# Commutator subgroups of Sylow 2-subgroups of alternating group and Miller-Moreno groups as bases of new Key Exchange Protocol

The goal of this investigation is effective method of key exchange which based on non-commutative group G. The results of Ko et al. <cit.> is improved and generalized. The size of a minimal generating set for the commutator subgroup of Sylow 2-subgroups of alternating group is found. The structure of the commutator subgroup of Sylow 2-subgroups of the alternating group A_2^k is investigated and used in key exchange protocol which based on non-commutative group. We consider non-commutative generalization of CDH problem <cit.> on base of metacyclic group of Miller-Moreno type (minimal non-abelian group). We show that conjugacy problem in this group is intractable. Effectivity of computation is provided due to using groups of residues by modulo n. The algorithm of generating (designing) common key in non-commutative group with 2 mutually commuting subgroups is constructed by us.

## Authors

• 1 publication
• 1 publication
05/09/2020

### Remarks on a Tropical Key Exchange System

We consider a key-exchange protocol based on matrices over a tropical se...
02/08/2021

### Cryptographic multilinear maps using pro-p groups

To any nilpotent group of class n, one can associate a non-interactive k...
02/25/2020

### CAKE: An Efficient Group Key Management for Dynamic Groups

With rapid increase of mobile computing and wireless network linkage, th...
05/17/2021

### Cryptanalysis of Semidirect Product Key Exchange Using Matrices Over Non-Commutative Rings

It was recently demonstrated that the Matrix Action Key Exchange (MAKE) ...
10/10/2019

### A New Cryptosystem Based on Positive Braids

The braid group is an important non commutative group, at the same time,...
11/28/2018

### The Indus Script and Economics. A Role for Indus Seals and Tablets in Rationing and Administration of Labor

The Indus script remains one of the last major undeciphered scripts of t...
09/23/2019

### The Graph Isomorphism Problem: Local Certificates for Giant Action

This thesis provides an explanation of László Babai's quasi-polynomial a...
##### This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

## 1 Introduction

In this paper new conjugacy key exchange scheme is proposed. This protocol based on conjugacy problem in non-commutative group [2, 3, 4, 5, 10]. We slightly generalize Ko Lee’s [6] protocol of key exchange. Public key cryptographic schemes based on the new systems are established. The conjugacy search problem in a group is the problem of recovering an from given and . This problem is in the core of several recently suggested public key exchange protocols. One of them is most notably due to Anshel, Anshel, and Goldfeld [2] and another due to Ko et al. [6]. As we know if CCP problem is tractable in then problem of finding by given , , for an arbitrary fixed such that is not from center of , is the common key that Alice and Bob have to generate.

Recently, a novel approach to public key encryption based on the algorithmic difficulty of solving the word and conjugacy problems for finitely presented groups has been proposed in [1, 2]. The method is based on having a canonical minimal length form for words in a given finitely presented group, which can be computed rather rapidly, and in which there is no corresponding fast solution for the conjugacy problem. A key example is the braid group.

We denote by the conjugated element

. We show that efficient algorithm that can distinguish between two probability distributions of

and does not exist. Also, an efficient algorithm which recovers from , and does not exist. This group has representation

 G=⟨a,b|apm=e,bpn=e,b−1ab=a1+pm−1,m≥2,n≥1⟩.

As a generators can be chosen two arbitrary commuting elements [8, 10, 7].

Consider non-metacyclic group of Millera Moreno. This group has representation

 G=⟨a,b∣∣|c|=p,|a|=pm,|a|=pn,m≥1,n≥1,b−1ab=ac,b−1cb=c⟩.

To find a length of orbit of action by conjugation by we consider the class of conjugacy of elements of form . This class has length because of action as well as increase the power of on 1. Thus, the first repetition of initial power in occurs though conjugations of this word by , where . Therefore, the length of the orbit is .

We need to have an effective algorithm for computation of conjugated elements, if we want to design a key exchange algorithm based on non-commutative DH problem [5]. Due to the relation in metacyclic group, which define the homomorphism to the automorphism group of the , we obtain a formula for finding a conjugated element. Using this formula, we can efficiently calculate the conjugated to element by using the raising to the -th power, where .

There is effective method of checking the equality of elements due to cyclic structure of group and in this group .

We have an effective method of checking the equality of elements in the additive group because of reducing by finite modulo .

## 2 Proof that conjugacy problem is NP-hard in G. Size of a conjugacy class

The orbit of the given base element must must be long enough if we want to have problem of DL or equally problem of conjugacy in non-commutative group like -hard problem.

Let elements of act by conjugation on , where .

###### Theorem 1.

The length of conjugacy class of non-central element is equal to .

###### Proof.

Recall the inner automorphism in is determined by the formula . Let us recall the structure of minimal non-abelian Metacyclic group, namely , where and are finite cyclic groups. Therefore, the formula defines a homomorphism in the subgroup of inner automorphisms . It is well-known that each finite cyclic group is isomorphic to the correspondent additive cyclic group modulo residue . In this group equality of elements can be checked effectively due to reducing the elements of the module group.

Consider the orbit of element under action by conjugation. The length of such orbit can be found from equality as minimal power for which this equality will be true. We apply Newton binomial formula to the expression and taking into account the relation . We obtain

 1+C1spm−1+1+C2sp2(m−1)+⋯+ps(m−1)≡1(% mod pm)

only if with because if . It means that the minimal when this congruence start to holds is equal to . The prime number can be chosen as big as we need [17] which completes the proof. ∎

Let us evaluate the size of subsets with mutually commutative elements. Each of this subset of generated by them subgroups can be chosen as the subgroups of center of group . It is well-known that the semidirect product is closely related to wreath product. The center of the wreath product with non-faithful action were recently studied [11].

###### Proposition 1.

As it was proved by the author a center of the restricted wreath product with non-trivial coordinates is direct product of normal closure of center of diagonal of , i.e. , trivial an element, and intersection of with . In other words,

 Z((A,X)≀B=⟨(1;h,h,…,hn),e(Z(A)∩Z(K,X))≀E⟩≃⟨Z(A)∩K)×Z(Δ(Bn)⟩

where .

Taking into consideration that a semidirect product is the partial case of wreath product the diagonal of degenerates in . Thus, we obtain such formula for the center of semidirect product:

 Z((A,X)⋊B)=⟨Z(1;h),e,(Z(A)∩K,X)≀E⟩≃⟨Z(A)∩K)×Z(Δ(Bn)⟩.

This structure lead to constructive method of finding elements of the center. As it was noted above the elements and are parts of elements of secret key. Therefore as greater a size of center of a considered group as greater a size of a key space of this protocol.

Also commutator subgroup of Sylow 2-subgroup of alternating groups can be used as a support of CSP problem [12, 13, 15].

###### Definition 2.1.

For an arbitrary we call a -coordinate subgroup a subgroup, which is determined by -coordinate sets , , if this subgroup consists of all Kaloujnine’s tableaux for which .

We denote by a level subgroup of , which consists of the tuples of v.p. from , of any .

As a sets and consisting of mutually commutative elements we can use the set of elements of -coordinate subgroup of , where , or the elements of that is isomorphic to this subgroup. As it was proved by the author [12] the order of is . therefore the growth of mutually commutative sets of elements and is exponential function has.

According to [9] index of center of metacyclic group has index , therefore the order of . Thus, we have possibilities to choose an element as an element of the open key, which is in the protocol of key exchange.

## 3 Key exchange protocol

Let be subsets from consisting of mutually commutative elements. We make a generalisation of CDH by taking into consideration the subgroups and instead of using . We can do this because the groups and have generating sets and which commute. Because of these mutually commutative generating sets, we know that the subgroups are additionally mutually commutative.

## 4 Consideration of base steps of the protocol

Input: Elements , and .

Alice selects a private as the random element from the subgroup and computes . The she sends it to Bob. Bob selects a private as the random element from the subgroup and computes . Then he sends it to Alice. Bob computes and Alice computes . Taking into consideration that and are mutually commutative groups we obtain that . Therefore, we have that .

Output: that is the common key of Alice and Bob.

Thus, the common key [3, 6, 2, 1] was successfully generated.

Resistance to a cryptanalysis. But if an analytic use for a cryptanalysis will use for cryptoanalysys solving of conjugacy search problem the method of reduction to solving of decomposition problem [16], then it lead us to solving of discrete logarithm problem in the multiplicative cyclic group . This problem is NP-hard for big .

## 5 Conclusion

We can choose mutually commutative as subgroups of . As we said above, are chosen from as components of key. According to [8] so size of key-space is . It should be noted that the size of key-space can be chosen as arbitrary big number by choosing the parameters . As an element for exponenting we can choose an arbitrary element but , because the size of orbit in result of action of inner automorphism is always not less than .

## References

• [1] Iris Anshel, Michael Anshel, Benji Fisher, and Dorian Goldfeld. New key agreement protocols in braid group cryptography. In Cryptographers’ Track at the RSA Conference, pages 13–27. Springer, 2001.
• [2] Iris Anshel, Michael Anshel, and Dorian Goldfeld. An algebraic method for public-key cryptography. Mathematical Research Letters, 6(3):287–291, 1999.
• [3] Jens-Matthias Bohli, Benjamin Glas, and Rainer Steinwandt. Towards provably secure group key agreement building on group theory. Cryptology ePrint Archive, Report 2006/079, 2006.
• [4] Lize Gu, Licheng Wang, Kaoru Ota, Mianxiong Dong, Zhenfu Cao, and Yixian Yang. New public key cryptosystems based on non-abelian factorization problems. Security and Communication Networks, 6(7):912–922, 2013.
• [5] Lize Gu and Shihui Zheng. Conjugacy systems based on nonabelian factorization problems and their applications in cryptography. Journal of Applied Mathematics, 2014, 2014.
• [6] Ki Hyoung Ko, Sang Jin Lee, Jung Hee Cheon, Jae Woo Han, Ju-sung Kang, and Choonsik Park. New public-key cryptosystem using braid groups. In Mihir Bellare, editor, Advances in Cryptology — CRYPTO 2000, pages 166–183, Berlin, Heidelberg, 2000. Springer Berlin Heidelberg.
• [7] Ayoub Otmani, Jean-Pierre Tillich, and Léonard Dallot. Cryptanalysis of two mceliece cryptosystems based on quasi-cyclic codes. Mathematics in Computer Science, 3(2):129–140, 2010.
• [8] I Raievska, M Raievska, and Ya Sysak. Finite local nearrings with split metacyclic additive group. Algebra and discrete mathematics, 22(22, 1):129–152, 2016.
• [9] László Rédei. Das “schiefe produkt” in der gruppentheorie. Commentarii Mathematici Helvetici, 20(1):225–264, 1947.
• [10] Ruslan Viacheslavovich Skuratovskii. Employment of minimal generating sets and structure of sylow 2-subgroups alternating groups in block ciphers. In Advances in Computer Communication and Computational Sciences, pages 351–364. Springer, 2019.
• [11] Ruslan Viacheslavovich Skuratovskii and Aled Williams. Minimal generating set and a structure of the wreath product of groups, and the fundamental group of the orbit morse function. Bulletin of Donetsk National University. Series A: Natural Sciences, 0(1-2):76–96, 2019.
• [12] Skuratovskii R., Commutators subgroups of sylow subgroups of alternating and symmetric groups their minimal generating sets. The XII International Algebraic Conference in Ukraine (2019) Vinnytsia, p. 75.
• [13] Skuratovskii R.V., Generating set of wreath product non faithful action. International Journal of Analysis and Applications Volume 18, No. 1 (2020), pp. 104–116.
• [14] R. V. Skuratovskii, Structure of commutant and centralizer, minimal generating sets of. Sylow 2-subgroups of alternating and symmetric groups. International conference in Ukraine, ATA12. (2017). https://www.imath.kiev.ua/ topology/…/skuratovskiy.pdf
• [15] Skuratovskii R. V., Structure and minimal generating sets of Sylow 2-subgroups of alternating groups. Source: https://arxiv.org/abs/1702.05784v2
• [16] V Shpilrain, A. Ushakov The Conjugacy Search Problem in Public Key Cryptography: Unnecessary and Insufficient. Applicable Algebra in Engineering, Communication and Computing. (2006), volume 17, p. 285 - 289.
• [17] Ivan Matveevich Vinogradov. Elements of number theory. Courier Dover Publications, 2016.