Generation of high order primitive elements for post-quantum key exchange protocol

Richard Megrelishvili Melkisadeg Avtandil Gagnidze Maksim Iavich Giorgi Iashvili Math dept. Tbilisi State Jinjikhadze Faculty of management. School of technology. School of technology. University Math dept. Akaki Bank of Georgia Caucasus University Caucasus University Tbilisi, Georgia Tsereteli State University Tbilisi, Georgia Tbilisi, Georgia [email protected] University Tbilisi, Georgia [email protected] [email protected] Kutaisi, Georgia [email protected] [email protected]

Abstract— Active work is performed to create quantum Public-key cryptography is used in different products, on computers. Quantum computers can break existing public key different platforms and in various fields. Many commercial cryptography. So they can break Diffie-Hellman key exchange products use public-key cryptography, the number of which is protocol. Matrix algorithms of key exchange can be considered as the actively growing. Public-key cryptography is also widely used alternative to Diffie-Hellman key exchange protocol. in operating systems from Microsoft, Apple, Sun, and Novell. The improved method of key-exchange protocol is offered in the It is used in secure phones, Ethernet, network cards, smart article. The method deals with the original matrix one-way function cards, and it is widely used in cryptographic hardware. Public- and the generalized method of processing the corresponding high order key technology is used in protected Internet communications, matrix multiplicative finite commutative group. such as S / MIME, SSL and S / WAN. It is used in government, banks, most corporations, different laboratories and educational The general method of the insertion-enlarging method of building organizations. Breaking existing public-key crypto-systems the primitive elements of the is derived from elements of the will cause complete chaos [1,2]. matrix groups with different power. Public-key crypto systems, resistant to quantum attacks, are The article describes the results that give us the prospect of developed. But nowadays successful attacks are recorded on generating the high order multiplicative Abelian matrix groups and of these systems [3,4]. creating key-exchange protocol, resistant to quantum computers attacks by means of this groups. II. ONE-WAY MATRIX FUNCTION One of the modifications of Diffie-Hellman's well-known Keywords— Matrix One-way Function, Abelian , method of cryptographic key exchange is the matrix algorithms Asymmetric Cryptography, High order finite matrix Field, Primitive Matrix Element, quantum computers, post-quantum cryptography. of the exchange, the basis for which is the high order cyclic multiplicative matrix groups in the GF (2) field.

Suppose that the P matrix is a primitive element of a cyclic I. INTRODUCTION matrix group. While (P) is a multiplicative group formed by this Scientists and experts are actively working on the creation of matrix, with the power 2푛 − 1, where n is the size of the square quantum computers. GOOGLE Corporation, NASA the matrix. association USRA (Universities Space Research Association The matrix algorithm for general key development is the and D-Wave teamed-up to develop quantum processors. following: Quantum computers can break existing public-key crypto systems. Quantum computer solves the discrete logarithm  The sender sends to the receiving party via the open problem both for finite fields and elliptic curves. Being able to channel 푢1 = 푣푃1 vector, where 푃1 ∈ 〈푃〉 is the secret matrix, calculate efficiently discrete logarithms, it can break Diffie- Hellman key exchange protocol. selected by the sender, and 푣 ∈ 푉푛 is commonly known (푉푛 – is Quantum computer also solves the factorization problem, so it vector space on 퐺퐹(2) field); can easily break RSA cryptosystem.  The receiving party chooses 푃2 ∈ 〈푃〉 to send a secret

matrix and sends to the sender 푢2 = 푣푃2 vector; © 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0)

48

 Sender calculates 푘1 = 푢2푃1 vector; The polynomial coefficients generated by the above structure,

 Receiver calculates 푘2 = 푢1푃2 푣, where 푘1 and 푘2 – are known as the Serpinsky triangle. Serpinsky's structure are secret keys. contains a number of sub-structures, that can be used as a generator (generating matrix) for multiplication groups, i.e.

It is evident, thar 푘1 = 푘2 = 푘, because 푘 = 푣푃1푃2 = 푣푃2푃1, primitive elements. For example, while 〈푃〉 is a commutative group. Let 푣 = 1 1 1 1 1 1 1 1 1 0 0 0 0 (푣 , 푣 , 푣 , ⋯ , 푣 ) ∈ 푉 and 푢 = (푢 , 푢 , 푢 , ⋯ , 푢 ) ∈ 푉 are 1 2 3 푛 푛 1 2 3 푛 푛 푃3 = (1 0 0), 푃5 = 1 1 0 0 0 , non-secret vectors from the above mentioned algorithm and 1 1 0 1 0 1 0 0 (1 1 1 1 0) 푎11 ⋯ 푎1푛 1 1 1 1 1 1 1 푃1 = ( ⋮ ⋱ ⋮ ) ∈ 〈푃〉 푎푛1 … 푎푛푛 1 0 0 0 0 0 0 1 1 0 0 0 0 0 is the secret matrix. Then, according to the algorithm: 푃7 = 1 0 1 0 0 0 0 (2) 1 1 1 1 0 0 0 푢 푣1푎11 + 푣2푎21 + ⋯ + 푣푛푎푛1 1 1 0 1 0 1 0 0 푣 푎 + 푣 푎 + ⋯ + 푣 푎 푢 1 12 2 22 푛 푛2 2 (1) (1 1 1 1 1 1 0) 푣푃1 = ( ⋮ ) = ( ⋮ ) 푣1푎푛1 + 푣2푎푛2 + ⋯ + 푣3푎푛3 푢푛

Many others examples can be provided. Their natural powers The number of variables in the system of linear equations is the form the Abelian multiplicative cyclic group. square of the number of equations. Generally, solutions in such cases are not uniquely defined, and the system has infinitely many solutions. However, because we deal with a special types It’s easy to see that natural powers of matrices 푃3 , 푃5 , 푃7 푘 푘 푘 푘 of matrices, the solution is defined uniquely. In addition, it is 푃3 , 푃5 , 푃7 , 푘 = 1,2, … , 2 − 1 (3) obvious that the solution of the system is very time consuming and is practically impossible in real time if the size of the matrix Form the Abelian multiplicative cyclic group: is large enough. 1 1 1 1 0 1 0 0 1 1 1 0 1 2 3 4 푃3 = (1 0 0) , 푃3 = (1 1 1), 푃3 = (1 0 1) , 푃3 = (0 0 1), 1 1 0 0 1 1 0 1 0 1 0 0 All this makes it necessary to generate high order Abelian 0 1 1 0 1 0 1 0 0 5 6 7 0 multiplication matrix group, whose primitive element will be a 푃3 = (1 1 0) , 푃3 = (0 1 1), 푃3 = 푃3 = (0 1 0) high order quadratic matrix. 1 1 1 1 0 1 0 0 1 (4) Therefore we derived the insertion-enlargement method of second order enlargement of the basic structure of P3 [5]. III. FINITE MATRIX GROUPS 푗 Let's consider (1 + 훼) , where 푗 = 0, 1, 2, ⋯, and α represents Let’s keep the structure of the matrix 푃3 and enlarge it by the root of primitive polynomial in the 퐺퐹(2푛) field with the elements of the (4) as following [5]: module 푝(푥). 푖 푗 푗 푃3 푃3 푃3 푗 푃32(푖, 푗) = (푃 0 0 ), where i,j=0..6. (5) 0 3 (1 + 훼) = 1 1 푗 푗 푃3 푃3 0 (1 + 훼)1 = 1 + 훼 11 푖 푗 푃3 matrix is called a basic structure and let’s call 푃3 and 푃3 (1 + 훼)2 = 1 + 훼2 101 matrices the first and the second enlarged matrice and 푃 2(푖, 푗) (1 + 훼)3 = 1 + 훼 + 훼2 + 훼3 1111 3 matrix let’s call the second order (풊, 풋) enlargement of 푃3. (1 + 훼)4 = 1 + 훼4 10001

(1 + 훼)5 = 1 + 훼 + 훼4 + 훼5 110011

49

푘 3 The set 푃3 , 푘 = 1,2, … , 2 − 1 is called the primary group for It is easy to check that 푃5 is a primitive element. It means 푘 5 퐹(푃32(푖, 푖 + 1)) group. that 푃5 , 푘 = 1,2, … , 2 − 1 is a finite Abelian multiplicative We have proved the following statement: group. 0 1 Any second order (푖, 푖 + 1) enlargement of 푃3 푃32(푖, 푖 + 1) , Consider basic structure 푃3 and enlarge it by 푃5 and 푃5 푖 = 0. .5, is a primitive element and forms a finite Abelian matrices. 32 There exist such enlargements of 푃 matrix by 푃0 and 푃1 multiplicative group 퐹(푃32(푖, 푖 + 1)) with power 2 – 1. 3 5 5 matrices, that are primitive elements. For example: For example, the matrix 푃32(0,1) is primitive, and the matrix 1 1 22∙3 +23 +1 [푃32(0,1)] is diagonal matrix: 푃1 푃1 푃1 푃1 푃1 푃1 푃3 0 0 5 5 5 5 5 5 1 1 3 1 1 22∙3 +23 +1 3 (푃5 0 0 ) , (푃5 0 0 ) (9) [푃32(0,1)] =( 0 푃3 0 ) (6) 0 1 1 0 3 푃5 푃5 0 푃5 푃5 0 0 0 푃3

1 1 푖 22∙3 +23 +1 All powers ([푃32(0,1)] ) , 푖 = 1,2, … of the matrices are primitive elemenents. Therefore the set 0 1 diagonal matrix are also diagonal and because of the set 퐹(푃3×51(푃5 , 푃5 )) is a finite Abelian multiplicative group. 31 퐹(푃32(0,1)) are a finite group, when 푖 = 2 − 1, so we see: It is easy to check that 푃2 0 0 1 1 5 0 1 22∙5 +25 +1 2 (푃3)푖 0 0 [푃3×51(푃5 , 푃5 )] = ( 0 푃5 0 ) (10) 2 2 푖 3 22∙3 +23 +1 3 푖 2 ([푃32 (0,1)] ) = ( 0 (푃3 ) 0 ) = 0 0 푃5 0 0 (푃3)푖 3 is a diagonal matrix. With the analogy to (7) we see that 3 푖 3푖 푚표푑 푖 (푃3 ) 0 0 푃3 0 0 3 푖 3푖 푚표푑 푖 1 1 푖 ( 0 (푃3 ) 0 ) = ( 0 푃3 0 ) (7) 0 1 22∙5 +25 +1 3 푖 3푖 푚표푑 푖 ([푃3×51(푃5 , 푃5 )] ) , 푖 = 1,2, … matrices are 0 0 (푃3 ) 0 0 푃3 1 diagonal, and when 푖 = 25 − 1, we see 2푖 푚표푑 푖 As we perform the matrix operations correspondig to the 푃5 0 0 2푖 푚표푑 푖 module of the primary group, the matrix (7) is the identity ( 0 푃5 0 ) (11) 2푖 푚표푑 푖 0 0 푃5 matrix. That means, that the set 퐹(푃32(0,1)) is a finite group.

Note that we can consider any element of (4) as the basic 0 the identity matrix. That means, that the set structure. There exist the enlargement of this element using 푃3 0 1 1 퐹(푃3×51(푃5 , 푃5 )) is a finite Abelian multiplicative group with and 푃3 matrices, that is primitive. 1 For example, following enlargements are primitive: power of 23×5 − 1.

1 1 1 0 1 푖 푃3 푃3 0 푃3 0 푃3 0 푃3 0 Consider now enlargements of order k=2 푃5 , 푖 = ( 0 0 푃1) , (푃1 푃1 푃1) , ( 0 푃1 푃1) (8) 3 3 3 3 3 3 5 0 1 1 0 1 1,2, … , 2 − 1 of the primitive element 푃 using elements 푃3 0 0 0 푃3 푃3 푃3 0 푃3 5 0 1 푃5푘(푃5 , 푃5 ), 푘 = 2. There exist such enlargements, that form a primitive matrix. For example: 1 1 1 1 0 Consider higher order sub-structures of the Serpinsky 푃5 푃5 푃5 푃5 푃5 1 triangle: 푃5 0 0 0 0 0 1 1 1 푃 푘(푃 , 푃 ) = 푃 푃 0 0 0 , 푘 = 2 1 1 1 1 1 5 5 5 5 5 푃1 0 푃1 0 0 1 0 0 0 0 5 5 (푃1 푃1 푃1 푃1 0 ) 푃5 = 1 1 0 0 0 5 5 5 5 1 0 1 0 0 (12) (1 1 1 1 0)

50

Using the software developed by us, it could be seen that CONCLUSIONS 푖 0 1 The results, described above, give us the prospect of generating the matrix (푃5푘(푃5 , 푃5 )) , where the high order multiplicative Abelian matrix groups and of the 4∙5푘−1 3∙5푘−1 2∙5푘−1 5푘−1 푖 = 2 + 2 + 2 + 2 + 1, 푘 = 2 is a creating key-exchange protocol, resistant to quantum diagonal matrix: computers attacks. 푘−1 푘−1 푘−1 푘−1 24∙5 +23∙5 +22∙5 +25 +1 0 1 (푃5푘(푃5 , 푃5 )) CKNOWLEDGMENT 4 A 푃5 0 0 0 0 4 The Work Was Conducted as a Part of Research Grant of Joint 0 푃5 0 0 0 = 0 0 푃4 0 0 Project of Shota Rustaveli National Science Foundation and 5 4 0 0 0 푃5 0 Science & Technology Center in Ukraine [№ STCU-2016-08] 4 ( 0 0 0 0 푃5 )

REFERENCES 푖×푗 0 1 All powers (푃5푘(푃5 , 푃5 )) , are diagonal matrices with

푖 5 [1]. Gagnidze A.G., Iavich M.P., Iashvili G.U., Analysis of Post elements 푃5 , 푖 = 1,2, … , 2 − 1 from primary group on Quantum Cryptography use in Practice, Bulletin of the Georgian 푘−1 diagonal. When 푗 = 23 − 1, we have the identity matrix: National Academy of Sciences, vol. 11, no. 2, 2017, p.29-36 [2]. Song F. (2014) A Note on Quantum Security for Post-Quantum Cryptography. In: Mosca M. (eds) Post-Quantum Cryptography. PQCrypto 2014. Lecture Notes in Computer Science, vol 8772. Springer, Cham [3]. Antonio Acín, Nicolas Brunner, Nicolas Gisin, Serge Massar, 푃4푗 푚표푑 푗 0 0 0 0 5 Stefano Pironio, and Valerio Scarani Phys. Rev. Lett. 98, 230501 – 4푗 푚표푑 푗 0 푃5 0 0 0 Published 4 June 2007 4푗 푚표푑 푗 [4]. 1. Dinh H., Moore C., Russell A. (2011) McEliece and Niederreiter 0 0 푃5 0 0 4푗 푚표푑 푗 Cryptosystems That Resist Quantum Fourier Sampling Attacks. In: 0 0 0 푃5 0 Rogaway P. (eds) Advances in Cryptology – CRYPTO 2011. 4푗 푚표푑 푗 ( 0 0 0 0 푃5 ) CRYPTO 2011. Lecture Notes in Computer Science, vol 6841. Springer, Berlin, Heidelberg 0 푃5 0 0 0 0 [5]. 5. R. Megrelishvili, M. Jinjikhadze, M. Iavich, A. Gagnidze, G. 0 0 푃5 0 0 0 Iashvili, Post-quantum Key Exchange Protocol Using High = 0 0 푃0 0 0 Dimensional Matrix; CEUR Workshop Proceedings (http://ceur- 5 0 ws.org/Vol-2145/), Vol-2145 2019 0 0 0 푃5 0 [6]. Damaševičius, R., Napoli, C., Sidekerskienė, T., & Woźniak, M. ( 0 0 0 0 푃0) 5 (2017). IMF mode demixing in EMD for jitter analysis. Journal of Computational Science, 22, 240-252.

51