DeepAI

# Multivariate Public Key Cryptography and Digital Signature

In this paper, algorithms for multivariate public key cryptography and digital signature are described. Plain messages and encrypted messages are arrays, consisting of elements from a fixed finite ring or field. The encryption and decryption algorithms are based on multivariate mappings. The security of the private key depends on the difficulty of solving a system of parametric simultaneous multivariate equations involving polynomial or exponential mappings. The method is a general purpose utility for most data encryption, digital certificate or digital signature applications. For security protocols of the application layer level in the OSI model, the methods described in this paper are useful.

• 1 publication
• 3 publications
• 3 publications
12/25/2017

### A Provably Secure Ring Signature Scheme in Certificateless Cryptography

Ring signature is a kind of group-oriented signature. It allows a member...
11/05/2019

### Breaking the Hidden Irreducible Polynomials Scheme

In 2019 Gómez described a new public key cryptography scheme based on id...
12/01/2021

### Security issues of CFS-like digital signature algorithms

We analyse the security of some variants of the CFS code-based digital s...
06/19/2019

### Secure Handshake Mechanism for Autonomous Flying Agents Using Robust Cryptosystem

The autonomous flying agents in a Network-centric environment and brings...
01/23/2018

### qrypt0 - encrypted short messages exchanged between offline computers

A system is described for exchanging encrypted short messages between co...
08/17/2021

### On computations with Double Schubert Automaton and stable maps of Multivariate Cryptography

The families of bijective transformations G_n of affine space K^n over g...
12/21/2020

### A Secured Protocol for IoT Networks

Researchers in the past have shown that Symmetric key cryptography is ge...

## 1 Introduction

### 1.1 Preliminary Discussion

The role of cryptographic algorithms is to provide information security [[9], [28], [42], [44], [45] and [46]]. In general, proper data encryption and authentication mechanisms with access control are preferred for a trusted secure system [[44] and [45]]. The most popular public key cryptosystems are the RSA [[41]], NTRU [[21], [22], [23] and [24]], ECC [[27], [37], [43] and [48]], the algorithms based on diophantine equations [[33]] and discrete logarithms [[15]], and those based on multivariate quadratic polynomials [[6] and [29]]. The RSA, the NTRU and the ECC are assumed to be secure algorithms unless there are new breakthroughs in integer factoring (for RSA), or in lattice reduction (for NTRU), or in elliptic curve discrete logarithm techniques (for ECC) [[11] and [19]].

In this paper, algorithms for public key cryptography as well as digital signature based on multivariate mappings are described, with plain and encrypted message arrays consisting of elements from a fixed commutative and finite ring or field. The keys can be built up starting from independently chosen small degree polynomial or easy exponential mappings, resulting in fast key generation and facilitating easy changes of keys as often as required. The security depends on the difficulty of solving parametric simultaneous multivariate equations involving polynomial or exponential mappings [[8], [10], [16], [17], [35], [36], [12] and [14]] in the case of straightforward attacks, and on the difficulty of finding the private keys in the case of key recovery attacks. For security protocols of the application layer level in the OSI model, the methods described in this paper are useful.

### 1.2 Notation

In the sequel, let be the set of integers, and let be the set of positive integers. For a positive integer , let be the ring of integers with addition and multiplication , and be the commutative group of invertible elements in , with respect to multiplication operation in . The representing elements in are taken to be those from the set . Let be a finite field, consisting of elements for some positive integer and prime number , and let be the multiplicative group of nonzero elements in . Let be a finite cyclic group of order . Let be either or or . If , where is equipped with only the group operation, then is isomorphic to , where the group operation in is identified with the addition operation of . The addition operation of is a primary operation, and the multiplication operation, that can be treated as a secondary operation [[34]] over the additive group , is defined uniquely by the distribution laws, with as the multiplicative identity, rendering as the commutative ring. The same holds for , with acting as the multiplicative identity. Let , for , be the algebra of multivariate polynomials in formal variables with coefficients in . Now, if , for a finite field , then the group operation in coincides with the multiplication operation in and . If , then is denoted by , with . A variable with its name expressed in bold face assumes values from a product space, which is a product of finitely many copies of the same set, and each component of the variable, expressed in the corresponding case without boldness and a positive integer subscript, assumes values from the constituent component space, succinctly as, for example, , for some .

### 1.3 Polynomials over Zn

Let , where and are positive integers, and are distinct prime numbers, for . Let , and let be such that , for . Then, .

Now, a polynomial can be expressed as , for some unique polynomials , for . For some and index , where , if , then . Thus, , for every , if and only if , for every , for every index , where . Similarly, is a surjective (hence bijective) mapping from onto , if and only if is a surjective (hence bijective) mapping from onto , or equivalently, is a bijective mapping from into itself and, when , , for all , where is the formal algebraic derivative of , for every index , where [[31]]. Now, if , where , for some , for , then . Thus, (A) is a unit in , if and only if is a unit, i.e., , for every index , where , (B) is reducible in , if and only if is reducible in , for some index , where , and (C) is irreducible in , if and only if is irreducible in , or equivalently, is irreducible in , for every index , where . Thus, for any positive integer , can be expressed as .

### 1.4 Modular Exponentiation over Zn

The modular exponentiation operation is extensively studied in connection with the RSA cryptosystem [[9], [28], [41], [42], [44], [45] and [46]]. In this section, the modular exponentiation is extended to the situation, wherein the exponents are functions. The security of the RSA system depends on the difficulty of factorization of a positive integer into its prime factors. However, simplification of computations as well as porting of variables from base level to exponentiation level by a homomorphism requires availability of prime factors in advance for both encryption and decryption, while working with multivariate mappings involving functions as exponents. In the sequel, let be Euler phi or totient function [[9], [28], [42] and [46]]. Let , where , and are distinct prime numbers, for . Let be the smallest set of expressions, closed with respect to addition and multiplication, and containing expressions of the form , where , and either

1. as a formal expression, does not depend on and evaluates to any fixed positive integer, or

2. evaluates to elements in , for all values of in some domain of interest, which is a subset of , and is of the form , for some expression and ring homomorphism from into .

The condition in (1) above implies that . Thus, the integers in and those in , for various modulus positive integers , need to be distinguished clearly as separate elements. The expressions in are turned into mappings, by identifying appropriate domains of values and interpretation for variables and operations in the respective domains [[12], [14], [34] and [35]]. For and , such that , let . Let be such that evaluates to elements in , for , for some , and let , for , be such that . Now, for and , the following holds: . Let and be such that the following holds: , for . Thus,

, for independent vectors

and . Now, , where , for . Let , and let be the map defined by , for . Then, is a ring homomorphism, for . Now, let , for and . Then, the map is a ring homomorphism from the ring into the ring of direct product . If the base level and exponentiation level interpretation maps are and , respectively, then can be chosen to be , applied from right to left in the written order, preserving the respective ring operations in the base level and exponentiation level subexpressions. If , for some index , where , then exponentiation along th component can be carried by interpreting to be a finite field, and porting values of base level expressions to exponentiation level expressions by discrete logarithm mapping, as discussed in section 1.5.

### 1.5 Modular Exponentiation over F

Let be a finite field containing elements and , for some prime number and positive integer . Let be the smallest set of expressions, closed with respect to addition and multiplication, and containing expressions of the form , where , and either

1. as a formal expression, does not depend on and evaluates to any fixed positive integer, or

2. evaluates to elements in , for all values of in some domain of interest, which is a subset of , where , and is of the form , for some expression and group isomorphism from into .

The condition in (1) above implies that . For a primitive element , let be the discrete logarithm function defined by , exactly when , for and . Thus, the group homomorphism can be taken to be . If the base level and exponentiation level interpretation maps are and , respectively, then can be chosen to be , applied from right to left in the written order. For porting a subexpression involving addition operation in , such as, for example, , where , for , where , occurring in a base level expression to an exponentiation level, the base level subexpression is replaced by a supplementary variable , which is ported to first exponentiation level by the discrete logarithm mapping. In the subsequent levels of exponentiation, the interpretation is performed by applying ring homomorphisms, as discussed in section 1.4.

## 2 Main Results

### 2.1 Parametric Injective Mappings

Let be either or . Let be the domain of interpretation for the variables occurring in the mappings. For and , a parametric multivariate injective mapping from into is a multivariate injective mapping, which is an expression from either or with interpretation conventions as discussed in sections 1.4 and 1.5, as appropriate, for and , and its parametric inverse is such that, for every fixed , the following holds: if , then , for every and . For example, let be the set cardinality of , be a fixed primitive element, which is made known in the public key, and , where and are such that , for , and , for . Then, is a parametric bijective mapping from into , with as parameters, and the inverse mapping of is .

For the multivariate surjective mappings for digital signature scheme discussed at the end of section 3, mappings and can be chosen, such that both the conditions and , simultaneously hold for , where the required exact domain is a private key and known only to the signer.

#### 2.1.1 Parametrization Methods

Let, for some positive integers , and , , , be a partition of unity of , i.e., and , , , for every . The partition of unity required for the parametric mappings discussed of this section need not necessarily be strict, and it is possible that, for some , where , , for every . Let , , , be parametric multivariate injective mappings from into , that may or may not depend on the parameters . The vectors and , , are identified with the corresponding column vectors, whose -th row entry is the -th element, for , for allowing them to become amenable to matrix operations. Let be an matrix, and be vectors, both with multivariate expressions as entries, such that

evaluates to an invertible matrix, for every

and . Then, the expression is a parametric multivariate injective mapping, with its parametric inverse  , where , , which is also identified with the corresponding column vector, and is the matrix inverse of , for .

For the multivariate surjective mappings for digital signature scheme discussed at the end of section 3, it is possible to choose to be bijective, only for some indexes , where , letting it be arbitrary for the remaining indexes. Since the domain information is a private key, as discussed in the last paragraph of the preceding section, the updates mentioned here must be so chosen that the effective domain will become feasible, while maintaining it as a private key.

#### 2.1.2 Partition of Unity of F

Let , which is called a discriminating function, and let be the codomain of , i.e., , for some positive integer . Let , . Then, , for , and , for , . Thus, is a partition of , and

is the characteristic function of the equivalence class

, . Now, the set , where , is a partition of unity of .

Examples.  (A)   Let the vector space dimension of be as an extension field of , and let , where , , be a noninvertible linear operator from into , with as the field. For every linear operator from into with as the field, there exist scalars , , such that [[32]]. Now, each equivalence class is an affine vector subspace of the form , for some . Thus, if is the rank of as linear operator from into with as the field, then the nullity of is , each equivalence class has elements, and there are equivalence classes. For the number of equivalence classes to be small, the rank of must be small, such as or .   (B)   Let , where is a large positive integer dividing . Now, the equivalence classes are and the cosets of the congruence relation if and only if , for . Since , there are equivalence classes.

#### 2.1.3 Partition of Unity of Zpl

Let be a divisor of and . Now, , for any and prime number . Let , for . Then, , for , and , for . Thus, the set contains distinct elements. Let be such that . If or , then