**3.1 Construction of cyclotomic matrix**

Typically construction of a cyclotomic matrix has been subdivided into four subsequent steps. Below are those ordered steps for the construction of a cyclotomic matrix;


The first step initializes the entries of cyclotomic matrix of order 2*l* 2 . Value of *p* will be determined for given *l*. Assuming *l* ¼ 2, an example of such initialization of matrix of order 8 has been shown in **Table 1**.

For the construction of cyclotomic matrix, it does not require to determine all the cyclotomic numbers of a cyclotomic matrix which is shown in **Table 1** [36]. By well-known properties of cyclotomic numbers of order 2*l* 2 , cyclotomic numbers are divided into various classes, therefore there are a pair of the relation between the entries of initial table (**Table 1**) of a cyclotomic matrix. Thus to avoid calculating the same solutions in multiple times, we determine the equality relation of


**Table 1.** *Cyclotomic matrix of order 8.* cyclotomic numbers (i.e. equality of solutions of ð Þ *a*, *b* <sup>2</sup>*<sup>l</sup>* <sup>2</sup> ). In the next subsection, we will discuss which cyclotomic numbers are enough for the construction of the cyclotomic matrix. Thus it helps us to the faster computation of cyclotomic matrix.

#### **3.2 Determination of equality relation of cyclotomic numbers**

This subsection presents the procedure to determine the equality relation of cyclotomic numbers (i.e. the relation of pair of ð Þ *a*, *b* <sup>2</sup>*<sup>l</sup>* <sup>2</sup> ), which reduces the complexity of solutions of pair of ð Þ *a*, *b* <sup>2</sup>*<sup>l</sup>* <sup>2</sup> (see also [36]). For the determination of cyclotomic matrices, it is not necessary to obtain all 4*l* <sup>4</sup> cyclotomic numbers of order 2*l* 2 . The minimum number of cyclotomic numbers required to determine all the cyclotomic numbers (i.e. required for construction of cyclotomic matrix) depends on the value of positive integer *k* on expressing prime *p* ¼ 2*l* 2 *k* þ 1. By (2), if *k* is even, then

$$(a,b)\_{2^l} = (b,a)\_{2^l} = (a-b,-b)\_{2^l} = (b-a,-a)\_{2^l} = (-a,b-a)\_{2^l} = (-b,a-b)\_{2^l} \tag{5}$$

otherwise

$$\begin{split} (a,b)\_{2l^2} &= \left(b+l^2, a+l^2\right)\_{2l^2} = \left(l^2+a-b, -b\right)\_{2l^2} = \left(l^2+b-a, l^2-a\right)\_{2l^2} \\ &= \left(-a, b-a\right)\_{2l^2} = \left(l^2-b, a-b\right)\_{2l^2}. \end{split} \tag{6}$$

Thus by (5) and (6), cyclotomic numbers ð Þ *a*, *b* <sup>2</sup>*<sup>l</sup>* <sup>2</sup> of order 2*l* <sup>2</sup> can be divided into various classes.




Here **Update table (E)** means each entry ð Þ *a*, *b* <sup>2</sup>*<sup>l</sup>* <sup>2</sup> of the table will be updated by applying the relations ð Þ *a*, *b* <sup>2</sup>*<sup>l</sup>* <sup>2</sup> ¼ ð Þ *b*, *a* <sup>2</sup>*<sup>l</sup>* <sup>2</sup> ¼ ð Þ *a* � *b*, �*b* <sup>2</sup>*<sup>l</sup>* <sup>2</sup> ¼ ð Þ *b* � *a*, �*a* <sup>2</sup>*<sup>l</sup>* <sup>2</sup> ¼ ð Þ �*a*, *b* � *a* <sup>2</sup>*<sup>l</sup>* <sup>2</sup> ¼ �ð Þ *b*, *a* � *b* <sup>2</sup>*<sup>l</sup>* <sup>2</sup> , and **Update table (O)** means each entry ð Þ *a*, *b* <sup>2</sup>*<sup>l</sup>* <sup>2</sup> of the table will be updated by applying the relations ð Þ *a*, *b* <sup>2</sup>*<sup>l</sup>* <sup>2</sup> ¼ *b* þ *l* 2 , *a* þ *l* <sup>2</sup> 2*l* <sup>2</sup> ¼ *l* <sup>2</sup> <sup>þ</sup> *<sup>a</sup>* � *<sup>b</sup>*, �*<sup>b</sup>* 2*l* <sup>2</sup> ¼ *l* <sup>2</sup> <sup>þ</sup> *<sup>b</sup>* � *<sup>a</sup>*, *<sup>l</sup>* <sup>2</sup> � *<sup>a</sup>*2*<sup>l</sup>* 2 ¼ �ð Þ *<sup>a</sup>*, *<sup>b</sup>* � *<sup>a</sup>* <sup>2</sup>*<sup>l</sup>* <sup>2</sup> ¼ *l* <sup>2</sup> � *<sup>b</sup>*, *<sup>a</sup>* � *<sup>b</sup>* 2*l* 2 .

Further, if entries of the updated table are non-negative, then each entry should be replace by mod2*l* <sup>2</sup> , otherwise add 2*l* 2 . It is clear from above exploration, cyclotomic numbers of order 2*l* <sup>2</sup> are divided into different classes depending on the values of *k* and *l*. For *l* ¼ 2 and let *k* be even, then 0, 0 ð Þ<sup>8</sup> give unique solution, cyclotomic numbers of the form ð Þ �*a*, 0 <sup>8</sup>, ð Þ *a*, *a* <sup>8</sup>, 0, ð Þ �*a* <sup>8</sup> where 1≤*a*≤7 mod8 ð Þ gives the same solutions and rest of cyclotomic numbers (i.e. 42) which forms classes of six elements has maximum 7 distinct numbers of solutions. Therefore the initial table (i.e. **Table 1**) of cyclotomic matrix reduces to **Table 2**. Similarly, for *l* ¼ 2 and let *k* be odd, then 0, 4 ð Þ<sup>8</sup> give unique solution, cyclotomic numbers of the form 0, ð Þ *a* <sup>8</sup>, ð Þ *a* þ 4, 4 <sup>8</sup>, 4ð Þ � *a*, �*a* <sup>8</sup> where 0≤*a* 6¼ 4≤ 7 mod8 ð Þ gives the same solutions and rest of cyclotomic numbers (i.e. 42) which forms classes of six elements has maximum 7 distinct numbers of solutions. Therefore the initial table


#### **Table 2.**

*Cyclotomic matrix of order 8 for even k.*


#### **Table 3.**

*Cyclotomic matrix of order 8 for odd k.*

(i.e. **Table 1**) of cyclotomic matrix reduces to **Table 3**. One can observe that 64 pairs of two parameter numbers ð Þ *a*, *b* <sup>8</sup> reduced to 15 distinct pairs (see **Tables 2** and **3**).

*Remark 3.0* By Algorithm 1, to compute 2*l* <sup>2</sup> cyclotomic numbers, it is enough to compute 2*l* <sup>2</sup> <sup>þ</sup> <sup>2</sup>*<sup>l</sup>* <sup>2</sup> � <sup>1</sup> <sup>2</sup>*<sup>l</sup>* <sup>2</sup> � <sup>2</sup> *<sup>=</sup>*<sup>6</sup> , if 2*<sup>l</sup>* <sup>2</sup> � <sup>1</sup> <sup>2</sup>*<sup>l</sup>* <sup>2</sup> � <sup>2</sup> <sup>∣</sup>6, otherwise 2*<sup>l</sup>* 2 þ 2*l* <sup>2</sup> � <sup>1</sup> <sup>2</sup>*<sup>l</sup>* <sup>2</sup> � <sup>2</sup> *<sup>=</sup>*<sup>6</sup> <sup>þ</sup> 1. Further, when *<sup>l</sup>* is the least odd prime i.e. *<sup>l</sup>* <sup>¼</sup> 3, then 2*l* <sup>2</sup> � <sup>1</sup> <sup>2</sup>*<sup>l</sup>* <sup>2</sup> � <sup>2</sup> <sup>∣</sup> �6. Therefore *l* ¼ 3, it is enough to calculate 64 distinct cyclotomic numbers of order 2*l* <sup>2</sup> and for *<sup>l</sup>* 6¼ 3, it is sufficient to calculate 2*l* <sup>2</sup> <sup>þ</sup> <sup>2</sup>*<sup>l</sup>* <sup>2</sup> � <sup>1</sup> <sup>2</sup>*<sup>l</sup>* <sup>2</sup> � <sup>2</sup> *<sup>=</sup>*6 distinct cyclotomic numbers of order 2*<sup>l</sup>* 2 .

#### **3.3 Determination of generators of F<sup>∗</sup>** *p*

To determine the solutions of (1), we need the generator of the cyclic group **F**<sup>∗</sup> *p* . Let us choose finite field of order *p* that satisfy *p* ¼ 2*l* 2 *k* þ 1; *k*∈**Z**þ. Let *γ*1, *γ*2, *γ*3, … , *γ<sup>n</sup>* be generators of **F**<sup>∗</sup> *<sup>p</sup>* . We consider finite field of order 17 (i.e. **F**17), since the chosen value of *p* ¼ 17 with respect to the value of *l* take previously. Now to determine the generators of cyclic group **F**<sup>∗</sup> 17. The detail procedure to obtain the generator of **F**<sup>∗</sup> <sup>17</sup> has been depicted in Algorithm 2. If *G*<sup>17</sup> is a set that contain all the generator of **F**<sup>∗</sup> 17, we could get elements of *G*<sup>17</sup> as f3, 5, 6, 7, 10, 11, 12, 14g.

**Algorithm 2** Determination of generators of **F**<sup>∗</sup> *p* .

1: Declare integer variable *p*, count 2: Declare integer array *arr***F***p*½ � *p* , *arr***F***pflag p*½ � 3: **for** *i* ¼ 1 to *p* � 1 **do** 4: *arr***F***p*½�¼*i i*, *arr***F***pflag i*½�¼ 0 5: **end for** 6: Declare integer array *arr***G***p*½ � *max* 7: Declare integer variable *flag* ¼ 0, *r*, *γ* 8: **for** *i* ¼ 1 to *p* � 1 **do** 9: count = 0 10: **for** *f* ¼ 1 to *p* � 1 **do** 11: *arr***F***pflag f*½ �¼ 0 12: **end for** 13: *γ* ¼ *arr***F***p*½ �*i*

*A Public Key Cryptosystem Using Cyclotomic Matrices DOI: http://dx.doi.org/10.5772/intechopen.101105*


### **3.4 Generation of cyclotomic matrices**

This subsection, present an algorithm for the generation of cyclotomic matrices of order 2*l* 2 . Note that entries of cyclotomic matrices are solutions of (1). Thus we need the generator of the cyclic group **F**<sup>∗</sup> *<sup>p</sup>* , which is discussed in the previous subsection. On substituting the generators of **F**<sup>∗</sup> *<sup>p</sup>* in Algorithm 3, we obtain the cyclotomic matrices of order 2*l* <sup>2</sup> corresponding to different generators of **F**<sup>∗</sup> *<sup>p</sup>* . The chosen value of *p* ¼ 17 implies *k* ¼ 2 w.r.t. assume value of *l* ¼ 2. Therefore the cyclotomic matrix will be obtain from **Table 2**. Let us choose a generator (say *γ*<sup>1</sup> ¼ 3) from set *G*17. On substituting *γ*<sup>1</sup> ¼ 3 in Algorithm 3, it will generate cyclotomic matrix of order 8 over **F**<sup>17</sup> w.r.t. chosen generator *γ*<sup>1</sup> ¼ 3. Matrix *B*<sup>0</sup> show the corresponding cyclotomic matrix of order 8 w.r.t. chosen generator 3 ∈**F**<sup>∗</sup> 17.


**Algorithm 3** Generation of cyclotomic matrix.

3: Declare integer variable *p*, *l*, *k*, *γ*, *x*, *y*, *A*, *s*, *t*, *a*, *b*, *count* ¼ 0, *p*1, *p*<sup>2</sup>


<sup>1:</sup> INPUT: The value of *p*, *l*, *γ*

<sup>2:</sup> Declare an array *arr ROW* ½ �½ � *COL* (where elements are two tuple structure)


*Remark 3.1* It is noted that if we change the generator of **F**<sup>∗</sup> *<sup>p</sup>* , then entries of cyclotomic matrices get interchanged among themselves but their nature remains the same.

*Remark 3.2* It is obvious that (by (4)) cyclotomic matrices of order 2*l* <sup>2</sup> is always singular if the value of *k* ¼ 1.

## **4. The public-key cryptosystem**

In this section, we present the approach for designing a public key cryptosystem using cyclotomic matrices discussed in Section 3. The scheme employ matrices of order 2*l* 2 , whose entries are cyclotomic numbers of order 2*l* 2 . The public key is a non-trivial generator, say *γ*<sup>0</sup> of a set of generator in **F**<sup>∗</sup> *<sup>p</sup>* along with *p* and *l*. The set of generator is obtain by Algorithm 2. The chosen public keys generate a cyclotomic matrix as of required order (i.e. order of 2*l* 2 ) make use of Algorithm 3. Here, we define a trapdoor one-way function *ϕ* : **F**<sup>∗</sup> *<sup>p</sup>* ! **<sup>F</sup>**<sup>∗</sup> *<sup>p</sup>* as *ϕ*ð Þ¼ *r*<sup>0</sup> *log <sup>γ</sup>*<sup>0</sup> *γ*<sup>00</sup> ð Þ; *r*<sup>0</sup> ∈ *N* ! , *γ*<sup>0</sup> , *γ*<sup>00</sup> are non-trivial generators of **F**<sup>∗</sup> *<sup>p</sup>* . Thus, the secret key are the values of *p*, *l*, *γ*<sup>00</sup> & *r*0. To encrypt a message, define composition of matrix as *M*2*<sup>l</sup>* <sup>2</sup> ð Þ! *A* ∗ *B M*2*<sup>l</sup>* <sup>2</sup> ð Þ *C* , where *A* is a message block matrix, *B* is a cyclotomic matrix w.r.t. *γ*<sup>0</sup> ∈**F**<sup>∗</sup> *<sup>p</sup>* and *C* is the ciphertext matrix. Other way one can define *M*2*<sup>l</sup>* <sup>2</sup> ð Þ! *B* ∗ *A M*2*<sup>l</sup>* <sup>2</sup> ð Þ *C* . Therefore, the length of the ciphertext in CAC is equal to 2*l* 2 .

To decrypt a message, an algorithm is required to expand the secret keys provided by the secret values. Therefore, the Algorithm 4 is utilized for this purpose.


The main purpose, to utilize the above algorithm is to construct a non-singular cyclotomic matrix of order 2*l* <sup>2</sup> w.r.t. non-trivial generator *<sup>γ</sup>*<sup>00</sup> (*γ*<sup>00</sup> 6¼ *<sup>γ</sup>*<sup>0</sup> ) in **F**<sup>∗</sup> *<sup>p</sup>* . Now to decrypt the message, we define inverse composition relation of matrices, which is *M*2*<sup>l</sup>* <sup>2</sup> ð Þ! *C*∗ *Z M*2*<sup>l</sup>* <sup>2</sup> ð Þ *A* , where matrix *Z* is obtain by some efficient algebraic

computation of matrix. Other way one can define *M*2*<sup>l</sup>* <sup>2</sup> ð Þ! *Z* ∗*C M*2*<sup>l</sup>* <sup>2</sup> ð Þ *A* respectively.
