Table A5.

Elementary matrices for Oð Þ 2l þ 1; k .

Step 2: There are two possibilities. One, the diagonal matrix A is of full rank, and two, the diagonal matrix A is of rank r less than l. This is clearly

Row operations Column operations

�jth↦ � jth þ tð Þ �i th row �ith↦ � ith þ tð Þ �j th column

jth↦jth þ tð Þ �i th row �jth↦ � jth þ tith column

�jth↦ � jth þ tith row ith↦ith þ tð Þ �j th column

with a sign change in the ith row with a sign change in the ith column

ER1 ith↦ith þ tjth row EC1 jth↦jth þ tith column

ER2 ith↦ith þ tð Þ �j th row EC2 �ith↦ � ith þ tjth column

ER3 �ith↦ � ith þ tjth row EC3 jth↦jth þ tð Þ �i th column

ER1a ith↦ith þ tð Þ �i th row EC1a �ith↦ � ith þ tith column ER2a �ith↦ � ith þ tith row EC2a ith↦ith þ tð Þ �i th column wi Interchange ith and (�i)th rows Interchange ith and (�i)th columns

Step 3: Make r rows of C, corresponding to the non-zero entries in the diagonal of A zero by using ER3. If r ¼ l, we have C as zero matrix. If not let us assume

g. We do this for all zero rows in A. The new C is a zero matrix. We claim that the new A must have a full rank. This follows from Equation A.1; in particular

TCBþTAD <sup>¼</sup> Il. If <sup>C</sup> is zero matrix, then <sup>A</sup> is invertible. Now make <sup>A</sup> <sup>a</sup> diagonal matrix by using Step 1. Then one can make A a matrix of the form diag 1ð Þ ; …; 1; λ , where λ∈k� using ER1 ([18], Proposition 6.2). Once A is diagonal and <sup>C</sup> a zero matrix, the equation TCBþTAD <sup>¼</sup> Il makes <sup>D</sup> a diagonal

Step 4: Use ER2 to make B a zero matrix. The matrix g becomes a diagonal

Step 5: (Only for symplectic groups) Reduce the λ to 1 using Lemma A.1.

Lemma A.1 For Sp 2ð Þ <sup>l</sup>; <sup>k</sup> , the element diag 1; …; <sup>1</sup>; <sup>λ</sup>; <sup>1</sup>; …; <sup>1</sup>; <sup>λ</sup>�<sup>1</sup> is a product of

Remark A.1 As we saw in the above algorithm, we will have to interchange ith and

th rows for i <sup>¼</sup> <sup>1</sup>, <sup>2</sup>, …, l. This can be done by pre-multiplying with a suitable matrix. Let I be the 2l � 2l identity matrix over k. To swap ith and �ith row in Oþð Þ 2l; k , swap ith and �ith rows in the matrix I. We will call this matrix wi. It is easy to see that this matrix wi is in Oþð Þ 2l; k and is of determinant �1. Pre-multiplying with wi

In the case of symplectic group Sp 2ð Þ l; k , we again swap two rows ith and �ith in I. However we do a sign change in the ith row and call it wi. Simple computation with our chosen β shows that the above matrices are in Oþð Þ 2l; k and Sp 2ð Þ l; k ,

ð Þ¼ <sup>I</sup> <sup>þ</sup> <sup>λ</sup>el,�<sup>l</sup> <sup>I</sup> � el,l � <sup>e</sup>�l,�<sup>l</sup> <sup>þ</sup> <sup>λ</sup>el,�<sup>l</sup> � <sup>λ</sup>�<sup>1</sup>

th row with the �<sup>i</sup>

th row in

e�l,l and denote it

identifiable by looking for zeros in the diagonal of A.

that ith row is zero in A. Then we interchange the i

matrix of full rank.

The row-column operations for symplectic groups.

Modern Cryptography – Current Challenges and Solutions

matrix of the form

elementary matrices. Proof. Observe that

Table A4.

ð Þ <sup>I</sup> <sup>þ</sup> <sup>λ</sup>el,�<sup>l</sup> <sup>I</sup> � <sup>λ</sup>�<sup>1</sup>

respectively.

�i

106

diag 1; …; 1; λ; 1; …; 1; λ�<sup>1</sup> , where λ∈ k�.

by wlð Þλ , and then the diagonal element is wlð Þλ wlð Þ �1 .

e�l,l

does the row interchange we are looking for.

$$\mathbf{x}\_{i}\mathbf{w}\_{i} = \mathbf{x}\_{0,i}(-\mathbf{1})\mathbf{x}\_{i,0}(\mathbf{1})\mathbf{x}\_{0,i}(-\mathbf{1}) = I - \mathbf{2}\mathbf{e}\_{0,0} - \mathbf{e}\_{i,i} - \mathbf{e}\_{-i,-i} - \mathbf{e}\_{i,-i} - \mathbf{e}\_{-i,i}.$$

The Gaussian elimination algorithm for O 2ð Þ l þ 1; k follows the earlier algorithm for symplectic and even-orthogonal group closely, except that we need to take care of the zero row and the zero column. We write an element g ∈ Oð Þ 2l þ 1; k as

g ¼ α X Y EAB FCD 0 B@ 1 CA, where A, B, C, and <sup>D</sup> are <sup>l</sup> � <sup>l</sup> matrices, <sup>X</sup> and <sup>Y</sup> are 1 � <sup>l</sup> matri-

ces, E and F are l � 1 matrices, α∈ k and β ¼ 200 0 0 Il 0 Il 0 0 B@ 1 CA. Then from the condi-

tion Tgβ<sup>g</sup> <sup>¼</sup> <sup>β</sup>, we get the following relations:

$$\mathbf{2}^T \mathbf{X} \mathbf{X} + \mathbf{^T} \mathbf{A} \mathbf{C} + \mathbf{^T} \mathbf{C} \mathbf{A} = \mathbf{0} \tag{A.2}$$

A.3.2 Gaussian elimination for O 2ð Þ l þ 1; k

DOI: http://dx.doi.org/10.5772/intechopen.84663

1. If r ¼ l then C becomes zero matrix.

A ¼ diag 1ð Þ ; …; 1; λ , where λ∈k�.

Relation A.4 implies that Y becomes zero.

diag 1; …; <sup>1</sup>; <sup>λ</sup>; <sup>1</sup>; …; <sup>1</sup>; <sup>λ</sup>�<sup>1</sup> � � <sup>¼</sup> xl,�<sup>l</sup>ð Þ<sup>t</sup> <sup>x</sup>�l,l �<sup>t</sup>

groups O�ð Þ 2l; k

g ∈ O�ð Þ 2l; k is denoted as g ¼

and hence we can reduce the matrix g to identity.

A.4 Gaussian elimination in twisted orthogonal groups

0

B@

using wi so that the new C becomes a zero matrix.

Y as well.

lows:

109

rows of C zero.

Step 1: Use ER1 and EC1 to make A into a diagonal matrix, but in the process, it changes other matrices A, B, C, D, E, F, X, and Y. For the sake of notational convenience, we keep calling these changed matrices as A, B, C, D, E, F, X, and

The MOR Cryptosystem in Classical Groups with a Gaussian Elimination Algorithm…

Step 2: Now there will be two cases depending on the rank r of matrix A. The rank of A can be easily determined using the number of non-zero diagonal entries. Use ER3 and non-zero diagonal entries of A to make corresponding r

2. If r , l then interchange all zero rows of A with corresponding rows of C

Qgv ð Þ¼ ð Þ Q vð Þ if char(k) is even guarantees that X becomes zero. Relation A.5 guarantees that A has full rank l which also makes D a diagonal with full rank l. Thus Relation A.3 shows that F becomes zero as well. Then use Step 1 to reduce

Step 3: Now if char(k) is even, then Relation A.4 guarantees that E becomes zero as well. If char(k) is odd, then use ER4 to make E a zero matrix. Step 4: Use ER2 to make B a zero matrix. For char(k) even the relation Qgv ð Þ¼ ð Þ Q vð Þ guarantees that Y is a zero matrix, and for char(k) odd

Remark A.4 Let k be a perfect filed of characteristics 2. Note that we can write the diagonal matrix diag 1; …; 1; λ; 1; …; 1; λ�<sup>1</sup> � � as a product of elementary matrices as fol-

In this section we present a Gaussian elimination algorithm for twisted orthogonal groups. The size of the matrix is even; the bilinear form used is c<sup>0</sup> from Section 3.

A.4.1 Elementary matrices (Chevalley generators) for twisted orthogonal

In this section, we describe row-column operations for twisted Chevalley groups. These groups are also known as the Steinberg groups. An element

ð Þ� l � 1 ð Þ l � 1 matrices, X and Y are 2 � ð Þ l � 1 matrices, E and F are ð Þ� l � 1 2 matrices, and A<sup>0</sup> is a 2 � 2 matrix. In the Gaussian elimination algorithm that we discuss, we reduce X, Y, E, F, B, and C to zero and A and D to diagonal matrices.

1

A<sup>0</sup> X Y E AB F CD

�<sup>1</sup> ð Þxl,�<sup>l</sup>ð Þ<sup>t</sup> , where <sup>t</sup>

CA, where A, B, C, and <sup>D</sup> are

<sup>2</sup> <sup>¼</sup> <sup>λ</sup>,

Thus the matrix g reduces to diagð Þ �1; 1; …; λ; 1; …; λ , where λ∈k�.

Once C becomes zero, note that Relation A.2 if char(k) is odd or Relation

$$\mathbf{2}a^T \mathbf{X} + \mathbf{^T} \mathbf{A} \mathbf{F} + \mathbf{^T} \mathbf{C} \mathbf{E} = \mathbf{0} \tag{\text{A.3}}$$

$$2aY + ^TED + ^FFB = 0\tag{A.4}$$

$$\mathbf{2}^T \mathbf{X} \mathbf{Y} + \mathbf{^T} \mathbf{A} \mathbf{D} + \mathbf{^T} \mathbf{C} \mathbf{B} = I\_l \tag{A.5}$$

Let us note the effect of multiplying g by elementary matrices (Table A6).


#### Table A6.

The row-column operations for Oð Þ 2l þ 1; k .

The MOR Cryptosystem in Classical Groups with a Gaussian Elimination Algorithm… DOI: http://dx.doi.org/10.5772/intechopen.84663
