Next Article in Journal
The Symmetry of the Interior and Exterior of Schwarzschild and Reissner–Nordstrom Black Holes—Sphere vs. Cylinder
Previous Article in Journal
A Lightweight Android Malware Classifier Using Novel Feature Selection Methods
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Perfectly Secure Shannon Cipher Construction Based on the Matrix Power Function

by
Eligijus Sakalauskas
1,*,
Lina Dindienė
1,
Aušrys Kilčiauskas
2 and
Kȩstutis Lukšys
1
1
Department of Applied Mathematics, Kaunas University of Technology, 44249 Kaunas, Lithuania
2
Department of Informatics, Kauno kolegija/University of Applied Science, 50468 Kaunas, Lithuania
*
Author to whom correspondence should be addressed.
Symmetry 2020, 12(5), 860; https://doi.org/10.3390/sym12050860
Submission received: 1 April 2020 / Revised: 30 April 2020 / Accepted: 6 May 2020 / Published: 23 May 2020

Abstract

:
A Shannon cipher can be used as a building block for the block cipher construction if it is considered as one data block cipher. It has been proved that a Shannon cipher based on a matrix power function (MPF) is perfectly secure. This property was obtained by the special selection of algebraic structures to define the MPF. In an earlier paper we demonstrated, that certain MPF can be treated as a conjectured one-way function. This property is important since finding the inverse of a one-way function is related to an N P -complete problem. The obtained results of perfect security on a theoretical level coincide with the N P -completeness notion due to the well known Yao theorem. The proposed cipher does not need multiple rounds for the encryption of one data block and hence can be effectively parallelized since operations with matrices allow this effective parallelization.

1. Introduction

The modern design of block ciphers is based on the confusion–diffusion paradigm introduced by Claude Shannon ([1]). A direct implementation of the above paradigm is a substitution–permutation network (SPN), which is used for the block cipher construction when it is realized in multiple rounds, each of which uses a different sub-key derived from the original key. This procedure is used for every data block encryption when all data is divided into separate blocks.
One of the examples of the SPN realization for standardized symmetric block cipher creation is the Data Encryption Standard (DES) adoption in 1977 ([2]). The corresponding block cipher was proposed on this basis. In order to increase the security of the DES, which is only 64 bits key length (while real security relies on 56 bits key length), the Tripple DES (TDES) algorithm was adopted by the ANSI committee X9.F.1 in 1998. Since this algorithm was popular and widely used, some special recommendations were accepted for the Triple Data Encryption Algorithm (TDEA) to modify the block cipher in 2017 ([3]).
The other sound realization of the SPN is the design of a block cipher adopted as an Advanced Encryption Standard (AES) ([4]).
We have restricted our consideration to a single data block encryption using the confusion–diffusion paradigm. Then, this encryption can be considered as the Shannon cipher outlined in ([5]). If the Shannon cipher is proved to be secure under certain conditions, then, on that basis, a secure block cipher can be created. Hence, Shannon cipher can be interpreted as a building block for the block cipher construction. The security of the Shannon cipher is considered in the sense of perfect security which is directly related to the notion of pseudo-randomness ([5]).
Perfect security, which is formulated in Lemma 1 in Section 4, is the “gold standard” in cryptography. Many security proofs are based on the computational relaxation of perfect security. The alternative definition of perfect security states that an encryption scheme is perfectly secure if no adversary can succeed with a probability any better than one half. That is, an adversary cannot be able to distinguish the encryption of one plaintext from the encryption of another. It is called adversarial indistinguishability. On the other hand, adversarial indistinguishability is related to pseudo-randomness. If an encryption key is chosen randomly and uniformly from the key space, the ciphertext is pseudo-random and uniformly distributed on any message space.
Yao A., C. [6] revealed a fundamental relation between one-way functions (OWFs) and pseudo-random generators. Yao A., C. theorem states that pseudo-random generators exist if and only if OWFs exist ([6]). Hence the intriguing idea is to construct a computationally effective block cipher using the one-way function (OWF). According to this, if the OWFs do exist, then a ciphertext is pseudo-random. Until the century dilemma P vs. N P is not solved (and it is unclear if it can be ever solved) it is believed that N P -complete problems can be accepted as the conjectured OWFs.
The notion of pseudo-randomness plays a fundamental role in cryptography, in general, and in private-key encryption, in particular. Loosely speaking, a pseudo-random string is a string that looks like a uniformly distributed string, as long as the entity that is “looking” runs in a polynomial time. Just as indistinguishability can be viewed as a computational relaxation of perfect secrecy, pseudo-randomness is a computational relaxation of true randomness.
The main reason of a Shannon cipher construction on the base of the MPF is that the MPF can be interpreted as a conjectured OWF. This conjectured OWF based on the MPF was proposed earlier in our papers ( [7,8,9,10,11]) for some cryptographic protocol construction.
Some solutions of MPF application in a cryptographic function construction were proposed recently. In [12] the MPF is used for an asymmetric cipher construction, and in [13] for a digital signature algorithm. The MPF represents a class of non-commuting cryptography that is in the particular interest of a certain group of cryptographers. The linear algebra attack for cryptographic functions based on the MPF is presented in [14]. This attack was prevented in our subsequent paper [11].
In general, the MPF can be defined over different algebraic structures. [15] demonstrates that a conjectured OWF based on the MPF defined over a modified medial semigroup is N P -complete. Hence there is some evidence that the MPF could also be used for the block cipher construction.
This paper presents a Shannon cipher based on the matrix power function defined over the certainly-selected algebraic structures. The first result of a block cipher S-box construction using the MPF is published in [16].
The proof that Shannon cipher based on the MPF defined over the certainly-selected algebraic structures is perfectly secure is presented. A cipher with perfect secrecy is unconditionally secure against a ciphertext-only attack.
Thus far, the main trend of the block cipher construction used the number of rounds for one data block encryption to achieve a good confusion and diffusion, thus providing a required level of security. These rounds are performed sequentially and therefore there is no ability to parallelize computations.
The proposed Shannon cipher is realized in one round using matrix operations. The matrix operations in its turn can be effectively parallelized. So if we have two matrices of order n, then their addition, multiplication and powering matrix by matrix can be effectively performed using n (or integer fraction of n) parallel computations between n rows and n columns of operand matrices. In such a case, these computational results are the entries of a new matrix. Afterwards, obtained matrices are combined, forming a final matrix. Hence, the proposed Shannon cipher can be effectively realized in multiprocessor computation devices.

2. Mathematical Background

Conventionally the field of integers with additive and multiplication operations modulo 3 is denoted by Z 3 ={0,1,2}. Subset of Z 3 without zero element is denoted by Z 3 0 ={1,2}. The third order subgroup of multiplication group Z 7 * = { 1 , 2 , , 6 } with multiplication operation modulo 7 is denoted by G 3 ={1,2,4}.
Let S be any finite set. The uniformly and randomly chosen element s in S we denote by
s rand ( S ) .
Let f be a function
f : Z 3 G 3 ,
with the following mapping
f ( 0 ) = 4 , f ( 1 ) = 2 , f ( 2 ) = 1 .
Evidently this mapping is one-to-one but not an isomorphism with respect to multiplication and addition operations defined in Z 3 . Then there exists the inverse one-to-one mapping f 1 defined by Equation (2).
Let Q = {q i j } be a matrix with entries q i j G 3 . Denote, in general, matrices X = {x i j }, x i j Z 3 and Y ={y i j }, y i j ∈Z 3 . All matrices are square and of order n. Symbolically, the matrix power function (MPF) is defined in the following way:
X Q Y = C ,
where matrix C = {c i j } is defined over G 3 .
Group G 3 is named as a platform group and field Z 3 as a power field. Then formally matrices Q and C are defined over the group of direct product G 3 n × n and matrices X, Y over Z 3 n × n .
Formally, the MPF is defined by the following relation
t = 1 m s = 1 m q s t x i s · y t j = c i j , i , j = 1 , 2 , m .
Then the MPF provides the following mapping
M P F : Z 3 n × n × G 3 n × n × Z 3 n × n G 3 n × n ,
where C = {c i j } and c i j G 3 .
Let C 1 ={c 1 , i j } be a matrix defined over Z 3 . Then mapping f defined in Equations (1) and (2) can be separately applied to all entries of matrix C 1 , obtaining a mapping
F : Z 3 n × n G 3 n × n .
For all C 1 Z 3 n × n we have
F ( C 1 ) = C 2 ,
where C 2 G 3 n × n .
Mapping F just replaces all entries of matrix C 1 ={c 1 , i j } to the entries of matrix C 2 ={c 2 , i j }, where, according to Equations (1) and (2), f ( c 1 , i j ) = c 2 , i j .
To construct symmetric cipher based on the MPF introduced by Equations (3)–(5) we need an additional matrix, namely matrix M = {m i j }, m i j Z 3 defining a message to be encrypted.
The symmetric encryption-decryption key K in our construction is represented by two invertible matrices K = (X, Y). To satisfy security conditions, the matrix Y must be invertible and its entries are randomly generated from the subset Z 3 0 , i.e., y i j { 1, 2}. X is randomly generated from the subset Z 3 , x i j { 0 , 1 , 2 } .

3. Shannon Cipher Construction Based on the Matrix Power Function (MPF)

Conventionally, the Shannon cipher is any deterministic cipher. It is defined over the key space K, the message space M and the ciphertext space C.
Definition 1.
The Shannon cipher S C is defined by the following triplet S C = ( G e n , E n c , D e c ) , where
  • G e n is a function of secret key K generation at random and uniformly distributed inK.
  • E n c is the encryption function which takes as an input a key K inKand a message M inMand produces as output a ciphertext C inC.
    C = E n c ( K , M ) .
  • D e c is a decryption function that takes as input a key K inKand a ciphertext C inCand produces a message M inM.
    M = D e c ( K , C ) .
    The Shannon cipher is defined over (K, M, C) and with this notation we can write:
    E n c : K × M C , D e c : K × C M .
In general, it is assumed that M is a random variable distributed over the message space M, however, it is not assumed that M is uniformly distributed over M. The key K is uniformly distributed in K and is independent of M, while ciphertext C = E n c ( K , M ) is a random variable distributed over the ciphertext space C.
The Shannon cipher is constructed for plaintext and ciphertext blocks defined by n × n matrices M = { m i j } and C = { c i j } , respectively, over the field Z 3 = { 0 , 1 , 2 } , where m i j Z 3 and c i j Z 3 . Hence the message space M consists of n × n matrices M and ciphertext space C of n × n matrices C and both spaces are denoted by Z 3 n × n .
The key space K consists of two matrices X and Y composing a vector valued symmetric key K = ( X , Y ) , where X = { x i j } , x i j Z 3 and Y = { y i j } , y i j Z 3 0 . Then the key space K is a direct product of the spaces Z 3 n × n × Z 3 0 n × n . The additional requirement is that the matrix Y is an invertible matrix.
The encryption operation for one data block M consists of the following three steps:
C 1 = X + M ; C 2 = F ( X ) Y F ( C 1 ) Y ; C = C 3 = F 1 ( C 2 ) + X . ,
where + is a conventional matrix addition and ⊙ is the Hadamard product of matrices, i.e., matrix entries are multiplied directly as it is done with a conventional matrix addition operation.
Symbolically, these steps can be expressed using three encryption functions Enc1, Enc2 and Enc3 in the following form
C 1 = E n c 1 ( X , M ) , C 2 = E n c 2 ( X , Y , C 1 ) , C 3 = E n c 3 ( X , C 2 ) .
Equations (6) can be rewritten in one single equation
C = C 3 = F 1 ( F ( X ) Y F ( X + M ) Y ) + X .
The obtained cipher C is a matrix of order n defined over Z 3 as a message matrix M.
For the decryption we need to introduce an inverse matrix in Hadamard sense in G 3 n × n . Let a matrix T be in G 3 n × n . Then the inverse matrix T A , in Hadamard sense, of a matrix T is such that
T A T = T T A = 𝟙 ,
where 𝟙 is a matrix consisting of all elements equal to 𝟙 G 3 .
The decryption procedure is performed in a reverse order. Since matrix Y has its inverse in Z 3 0 n × n , while algebraic structures, namely, group G 3 and field Z 3 , are symmetric, then
M = ( F 1 ( Y 1 ( F ( X ) ) A F ( C X ) Y 1 ) X ,
where F ( X ) A is an inverse matrix of matrix F ( X ) in Hadamard sense and ⊙ is the Hadamard product of matrices.
By fixing a uniformly and randomly generated key K, two arguments of encryption function E n c ( , ) can be interpreted as the following one-to-one permutation function Π K ( M ) : Z 3 n × n Z 3 n × n , where
Π K ( M ) = E n c ( K , M ) = C , Π K 1 ( M ) = D e c ( K , C ) = M .
Looking forward, we intend that the constructed Shannon cipher could be suitable to creating a block cipher with one round per block M operation. The defined block length is | M | = | Z 3 n × n | = 3 n 2 , composed of digits in Z 3 . The main property required for this application is that Π K should behave like a random permutation. However, since a random permutation realization having a practically acceptable block length is impractical, the notion of pseudo-random permutation is introduced. Intuitively, we can call Π K pseudorandom if for a randomly and uniformly chosen key K it is indistinguishable from a function chosen uniformly at random from the set of all functions having the same domain and range. For this reason, Shannon introduced the confusion–diffusion paradigm ([1]).
A direct implementation of the confusion–diffusion paradigm is a substitution–permutation network ([17,18]). There are two confusion phases, namely C 1 and C 3 in Equation (6). The encryption key for these operations is matrix X. The diffusion phase is realized for computing C 2 in intermediately encrypted data block F ( C 1 ) in G 3 n × n .
In the next section we demonstrate that Π K is a perfectly secure pseudo-random permutation.

4. Security Analysis

Let M 0 be a fixed value in a message space M and C 0 = E n c ( K , M 0 ) is in C. Referencing to [5] the following Lemma can be formulated.
Lemma 1.
An encryption scheme ( G e n , E n c , D e c ) over a message spaceMis perfectly secret if and only if for every probability distribution overM, every message M M , and every ciphertext C C
P r ( C = C 0 | M = M 0 ) = P r ( C = C 0 ) ,
which means that conditional probability is equal to unconditional probability and hence a ciphertext is independent from the message.
Before proving the main theorem of perfect security we need to prove the following lemmas.
Lemma 2.
If random variables z 1 , z 2 are independent and uniformly distributed in Z 3 0 , and w is uniformly distributed in G 3 independent of z 1 and z 2 , then distribution of z 1 · z 2 is uniform in Z 3 0 , and random variable w z 1 · z 2 has uniform distribution in G 3 .
Proof. 
Since z 1 is z 2 are independent, we can easily write the following probabilities:
P r ( z 1 · z 2 = j ) = j 1 · j 2 = j P r ( z 1 = j 1 , z 2 = j 2 ) = 2 1 2 2 = 1 2 , j = { 1 , 2 } ,
where summation under j 1 · j 2 = j gives two possible combinations of j 1 , j 2 Z 3 0 (see contingency Table 1).
According to the above, z 1 · z 2 is uniformly distributed in Z 3 0 .
Denote u = z 1 · z 2 . Under the assumption of an independence we get the following probabilities (that is also seen in Table 2):
P r ( w u = j ) = j 1 j 2 = j P r ( w = j 1 , u = j 2 ) = 2 1 6 = 1 3 , j = { 1 , 2 , 4 } ,
where summation under j 1 j 2 = j gives two pairs of j 1 , j 2 ( j 1 G 3 , j 2 Z 3 0 ) to be equal to each j.
These probabilities imply that distribution of w u is uniform in G 3 and the lemma is proved. ☐
Lemma 3.
If random variables v 1 , v 2 , v n are independent and uniformly distributed in G 3 , then the distribution of v 1 v 2 v n is uniform in G 3 .
Proof. 
In case n = 2 , this lemma is simply proven by contingency Table 3.
Or, in short,
P r ( v 1 · v 2 = j ) = j 1 · j 2 = j P r ( v 1 = j 1 , v 2 = j 2 ) = 3 1 9 = 1 3 , j G 3 ,
where summation under j 1 · j 2 = j gives three possible combinations of j 1 , j 2 G 3 .
We assume that the lemma holds for n = N :
P r ( v 1 v 2 v N = j ) = 1 3 , j G 3 .
It is sufficient to show that lemma is valid for n = N + 1 , which follows directly from the assumption of independent random variables and Equation (8):
P r ( v 1 v 2 v N v N + 1 = j ) = j 1 · j 2 = j P r ( v 1 v 2 v N = j 1 ) P r ( v N + 1 = j 2 ) = j 1 · j 2 = j 1 3 · 1 3 = 1 3 .
Hence the lemma is proven. ☐

The Theorem of Perfect Security

Referencing to Lemma 1–3, we prove the following theorem.
Theorem 1.
If a key K is chosen randomly and uniformly fromK, the probability distribution of M overMis arbitrary, the distributions of K and M overKandMare independent and given the encryption algorithm E n c , the distribution of C overCis fully determined by the distributions overKandM, then the Shannon cipher in Equation (6) based on MPF is perfectly secure.
Proof. 
Each element of matrix C 1 in Equation (6) of order n takes the following form:
c 1 , i j = x i j + m i j , i , j { 1 , , n } .
If x i j are chosen at random and are uniformly distributed, and m i j are random arbitrary distributed values in Z 3 , then for all c 10 Z 3
P r ( c 1 , i j = c 10 ) = P r ( x i j = c 10 m i j ) = 1 3 m 0 Z 3 P r ( m i j = m 0 ) = 1 3 .
Probability in Equation (9) can be seen directly from the table of values (see Table 4).
Conditional probabilities:
P r ( c 1 , i j = c 10 | m i j = m 0 ) = P ( x i j = c 10 m 0 ) = 1 3 ,
because x i j and m i j are independent, and c 10 m 0 Z 3 .
Equalities (9) and (10) prove, that
P r ( C 1 = C 10 ) = P r ( C 1 = C 10 | M = M 0 ) = 1 3 .
Let us turn to matrix C 2 of Equation (6). Denote the elements of matrix C 2 of order n by:
c 2 , i j = f ( x i j ) ( f ( c 11 ) ) y 11 y 11 ( f ( c 21 ) ) y 12 y 11 ( f ( c n n ) ) y n n y n n = f ( x i j ) ( f ( c 11 ) ) y 1 ( f ( c 21 ) ) y 2 ( f ( c 12 ) ) y 3 ( f ( c n n ) ) y n · n , i , j { 1 , , n } ,
where y i j are chosen randomly and are uniformly distributed over Z 3 0 and f ( c i j ) G 3 . According to Lemma 2, multiplication y i j · y k l is uniformly distributed (in Z 3 0 ) random value and all ( f ( c i j ) ) y k are uniformly distributed in G 3 . For simplicity, denote y i j · y k l = y s , s { 1 , , n · n } .
Since c 2 , i j is the product of ( n · n + 1 ) independent random variable from G 3 , Lemma 3 yields that for all c 20 G 3 and i , j = 1 , , n :
P r ( c 2 , i j = c 20 ) = 1 3 .
Conditional probabilities of elements of matrix C 2 are the following:
P r ( c 2 , i j = c 20 | c 11 = c 11 , 0 , , c n n = c n n , 0 ) = P r ( c 2 , i j = c 20 | f ( c 11 ) = z 11 , 0 , , f ( c n n ) = z n n , 0 ) = P r ( c 2 , i j = c 20 , z 11 = z 11 , 0 , , z n n = z n n , 0 ) P r ( z 11 = z 11 , 0 , , z n n = z n n , 0 ) ,
here z * = f ( c * ) . Using the independence of matrices X, Y and C 1 :
P r ( c 2 , i j = c 20 , z 11 = z 11 , 0 , , z n n = z n n , 0 ) = P ( f ( x i j ) · z 11 y 1 · · z n n y n · n = c 20 , z 11 = z 10 , , z n n = z n n , 0 ) = P ( f ( x i j ) = c 20 ( z 10 y 1 · · z n n , 0 y n · n ) 1 , z 11 = z 11 , 0 , , z n n = z n n , 0 ) = k 1 , , k n · n Z 3 0 P f ( x i j ) = c 20 ( z 10 k 1 · · z n n , 0 k n · n ) 1 , i = 1 n · n y i = k i , i , j = 1 n z i j = z i j , 0 = 1 3 P ( z 11 = z 10 , , z n n = z n n , 0 ) .
According to Lemma 3, expression ( z 11 y 1 · · z n n y n · n ) takes values in G 3 .
The inverse variables are also in G 3 (see Table 5).
Equalities (12)–(14) prove, that
P r ( C 2 = C 20 ) = P r ( C 2 = C 20 | C 1 = C 10 ) = 1 3 ,
that is, elements of matrix C 2 are independent of the elements of matrix C 1 . Since matrix M is in the expression of C 1 , matrix C 2 is independent of M too.
The third equation in Equation (6) for each element of the matrix of order n can be rewritten in the following form
c 3 , i j = f 1 ( c 2 , i j ) + x i j , i , j { 1 , , n } .
Similarly as in Equations (9) and (10) we obtain that
P r ( C 3 = C 30 | C 2 = C 20 ) = P r ( C 3 = C 30 ) = 1 3 .
Thus, the elements of matrix C 3 are independent of the elements of matrix C 2 . By this, C 3 does not depend on the value of M.
By taking equalities (11), (15) and (16) all together it is proved that Equation (7) holds. Hence we have proved that the proposed Shannon cipher is perfectly secure. ☐

5. Conclusions and Discussions

One realization of the Sahnnon cipher is proposed. It is based on the MPF defined over specially selected algebraic structures, namely the finite field of integers Z 3 and the subgroup G 3 of group Z 7 of residue classes modulo 7. Due to this special selection, it is proved that the proposed Shannon cipher is perfectly secure.
Such a cipher can be interpreted as one data block cipher consisting of n × n digits in Z 3 . The data in this block is encoded by numbers { 0 , 1 , 2 } , i.e., by two bits. The obtained result can be extended to the block cipher construction if the entire data is split into the different blocks of length of n × n digits. Then we directly obtain the Electronic Code Book (ECB) mode of encryption and on this base, the other known secure modes of encryption, e.g., Cipher Block Chaining (CBC), can be constructed.
This research proves that the proposed confusion–diffusion transformation provides perfect security in a single round of operation. The distinguishing property of the proposed cipher is that it does not require a number of round operations for one data block encryption.
The single round operation for a single data block encryption is based on matrix operations. That is a result of the other distinguishing property, namely, that one block encryption can be carried out by effectively parallelizing encryption computations. Since round operations in traditional ciphers must be performed sequentially, the parallelization of round operations cannot be realized in such a case.
The matrix operations can be effectively parallelized. Let us assume we have two operand matrices of order n. Then their addition, Hadamard product and powering matrix by matrix can be effectively performed using n (or integer fraction of n) parallel computations between n rows and n columns of operand matrices. The entries of the resulting matrix are computed in parallel using operations between two n-dimensional vectors. For matrix addition or Hadamard product, two vectors are added or multiplied representing two columns (or rows) of corresponding operand matrices. For matrix powering by matrix, one base vector is powered by the other power vector elementwise, and power operation results are multiplied together. The analogy of this operation can be found in an inner product of two vectors, when addition is replaced with multiplication and multiplication with exponentiation operations, respectively. This parallelization allows us to replace the operations between matrices of order n to n operations between n-dimensional vectors.
For example, let us have a data block size represented by matrix of order n = 16 . Such a data block has 16 × 16 = 256 elements encoded by the numbers { 0 , 1 , 2 } . Then, parallel computations can be performed using 16 , 8 , 4 or even 2 microprocessors. Hence, the proposed Shannon cipher can be effectively realized in multiprocessor computation devices.

Author Contributions

Conceptualization, E.S. and K.L.; Methodology, E.S.; Investigation L.D.; Formal analysis, L.D. and A.K.; Validation, A.K.; Supervision K.L. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no fund.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Shannon, C.E. Communication theory of secrecy systems. Bell Syst. Tech. J. 1949, 28, 656–715. [Google Scholar] [CrossRef]
  2. Data Encryption Standard (DES). Federal Information Processing Standards Publication 197; United States National Institute of Standards and Technology (NIST): Gaithersburg, MD, USA, 1977. [Google Scholar]
  3. Special Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher. National Institute of Standards and Technology (NIST) Publication; Revision 2; Department of Commerce, National Institute of Standards and Technology (NIST): Gaithersburg, MD, USA, 2017; pp. 800–867. [Google Scholar]
  4. Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197; United States National Institute of Standards and Technology (NIST): Gaithersburg, MD, USA, 2001; Volume 197. [Google Scholar]
  5. Boneh, D.; Shoup, V. A Graduate Course in Applied Cryptography. Available online: https://toc.cryptobook.us/ (accessed on 31 March 2020).
  6. Yao, A.C. Theory and applications of trapdoor functions. In Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, (sfcs 1982), Chicago, IL, USA, 3–5 November 1982; Volume 80–91. [Google Scholar]
  7. Sakalauskas, E.; Listopadskis, N.; Tvarijonas, P. Key Agreement Protocol (KAP) Based on Matrix Power Function. Information Science And Computing, Book 4 Advanced Studies in Software and Knowledge Engineering; Institute of Information Theories and Applications FOI ITHEA: Sofia, Bulgaria, 2008; Volume 4, pp. 92–96. [Google Scholar]
  8. Sakalauskas, E. The Multivariate Quadratic Power Problem Over Zn is NP-Complete. Inf. Technol. Control 2012, 41, 33–39. [Google Scholar] [CrossRef] [Green Version]
  9. Sakalauskas, E.; Mihalkovich, A.; Venčkauskas, A. Improved asymmetric cipher based on matrix power function with provable security. Symmetry 2017, 9, 9. [Google Scholar] [CrossRef] [Green Version]
  10. Sakalauskas, E. Enhanced matrix power function for cryptographic primitive construction. Symmetry 2018, 10, 43. [Google Scholar] [CrossRef] [Green Version]
  11. Sakalauskas, E.; Mihalkovich, A. Improved Asymmetric Cipher Based on Matrix Power Function Resistant to Linear Algebra Attack. Informatica 2017, 28, 517–524. [Google Scholar] [CrossRef] [Green Version]
  12. Noor, S. Cryptographic Schemes Based on Enhanced Matrix Power Function. Ph.D. Thesis, Capital University, Bexley, OH, USA, 2019. [Google Scholar]
  13. Iqbal, S. Digital Signature Based on Matrix Power Function. Ph.D. Thesis, Capital University, Bexley, OH, USA, 2019. [Google Scholar]
  14. Liu, J.; Zhang, H.; Jia, J. A Linear Algebra Attack on the Non-commuting Cryptography Class Based on Matrix Power Function. International Conference on Information Security and Cryptology. Inscrypt 2016: Information Security and Cryptology; Springer: Cham, Swizerland, 2017; Volume 10143, pp. 343–354. [Google Scholar]
  15. Sakalauskas, E.; Mihalkovich, A. MPF Problem over Modified Medial Semigroup Is NP-Complete. Symmetry 2018, 10, 571. [Google Scholar] [CrossRef] [Green Version]
  16. Sakalauskas, E.; Lukšys, K. The matrix power function and its application to block cipher S-box construction. Int. J. Innov. Comput. Inf. Control 2012, 8, 2655–2663. [Google Scholar]
  17. Feistel, H. Cryptography and computer privacy. Sci. Am. 1973, 228, 15–23. [Google Scholar] [CrossRef]
  18. Heys, H.M. The Design of Substitution-Permutation Network Ciphers Resistant to Cryptanalysis. Ph.D. Thesis, Queen’s University, Kingston, ON, Canada, 1994. [Google Scholar]
Table 1. Table of z 1 · z 2 .
Table 1. Table of z 1 · z 2 .
z 1 z 2 z 1 · z 2
111
122
212
221
Table 2. Table of power function.
Table 2. Table of power function.
wu w u
111
121
212
224
414
422
Table 3. Table of v 1 · v 2 .
Table 3. Table of v 1 · v 2 .
v 1 v 2 v 1 · v 2
111
122
144
212
224
241
414
421
442
Table 4. Table of c 1 , i j .
Table 4. Table of c 1 , i j .
c 10 m 0 m 0 x i j
0000
0122
0211
1001
1120
1212
2002
2121
2210
Table 5. Table of inverse variables.
Table 5. Table of inverse variables.
z y ( z y ) 1
11
24
42

Share and Cite

MDPI and ACS Style

Sakalauskas, E.; Dindienė, L.; Kilčiauskas, A.; Lukšys, K. Perfectly Secure Shannon Cipher Construction Based on the Matrix Power Function. Symmetry 2020, 12, 860. https://doi.org/10.3390/sym12050860

AMA Style

Sakalauskas E, Dindienė L, Kilčiauskas A, Lukšys K. Perfectly Secure Shannon Cipher Construction Based on the Matrix Power Function. Symmetry. 2020; 12(5):860. https://doi.org/10.3390/sym12050860

Chicago/Turabian Style

Sakalauskas, Eligijus, Lina Dindienė, Aušrys Kilčiauskas, and Kȩstutis Lukšys. 2020. "Perfectly Secure Shannon Cipher Construction Based on the Matrix Power Function" Symmetry 12, no. 5: 860. https://doi.org/10.3390/sym12050860

APA Style

Sakalauskas, E., Dindienė, L., Kilčiauskas, A., & Lukšys, K. (2020). Perfectly Secure Shannon Cipher Construction Based on the Matrix Power Function. Symmetry, 12(5), 860. https://doi.org/10.3390/sym12050860

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop