v.ustimenko

7/24/2019 V.ustimenko

1/18

On the Cryptography with Mathematica Package

Vasyl Ustimenko

March 20, 2007

University of Maria Curie Sklodowska, Poland, e-mail: [email protected]

Abstract

Cryptography courses are very popular among students around theglobe. I started this teaching subject in Oman together with Dr. Ab-derezak Touzene via supervision of two completed Master Projects (byHuda Al Naamani and Rahma Al Habsi. The topic was the imple-mentation of graph based symmetric encryption algorithm. In fact itwas the first step to interesting further research. So I think that thisinterdisciplinary area could be used effectively for the enhancement ofstudents research Modern Cryptography course naturally can be con-ducted in parallel with leaning Mathematica. Symbolic computationcan be used effectively for the implementation of examples of polyno-mial public key algorithms, like known example of Imai-Matsumotomethod and its generalizations. Graphs given by polynomial equationscan be useful for good cryptographical applications of Mathematica.

Key Words: Public Key Cryptography, Symbolic Computations, Math-ematica

1 Introduction

Cryptography has a tremendous potential to enrich math education. In thefirst place, it puts mathematics in a dramatic setting. students are fascinatedby intrigue and adventure. More is at stake than a grade on a test: if you

make a mistake, your agent will be betrayed.In the second place, cryptography provides a natural way to get students

to discover certain key mathematical concepts and techniques on their own.Too often math teachers present everything on a silver platter, thereby de-priving the students of the joy of discovery. In contrast, if after many hoursthe youngsters finally develop a method to break a cryptosystem, then they

1


2/18

will be more likely to appreciate the power and beauty of the mathematics

that they have uncovered.In the third place, a central theme in cryptography is what we do not

know or cannot do. The security of a cryptosystem often rests on our inabil-ity to efficiently solve a problem in algebra, number theory, or combinatorics.Thus, cryptography provides a way to counterbalance the impression thatstudents often have that with the right formula and a good computer anymath problem can be quickly solved.

Finally, cryptography provides an excellent opportunity for interdisci-plinary projects. I supervised the students research project at The Univer-sity of the South Pacific (Fiji Islands, 1999-2001). Students team consistedof Mr. Rohit Prasad and Mrs. Vishal Gounder. It was funded by University

Research Committee, the resulting algorithm was implemented in AcademicUSP network serving for 11 remote island countries within South Pacific.The project at Sultan Qaboos University had been funded by SQU ResearchCommittee and lead to two successful Master Programs.

The Students Committees of two major Universities in Lublin : Univer-sity of Maria Curie Sklodowska (UMCS) and Catholic University of Lublinnamed after Jan Pawel the Second (KUL) are very active in organizing Re-search Conferences, they used funds given by administration to invite speak-ers in areas chosen by students and funding of students research projects.Cryptography is one of the popular subject: This year will be 5th Workshopon Cryptography organised by Students Cryptographical Society at KUL,

it will be The Conference on Application of Mathematics to Computer sci-ence (at UMCS) with big section on Coding Theory and Cryptography.The invitation of Dr. Tony Shaska (Oakland University, Rochester) bringinternational flavor to this event.

The main task of the talk is to present public key algorithm chosenby UMCS students for Mathematica based implementation. The projectwas presented partially at 4 workshop on Cryptography (KUL, 2006). Thefirst version of software package will be presented at the UMCS studentsconference (May, 2007).

The idea of our algebraically-combinatorial method of public key en-cryption has a small similarity to the well known Imai-Matsumoto. We use

the general idea to treat vertices of a linguistic graph (see [21] and furtherreferences) as messages and use the iterative process to walk on such graphas encryption process. To hide such encryption (graph and walk on it) wewill use two affine transformation. Like in Imai - Matsumoto encryptionthe public rule is just a direct polynomial map from the plaintext to theciphertext.

2


3/18

The knowledge about graph and chosen walk on them (the key) allow to

decrypt a ciphertext fast. We hope that the system is secure even in the casewhen the graph is Public but the walk is hidden. In case of public graphwe can use same encryption as private key algorithm with the resistance toattacks when adversary knows several pairs:(plaintext, ciphertext).

The idea to use arcs on algebraic graphs (graphs defined by polynomialequations) for encryption (section 3) has been considered in [16],[17]. In thispaper we shall combine graphical encryption with two affine transforma-tion (section 5) to get a public and private key algorithms.

First (section 2), we discuss general idea of combining of different affinetransformations with the chosen polynomial map of degree 2..

To describe public key algorithms we shall use traditional for the Cryp-

tography characters: Alice (the holder of the key), Bob (the public user)and Catherine (the cryptoanalyst). In section 5 we consider some heuris-tic arguments on the complexity of algorithms in case of linguistic graphsof high girth, infinite family of such graphs. The toy example of proposedpublic key encryption based the reader can find at the end of the article.

The generalisations of the above algorithm on the case of arbitrary com-mutative ring the reader can find in [25], [26], [27]. Papers [18]-[20], [23],[24] devoted to the implementations of the algorithm using walks on graphswithin the private key mode.

2 Maximality of affine group and CryptographyLet (Fq)

n be a vector space over the finite field Fq, where q is the primepower.

As it is usual in cryptography, we can apply a term plaintextto a stringof characters x = (x1, x2, . . . , xn) over the alphabet Fq. When working withmatrices, we shall consider vectors to be column vectors (although in thetext we shall continue use them as rows). We can consider x as a messagecontaining a certain information. If is some bijective transformation of(Fq)

n, then(x) is an encrypted message or a ciphertext.The natural choice for is a combination of some affine transformations

ai= Aix + bi,i = 1, . . . , k, whereAi is a square matrix andbi (Fq)

n

, withsome nonlinear transformationTof the vector space (Fq)n.

Let us consider the case ofFp, where p is a prime number. Affine trans-formations x Ax + b, whereA be an invertible matrix and b (Fq)

n forman affine group AGLn(Fp) of order p

n(pn 1)(pn p) . . . (pn pn1. Thisis a subgroup of the symmetric group Spn of order (p

n)!.

3


4/18

The following fact had been proven in [14].

Theorem 1. LetG a proper subgroup ofSpn containingAGLn(Fp). ThenG coincides withAGLn(p) orSpn.

Let us choose the nonlinear transformation T. The following statementfollows directly from the theorem

Corollary 2. Let T be a chosen nonaffine transformation of the vectorspace V = Fp

n. Then each bijective transformation T of the vector spaceV = (Fp)

n can be presented as a product of quantum transformationsQ(1, 2) =1T 2 where1 and2 are appropriate affine transformationsofV.

We recall the following well-known algebraic fact:

Theorem 3. Each transformation T of the vector space V = (Fp)n can

be treated as a polynomial map P : x y, where x = (x1, . . . , xn), y =(y1, . . . , yn), yi = Pi(x1, . . . , xn), i = 1, . . . , n for some polynomial expres-sionsPi in variablesxi over the finite fieldFp.

The following public key strategy can be derived naturally from thestatements above:

(A) Choose polynomial transformationP, which you can invert fast (forpolynomial number of steps f(n)), where degf(n) is small)

(B) select the family of affine transformations i, i = 1, . . . , m andquantum maps Qj =jP j, j = 1, . . . , l, where j, j

(C) compute the polynomial map Q= Q1Q2. . . Ql(composition ofQi),i.e get the formula y = Q(x) = (P1(x1, . . . xn), . . . , P n(x1, . . . , xn)), wherepolynomials Pi written in canonical form.

(D) keep transformationsQi, j and the decomposition ofQ into quan-tum maps Qi secret and give the list L of public equations Pi to you corre-spondentB .

Now, you correspondent can encrypt his/her messages to you by applyingQ to the plaintext, but the problem of decryption , i.e. computation ofinverse map Q1 can reach any level of complexity: you may obtain any

permutation from the symmetric group ofSpn as your expression Q.For you, the problem, of decryption can be feasible if lengthl is reason-

ably moderate. You can invert eachQi and apply them to the ciphertextin the reverse order with respect to the known decomposition ofQ in Qi.

Of course, we have no illusion to solve mathematically the great problemof cryptography on the existence of asymmetric function: corollary from the

4


5/18

theorem 1 does not contain any restrictions on the number l of quantum

transformations.But, it is reasonable to assume that even in case of polynomial length l

we are able to produce practically secure public keys. In fact, well knownImai-Matsumoto encryption scheme and its modifications by J. Patarin arerealisation of A-D in casel = 1. They are quantum transformations. Dou-ble round of these algorithms corresponds to the case ofl = 2. Of course, forany encryption (RSA, in particular) exists a presentation in the form A-D,but we have just theorem of existence without effective algorithms to con-struct a decomposition of given permutation into composition of quantumtransformations.

Remark 1. Substitution the field GF(q), where q = pj , p is a prime

number, instead ofFp in the scheme (A)-(D) does not led to more generalscheme, because of vector space (Fq)

d over the ground field Fq, is a vectorspace of dimension jd over Fp, but such a substitution can be useful inpractical applications. We can consider also a Kj , whereKis a commutativefield, instead of vector space Fp

j.Remark 2. Size of the family of stepB can be bounded by polynomial

expression in variable n, we may think that consist of some elementarytransvectionsti,j(1),i =j and diagonal matrices for which exactly one entryequals to fixed generator of of multiplicative group ofFp and other entriesequal 1, regular translations x x + ei, where ei is addition of 1 to xi. Onecan consider even smaller set of generators of Affine group.

To compare public polynomial maps of kindP = (P1, . . . , P n) in glanceone may look on the degrees of polynomialsPi(x1, x2, xn), or Grobner basisof the ideal generated by Pi. Like in case of RSA, heuristic arguments areuseful to convince public that problem of invertingP is hard.

3 Parallelotopic and Linguistic graphs as tools

for the encryption

In this subsection we will consider the parallelotopic graphs for which arcscan be identified naturally and effectively with words in a certain alphabet

Mwithout marking of edges. We can just paint the vertices of our graphfor this purpose.

We say [17], [21] that = (, M , ) is aparallelotopic graphover a finiteset M if we have a surjective function : V() M such that for everypair (v, m), v V(), m M, there is a unique neighbour u ofv satisfying(u) =m.

5


6/18

given vertex v, and any colour m, there exists exactly one neighbour u

ofv of colour m.Let be a parallelotopic graph. We shall treat its vertices as plaintexts.

So the set of vertices V() is the plainspace and cipherspace. Let N(t, v)be the operator taking the neighbour u with colour t of a vertex v of aparallelotopic graph . If (t1, t2, , tn), ti M is a tuple such that ti =ti+2, then (v, v1 =N(t1, v), v2 =N(t2, v1), , vn =N(tn, vn1)) is the arcof the graph which we can consider as an encoding arc for any chosenvertex v .

Let us refer to this tuple = (t1, , tn) over M as an encoding tuple.It is clear that1 = (tn1, , t1, c(v)) is the decoding tuple, because itcorresponds to the decoding arc.

We can modify this definition in case of bipartite graphs.Let be a bipartite graph with partition sets Pi, i = 1, 2. Let M be

a disjoint union of finite sets M1 and M2. We say that is a bipartiteparallelotopic graph over (M1, M2) if there exists a function : V() Msuch that ifp Pi, then(p) Mi and for every pair (p, j), p Pi, j Mi,there is a unique neighbour u with given (u) =j.

It is clear that the bipartite parallelotopic graph is a ( |M1|, |M2|) -biregular graph.

We refer also to the function in the definition of bipartite parallelotopicgraph also as a labelling. We will often omit the term bipartite , becauseall our graphs are bipartite.

LetMt be the Cartesian product oft copies of the set M.We say that the graph is a linguistic graph over the set M with pa-

rametersm, k,r, s if is a bipartite parallelotopic graph over (V1, V2), M1 =M

r, M2 =Ms

with the set of points I=Mm (inputs) and set of lines O = Mk (outputs).(i.e. Mm andMk are the partition sets of ). It is clear that m + r= k + s.

We use the term linguistic coding scheme for a pair (, n), where islinguistic graph andn < g is the length of encoding sequences.

We choose a bipartite graph in the definition above because regular treesare infinite bipartite graphs and many biregular finite graphs of high girth

can be obtained as their quotients (homomorphic images).For linguistic graphs our messages and coding tools are words over the

alphabet M and we can use the usual matching between real informationand vertices of our graph.

We use the term linguistic graph over GF(q) when we have a linguisticgraph with alphabet M = GF(q) and the set of neighbours of any vertex

6


7/18

v is an algebraic manifold over GF(q), i.e. is the totality of solutions of a

certain system of polynomial equations. Here,our messages (plaintexts or ciphertexts) and encryption tools (pass-

words) are tuples over GF(q).The following construction proves the existence of linguistic graphs,

shows that there are many of them on 2qn vertices, where q is arbitraryprime power and n is arbitrary positive integer.

LetP and L be two n-dimensional vector spaces over GF(q). ElementsofP will be called points and those ofL lines. To distinguish points fromlines we use parentheses and brackets: Ifx V, then (x) P and [x] L.It will also be advantageous to chose two fixed bases and write:

(p) = (p1, . . . , pn)

[l] = [l1, . . . , ln]

We now define an incidence structure (P,L ,I) as follows. We say thepoint (p) is incident with the line [l], and we write (p)I[l], if the followingrelations between their coordinates hold:

a2l2 b2p2= P2(l1, p1)

. . .

aili bipi= Pi(l1, . . . , li1, p1, . . . , li1) (1)

. . .

anln bnpn= Pn(l1, . . . ln1, p1, . . . , pn1)

4 Hidden linguistic graphs system, hidden walks

systems

.

LetFq, q >2 be the finite field, where qis a prime power.Alice shall be using the hidden graph scheme based on the family of

linguistic graphs Ln(q) with the operators Nc(v) to take the neighbour u ofvertex v such that c is the colour ofu.

LetI1(x1, . . . , xn), . . . , I k(x1, . . . , xn) are some invariants of graphLn(q).It means that vertices v and u are within same connected component of

7


8/18

Is(v) = Is(u) for all possible values of s. We shall assume that Is, s =

1, 2, . . . , nare polynomial expressions in n variables over the field Fq.Remark. The number of chosen invariants can be zero, like in case of

connected graph.We shall consider the case of a bipartite graphs Ln(q), but one can

modify easily the procedure below on the case of general linguistic graphs.As in previous section the plaintext and the ciphertext are n-tuples over

Fq, q > 2 and we identify them with points (or lines) of the graph Ln(q).Alice shall choose to keep her graph secret. We may assume that the numberof nonisomorphic bipartite linguistic graphs on qn points and qn lines isgrowing with n. Thus the cryptoanalist (Catherina) does not know theoperator Nc(v).

In transforming plaintext into ciphertext Alice shall work with two inter-mediate vectors denoted u = (u1, . . . , un) Fq

n and v = (v1, . . . , vn) Fqn.

First, Alice choose thesymbolic keyk = (P1, . . . , P t), wherePi= Pi(x1, . . . xk)are polynomials from Fq[x1, . . . , xk] of degree 0 such that Pi = Pi+2,i= 0, . . . , t 2.

REMARK: If we are working without graph invariants I1, . . . , I k, thenP1, . . . , P t are constants from Fq. We shall use term constant password inthis case.

In addition, Alice chooses two secret affine transformations, i.e. twoinvertible matrices A= (aij), 1 i, j n and B = (bi,j), 1 i, j n withentries in Fq and the constant vectors c = (c1, . . . , cn) and d = (d1, . . . , dn).

The purpose of the two affine transformations is to hide the graph andto hide the walk on the hidden graph. First, she sets u = A x + c

Second, Alice takes the plaintext (x1, . . . , xn) and computes thenumeri-cal passwordK = (K1, . . . , K t), whereKs = Ps(I1(u1, . . . un), . . . , I k(u1, . . . , un)).

Next, she would like to have v Fqn simply equal to the

v =N(u), where N(u) =NKt+c(u)(NKt1(. . . N K2(NK1(u))) . . . ).Finally, Alice sets y = B1(v d) (that is v =By + d).However, her public encryption rule will go right from x to y and shall

not include the transformations NKi at all. The main part of computationof public rule is computation of the polynomial map T : u v can bedone with Maple, Matematica or other software package for symbolic

computations. After, Alice will combineTwith two affine transformationsand get a formula

y = (F1(x1, . . . , xn), . . . , F n(x1, . . . , xn),whereFi(x1, . . . , xn) are polynomials in n variables written in expanded

form, i.e. as the sums of monomials of kindx1i1 . . . xn

in with the coeficientsfromFq. Alice makes polynomial equations yi= Fi(x1, . . . , xn) public.

8


9/18

Again, like in Imai-Matsumoto scheme, if Bob wants to send her a plain-

text message x, he just substitutes xi in the public equations and finds yi.On the other hand Catherine, who knows only the ciphertext and the publickey must solve a nonlinear system for the unknowns xi.

When Alice receives the ciphertext y, she uses her knowledge ofA, B, c, d,graphLn(q) and the prepassword.

Namely, she shall compute v = By + d. Next, Alice shall compute thecomponents of numerical password: Ki= Pi(v1, . . . , vn) because u and v arein the same component of the graph.

The inverse to the mapN : u v is N1(v) =Nc(v)Kt(NK1(NK2(. . . (Nt1(U) . . . )because ofKt+c(u) =c(v). Thus Alice shall use iterative process to com-pute u =N1(v).

Finaly, she computes the plaintext x = A1 (u c).GENERALIZATION. LetFq be an extension ofFq . ThenFq be a vector

space over Fq . We shall choose a basis of this vector space and considereach vertex of the linguistic graph as a tuple overFq . So points (lines) formthe n m -dimensional vector space V, where m = |Fq :Fq| is the numberof basic elements. It is allow us to take affine transformationsAx + c andBx+d ofV, where entries of matrices and vectors are elements inFq insteadof those with entries in Fq. The most important case is q

=p, q= pn, p isprime like in Irai-Matsumoto scheme.

PRIVATE KEY ALGORITHMS.In case of sparse linguistic graphs, i. e. graphs such that polynomials

determine formula for the neighbour of given vertex, graphs invariant, sym-bolic key contains small number of monomials, and matrices A and B aresparse (small number of entries = 0) we can use the encryption above as aprivate key algorithm. In that case Alice and Bob both have the informationabout graph, chosen graph invariants, symbolic key and two affine transfor-mation. In the best case of sparse graph encryption (and decryption) canbe done for thelO(n) time, where l is the length of the symbolic key and nis the length of the ciphertext.

The advantage of such method comparing with linear encryption or someother private key algorithms is that such encryption can be resistant toattacks when adversary (Catherine) has several pairs (plaintext, ciphertext)

and trying to get the key. We shall assume that matrices A and B togetherwith sparse vectorsc and d and symbolic key form the password. Catherineknows the graph, chosen graph invariants, the general scheme of encryption.So she is trying to restore the symbolic key and control the communicationbetween Alice and Bob.

Practically, private key algorithms serves for the encryption of suffi-

9


10/18

ciently large texts. Thus we have to use rather small passwords. -We may

assume that the size of password, i. e. number of monomials in symbolickey together with the number of nonzero entries inA, B,c and d is constantor linear function an +b where a


11/18

(P1) two different passwords of length l produce different ciphertexts

Let G be a linguistic graph over the extension Fq of the finite fieldFq and we are combining the graphical encryption procedure with twoaffine transformations over Fq (see, the end of previous section). Thenthe property (P1) is still in place, because our affine transformations arebijections.

Let us consider the case when chosen affine transformations are mutuallyinvert each other. Then we have the following nice property

(P2) the plaintext and ciphertext are always different.

Proof. In case of just graphical encryption this property holds because ofabsence cycles of the length 2l, i. e. permutation does not have invariant

points. The same property is valid for transformations which are conjugatewith .

RemarkLet L be the bipartite linguistic graph of high girth and bea graphical encryption corresponding to the pass of the odd length. Thenproperty P2 is immaterial because points and lines are formally differentvectors but as tuples overFq they may coinside. Anyway there are examplesof such encryption scheme with the property (P2), in particular, graphsD(k, q), k is odd below.

Let us bound the complexity of the decryption in case when our graphLn(q) is public and the length of the password is l :

(i) the plaintext x and the ciphertext y are at the distance l,(ii) we can identify the totality of all vertices at a distance l k/2 with

the subgraph inq-regular tree,(iii) the decryption is equivalent to finding the pass between y and x,

two vertices ofq-regular tree at the distance l can be estimated by

q(q 1)l1CN(n) (4)

, whereC N(n) is the complexity of the operation of taking neighbour inthe graphLn(q).

For the encryption of potentially infinite plaintext we shall use aninfinite family of graphs F = {Lni(q)}, i = 1, . . . , of increasing girth,

order andC N(ni) is a complexity of taking neighbour for Lni . Let us makesimple suggestion thatC N(ni)< CN(ni+1).

Then the complexity of decryption is increasing with increasing of thelength of password or increasing of the size of the plaintext. If we choose las a linear function l = an+b, from the length of the plaintext n then ourbound above getting exponential. Such a choice of l is possible if there is a

11


12/18

linear fromn lower bound for the girth of graphs from F, i. e. F is afamily

of graphs of large girthLet us suppose now that the graph is unknown and somebody trying to

decrypt text by solving public equations yi= P(x1, . . . , xn) forxi. This taskis a classical hard problem of algebra. The system above can be investigatedfor dO(n

2) steps, where d= d(l) is the maximal degree of polynomials. Wecan do better (d(l)Cn) if we know that the system is consistent. If l is adepending fromn then this bound is much worse that(4).

If you have a family of polynomial linguistic graph of bounded degree,you may choose the dimensionnsuch that your correspondent could encryptbut could not decrypt and use graph encryption in public key fashion,because we should use the gap between computations of polynomial in given

point and investigation of given system of equations.If we shall conjugate Lni- encryption by hidden affine transformation

T then complexity of decryption is not decreasing, the problem is gettingharder.

Let us assume that Fis a family of triangular graphs over Fq, such thatLni+1 is defined by just adding last ni+1 ni equations to the equations forLni. If girth of graphs fromF is unbounded, then natural projective limitof graphs from F is the q-regular tree. In that class of graphs we can findan infinite families of graphs of large girth.

Explicit example here is the family of graphs D(k, q) [7], [8], [9].Let q be a prime power, and let P and L be two countable infinite

dimensional vector spaces over GF(q). Elements ofP will be called pointsand those ofLlines. To distinguish points from lines we use parentheses andbrackets: Ifx V, then (x) P and [x] L. It will also be advantageousto adopt the notation for co-ordinates of points and lines introduced in [7]:

(p) = (p1, p11, p12, p21, p22, p

22, p23, . . . , pii, p

ii, pi,i+1, pi+1,i, . . .),

[l] = [l1, l11, l12, l21, l22, l

22, l23, . . . , lii, l

ii, li,i+1, li+1,i, . . .).

We now define an incidence structure (P,L ,I) as follows. We say thepoint (p) is incident with the line [l], and we write (p)I[l], if the following

relations between their co-ordinates hold:

l11p11= l1p1

l12p12= l11p1

l21p21= l1p11 ((5))

12


13/18

liipii= l1pi1,i

liip

ii= li,i1p1

li,i+1pi,i+1 = liip1

li+1,ipi+1,i= l1p

ii

(The last four relations are defined for i 2.) This incidence structure

(P,L ,I) we denote asD(q). We speak now of theincidence graphof (P,L ,I),which has the vertex set P L and edge set consisting of all pairs {(p), [l]}for which (p)I[l].

For each positive integerk 2 we obtain an incidence structure (Pk, Lk, Ik)as follows. First, Pk and Lk are obtained from P and L, respectively, by

simply projecting each vector onto its k initial coordinates. The incidenceIk is then defined by imposing the first k1 incidence relations and ignoringall others. For fixedq, the incidence graph corresponding to the structure(Pk, Lk, Ik) is denoted by D(k, q).

Looking at equations 7.1 we can see that D(k, q) are linguistic graphs oftriangular type over Fq.

Proposition 4. [8] Let q be a prime power, and k 2. Then for odd k,g(D(k, q)) k+ 5

Graphs D(k, q), k 2 form first infinite family of linguistic graphs ofunbounded girth.Let us consider graph invariants for D(k, q).To facilitate notation in future results, it will be convenient for us to

define p1,0 = l0,1 = p1,0 = l0,1 = 0, p0,0 = l0,0 = 1, p

0,0 = l

0,0 = 1,p0,1= p2, l1,0= l1, l

1,1= l1,1, p

1,1= p1,1, and to rewrite (5) in the form :

liipii= l1pi1,i

liip

ii= li,i1p1

li,i+1pi,i+1 = liip1

li+1,ipi+1,i= l1p

ii

fori = 0, 1, 2, . . .Notice that for i = 0, the four conditions (5) are satisfied by every

point and line, and, for i = 1, the first two equations coincide and givel1,1p1,1= l1p1.

13


14/18

Letk 6, t= [(k+2)/4], and letu= (ui, u11, , utt, u

tt, ut,t+1, ut+1,t, )

be a vertex ofD(k, q). (It does not matter whether u is a point or a line).For every r , 2 r t, let

ar = ar(u) =

i=0,m

(uiiu

ri,ri ui,i+1uri,ri1),

and a = a(u) = (a2, a3, , at). (Here we definep0,1 = l0,1 = p1,0 = l0,1 = 0, p00 = l00 = 1, p0,1 = p1, l1,0 = l1,

l11= l11, p

1,1= p1,1).In [9], [10], the following statement was proved.

Proposition 5. . Let u and v be vertices from the same component ofD(k, q). Then a(u) = a(v). Moreover, for any t 1 field elements xi

GF(q), 2 t [(k+ 2)/4], there exists a vertexv ofD(k, q) for whicha(v) = (x2, . . . , xt) = (x).

So, Alice may choose symbolic password formed by polynomials Pi(z1, . . . , zt1), i=1, . . . , land work with the numerical password formed byPi(a2(x1, . . . , xk), . . . , at(x1, . . . , xk)),where (x1, . . . , xk) is the plaintext, which is the point (line) of D(k, q).Choice of the type of plaintext (point or line), leeds to different encryp-tion procedures.

Looking at the equations ofD(k, q) we can see that the complexity of op-eration to take the neighbour of chosen colour is O(n). Thus the complexityof operation to encrypt (or decrypt) for Alice shall be O(nl).

We realise such encryption by computer program written in Java, thefollowing table demonstrates its speed as function in variables l andn.

Other option is to work with the connected component of D(k, q) anduse constant password.

If you have a family of polynomial linguistic graph of bounded degree,you may choose the dimension n such that your correspondent could

encrypt but could not decrypt and use graph encryption in public keyfashion, because we should use the gap between computations of polynomialin given point and investigation of given system of equations.

5.1 Toy example-exercise

The purpose of this example is to demonstrate the encryption scheme ofsection 3 involving graphs D(k, q). We illustrate the mechanical operationsof cryptosystem, but its parameters are too small to give a serious security.

1)The linguistic graph D(14, 127)It is convenient to write points (p) and lines [l] in the following form(p) = (p1, p11, p12, p21, p22, p22, p23, p32, p33, p

33, p34, p43, p44, p

44)

14


15/18

[l] = [l1, l11, l12, l21, l22, l

22, l23, l32, l33, l

33, l34, l43, l44, l

44]

The co-ordinatesp1 and l1 are colours of point (p) and line [l], respec-tively.

The girth of the graph D(14, 127) is 19. Thus we have advantages ofgraphs of high girth if the length of the password is 9.

The graph D(k, q) is defined by the first 14 equations of (5). Thus theoperators to take neighbour of point (p) of the colour l1 and neighbour ofline [l] of the colour p1 can be written in the form

Nl1((p)) = [l] = [l1, p1+ l1p1, p12+ p1l11, p21+ l1p11, p22+ l1p12, p

22 +p1l21, p23+p1l22, p32+l1p

22, p33+l1p23, p

33+p1l32, p34+p1l33, p43+l1p

33, p44+L1p34, p44+p1l43]

Np1([l]) = (p) = (p1, p11 l1p1, p12 l1p11, p21 l1p11, p22 l1p12, p

22

l21p1, p23p1l22, p32l1p22, p33l1p23, p33p1l32, p34p1l22p43l1p33, p44l1p34, p44p1l43)

We have to compute co-ordinates of the (p) and [l] in natural order byiterative process.

The following graph invariants a2(u), a3(u), a4(u), where tuple u = can be point ot line, determine the connected componentsofD(k, q).

a2(u) = ((u

22 u21u01) + (u11u

11 u12u10) u22)a3(u) = ((u

33u01u32) + (u11u

22u12u21) + (u22u

11u23u10)u33),a4(u) = (u

44u01u43) + (u11u

33u12u32) + (u22u

22u23u21) + (u33u

11u34u10) u44)

2) The symbolic keyLet us take the following symbolic key with linear components (z1 + z2 +

z3+ 1, z1+ z2+ 2, z1+ z3+ 3, z2+ z3+ 4, z1+ 5, z2+ 6, z3+ 7, z1 z2 z3+8, z2 z1 z3+ 9)

3) The affine transformationsLet us choose A= (aij), where aij = 1 is a nonzero entry iffi j 4,

B = A1, c = (1, 2, 1, 0, . . . , 0), d =Bc.4) Choice of typeLet us assume that the plaintext (x) is the point.The information 1)- 4) allow us to determine public key encryption

scheme.

you compute x =Ax+c, where x = (x1, . . . , x44) is the symbolicplaintext

you can compute the numerical password np(u) for the symbolicplaintext u with the Maple or Matematica by the substitution, ai(u)instead ofzi into the formula for the symbolic key.

15


16/18

you have to make a substitution of x instead of u and get np =

np(x). consecutive application of operators Nl1(p) and Np1(l) allow you

to compute v = xnp(x).

you are computing the expressionBv+d = P(x) = (P1(x), . . . , P

44(x)).< 6 > finally you can get your public expression P127(x) by taking all

integer coefficients mod127Try to invert the public polynomial map directly by the symbolic pro-

gram in Maple or Matematica.You may repeat the exercise above with the constant password (1, 2, 3, 4, 5, 6, 7, 8, 9).

References[1] N.L. Biggs, Graphs with large girth, Ars Combinatoria, 25C (1988),

7380.

[2] B. Bollobas,Extremal Graph Theory, Academic Press, 1978.

[3] Neal Coblitz,A Course in Number Theory and Cryptography, SecondEdition, Springer, 1994, 237 p.

[4] Neal Coblitz,Algebraic Aspects of Cryptography, Springer, 1998, 198 p.

[5] W. Imrich, Explicit construction of graphs without small cycles, Com-binatorica 2 (1984) 5359.

[6] Imai, Matsumoto,Public quadratic polynomial tuples for efficient sig-nature verification and message encryption, Advances in Cryptology,Eurocrypt 88, Springer Verlag, 419-453.

[7] F. Lazebnik and V. Ustimenko,Some Algebraic Constructions of DenseGraphs of Large Girth and of Large Size, DIMACS series in DiscreteMathematics and Theoretical Computer Science, V. 10 (1993), 75-93.

[8] F. Lazebnik F. and V. Ustimenko,Explicit construction of graphs withan arbitrary large girth and of large size, Discrete Appl. Math. , 60,(1995), 275 - 284.

[9] F. Lazebnik, V. A. Ustimenko and A. J. Woldar,A New Series of DenseGraphs of High Girth, Bull (New Series) of AMS, v.32, N1, (1995), 73-79.

16


17/18

[10] F. Lazebnik, V. A. Ustimenko and A. J. Woldar, A characterization

of the components of the graphs D(k, q), Discrete Mathematics, 157(1996), 271-283.

[11] A. Lubotsky, R. Philips, P. Sarnak,Ramanujan graphs, J. Comb. The-ory., 115, N 2., (1989), 62-89.

[12] G. A. Margulis,Explicit construction of graphs without short cycles andlow density codes, Combinatorica, 2, (1982), 71-78.

[13] G. Margulis, Explicit constructions of concentrators, Probl. of Inform.Transm., 10, (1975), 325-332.

[14] B. Mortimer,Permutation groups containing affine group of the samedegree, J. London Math. Soc., v. 15, N3, 445-455.

[15] J. Patarin, Cryptoanalysis of the Matsumoto and Imai public keyscheme of the Eurocrypt 88, Advances in Cryptology, Eurocrypt 96,Springer Verlag, 43-56.

[16] V. A. Ustimenko, Random walks on special graphs and Cryptography,Amer. Math. Soc. Meeting, Loisville, March, 1988.

[17] V. A. Ustimenko, Coordinatization of regular tree and its quotients,In the volume Voronois Impact in Modern Science: ( Proceedings

of Memorial Voronoi Conference, Kiev, 1998), Kiev, IM AN Ukraine,July, 1998, pp. 125 - 152.

[18] V. Ustimenko, D. Sharma,Special Graphs in Cryptographyin Proceed-ings of 2000 International Workshop on Practice and Theory in PublicKey Cryptography (PKC 2000), Melbourne, December 1.

[19] V. Ustimenko and D. Sharma, CRYPTIM: The system to encrypt textand image data, in Proceedings of International ICSC congress on In-telligent Systems and Applications, December 2000, University of Wol-longong, 14 pp.

[20] V. Ustimenko,CRYPTIM: Graphs as Tools for Symmetric Encryption,in Lecture Notes in Computer Science, Springer, v. 2227, 278-287.

[21] V. Ustimenko,Graphs with Special Arcs and Cryptography, Acta Ap-plicandae Mathematicae, 2002, vol. 74, N2, 117-153.

17


18/18

[22] V. Ustimenko, A. Woldar, Extremal properties of regular and affine

generalised polygons of tactical configurations, 2003, European Journalof Combinatorics, 2003, v. 24 , 99-111.

[23] V. Ustimenko, Yu. Khmelevsky,Walks on graphs as symmetric and as-symetric tools for encryption, South Pacific Journal of Natural Studies,2002, vol. 20, 23-41.

[24] A. Touzene, V. Ustimenko Graph Based Private Key Crypto System,International Journal on Computer Research, Nova Science Publisher,volume 13 (2006), issue 4.

[25] V. Ustimenko, Linguistic Dynamical Systems, Graphs of Large Girth

and Cryptography, Journal of Mathematical Sciences, Springer, vol.140,N3 (2007) pp. 412-434.

[26] V. Ustimenko,On the graph based cryptography and symbolic compu-tations, Serdica Journal of Computing, Proceedings of the 12th Inter-national Conference on Applications of Computer Algebra, ACA 20062006, Varna, Bulgaria (to appear).

[27] V. Ustimenko, On the extremal graph theory for directed graphs andits cryptographical applicationsAdvances in Coding Theory and Cryp-tology, Series on Coding Theory and Cryptology, 2, World ScientificPublishing Co. Pte. Ltd., Hackensack, NJ, 2007. x+250 pp. Editors: T.Shaska, W. C. Huffman, D. Joyner, V. Ustimenko (to appear).

[28] A. L. Weiss, Girth of bipartite sextet graphs, Combinatorika, 4 (2-3)1984, 241-245.

18

v.ustimenko

Documents