Encryption:

To encrypt a plaintext <sup>M</sup><sup>∈</sup> <sup>G</sup>, get an arbitrary integer r<sup>∈</sup> ½ � <sup>1</sup>; <sup>j</sup>G<sup>j</sup> and compute <sup>g</sup><sup>r</sup> and grm. The ciphertext is g<sup>r</sup> ;Mgrm ð Þ.

The obvious question is: what are the right groups for the MOR cryptosystem? In this chapter, we pursue a study of the MOR cryptosystem using finite Chevalley

This chapter studies the MOR cryptosystem for orthogonal and symplectic groups over a field of odd characteristics. As we discussed before, MOR cryptosystem is presented as action on generators of the group. Then to use an automorphism on an arbitrary element, one has to solve the word problem in that group with

The generators and the Gaussian elimination algorithm to solve the word prob-

Let V be a vector space of dimension d over a field K of odd characteristic. Let β : V � V ! K be a bilinear form. By fixing a basis of V, we can associate a matrix to β. We shall abuse the notation slightly and denote the matrix of the bilinear form by <sup>β</sup> itself. Thus <sup>β</sup>ð Þ¼ <sup>x</sup>; <sup>y</sup> Txβy, where x, y are column vectors. We will work with non-degenerate bilinear forms and that means detβ 6¼ 0. A symmetric or skew-

Definition 3.1 (Orthogonal group). A square matrix X of size d is called orthogonal if TXβ<sup>X</sup> <sup>¼</sup> <sup>β</sup>, where <sup>β</sup> is symmetric. It is well known that the orthogonal matrices form a

Definition 3.2 (Symplectic group). A square matrix X of size d is called symplectic

We write the dimension of V as d ¼ 2l þ 1 or d ¼ 2l for l ≥1. We fix a basis and

1, � 1, 2, …, l, � 2, …, � l for split and twisted forms, respectively. We consider the

a: The odd-orthogonal group. The form β is symmetric with d ¼ 2l þ 1 and

b: The symplectic group. The form β is skew-symmetric with d ¼ 2l and

c: The split orthogonal group. The form β is symmetric with d ¼ 2l and

: The twisted orthogonal group. The form β is symmetric with d ¼ 2l and

where I<sup>l</sup> is the identity matrix of size l over K and for a fixed non-square ϵ∈ K,

if TXβ<sup>X</sup> <sup>¼</sup> <sup>β</sup>, where <sup>β</sup> is skew-symmetric. And the set of symplectic matrices form a

index it by 0, 1, …, l, � 1, …, � l in the odd dimension, and in the case of even dimension where there are two non-degenerate symmetric bilinear forms up to

groups of classical type, in particular, orthogonal and symplectic groups.

The MOR Cryptosystem in Classical Groups with a Gaussian Elimination Algorithm…

3. Description of automorphisms of classical groups

lem are described in Appendix A. We will be very brief here.

symmetric bilinear form <sup>β</sup> satisfies <sup>β</sup>¼<sup>T</sup><sup>β</sup> or <sup>β</sup> ¼ �<sup>T</sup>β, respectively.

equivalence, we index the bases by 1, 2, …, l, � 1, � 2, …, � l and

non-degenerate bilinear forms β on V given by the following matrices:

respect to that set of generators.

DOI: http://dx.doi.org/10.5772/intechopen.84663

group known as the orthogonal group.

β<sup>0</sup> 0 0 0 0 Il�<sup>1</sup> 0 Il�<sup>1</sup> 0

1

CA,

1

CA.

symplectic group.

β ¼

c0

β ¼

<sup>β</sup><sup>0</sup> <sup>¼</sup> 1 0 0 ϵ � �.

89

0

B@

<sup>β</sup> <sup>¼</sup> <sup>0</sup> Il �Il 0 � �.

<sup>β</sup> <sup>¼</sup> <sup>0</sup> Il Il 0 � �.

0

B@

### Decryption:

After receiving the ciphertext g<sup>r</sup> ;Mgrm ð Þ, the user uses the private-key m. So she computes gmr from g<sup>r</sup> and then computes M.

It is well known that the hardness of the ElGamal cryptosystem is equivalent to the Diffie-Hellman problem ([12], Proposition 2.10).

#### 2.2 The MOR cryptosystem

In the case of the MOR cryptosystem, one works with the automorphism group of a group. An automorphism group can be defined on any algebraic structure, and subsequently a MOR cryptosystem can also be defined on that automorphism group; however, in this chapter we restrict ourselves to finite groups. Furthermore, we look at classical groups defined by generators and automorphisms that are defined as actions on those generators.

Let G ¼ g1; g2; …; gs be a finite group. Let ϕ be a non-identity automorphism.


#### Encryption:

To encrypt a plaintext <sup>M</sup><sup>∈</sup> <sup>G</sup>, get an arbitrary integer r<sup>∈</sup> ½ � <sup>1</sup>; <sup>j</sup>ϕ<sup>j</sup> and compute <sup>ϕ</sup><sup>r</sup> and ϕrm. The ciphertext is ϕ<sup>r</sup> ; <sup>ϕ</sup> ð Þ rmð Þ <sup>M</sup> .

#### Decryption:

After receiving the ciphertext ϕ<sup>r</sup> ; <sup>ϕ</sup> ð Þ rmð Þ <sup>M</sup> , the user knows the private-key m. So she computes ϕmr from ϕ<sup>r</sup> and then computes M.

Theorem 2.1 The hardness to break the above MOR cryptosystem is equivalent to the Diffie-Hellman problem in the group h i ϕ .

Proof. It is easy to see that if one can break the Diffie-Hellman problem, then one can compute ϕmr from ϕ<sup>m</sup> in the public-key and ϕ<sup>r</sup> in the ciphertext. This breaks the system.

On the other hand, observe that the plaintext is <sup>ϕ</sup>�mr <sup>ϕ</sup>ð Þ mrð Þ <sup>M</sup> . Assume that there is an oracle that can break the MOR cryptosystem, i.e., given ϕ, ϕ<sup>m</sup> and a plaintext <sup>ϕ</sup><sup>r</sup> ð Þ ; <sup>g</sup> will deliver <sup>ϕ</sup>�mrð Þ<sup>g</sup> . Now we query the oracle <sup>s</sup> times with the public-key and the ciphertext ϕ<sup>r</sup> ; gi for <sup>i</sup> <sup>¼</sup> <sup>1</sup>, <sup>2</sup>, …, s. From the output, one can easily find ϕmr gi for <sup>i</sup> <sup>¼</sup> <sup>1</sup>, <sup>2</sup>, …, s. So we just witnessed that for <sup>ϕ</sup><sup>m</sup> and <sup>ϕ</sup><sup>r</sup> , one can compute ϕmr using the oracle. This solves the Diffie-Hellman problem.

In a practical implementation of a MOR cryptosystem, there are two things that matter the most.

a: The number of generators. As we saw that the automorphism ϕ is presented as action on generators. Larger the number of generators, bigger is the size of the public key.

b: Efficient algorithm to solve the word problem. This means that given G ¼ g1; g2; …; gs and g ∈ G, is there an efficient algorithm to write g as word in g1, g2, …, gs ? The reason of this importance is immediate—the automorphisms are presented as action on generators, and if one has to compute ϕð Þg , then the word problem must be solved.

The MOR Cryptosystem in Classical Groups with a Gaussian Elimination Algorithm… DOI: http://dx.doi.org/10.5772/intechopen.84663

The obvious question is: what are the right groups for the MOR cryptosystem? In this chapter, we pursue a study of the MOR cryptosystem using finite Chevalley groups of classical type, in particular, orthogonal and symplectic groups.
