On new multivariate cryptosystems based on hidden Eulerian equations over finite fields

We propose new multivariate cryptosystems over $n$-dimensional vector space over a finite field $F_q$ based on idea of hidden discrete logarithm problem for ${F^*}_q$. These cryptosystems are based on hidden eulerian equations $x^{\alpha}=a$, $(\alpha, q-1)=1$. The method is based on the idea of Eulerian transformations, which allow us to use asymmetric algorithms based on families of nonlinear multiplicatively injective maps of prescribed polynomial density and flexible degree

On new multivariate cryptosystems based on hidden Eulerian equations

We propose new multivariate cryptosystems over an n-dimensional free module over the arithmetical ring Zm based on the idea of hidden discrete logarithm for Z*m. These cryptosystems are based on the hidden Eulerian equations. If m is a “sufficiently large” product of at least two large primes, then the solution of the equation is hard without knowledge of the decomposition of m. In the Postquantum Era, one can solve the factorization problem for m and the discrete logarithm problem for Z*m. However, it does not lead to the straightforward break of such cryptosystem, because of the parameter is unknown. Some examples of such cryptosystems were already proposed. We define their modifications and generalizations based on the idea of Eulerian transformations, which allow us to use asymmetric algorithms based on families of nonlinear multiplicatively injective maps with prescribed polynomial density and degree bounded by constant.Подано нові криптосистеми від багатьох змінних, визначені на n-вимірному вільному модулі над арифметичним кільцем лишків Zm, що грунтується на ідеї прихованого дискретного логарифма. Такі криптосистеми базуються на прихованих рівняннях Ейлера x^α = a,(α, m) =1. Якщо m є достатньо великим добутком щонайменше двох великих простих чисел, то розв’язок рівняння являє собою важкорозв’язну задачу за умови, що розклад числа m на дільники невідомий. У постквантову епоху задача факторизації розв’язується за поліноміальний час. Цей факт не призводить до безпосереднього зламу такої криптосистеми, тому що параметр α невідомий. Деякі приклади таких криптосистем розглядалися раніше. Запропоновано їх модифікації та узагальнення, які дають можливість використовувати асиметричні алгоритми, що базуються на родинах мультиплікативно ін’єктивних відображень із наперед заданою поліноміальною щільністю та степенем, обмеженим сталою.Представлены новые криптосистемы от многих переменных, определенные на n-мерном свободном модуле над арифметическим кольцом вычетов Zm, основанном на идее скрытого дискретного логарифма. Эти криптосистемы основываются на скрытых уравнениях Эйлера x^α = a,(α, m) =1. Если m является достаточно большим произведением двух или более больших простых чисел, то решение уравнения составляет труднорешаемую задачу при условии, что разложение числа m на делители неизвестно. В постквантовую эру задачу факторизации можно решить за полиномиальное время. Этот факт не приводит к непосредственному взлому такой криптосистемы, так как параметр α неизвестен. Некоторые примеры таких криптосистем рассматривались раньше. Предложены их модификации и обобщения, которые позволяют использовать асимметричные алгоритмы, базирующиеся на семьях мультипликативно инъективных отображений с наперед заданной полиномиальной плотностью и степенью, ограниченной константой

On semigroups of multiplicative Cremona transformations and new solutions of Post Quantum Cryptography.

Noncommutative cryptography is based on the applications of algebraic structures like noncommutative groups, semigroups and noncommutative rings. Its intersection with Multivariate cryptography contains studies of cryptographic applications of subsemigroups and subgroups of affine Cremona semigroups defined over finite commutative ring K. We consider special semigroups of transformations of the variety (K*)^n, K=F_q or K=Z_m defined via multiplications of variables. Efficiently computed homomorphisms between such subsemigroups can be used in Post Quantum protocols schemes and their inverse versions when correspondents elaborate mutually inverse transformations of (K*)n. The security of these schemes is based on a complexity of decomposition problem for element of the semigroup into product of given generators. So the proposed algorithms are strong candidates for their usage in postquantum technologies

On semigroups of multivariate transformations constructed in terms of time dependent linguistic graphs and solutions of Post Quantum Multivariate Cryptography.

Time dependent linguistic graphs over abelian group H are introduced. In the case $H=K*$ such bipartite graph with point set $P=H^n$ can be used for generation of Eulerian transformation of $(K*)^n$, i.e. the endomorphism of $K[x_1, x_2,… , x_n]$ sending each variable to a monomial term. Subsemigroups of such endomorphisms together with their special homomorphic images are used as platforms of cryptographic protocols of noncommutative cryptography. The security of these protocol is evaluated via complexity of hard problem of decomposition of Eulerian transformation into the product of known generators of the semigroup. Nowadays the problem is intractable one in the Postquantum setting. The symbiotic combination of such protocols with special graph based stream ciphers working with plaintext space of kind $K^m$ where $m=n^t$ for arbitrarily chosen parameter $t$ is proposed. This way we obtained a cryptosystem with encryption/decryption procedure of complexity $O(m^{1+2/t})$

On Extremal Algebraic Graphs and Multivariate Cryptosystems

Multivariate rule x_i -> f_i, i = 1, 2, ..., n, f_i from K[x_1, x_2, ..., x_n] over commutative ring K defines endomorphism σ_n of K[x_1, x_2, ..., x_n] into itself given by its values on variables x_i. Degree of σ_n can be defined as maximum of degrees of polynomials f_i. We say that family σ_n, n = 2, 3, .... has trapdoor accelerator ^nT if the knowledge of the piece of information ^nT allows to compute reimage x of y = σ_n(x) in time O(n^2). We use extremal algebraic graphs for the constructions of families of automorphisms σ_n with trapdoor accelerators and (σ_n)^{−1} of large order. We use these families for the constructions of new multivariate public keys and protocol based cryptosystems of El Gamal type of Postquantum Cryptography. Some of these cryptosystems use as encryption tools families of endomorphisms σn of unbounded degree such that their restriction on the varieties (K^∗)^n are injective. As usual K^∗ stands for the multiplicative group of commutative ring K with the unity. Spaces of plaintexts and ciphertexts are (K^∗)^n and K^n. Security of such cryptosystem of El Gamal type rests on the complexity of word decomposition problem in the semigroup of Eulerian endomorphisms of K[x_1, x_2; ... , x_n]

On new multivariate cryptosystems with nonlinearity gap

The pair of families of bijective multivariate maps of kind Fn and Fn⁻¹ on affine space Kⁿ over finite commutative ring K given in their standard forms has a nonlinearity gap if the degree of Fn is bounded from above by independent constant d and degree of F⁻¹ is bounded from below by cⁿ, c>1. We introduce examples of such pairs with invertible decomposition Fn=Gn¹Gn²…Gnk, i.e. the decomposition which allows to compute the value of Fⁿ⁻¹ in given point p=(p1,p2,…,pn) in a polynomial time O(n²). The pair of families Fn, F′n of nonbijective polynomial maps of affine space Kn such that composition FnF′n leaves each element of K∗n unchanged such that deg(Fn) is bounded by independent constant but deg(F′n) is of an exponential size and there is a decomposition Gn¹Gn²…Gnk of Fn which allows to compute the reimage of vector from F(K*ⁿ) in time 0(n²). We introduce examples of such families in cases of rings K=Fq and K=Zm

On affine Cremona semigroups, corresponding protocols of Non-commutative Cryptography and encryption with several nonlinear multivariate transformations on secure Eulerian mode.

We suggest new applications of protocols of Non-commutative cryptography defined in terms of subsemigroups of Affine Cremona Semigroups over finite commutative rings and their homomorphic images to the constructions of possible instruments of Post Quantum Cryptography. This approach allows to define cryptosystems which are not public keys. When extended protocol is finished correspondents have the collision multivariate transformation on affine space K ^n or variety (K*)^n where K is a finite commutative ring and K* is nontrivial multiplicative subgroup of K . The security of such protocol rests on the complexity of word problem to decompose element of Affine Cremona Semigroup given in its standard form into composition of given generators. The collision map can serve for the safe delivery of several bijective multivariate maps F_i (generators) on K^n (or (K*)^n) from one correspondent to another. So asymmetric cryptosystem with nonpublic multivariate generators where one side (Alice) knows inverses of F_i but other does not have such a knowledge is possible. We consider the usage of single protocol or combinations of two protocols with platforms of different nature. The usage of two protocols with the collision spaces K^n and (K*)^n allows safe delivery of two sets of generators of different nature. In terms of such sets we define an asymmetric encryption scheme with the plainspace (K*)^n, cipherspace K^n and multivariate non-bijective encryption map of unbounded degree O(n) and polynomial density on K^n with injective restriction on (K*)^n. Algebraic cryptanalysis faces the problem to interpolate a natural decryption transformation which is not a map of polynomial density

On Multivariate Algorithms of Digital Signatures of Linear Degree and Low Density.

Multivariate cryptography studies applications of endomorphisms of K[x_1, x_2, …, x_n] where K is a finite commutative ring. The importance of this direction for the construction of multivariate digital signature systems is well known. We suggest modification of the known digital signature systems for which some of cryptanalytic instruments were found . This modification prevents possibility to use recently developed attacks on classical schemes such as rainbow oil and vinegar system, and LUOV. Modification does not change the size of hashed messages and size of signatures. Basic idea is the usage of multivariate messages of unbounded degree and polynomial density for the construction of public rules. Modified algorithms are presented for standardization and certification studies

On Multivariate Algorithms of Digital Signatures Based on Maps of Unbounded Degree Acting on Secure El Gamal Type Mode.

Multivariate cryptography studies applications of endomorphisms of K[x_1, x_2, …, x_n] where K is a finite commutative ring given in the standard form x_i →f_i(x_1, x_2,…, x_n), i=1, 2,…, n. The importance of this direction for the constructions of multivariate digital signatures systems is well known. Close attention of researchers directed towards studies of perspectives of quadratic rainbow oil and vinegar system and LUOV presented for NIST postquantum certification. Various cryptanalytic studies of these signature systems were completed. Recently some options to modify theses algorithms as well as all multivariate signature systems which alow to avoid already known attacks were suggested. One of the modifications is to use protocol of noncommutative multivariate cryptography based on platform of endomorphisms of degree 2 and 3. The secure protocol allows safe transfer of quadratic multivariate map from one correspondent to another. So the quadratic map developed for digital signature scheme can be used in a private mode. This scheme requires periodic usage of the protocol with the change of generators and the modification of quadratic multivariate maps. Other modification suggests combination of multivariate map of unbounded degree of size O(n) and density of each f_i of size O(1). The resulting map F in its standard form is given as the public rule. We suggest the usage of the last algorithm on the secure El Gamal mode. It means that correspondents use protocols of Noncommutative Cryptography with two multivariate platforms to elaborate safely a collision endomorphism G: x_i → g_i of linear unbounded degree such that densities of each gi are of size O(n^2). One of correspondents generates mentioned above F and sends F+G to his/her partner. The security of the protocol and entire digital signature scheme rests on the complexity of NP hard word problem of finding decomposition of given endomorphism G of K[x_1,x_2,…,x_n ] into composition of given generators 1^G, 2^G, …t^G, t>1 of the semigroup of End(K[x_1 ,x_2 ,…,x_n]). Differently from the usage of quadratic map on El Gamal mode the case of unbounded degree allows single usage of the protocol because the task to approximate F via interception of hashed messages and corresponding signatures is unfeasible in this case

On Multivariate Algorithms of Digital Signatures Based on Maps of Unbounded Degree Acting on Secure El Gamal Type Mode

Multivariate cryptography studies applications of endomorphisms of K[x1 x2, …, xn] where K is a finite commutative ring given in the standard form xi →f1 (x1, x2,…, xn), i=1, 2,…, n. The importance of this direction for the constructions of multivariate digital signatures systems is well known. Close attention of researchers directed towards studies of perspectives of efficient quadratic unbalanced rainbow oil and vinegar system (RUOV) presented for NIST postquantum certification. Various cryptanalytic studies of these signature systems were completed. During Third Round of NIST standardisation projects ROUV digital signature system were rejected. Recently some options to seriously modify theses algorithms as well as all multivariate signature systems which alow to avoid already known attacks were suggested. One of the modifications is to use protocol of noncommutative multivariate cryptography based on platform of endomorphisms of degree 2 and 3. The secure protocol allows safe transfer of quadratic multivariate map from one correspondent to another. So the quadratic map developed for digital signature scheme can be used in a private mode. This scheme requires periodic usage of the protocol with the change of generators and the modification of quadratic multivariate maps. Other modification suggests combination of multivariate map of unbounded degree of size O(n) and density of each fi of size O(1). The resulting map F in its standard form is given as the public rule. We suggest the usage of the last algorithm on the secure El Gamal mode. It means that correspondents use protocols of Noncommutative Cryptography with two multivariate platforms to elaborate safely a collision endomorphism G: xi → gi of linear unbounded degree such that densities of each gi are of size O(n2 ). One of correspondents generates mentioned above F and sends F+G to his/her partner. The security of the protocol and entire digital signature scheme rests on the complexity of NP hard word problem of finding decomposition of given endomorphism G of K[x1,x2,…,xn] into composition of given generators 1G, 2G, …tG, t>1 of the semigroup of End(K[x1,x2,…,xn]). Differently from the usage of quadratic map on El Gamal mode the case of unbounded degree allows single usage of the protocol because the task to approximate F via interception of hashed messages and corresponding signatures is unfeasible in this case