Log In Sign Up

An algorithm for hiding and recovering data using matrices

by   Salomon S. Mizrahi, et al.

We present an algorithm for the recovery of a matrix M (non-singular ∈ C^N× N) by only being aware of two of its powers, M_k_1:=M^k_1 and M _k_2:=M^k_2 (k_1>k_2) whose exponents are positive coprime numbers. The knowledge of the exponents is the key to retrieve matrix M out from the two matrices M_k_i. The procedure combines products and inversions of matrices, and a few computational steps are needed to get M, almost independently of the exponents magnitudes. Guessing the matrix M from the two matrices M_k_i, without the knowledge of k_1 and k_2, is comparatively highly consuming in terms of number of operations. If a private message, contained in M, has to be conveyed, the exponents can be encrypted and then distributed through a public key method as, for instance, the DF (Diffie-Hellman), the RSA (Rivest-Shamir-Adleman), or any other.


page 1

page 2

page 3

page 4


An Encoding-Decoding algorithm based on Padovan numbers

In this paper, we propose a new of coding/decoding algorithm using Padov...

A non-commutative algorithm for multiplying (7 × 7) matrices using 250 multiplications

We present a non-commutative algorithm for multiplying (7x7) matrices us...

Multiplying Matrices Without Multiplying

Multiplying matrices is among the most fundamental and compute-intensive...

Ladder Matrix Recovery from Permutations

We give unique recovery guarantees for matrices of bounded rank that hav...

A New Coding/Decoding Algorithm using Fibonacci Numbers

In this paper we present a new method of coding/decoding algorithms usin...

A Public-Key Cryptosystem Using Cyclotomic Matrices

Confidentiality and Integrity are two paramount objectives of asymmetric...

Computing the matrix sine and cosine simultaneously with a reduced number of products

A new procedure is presented for computing the matrix cosine and sine si...

I Introduction

The sender of a message can choose to convey it to a receiver as a single continuous string of numbers, in a chosen base as, binary, decimal, hexadecimal, etc… or he also can choose to use the matrix architecture, where each entry conceals part of the message. He can also split a string, or a matrix, in several parts to be sent separately. Besides being easy to handle, the structure and properties of matrices allow to accommodate not only one but several messages if one considers that each entry, or each row (or column), corresponds to an instruction or a sentence. Now,If the message must be private, or confidential, then, as it was already practiced in the antiquity (for instance, by Julius Ceasar) the message must be encrypted and hopping that only the receiver could get access and knows the procedure to decrypt it. To our knowledge the use of matrices to encode messages was initiated by L. S. Hill hill . The Hill cipher is a polygraphic substitution that makes use of matrix multiplications in order to change a plaintext letters into a ciphertext. One of the basic components of classical ciphers is the substitution cipher: a ciphertext matrix is obtained by multiplication of a plaintext matrix by a key matrix ,

, i.e., by a linear transformation to be followed by an arithmetic modular operation,

being the number of digits. So a square matrix , of order can host, for instance, messages to be conveyed by the sender to the receiver . More recently, a report about the usefulness of matrices in public-key cryptography was published ayan1 .

When a sender (aka Alice, in the jargon) wants to remit a message contained in a matrix to a receiver (aka Bob), such that it could not be known by any third person (aka the eavesdropper Eve, that is also a cryptanalyst), it is necessary to encode in some special form such to be hard to be decoded by Eve, conceding that she has access to . That this matrix is difficult to decrypt means that even if Eve succeeds to decode and gets the message, the time she consumed for the task is long enough so that the acquired data becomes already obsolete. The standard procedure to encrypt into consists in producing of a secret key owned only by Bob that he uses to get in a very short time compared to the one Eve needs to arrive at the same result.

If higher confidentiality of the message is needed, then a second layer of encryption can be implemented. For instance, a matrix , already subjected to a first encryption, is subjected to a second one, becoming matrix . An interesting procedure could be the calculation of the -th ( an integer) power of a non-singular square matrix defined in the field of complex numbers . The inverse process to extract the unkown from a know consists in seeking a solution (or more than one) of the equation and expect that . The direct procedure consists in diagonalizing

and to each eigenvalue

solve the equation and the zeros will result; any zero can be one eigenvalue of matrix . Here lies the ambiguity! An eavesdropper may have access to the matrix but Alice and Bob have to keep as they secret key. Several algorithms are proposed in Ref. higham1 that make use of iterative approaches, which however lead to approximate solutions.

Nevertheless, one could envisage another method still based on powers of a matrix , making the unraveling of less time consuming than to construct it, since matrix multiplications are necessary to construct , without storage of intermediary results. We propose an algorithm to reconstruct a matrix , to be conveyed from Alice to Bob, having arbitrary eigenvalue multiplicity (degeneracy). The only requirement is that be non-singular 111Even being singular, the singularity may be removed by the addition spurious row and column.. The procedure goes as follows: Alice compute two powers of , with exponents that are two positive coprime (relatively prime) numbers, and , such that and , and sends the matrices and to Bob, publicly or privately. Bob’s task consists in recovering from those two matrices in a quite short time (the minimal number of matrix operations), before it could be unraveled by a third party. The knowledge of the exponents, and , is the key element to invert the process in order to get . The exponents can be either shared by Alice and Bob previously, or they can be encoded, creating an encyphering key, by using, for instance, the Diffie-Hellman proposal diffie , the RSA method RSA or the quantum BB84 one BB84 , and then distributed by Bob (indeed, it is Bob that could determine the values and that Alice should use), one key can be made public (a unique key for many several senders) or private (one key for each message sender) while the other one is Bob’s own key (or keys) that he keeps secretly.

Regarding the computational time consumption, there are efficient algorithms that reduce the necessary time to calculate the product of two square matrices to copper , instead of the direct method that is

. The inversion of an invertible matrix consumes the same amount of time

copper . For Alice, the time consumed to calculate the powers of a matrix can be reduced from to approximately for , if storage of lower powers () matrices is possible. Regarding our algorithm the inverse operation, extracting from the matrices and , turns out to be much less time consuming (to Bob) than to produce it (by Alice). In the following sections we present the algorithm that can be used to encrypt messages to be sent from Alice to Bob and still keeping a degree of confidentiality against a skilful eavesdropper. To illustrate the procedures of Alice and Bob we present a simple example.

Example 1.

Alice wants to send a message to Bob that is encoded in the non-singular matrix . Alice computes two powers of , choosing, for instance, the exponents and (or receives them from Bob), and she constructs the matrices and ,




respectively, and sends them to Bob, through some channel, openly or privately. Alice then produces an enciphering key, , for the numbers and (or she does not need to send anything else if she received and from Bob) that she sends to Bob through another channel. Bob uses the deciphering key , that only he knows, to retrieve and , and he then makes use of the algorithm (to be explained below), that consists in doing the matrix operations that results in


The algorithm dispenses the need of calculating eigenvectors, eigenvalues or to perform any decomposition of

and and do not depend on the possible eigenvalue multiplicities of matrices (1) and (2). Once the matrices and are stored, the number of matrix operations Bob needs to perform are : one matrix inversion (stored), one product (stored), two products , whereas in order to construct and Alice has to calculate matrix multiplications without storage of powers of or multiplications considering storage, as to be explained in details below. For a different pair of numbers, and , for instance, as exponents, the sequence of operations needed to retrieve is a different one, being .

The pair of exponents (-3,5) is unique for each pair of coprime integers and , as shown in Theorem 3 in Appendix A. As observed by D. Knuth knuth1 , working numerically with integers or with fractions, as entries of matrix , instead of using floating point numbers, avoids accumulated rounding errors, so the accuracy of the calculations is absolute. In the case where an error occurs during the transmission of the key conveyed by Alice to Bob (or vice versa), for instance instead of receiving Bob receives the number , then, according to the proposed Algorithm 1 below, he will calculate a different sequence of operations involving matrices and , namely , and he will get a fully different matrix,


instead of the sought matrix (3). Therefore, the sequence of operations to get the matrix , from matrices and , is unique for each pair of coprime numbers and . If an error occurs by changing or , even by one unit, the sequence of operations changes, resulting in a wrong matrix as in Eq. (4).

Ii Algorithm and examples

We consider a variant of Euclid’s algorithm, see Lemma 1 (in Appendix A), namely, instead of looking for the (greatest common divisor) of a pair of arbitrary coprime integers – gcd, – we are essentially interested in determining the sequence of quotients that are inherent to the algorithm. For and positive coprime numbers we write down the sequence of modular calculations of the pairs , ,


where are the quotients and the remainders.

We show next that the determination of a non-singular matrix, , admitted to be unknown, is possible if: (a) two of its powers, and , are known, and (b) the exponents and , positive coprime numbers, are also known.

Algorithm 1.

Since we write the decomposition to get the matrix ; again, the numbers (, ) are also coprime which permits us to write the decomposition to get the matrix . Continuing this procedure by reducing the powers of matrix , one arrives at the original matrix (the seed), . All the pairs , , …, are coprime numbers. The choice by Alice (or by Bob) of being coprime is an important feature in order that the last equation of the sequence (5) be ; the value is necessary to retrieve the seed matrix . The set of quotients constitutes the essential element to construct the sequence of operations:


From another point of view, as to be shown below, any sequence of integers expressed as a continued fraction leads to the ratio where and are coprime. Because of the one-to-one correspondence, Alice (or Bob) can choose either a pair or a sequence of quotients to construct the matrices and . However, for not facilitating the task of decryption by Eve, it is more convenient to choose judiciously the sequence of integers that will produce the pair of exponents. The number of operations in the form of products of matrices (without storage) and inversions is


For any pair of coprime numbers the uniqueness of the sequence of quotients is proved in Theorem 3. Below we illustrate the use of the Algorithm 1 by two examples

Example 2.

For the prime numbers and , the sequence of the modular calculation goes as shown in Table 1,

Table 1: Sequence of the modular calculation with remainders and quotients

where , , and all the pairs , , , , , , are coprime. From these results the six sequential operations to be done by Bob are


Each step is calculated as , and in each row, in parenthesis, we give the number of operations (matrix multiplications plus inversions) which is . From Table 1 we observe that the total number of operations calculated from Eq. (7) is . Calling and , we then rewrite each row in the set of Eqs. (9) as


and the necessary number of operations with storage to be performed in the RHS of Eq. (10f) is: matrix inversions and multiplications (). So the total number of matrix operations reduces to .

We anticipate the result of Theorem 2 that says: in the RHS of each equation in the set (10) the exponents in are related through the equation


where and are two integers such that , whose dependence on the quotients is shown in Table 2, and the last line, , is known as Bezout identity.

Table 2: Bezout relations and the coefficients.

The moduli of the coefficient and can be used for calculating the number of necessary operations (matrix products) to retrieve the matrices out of the matrices and . In fact, instead of sending to Bob the coprime numbers and Alice could choose to send the coefficients of the Bezout relation, and , that are not necessarily coprime numbers, thus sparing time for Bob to do any further calculations. However this approach has a drawback, it asks a lot of memory for storage since huge matrices () have to be exponentiated, , with quite large exponents, whereas considering the sequence of matrices of the kind where the exponents (the quotients ) are quite small compared with the coefficient in the Bezout identity – so sparing the use of large amount of bytes and computational time – that turns out to be advantageous to Bob if his computational capabilities are limited.

Example 3.

For the coprime numbers and , the sequence of modular calculations is given in Table 3

Table 3: Sequence of the modular calculations with remainders and quotients.

with the quotients . From Eq. (7), the number of operations (without storage) is and the sequence of calculation steps is


The relations () are verified in Table 4.

Table 4: Coefficients and remainders.

The necessary times needed to encrypt and to decrypt a message are unbalanced. If Alice has a high performance computer but Bob does not or he reckons on a short time to decode the encryption, then the algorithm works well for him as long as he knows the numbers and , whereas an eavesdropper should consume a time that can be comparatively much larger to break the code and get as to be discussed below. In order to retrieve from, for instance, the matrices of example (3), and , Bob has to perform operations: the factor needs and needs , thus to get , operations with storage of partial products are necessary. However, to produce the matrices and Alice has to perform plus matrix products (with storage) respectively, so in total.

Iii Theorems: continued fractions and quotients

We now explore the relation between the exponent and and a continued fraction involving the quotients, and show its usefulness for Alice to choose the numbers and . We make use of a theorem presented in knuth2 ; khinchin :

Theorem 1.

There is a one-to-one correspondence between the coprime numbers and and the sequence of quotients that makes the continued fraction (it is customary to denote the sequence of numbers in a continued fraction between two double slashes ). Alternatively, given a sequence of chosen positive integers , the calculation of the finite continued fraction, involving the ’s, results in the ratio of coprime numbers .


We write the equations that are on the left side in the first and second lines of the set (5) as


we then substitute from Eq. (14) into Eq. (13) to obtain


One repeats this operation for the finite continued fraction for all the ’s and the result is the ratio


where , because . ∎

Example 4.

For the coprime numbers , the sequence of modular calculations in Table 1 permits us to write the finite continued fraction (16) as


which is the ratio . See also khinchin

Another theorem related to Theorem 1 and useful for our method follows:

Theorem 2.

A one-to-one correspondence between the coprime numbers and the sequence of quotients of Eq. (5) exists and is given as the inverse of the product of a finite number of matrices,




and reminding that .


We consider the equations on the right side of the set (5) and write the first two equations as


proceeding in the same fashion for the second and third equations,


and substituting Eq. (21) into Eq. (20) we get


By repeating the process of substitution, with the last , and then inverting the relation one gets Eq. (19). ∎

Example 5.

For the prime numbers and , the sequence of quotients is , with and ; so

Example 6.

The relations between the continued fraction (16) and the matrix (19) with , for instance, is


and the ratio can be written as a continued fraction,

and in general one has Eq. (16).

The coefficients and are obtained by inverting Eqs. (20) and (22),


and with the matrix


we get the relation,


The coefficients are

thus the sequence of equations


represents the relations with . Thus we can write


and the coefficients and , see Eqs. (11) and (4), depend only on the quotients, as shown in Table 5 and we can confront these expression with those calculated in Example 3, for instance, .

Table 5: The coefficients in terms of the quotients.

Iv Two strategies for a more secure Alice-Bob communication

iv.1 Choosing the exponents and

For the construction of the matrices and , we consider that the best strategy for Alice (or Bob) consists in choosing a certain sequence of positive integers and then to calculate the continued fraction , from which she (or he) obtains the coprime numbers and to be used as exponents. We envisage this procedure as a good strategy because according to a theorem exposed in knuth2 , in the sequence

for the quotients in Euclid algorithm, the approximate probability for one integer

to take the value is


thus , , , , etc. So Alice (or Bob) should choose quotients that contradict that pattern in order to fool an eavesdropper, turning the decryption a hard task, i.e., more computational time consuming. The statistics of appearance of the numbers to in a sequence of quotients , that comes from a fraction , with and being coprime numbers picked at random, has probability . Therefore, if Alice (or Bob) believes that to guess the matrix the eavesdropper Eve is going to use mostly the numbers to , thus Alice (or Bob) have the option to construct and using most of the quotients higher than .

iv.2 Disguising the ratio

The matrix (3) has determinant and trace ; raising it to the two prime numbers and , for instance, results in




Utilizing the Algorithm 1 one retrieves the original matrix