A.4.2 The Gaussian elimination algorithm for O�ð Þ 2l; k


The MOR Cryptosystem in Classical Groups with a Gaussian Elimination Algorithm… DOI: http://dx.doi.org/10.5772/intechopen.84663

Step 7: Using elementary matrix xA<sup>0</sup> , we can reduce g to diag I2; 1; …; λ; 1; …; λ�<sup>1</sup> � �.

Lemma A.2 Let k be a field of characteristics 2 and let g ¼ A<sup>0</sup> X Y E AB F 0 D 0 B@ 1 CA, where

A ¼ diag 1ð Þ ; 1; …; 1; λ , be an element of O�ð Þ 2l; k then X ¼ 0.

Proof. Let e1;e�1;e2; …;el f g ;e�2; …;e�<sup>l</sup> be the standard basis of the vector space V. Recall that for a column vector x ¼ x1; x�1; x2; …; xl ð Þ ; x�2; …; x�<sup>l</sup> t , the action of the quadratic form <sup>Q</sup> is given by Q xð Þ¼ <sup>α</sup> <sup>x</sup><sup>2</sup> <sup>1</sup> <sup>þ</sup> <sup>x</sup><sup>2</sup> �1 � � <sup>þ</sup> <sup>x</sup>1x�<sup>1</sup> <sup>þ</sup> … <sup>þ</sup> xlx�l, where αt <sup>2</sup> <sup>þ</sup> <sup>t</sup> <sup>þ</sup> <sup>α</sup> is irreducible over k t½ �. By definition, for any <sup>g</sup> <sup>∈</sup> <sup>O</sup>�ð Þ <sup>2</sup>l; <sup>k</sup> , we have

$$\mathbf{Q}(\mathbf{g}(\mathbf{x})) = \mathbf{Q}(\mathbf{x}) \text{ for all } \mathbf{x} \in V. \text{ Let } \mathbf{X} = \begin{pmatrix} \mathfrak{x}\_{11} \cdots \mathfrak{x}\_{1(l-1)} \\ \mathfrak{x}\_{21} \cdots \mathfrak{x}\_{2(l-1)} \end{pmatrix} \text{ be a } \mathbf{2} \times (l-1) \text{ matrix. Com-1}$$

puting Qge ð Þ¼ ð Þ<sup>i</sup> Q eð Þ<sup>i</sup> for all 2≤<sup>i</sup> <sup>≤</sup>l, we can see that <sup>α</sup> <sup>x</sup><sup>2</sup> <sup>1</sup><sup>i</sup> <sup>þ</sup> <sup>x</sup><sup>2</sup> 2i � � <sup>þ</sup> <sup>x</sup>1ix2<sup>i</sup> <sup>¼</sup> 0. If x2<sup>i</sup> ¼ 0 then we can see that x1<sup>i</sup> ¼ 0. Suppose x2<sup>i</sup> 6¼ 0 for some i, then we rewrite the equation by dividing it by x2<sup>i</sup> as α <sup>x</sup>1<sup>i</sup> x2i � �<sup>2</sup> <sup>þ</sup> <sup>x</sup>1<sup>i</sup> x2i þ α ¼ 0, which is a contradiction to the fact that αt <sup>2</sup> <sup>þ</sup> <sup>t</sup> <sup>þ</sup> <sup>α</sup> is irreducible over k t½ �. Thus, <sup>x</sup>2<sup>i</sup> <sup>¼</sup> 0 for all 2 <sup>≤</sup>i<sup>≤</sup> <sup>l</sup> and hence X ¼ 0. •

#### A.5 Time complexity of the above algorithms

We establish that the worst-case time complexity of the above algorithm is O l <sup>3</sup> � �. We mostly count the number of field multiplications.


Step 4: This step has only a few operations that is independent of l.

Then clearly, the time complexity of our algorithm is O l <sup>3</sup> � �.

We have implemented the above algorithms in Magma [25]. For details of that implementation along with performance analysis of our algorithm, we refer to Bhunia et al. ([24], Section 8).

Note that any isometry <sup>g</sup> satisfies Tgβ<sup>g</sup> <sup>¼</sup> <sup>β</sup>. The main reason the following algorithm works is the closed condition Tgβ<sup>g</sup> <sup>¼</sup> <sup>β</sup> which gives the following

Step 1: Use ER1 and EC1 to make A into a diagonal matrix, but in the process, it changes other matrices A0, A, B, C, D, E, F, X, and Y. For the sake of notational convenience, we keep calling these changed matrices as A0, A, B, C, D, E, F, X,

Step 2: Now there will be two cases depending on the rank r of the matrix A. The rank of A can be easily determined by the number of non-zero diagonal

Step 3: Use ER3 and non-zero diagonal entries of A to make corresponding r

• If r , l � 1 then interchange all zero rows of A with corresponding rows of C

• Once <sup>C</sup> becomes zero one, can note that the relation TXβ0XþTCAþTAC <sup>¼</sup> <sup>0</sup>

is irreducible when charð Þk is even guarantees that X becomes zero. Then the relation TXβ0YþTCBþTAD <sup>¼</sup> Il�<sup>1</sup> guarantees that <sup>A</sup> has full rank <sup>l</sup> � <sup>1</sup>

TA0β0XþTFAþTEC <sup>¼</sup> 0 shows that <sup>F</sup> is zero. Now we diagonalize <sup>A</sup> again

Step 4: Use EC4 and EC6 when charð Þk is odd or use EC8 and EC9 when charð Þk is even to make <sup>E</sup> zero. Note that the relation TA0β0A0þTFEþTEF <sup>¼</sup> <sup>β</sup><sup>0</sup> shows that <sup>A</sup><sup>0</sup> is invertible. Thus the relation TA0β0YþTFBþTED <sup>¼</sup> 0 guarantees that

Step 6: Using the relation TA0β0A<sup>0</sup> <sup>¼</sup> <sup>β</sup>0, it is easy to check that <sup>A</sup><sup>0</sup> has the form

new g of the above form such that A<sup>0</sup> has determinant 1. Now using the elementary matrix <sup>x</sup>1ð Þ <sup>t</sup>; <sup>s</sup> , we can reduce <sup>g</sup> to diag <sup>I</sup>2; <sup>1</sup>; …; <sup>λ</sup>; <sup>1</sup>; …; <sup>λ</sup>�<sup>1</sup> .

. If the determinant of A<sup>0</sup> is �1, multiply g by x<sup>2</sup> to get

if charð Þk is odd or the relation Qgv ð Þ¼ ð Þ Q vð Þ and the fact that αt

which also makes D a diagonal with full rank, and the relation

Step 5: Use ER2 to make B a zero matrix. Thus the matrix g reduces to <sup>g</sup> <sup>¼</sup> diag <sup>A</sup>0; <sup>1</sup>; …; <sup>λ</sup>; <sup>1</sup>; …; <sup>λ</sup>�<sup>1</sup> . Now if charð Þ<sup>k</sup> is odd, then go to Step 6;

A.4.2 The Gaussian elimination algorithm for O�ð Þ 2l; k

Modern Cryptography – Current Challenges and Solutions

• If r ¼ l � 1 then C becomes zero matrix.

using wi, so that the new C becomes a zero matrix.

to the form diag 1ð Þ ; …; 1; λ , where λ∈k� as in Step 1.

TA0β0A0þTFEþTEF <sup>¼</sup> <sup>β</sup>0, (A.7)

TA0β0XþTFAþTEC <sup>¼</sup> <sup>0</sup>, (A.8)

TA0β0YþTFBþTED <sup>¼</sup> <sup>0</sup>, (A.9)

TXβ0XþTCAþTAC <sup>¼</sup> <sup>0</sup>, (A.10)

TXβ0YþTCBþTAD <sup>¼</sup> Il�<sup>1</sup>: (A.11)

<sup>2</sup> <sup>þ</sup> <sup>t</sup> <sup>þ</sup> <sup>α</sup>

relations:

and Y as well.

rows of C zero.

Y becomes zero.

t �ϵs s t 

112

otherwise go to Step 7.

or

t ϵs s �t 

entries.

Modern Cryptography – Current Challenges and Solutions

References

1(4):489-506

937-953

[1] Monico C, Maze G, Rosenthal J. A public key cryptosystem based on action by semigroups. In: Proceedings of IEEE

DOI: http://dx.doi.org/10.5772/intechopen.84663

Kilian J, editor. Crypto 2001. LNCS. Vol.

[10] Monico C. Cryptanalysis of matrixbased MOR system. Communications in

[11] Barbulescu R, Gaudry P, Joux A, Thome E. A heuristic quasi-polynomial algorithm for discrete logarithm in finite

[12] Hoffstein J, Pipher J, Silverman JH. An Introduction to Mathematical Cryptography. Springer; 2008

[13] Knus M-A, Merkurjev A, Rost M, Tignol J-P. The Book of Involutions (English Summary) with a Preface in French by J. Tits. Vol. 44. American Mathematical Society Colloquium

automorphisms of the classical groups with a supplement by Loo-Keng Hua. Memoirs of the American Mathematical

[15] Menezes AJ, Yi-Hong W. The discrete logarithm problem in GL (n, q).

Ars Combinatoria. 1997;47:23-32

groups. Canadian Journal of Mathematics. 1962;14:277-283

1957;84:392-400

Verlag; 1995

[16] Steinberg R. Generators of simple

[17] Ree R. On some simple groups defined by C. Chevalley. Transactions of the American Mathematical Society.

[18] Alperin JL, Bell RB. Groups and Representations. New York: Springer-

[19] Brooksbank P. Constructive recognition of classical groups in their

Publications; 1998

Society. 1951

[14] Dieudonne J. On the

fields of small characteristic. In: Eurocrypt2014. 2014. pp. 1-16

2139. Springer-Verlag; 2001.

Algebra. 2016;44:218-227

pp. 470-485

The MOR Cryptosystem in Classical Groups with a Gaussian Elimination Algorithm…

[2] Monico C, Maze G, Rosenthal J. Public key cryptography based on semigroup actions. Advances in

Mathematics of Communications. 2007;

[3] Climent J-J, Navarro PR, Tortosa L. An extension of the noncommutative Bergman's ring with a large number of noninvertible elements. Applicable Algebra in Engineering, Communication and Computing. 2014;25(5):347-361

[4] Grigoriev D, Kojevnikov A,

[6] Mahalanobis A. A simple generalization of the ElGamal

[7] Mahalanobis A. The MOR

an application to public-key cryptography. Journal of Algebra Combinatorics Discrete Structures and Applications. 2017;4(3):247-260

40(9):3583-3596

AMS; 2015. pp. 81-95

115

Nikolenko SJ. Algebraic cryptography: New constructions and their security against provable break. St. Petersburg Mathematical Journal. 2009;20(6):

[5] Roman'kov V. Two general schemes of algebraic cryptography. Groups-Complexity-Cryptology. 2019, to appear

cryptosystem to non-abelian groups II. Communications in Algebra. 2012;

cryptosystem and finite p-groups. In: Contemporary Mathematics. Vol. 633.

[8] Mahalanobis A, Singh A. Gaussian elimination in split unitary groups with

[9] Paeng S-H, Ha K-C, Kim JH, Chee S, Park C. New public key cryptosystem using finite non-Abelian groups. In:

International Symposium on Information Theory. 2002
