
wherein K1 and K2 are non-invertible on their side opposite to where they are multiplied with Ml and M2, respectively, and
wherein a specific set of row vectors forming a part of the matrices Ql and Q2 defines an invertable square matrix R; and
means for outputting a ciphertext message as a set of at least said first and second code matrices VI and V2.
IB. An apparatus for decrypting a ciphered message encrypted by the apparatus of claim 12, comprising:
means for obtaining at least first and second code matrices VI, V2 as a ciphertext;
means for computing a temporary matrix Wl, W2 for each code matrix VI, V2 by multiplying the code matrix VI, V2 with an inverse PI 1, P2 1 of a respective transformation matrix PI, P2;
means for generating an invertable square matrix R using a set of row vectors forming a part of the matrices Ql, Q2;
means for generating an auxiliary matrix H from a set of row vectors selected from the temporary matrices Wl, W2, each row vector of H corresponding, by row position, to a respective row vector of the invertable square matrix R;
means for computing the message matrix M as a product of an inverse R 1 of said invertable square matrix R and said auxiliary matrix H.
14. A computer-readable storage medium with instructions stored thereon which, upon execution by a computer, instruct the computer to carry out the steps of the method of any one of claims 1 to 11.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
HU1900162 | 2019-08-28 | ||
HUU1900162 | 2019-08-28 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020169996A1 true WO2020169996A1 (en) | 2020-08-27 |
Family
ID=72144181
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/HU2019/050045 WO2020169996A1 (en) | 2019-08-28 | 2019-10-14 | Matrix-based cryptographic methods and apparatus |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2020169996A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113793245A (en) * | 2021-09-29 | 2021-12-14 | 中国电信股份有限公司 | Image encryption method, image decryption device, electronic device, and medium |
CN113890730A (en) * | 2021-09-23 | 2022-01-04 | 上海华兴数字科技有限公司 | Data transmission method and system |
WO2022172040A1 (en) * | 2021-02-11 | 2022-08-18 | Harangozo Gabor | Linear multivariate public key cryptographic system |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170104590A1 (en) * | 2015-10-12 | 2017-04-13 | Yongge Wang | Method and Apparatus for Error Correcting Code Based Public Key Encryption Schemes |
-
2019
- 2019-10-14 WO PCT/HU2019/050045 patent/WO2020169996A1/en active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170104590A1 (en) * | 2015-10-12 | 2017-04-13 | Yongge Wang | Method and Apparatus for Error Correcting Code Based Public Key Encryption Schemes |
Non-Patent Citations (1)
Title |
---|
KANTER I ET AL: "Secure and linear cryptosystems using error-correcting codes", ARXIV.ORG, CORNELL UNIVERSITY LIBRARY, 201 OLIN LIBRARY CORNELL UNIVERSITY ITHACA, NY 14853, 27 August 2000 (2000-08-27), XP080026256, DOI: 10.1209/EPL/I2000-00537-2 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022172040A1 (en) * | 2021-02-11 | 2022-08-18 | Harangozo Gabor | Linear multivariate public key cryptographic system |
CN113890730A (en) * | 2021-09-23 | 2022-01-04 | 上海华兴数字科技有限公司 | Data transmission method and system |
CN113793245A (en) * | 2021-09-29 | 2021-12-14 | 中国电信股份有限公司 | Image encryption method, image decryption device, electronic device, and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Mallouli et al. | A survey on cryptography: comparative study between RSA vs ECC algorithms, and RSA vs El-Gamal algorithms | |
EP3704830B1 (en) | Multi-party threshold authenticated encryption | |
US11895231B2 (en) | Adaptive attack resistant distributed symmetric encryption | |
Almaiah et al. | A new hybrid text encryption approach over mobile ad hoc network | |
Shankar et al. | An efficient image encryption technique based on optimized key generation in ECC using genetic algorithm | |
CN107196926B (en) | Cloud outsourcing privacy set comparison method and device | |
KR20180115701A (en) | Secure manifold loss prevention of cryptographic keys for block-chain-based systems associated with wallet management systems Storage and transmission | |
WO2018189681A1 (en) | Data tokenization | |
Iyer et al. | A novel idea on multimedia encryption using hybrid crypto approach | |
JP2020508021A (en) | Key exchange device and method | |
US11804960B2 (en) | Distributed symmetric encryption | |
WO2020169996A1 (en) | Matrix-based cryptographic methods and apparatus | |
WO2013021360A1 (en) | Encryption and decryption method | |
Yousif et al. | Enhancing approach for information security in hadoop | |
CN115336224A (en) | Adaptive attack-resistant distributed symmetric encryption | |
Schlor et al. | Multi-party computation enables secure polynomial control based solely on secret-sharing | |
Ahmad et al. | Distributed text-to-image encryption algorithm | |
CN113992325A (en) | Private data sharing method and device | |
Habib et al. | Public key exchange scheme that is addressable (PKA) | |
EP2395698B1 (en) | Implicit certificate generation in the case of weak pseudo-random number generators | |
CN114374518B (en) | PSI (program specific information) intersection information acquisition method and device with intersection counting function and storage medium | |
Kumar et al. | Hybridization of Cryptography for Security of Cloud Data | |
Theodouli et al. | Implementing private k-means clustering using a LWE-based cryptosystem | |
WO2023055371A1 (en) | Replicated secret share generation for distributed symmetric cryptography | |
WO2018011825A1 (en) | Encryption and decryption of messages |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19816864 Country of ref document: EP Kind code of ref document: A1 |
|
DPE2 | Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101) | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19816864 Country of ref document: EP Kind code of ref document: A1 |