Asymmetric Cryptosystem on Matrix Algebra over a Chain Ring

Abstract

The revolutionary idea of asymmetric cryptography brings a fundamental change to our modern communication system. However, advances in quantum computers endanger the security of many asymmetric cryptosystems based on the hardness of factoring and discrete logarithm, while the complexity of the quantum algorithm makes it hard to implement in many applications. In this respect, novel asymmetric cryptosystems based on matrices over residue rings are in practice. In this article, a novel approach is introduced. Despite the matrix algebra $M\left(k,{\mathbb{Z}}_n\right),$ the matrix algebra $M\left(k,R_n^{\prime }\right), R_n^{\prime } = \frac{{\mathbb{Z}}_2\left[w\right]}{⟨w^n-1⟩}$ as the chain ring is considered. In this technique, instead of exponentiation, the inner product automorphisms the use for key generation. The chain ring provides computational complexity to its algorithm, which improves the strength of the cryptosystem. However, the residue ring endangers the security of the original cryptosystem, while it is hard to break using $R_n^{\prime }$. The structure of the chain ring deals with the binary field ${\mathbb{Z}}_2$, which simplifies its calculation and makes it capable of efficient execution in various applications.

1. Introduction

Internet and network applications have become the basic necessity of the modern world. Cryptography techniques provide security for these applications. Cryptography is the deliberate attempt to scramble information so that adversaries fail to access secret data. Symmetric cryptography mainly focuses on private-key encryption. The key-distribution and key-management problems make it futile for today’s world. A new approach is required to overcome these problems. Asymmetric cryptography provides a solution. Moreover, it gives a new direction to cryptography. The idea of key exchange protocol was initiated by Merkle, Differ, and Hellman [1] in the mid-1970s. One of the earliest asymmetric cryptosystems is the famous RSA. Later on, many more asymmetric algorithms were introduced, such as ElGamal and ECC [2,3], which were based on the complexity of the integer factorization problem. It was further modified by different cryptologists in [4,5,6]. The elliptic curve discrete logarithm problem (ECDLP) has been a prominently researched area, still under the analysis of many cryptographers [7,8].

Data confidentiality, integrity, and authenticity are the fundamental protection goals of cryptography. Hash functions and digital signatures improve message integrity and make it more authentic [9,10]. Nowadays, a critical problem that classical and modern cryptography fails to address is long term security. Quantum cryptography can resolve this problem as it is based on the law of quantum physics, which is valid forever [11,12]. The complexity of the quantum algorithm makes it difficult to be implemented in various applications. In this respect, asymmetric cryptosystems based on matrix algebra over residue ring have been studied for the last decade.

The main focus of this work is to ensure an improvement in Khan et al.’s [13] proposed scheme, based on a commutative subgroup of the $GL\left(2, {\mathbb{Z}}_n\right)$. Our goal is to increase the security of the algorithms by using a unique algebraic structure of the local chain ring $R_n^{\prime } = \frac{{\mathbb{Z}}_2\left[w\right]}{⟨w^n-1⟩}$ and generalizing both the cryptosystems given in [13]. However, the local ring ${\mathbb{Z}}_n$ of integer modulo $n$ makes both cryptosystems insecure in the sense that an attacker that is efficient in solving linear equations in ${\mathbb{Z}}_n$ can easily break both schemes in a very limited period. In 2016, Jianwei Jia et al.’s [14] worked on schemes given in [13]; they conducted a detailed analysis of structural attack and deduced that both cryptosystems were breakable. In this article, we propose new asymmetric cryptosystems that are based on the abelian subgroup of the general linear group $GL\left(k,R_n^{\prime }\right),$ as done for Cryptosystem 1 over residue ring in [15]. Chain ring $R_n^{\prime }$ has a special structure of polynomials; the coefficients of a polynomial are from ${\mathbb{Z}}_2$ which make its calculations easy but unfeasible for the attacker to decrypt it.

The rest of the article comprises as follows. In Section 2, we briefly define the chain ring. The details of the proposed scheme are given in Section 3, and then it is verified with an example in Section 4. Finally, some attacks are discussed in the security analysis in Section 5, and a conclusion is drawn in the end.

2. Chain Ring

Chain ring $R$ is a commutative ring, with identity having the property that under inclusion, each of its ideals forms a chain. More precisely, it is a finite local ring with radical $M$ of $R$ as a principal ideal. Roughly speaking, it is an extension over the Galois ring $GR\left(q,h\right)=\frac{{\mathbb{Z}}_q\left[w\right]}{⟨g\left(w\right)⟩},$ where $q=p^m,$ such that $p$ is a prime, $m,h>0$, and $g\left(w\right)\in {\mathbb{Z}}_q\left[w\right]$ is a basic irreducible polynomial of degree $h$. The cardinality of the Galois ring is $p^{mh}.$ Now, if $M$ is a maximal ideal of $R,$ then $\frac{R}{M}$ is residue field which is the Galois extension field $GF\left(p^h\right)$.

The finite chain ring is quotient ring $\frac{GF\left(p^h\right)\left[w\right]}{⟨w^n-1⟩}=\frac{{\mathbb{F}}_{p^h}\left[w\right]}{⟨w^n-1⟩}={\sum }_0^{n-1}{w}^n{\mathbb{F}}_{p^h}$, where ${\mathbb{F}}_{p^h}\left[w\right]$ is Euclidean domain and $w^n=1, n\ge 2$, whereas one of the special class of finite chain ring is quotient ring $R_n^{\prime }=\frac{GF\left(2\right)\left[w\right]}{⟨w^n-1⟩}=\frac{{\mathbb{F}}_2\left[w\right]}{⟨w^n-1⟩}={\sum }_0^{n-1}{w}^n{\mathbb{F}}_2.$ The cardinality of $R_n^{\prime }$ is $2^n$. Elements of this class of chain ring are invertible if the sum of the coefficient of the element ${\sum }_0^{n-1}{b}_n{w}^n\in R_n^{\prime }$ is non-zero, i.e., ${\sum }_0^{n-1}{b}_n\ne 0,$ where $b_n\in {\mathbb{F}}_2$. The group of invertible elements of $R_n^{\prime }$ is denoted as $R_n^{\prime }{}^{\ast }$. In particular, take $n=8,$ so the finite chain ring will be $R_8^{\prime }= \frac{{\mathbb{F}}_2\left[w\right]}{⟨w^8-1⟩}={\sum }_0^7{w}^n{\mathbb{F}}_2,$ where $w^8=1$. The number of elements in this chain ring and its unit elements is

$$r=\left|R_8^{\prime }\right|=2^8=256,\mathrm{and} \left|R_8^{\prime }{}^{\ast }\right|=\varphi \left(r\right)=2^{8-1}\left(2-1\right)=128.$$

3. Proposed Cryptosystems

In the proposed asymmetric cryptosystems, the subgroup of $GL\left(k,R_n^{\prime }\right)$ is the aim of the study, while in the original cryptosystems, the subgroup of $GL\left(2,{\mathbb{Z}}_n\right)$ was under discussion. Hence, the proposed algorithm is a generalization of original cryptosystems, while the finite chain ring is used instead of a residue ring. We will discover later that this modification increases in the computational complexity of the proposed cryptosystem.

Let $Q$ be the subgroup of $GL\left(k,R_n^{\prime }\right)$. It can be easily proved that $Q$ is an abelian subgroup of $GL\left(k,R_n^{\prime }\right)$.

Proposition 1.

$Let M\left(k,R_n^{\prime }\right)$be the ring of matrices and$GL\left(k,R_n^{\prime }\right)$its general linear group. Then,

$$Q=\left\{\right[\begin{array}{cccccc}{\acute{x}}_1& {\acute{x}}_2& {\acute{x}}_3& {\acute{x}}_4& \cdots & {\acute{x}}_k\\ 0& {\acute{x}}_1& {\acute{x}}_2& {\acute{x}}_3& \cdots & {\acute{x}}_{k-1}\\ 0& 0& {\acute{x}}_1& {\acute{x}}_2& \cdots & ⋮\\ ⋮& \ddots & \ddots & \ddots & \ddots & {\acute{x}}_3\\ 0& 0& 0& \cdots & {\acute{x}}_1& {\acute{x}}_2\\ 0& 0& 0& \cdots & 0& {\acute{x}}_1\end{array}]|{\acute{x}}_1\in R_n^{\prime }{}^{\ast },{\acute{x}}_i\in R_n^{\prime },i=2,3,\dots ,k and det Q\in R_n^{\prime }{}^{\ast }\}$$

is an abelian subgroup of$GL\left(k,R_n^{\prime }\right)$.

Proof of Proposition 1.

• Let $Q_1,Q_2\in Q$.

  $$Q_1=\left[\begin{array}{c}{\acute{x}}_1\\ 0\\ 0\\ ⋮\\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_2\\ {\acute{x}}_1\\ 0\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_3\\ {\acute{x}}_2\\ {\acute{x}}_1\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_4\\ {\acute{x}}_3\\ {\acute{x}}_2\\ \ddots \\ \cdots \\ \cdots \end{array}\begin{array}{c}\dots \\ \dots \\ \dots \\ \ddots \\ {\acute{x}}_1\\ 0\end{array}\begin{array}{c}{\acute{x}}_k\\ {\acute{x}}_{k-1}\\ ⋮\\ {\acute{x}}_3\\ {\acute{x}}_2\\ {\acute{x}}_1\end{array}\right],Q_2=\left[\begin{array}{c}{\acute{y}}_1\\ 0\\ 0\\ ⋮\\ 0\\ 0\end{array}\begin{array}{c}{\acute{y}}_2\\ {\acute{y}}_1\\ 0\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{y}}_3\\ {\acute{y}}_2\\ {\acute{y}}_1\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{y}}_4\\ {\acute{y}}_3\\ {\acute{y}}_2\\ \ddots \\ \cdots \\ \cdots \end{array}\begin{array}{c}\dots \\ \dots \\ \dots \\ \ddots \\ {\acute{y}}_1\\ 0\end{array}\begin{array}{c}{\acute{y}}_k\\ {\acute{y}}_{k-1}\\ ⋮\\ {\acute{y}}_3\\ {\acute{y}}_2\\ {\acute{y}}_1\end{array}\right]$$
  Then,

  $$Q_1{Q}_2=\left[\begin{array}{c}{\acute{x}}_1\\ 0\\ 0\\ ⋮\\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_2\\ {\acute{x}}_1\\ 0\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_3\\ {\acute{x}}_2\\ {\acute{x}}_1\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_4\\ {\acute{x}}_3\\ {\acute{x}}_2\\ \ddots \\ \cdots \\ \cdots \end{array}\begin{array}{c}\dots \\ \dots \\ \dots \\ \ddots \\ {\acute{x}}_1\\ 0\end{array}\begin{array}{c}{\acute{x}}_k\\ {\acute{x}}_{k-1}\\ ⋮\\ {\acute{x}}_3\\ {\acute{x}}_2\\ {\acute{x}}_1\end{array}\right]\left[\begin{array}{c}{\acute{y}}_1\\ 0\\ 0\\ ⋮\\ 0\\ 0\end{array}\begin{array}{c}{\acute{y}}_2\\ {\acute{y}}_1\\ 0\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{y}}_3\\ {\acute{y}}_2\\ {\acute{y}}_1\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{y}}_4\\ {\acute{y}}_3\\ {\acute{y}}_2\\ \ddots \\ \cdots \\ \cdots \end{array}\begin{array}{c}\dots \\ \dots \\ \dots \\ \ddots \\ {\acute{y}}_1\\ 0\end{array}\begin{array}{c}{\acute{y}}_k\\ {\acute{y}}_{k-1}\\ ⋮\\ {\acute{y}}_3\\ {\acute{y}}_2\\ {\acute{y}}_1\end{array}\right]$$

  $$=\left[\begin{array}{c}{\acute{x}}_1{\acute{y}}_1\\ 0\\ 0\\ ⋮\\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_1{\acute{y}}_2+{\acute{x}}_2{\acute{y}}_1\\ {\acute{x}}_1{\acute{y}}_1\\ 0\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_1{\acute{y}}_3+{\acute{x}}_2{\acute{y}}_2+{\acute{x}}_3{\acute{y}}_1\\ {\acute{x}}_1{\acute{y}}_2+{\acute{x}}_2{\acute{y}}_1\\ {\acute{x}}_1{\acute{y}}_1\\ \ddots \\ \cdots \\ \cdots \end{array}\begin{array}{c}\dots \\ \dots \\ \dots \\ \ddots \\ {\acute{x}}_1{\acute{y}}_1\\ 0\end{array}\begin{array}{c}{\acute{x}}_1{\acute{y}}_k+{\acute{x}}_2{\acute{y}}_{k-1}+\dots +{\acute{x}}_{k-1}{\acute{y}}_2+{\acute{x}}_k{\acute{y}}_1\\ {\acute{x}}_1{\acute{y}}_{k-1}+{\acute{x}}_2{\acute{y}}_{k-2}+\dots +{\acute{x}}_{k-2}{\acute{y}}_2+{\acute{x}}_k{\acute{y}}_{k-1}\\ ⋮\\ {\acute{x}}_1{\acute{y}}_3+{\acute{x}}_2{\acute{y}}_2+{\acute{x}}_3{\acute{y}}_1\\ {\acute{x}}_1{\acute{y}}_2+{\acute{x}}_2{\acute{y}}_1\\ {\acute{x}}_1{\acute{y}}_1\end{array}\right]$$
  Since $det\left(Q_1\right)={\acute{x}}_1^k\ne 0,det\left(Q_2\right)={\acute{y}}_1^k\ne 0,$ therefore, $det\left(Q_1{Q}_2\right)={\acute{x}}_1^k{\acute{y}}_1^k\ne 0$ implies $Q_1{Q}_2\in Q$.
• Let $Q_1\in Q$, and $det\left(Q_1\right)={\acute{x}}_1^k\ne 0$. Then,

  $$Q_1^{-1}=\left[\begin{array}{c}{\acute{x}}_1^{-1}\\ 0\\ 0\\ ⋮\\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_1^{-2}{\acute{x}}_2\\ {\acute{x}}_1^{-1}\\ 0\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_1^{-3}{\acute{x}}_2^2+{\acute{x}}_1^{-2}{\acute{x}}_3\\ {\acute{x}}_1^{-2}{\acute{x}}_2\\ {\acute{x}}_1^{-1}\\ \ddots \\ \cdots \\ \cdots \end{array}\begin{array}{c}\dots \\ \dots \\ \dots \\ \ddots \\ {\acute{x}}_1^{-1}\\ 0\end{array}\begin{array}{c}{\acute{x}}_k{\acute{x}}_1^{-2}+\dots +{\acute{x}}_1^{-k}{\acute{x}}_2^{k-1}\\ ⋮\\ ⋮\\ {\acute{x}}_1^{-3}{\acute{x}}_2^2+{\acute{x}}_1^{-2}{\acute{x}}_3\\ {\acute{x}}_1^{-2}{\acute{x}}_2\\ {\acute{x}}_1^{-1}\end{array}\right]$$
  Since $det\left(Q_1^{-1}\right)={\acute{x}}_1^{-k}\ne 0,$ therefore $Q_1^{-1}\in Q.$
• Let $Q_1,Q_2\in Q$. Then

  $$\begin{array}{l}{Q}_1{Q}_2=\left[\begin{array}{c}{\acute{x}}_1\\ 0\\ 0\\ ⋮\\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_2\\ {\acute{x}}_1\\ 0\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_3\\ {\acute{x}}_2\\ {\acute{x}}_1\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_4\\ {\acute{x}}_3\\ {\acute{x}}_2\\ \ddots \\ \cdots \\ \cdots \end{array}\begin{array}{c}\dots \\ \dots \\ \dots \\ \ddots \\ {\acute{x}}_1\\ 0\end{array}\begin{array}{c}{\acute{x}}_k\\ {\acute{x}}_{k-1}\\ ⋮\\ {\acute{x}}_3\\ {\acute{x}}_2\\ {\acute{x}}_1\end{array}\right]\left[\begin{array}{c}{\acute{y}}_1\\ 0\\ 0\\ ⋮\\ 0\\ 0\end{array}\begin{array}{c}{\acute{y}}_2\\ {\acute{y}}_1\\ 0\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{y}}_3\\ {\acute{y}}_2\\ {\acute{y}}_1\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{y}}_4\\ {\acute{y}}_3\\ {\acute{y}}_2\\ \ddots \\ \cdots \\ \cdots \end{array}\begin{array}{c}\dots \\ \dots \\ \dots \\ \ddots \\ {\acute{y}}_1\\ 0\end{array}\begin{array}{c}{\acute{y}}_k\\ {\acute{y}}_{k-1}\\ ⋮\\ {\acute{y}}_3\\ {\acute{y}}_2\\ {\acute{y}}_1\end{array}\right]\\ =\left[\begin{array}{c}{\acute{x}}_1{\acute{y}}_1\\ 0\\ 0\\ ⋮\\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_1{\acute{y}}_2+{\acute{x}}_2{\acute{y}}_1\\ {\acute{x}}_1{\acute{y}}_1\\ 0\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_1{\acute{y}}_3+{\acute{x}}_2{\acute{y}}_2+{\acute{x}}_3{\acute{y}}_1\\ {\acute{x}}_1{\acute{y}}_2+{\acute{x}}_2{\acute{y}}_1\\ {\acute{x}}_1{\acute{y}}_1\\ \ddots \\ \cdots \\ \cdots \end{array}\begin{array}{c}\dots \\ \dots \\ \dots \\ \ddots \\ {\acute{x}}_1{\acute{y}}_1\\ 0\end{array}\begin{array}{c}{\acute{x}}_1{\acute{y}}_k+{\acute{x}}_2{\acute{y}}_{k-1}+\dots +{\acute{x}}_{k-1}{\acute{y}}_2+{\acute{x}}_k{\acute{y}}_1\\ {\acute{x}}_1{\acute{y}}_{k-1}+{\acute{x}}_2{\acute{y}}_{k-2}+\dots +{\acute{x}}_{k-2}{\acute{y}}_2+{\acute{x}}_k{\acute{y}}_{k-1}\\ ⋮\\ {\acute{x}}_1{\acute{y}}_3+{\acute{x}}_2{\acute{y}}_2+{\acute{x}}_3{\acute{y}}_1\\ {\acute{x}}_1{\acute{y}}_2+{\acute{x}}_2{\acute{y}}_1\\ {\acute{x}}_1{\acute{y}}_1\end{array}\right]\\ =\left[\begin{array}{c}{\acute{y}}_1{\acute{x}}_1\\ 0\\ 0\\ ⋮\\ 0\\ 0\end{array}\begin{array}{c}{\acute{y}}_1{\acute{x}}_2+{\acute{y}}_2{\acute{x}}_1\\ {\acute{y}}_1{\acute{x}}_1\\ 0\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{y}}_1{\acute{x}}_3+{\acute{y}}_2{\acute{x}}_2+{\acute{y}}_3{\acute{x}}_1\\ {\acute{y}}_1{\acute{x}}_2+{\acute{y}}_2{\acute{x}}_1\\ {\acute{y}}_1{\acute{x}}_1\\ \ddots \\ \cdots \\ \cdots \end{array}\begin{array}{c}\dots \\ \dots \\ \dots \\ \ddots \\ {\acute{y}}_1{\acute{x}}_1\\ 0\end{array}\begin{array}{c}{\acute{y}}_1{\acute{x}}_k+{\acute{y}}_2{\acute{x}}_{k-1}+\dots +{\acute{y}}_{k-1}{\acute{x}}_2+{\acute{y}}_k{\acute{x}}_1\\ {\acute{y}}_1{\acute{x}}_{k-1}+{\acute{y}}_2{\acute{x}}_{k-2}+\dots +{\acute{y}}_{k-2}{\acute{x}}_2+{\acute{y}}_k{\acute{x}}_{k-1}\\ ⋮\\ {\acute{y}}_1{\acute{x}}_3+{\acute{y}}_2{\acute{x}}_2+{\acute{y}}_3{\acute{x}}_1\\ {\acute{y}}_1{\acute{x}}_2+{\acute{y}}_2{\acute{x}}_1\\ {\acute{y}}_1{\acute{x}}_1\end{array}\right]\\ =\left[\begin{array}{c}{y}_1\\ 0\\ 0\\ ⋮\\ 0\\ 0\end{array}\begin{array}{c}{y}_2\\ y_1\\ 0\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{y}_3\\ y_2\\ y_1\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{y}_4\\ y_3\\ y_2\\ \ddots \\ \cdots \\ \cdots \end{array}\begin{array}{c}\dots \\ \dots \\ \dots \\ \ddots \\ y_1\\ 0\end{array}\begin{array}{c}{y}_k\\ y_{k-1}\\ ⋮\\ y_3\\ y_2\\ y_1\end{array}\right]\left[\begin{array}{c}{\acute{x}}_1\\ 0\\ 0\\ ⋮\\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_2\\ {\acute{x}}_1\\ 0\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_3\\ {\acute{x}}_2\\ {\acute{x}}_1\\ \ddots \\ 0\\ 0\end{array}\begin{array}{c}{\acute{x}}_4\\ {\acute{x}}_3\\ {\acute{x}}_2\\ \ddots \\ \dots \\ \dots \end{array}\begin{array}{c}\dots \\ \dots \\ \dots \\ \ddots \\ {\acute{x}}_1\\ 0\end{array}\begin{array}{c}{\acute{x}}_k\\ {\acute{x}}_{k-1}\\ ⋮\\ {\acute{x}}_3\\ {\acute{x}}_2\\ {\acute{x}}_1\end{array}\right]=Q_2{Q}_1\end{array}$$
  Hence it is proved that $Q$ is an abelian subgroup of $GL \left(k,R_n^{\prime }\right)$. □

The probability $P^{\prime }$ that any matrix $N$ $\in$ $GL\left(k,R_n^{\prime }\right)$ but does not exist in $Q$ is

$$P^{\prime }=1-\frac{\varphi \left(r\right)}{r},\mathrm{where}r=\left|R_n^{\prime }\right|$$

The following is the main scheme proposed in this article. Now we discuss Cryptosystems 1 and 2 in detail.

Cryptsystem 1

Key Generation

1. Choose fixed prime number $z=2$ and random number $n$ such that $r=z^n, n\ge 2.$

2. Select random elements $x_1\in R_n^{\prime \ast }\mathrm{and}{x}_i\in R_n^{\prime },\mathrm{where}i=2,3,\dots ,k$.

3. Construct two matrices from these elements, such that $L,M\in Q\mathrm{with}L\ne M$. If either matrix is not in $Q$ then repeat Step 2.

4. Define $\alpha ,\beta$ two commutative inner product automorphisms of $M_k\left(R_n^{\prime }\right)$.

$$\alpha :A\to L^{-1}AL,\beta :A\to M^{-1}AM,\forall A \in M_k\left(R_n^{\prime }\right)$$

5. Compute another automorphism of $M_k\left(R_n^{\prime }\right)$ by taking the composition of the above two automorphisms,

$$\begin{gathered} \gamma ={\alpha }^2\beta , \omega ={\beta }^2\alpha \\ \gamma :A\to {(L^{2}M)}^{-1}A\left(L^{2}M\right),\omega :A\to {(L{M}^2)}^{-1}A\left(L{M}^2\right),\forall A \in M_k\left(R_n^{\prime }\right) \end{gathered}$$

Since $\alpha \mathrm{and} \beta$ commute, therefore $\gamma \mathrm{and} \omega$ also commute, and we have

$$\gamma =\alpha {\beta }^{-1}\omega ,\omega ={\alpha }^{-1}\beta \gamma$$

Choose a random matrix $T\in GL\left(k,R_n^{\prime }\right)$ such that $T$ does not belong to $Q$, and then calculate $the$ public key $\left(r, \gamma \left(T\right), \omega \left(T^{-1}\right)\right)$ and the private key $\left(L, M\right)$.

Encryption

1. Choose the plaintext $m\in M_k\left(R_n^{\prime }\right).$

2. Now for each $m,$ choose a unique random matrix $Z^m\in Q$.

3. Define commutative inner product automorphism $\delta :A\to {(Z^m)}^{-1}A\left(Z^m\right),$ $\forall A\in M_k\left(R_n^{\prime }\right)$.

4. Calculate matrices $\delta \left(\gamma \left(T\right)\right),\delta \left(\omega \left(T^{-1}\right)\right),$ and $m\delta \left(\gamma \left(T\right)\right).$

5. Choose a random unit element $u\in R_n^{\prime }{}^{\ast }$ and calculate the ciphertext,

$$K=\left(K_1,K_2\right)=\left(u\delta \left(\omega \left(T^{-1}\right)\right), u^{-1}m\delta \left(\gamma \left(T\right)\right)\right)$$

Decryption

Compute the plaintext matrix $m=K_2\alpha {\beta }^{-1}\left(K_1\right)$.

Cryptsystem 2

Key Generation

1. Choose fixed prime number $z=2$ and a random number $n$ such that $r=z^n$, $n\ge 2$.

2. Select any random matrix $A\in GL\left(k,R_n^{\prime }\right)$ such that $detA\in R_n^{\prime \ast }$.

3. Now compute the matrices $L=A^2,M=A^3,L^{2}M,\mathrm{and}L{M}^2.$

4. Choose a random matrix $T\in GL\left(k,R_n^{\prime }\right).$ Define $\alpha ,\beta$ two commutative inner product automorphisms of $M_k\left(R_n^{\prime }\right),$ $\alpha :A\to L^{-1}AL\mathrm{and}\beta :A\to M^{-1}AM,\mathrm{where}A\in M_k\left(R_n^{\prime }\right).$

5. Define other automorphisms $\gamma \& \omega$,

$$\gamma ={\alpha }^2\beta , \omega =\alpha {\beta }^2$$

$$\gamma :A\to {(L^{2}M)}^{-1}A\left(L^{2}M\right),\omega :A\to {\left(L{M}^2\right)}^{-1}A\left(L{M}^2\right),\forall A\in M_k\left(R_n^{\prime }\right).$$

Since $\alpha \mathrm{and} \beta$ commute, therefore $\gamma \mathrm{and} \omega$ also commute, and we have

$$\gamma =\alpha {\beta }^{-1}\omega , \omega ={\alpha }^{-1}\beta \gamma$$

Calculate the public key $\left(r,LM,\gamma \left(T\right),\omega \left(T^{-1}\right)\right)$ and the private key $\left(L,M\right)$.

Encryption

1. Choose the plaintext $m\in M_k\left(R_n^{\prime }\right).$

2. Now for each $m$, choose an arbitrary integer $f\ge 2$, such that $V={(LM)}^f.$

3. Define automorphism $\delta :A\to {\left(V\right)}^{-1}A\left(V\right),\mathrm{where}A\in M_k\left(R_n^{\prime }\right).$

4. Calculate the matrices $\left(\delta \left(\gamma \left(T\right)\right),\delta \left(\omega \left(T^{-1}\right)\right)\right).$

5. Choose a random unit element $u\in R_n^{\prime }{}^{\ast }$ and calculate the ciphertext

$$K=\left(K_1,K_2\right)=\left(u\delta \left(\omega \left(T^{-1}\right)\right), u^{-1}m\delta \left(\gamma \left(T\right)\right)\right).$$

Decryption

Compute the plaintext matrix $m=K_2\alpha {\beta }^{-1}\left(K_1\right)$.

4. Illustration

Cryptsystem 1

Key generation

1. Select random integer $k=3$, $n=8$ and fixed number $z=2$ such that $r=2^8=256$.

2. Choose random elements $1, w^2+w+1\in R_8^{\prime \ast }$ (diagonal entries of upper triangular matrices $L \mathrm{and} M$) and $w+1, w^2,w,w^2+1\in R_8^{\prime }$ (rest of entries of matrices).

3. Now the matrices $L,M\in Q \mathrm{with} L\ne M$.

$$L=\left(\begin{array}{ccc}1& w+1& w^2\\ 0& 1& w+1\\ 0& 0& 1\end{array}\right), M=\left(\begin{array}{ccc}{w}^2+w+1& w& w^2+1\\ 0& w^2+w+1& w\\ 0& 0& w^2+w+1\end{array}\right)$$

4. Define two inner product automorphisms $\alpha \mathrm{and} \beta$ of $M_3\left(R_8^{\prime }\right)$,

$$\alpha :A\to L^{-1}AL, \beta :A\to M^{-1}AM,\forall A\in M_3\left(R_8^{\prime }\right)$$

5. Now define other automorphisms $\gamma \& \omega$ of $M_3\left(R_8^{\prime }\right)$,

$$\gamma ={\alpha }^2\beta , \omega ={\beta }^2\alpha$$

$$\gamma :A\to {\left(L^{2}M\right)}^{-1}A\left(L^{2}M\right), \omega :A\to {\left(L{M}^2\right)}^{-1}A\left(L{M}^2\right)$$

6. Select a random invertible matrix T $\in Q\le GL\left(3,R_8^{\prime }\right)$,

$$T=\left(\begin{array}{ccc}1& w& w^2+1\\ w^2& w+1& w^3\\ w^3+1& w^2+w& w\end{array}\right)$$

7. Calculate the matrices, $\left(\gamma \left(T\right),\omega \left(T^{-1}\right)\right)=\left({\left(L^{2}M\right)}^{-1}\left(T\right)\left(L^{2}M\right),{\left(L{M}^2\right)}^{-1}\left(T^{-1}\right)\left(L{M}^2\right)\right)$

$$\left(\begin{array}{c}\left(\begin{array}{ccc}{w}^7+w^6+w^5+w^4+w^3+1& w^7+w^6+w^3+w^2+1& w^6+w^5+w^4+w^3+w^2+w+1\\ w& w^7+w^5+w^4+w^2+w& w^5+w^3\\ w^3+1& 0& w^6+w^3+w^2+w+1\end{array}\right),\\ \left(\begin{array}{ccc}{w}^7+w^2& w^7+w^5+w^4& w^6+w^5+w^4+w^3+w^2+w+1\\ w^6+w^3+w^2& w^7& w^7+w^6+w^3+w^2+1\\ w^7+w^5+w^4+w& w^7+w^3& w^5+w^4+w^3+w^2+w\end{array}\right)\end{array}\right)$$

8. The public key is $\left(256,\gamma \left(T\right),\omega \left(T^{-1}\right)\right)$ and the private key is $\left(L,M\right)$.

Encryption

1. Choose the plaintext $m\in M_3\left(R_8^{\prime }\right)$

$$m=\left(\begin{array}{ccc}1& w& w^2\\ w^3& w^2+1& w\\ w^2& 1& w+1\end{array}\right)$$

2. For each plaintext $m$, choose a unique matrix $Z^m=\left(\begin{array}{ccc}w& w+1& w^2\\ 0& w& w+1\\ 0& 0& w\end{array}\right)\in Q.$

3. Define automorphism

$$\delta :A\to {(Z^m)}^{-1}A\left(Z^m\right),\forall A\in M_3\left(R_8^{\prime }\right)$$

4. Calculate $\left(\delta \left(\gamma \left(T\right)\right),\delta \left(\omega \left(T^{-1}\right)\right)\right)$

$$\left(\begin{array}{c}\left(\begin{array}{ccc}{w}^7+w^5+w+1& w^6+w^4+w& w^5+w^4+w^2+w\\ w^7+w^3+w^2+w+1& w^7+w^6+w^5+w^4+w^3+w^2+w& w^5+w^4+w\\ w^3+1& w^7+w^3+w^2+1& w^6+w^4+w^3+w^2+1\end{array}\right),\\ \left(\begin{array}{ccc}{w}^7+w^4+w^2+1& w^7+w^4+w^2& w^7+w^4+w^3+w^2\\ w^7+w^5+w^2+w+1& w^5+w^4+w^3& w^7+w^6+w^3+1\\ w^7+w^5+w^4+w& w^6+w^5+w+1& w^7+w^4+w^2+w+1\end{array}\right)\end{array}\right)$$

5. Now choose a unit element $u=1+w+w²$ and calculate the ciphertext

$$K=\left(K_1,K_2\right)=\left(u\delta \left( \omega \left(T^{-1}\right)\right),u^{-1}m\delta \left(\gamma \left(T\right)\right)\right)$$

$$\left(\begin{array}{c}\left(\begin{array}{ccc}{w}^7+w^6+w^5+w^3& w^7+w^6+w^5+w^3+w^2+w+1& w^7+w^6+w^4+w^2+w+1\\ w^6+w^5+w^4+w^2+w& w^7+w^5+w^3& w^6+w^5+w^4+w^3+w^2+1\\ w^4+w^3+w^2+1& w^5+w^3& w^7+w^6+w^5+w^2+w\end{array}\right),\\ \left(\begin{array}{ccc}{w}^7+w^2+1& w^5+w^4+w+1& w^7+w^6+w^4+w^2+w+1\\ w^7+w^6+w^5+w^2& w^5+w^4+w^2& w^7+w^6+w^5+w^4+w^3+w^2+1\\ w^7+w^5+w^4+w+1& w^6+w^5& w^7+w^6+w^4+w^3+1\end{array}\right)\end{array}\right)$$

Decryption

Compute the plaintext matrix $m=K_2\alpha {\beta }^{-1}\left(K_1\right)=\left(\begin{array}{ccc}1& w& w^2\\ w^3& w^2+1& w\\ w^2& 1& w+1\end{array}\right)$

Cryptosystem 2

Key generation

1. Select a random number $k=3,n=8,$ and fixed number $z=2$ such that $r=2^8=256$.

2. Choose a random matrix $A\in GL\left(3,R_8^{\prime }\right)$ such that $detA\in R_8^{{\prime }^{\ast }}$.

$$A=\left(\begin{array}{ccc}1& w& w^2+1\\ w^2& w+1& w^3\\ w^3+1& w^2+w& w\end{array}\right)$$

3. Calculate

$$L=A^2=\left(\begin{array}{ccc}{w}^5+w^2& w^4+w^3+w& w^4+w^3+w^2+w+1\\ w^6& w^5+w^4+w^3+w^2+1& w^4+w^3+w^2\\ w+1& w^4+w^2& w^4+w^3+1\end{array}\right)$$

$$M=A^3=\left(\begin{array}{ccc}{w}^7+w^5+w^3+w+1& w^5+w^2& w^6+w^4+w^3+w\\ w^6+w^3& w^7+w^3+w^2+w+1& w^7+w^4\\ w^7+w& w^6+w^5+w^3+w^2& w^7+w^4+w^3+w^2+1\end{array}\right)$$

4. Choose a random invertible matrix T $\in GL\left(3,R_8^{\prime }\right)$.

$$T=\left(\begin{array}{ccc}1& w& w^2\\ w^3& w^2+1& w\\ w^2& 1& w+1\end{array}\right)$$

5. Define $\alpha ,\beta$ inner product automorphisms of $M_3\left(R_8^{\prime }\right)$ as

$$\alpha :A\to L^{-1}AL,\beta :A\to M^{-1}AM,\forall A\in M_3\left(R_8^{\prime }\right)$$

6. Define other automorphisms $\gamma \mathrm{and}\omega$,

$$\gamma ={\alpha }^2\beta , \omega =\alpha {\beta }^2$$

$$\gamma :A\to {\left(L{M}^2\right)}^{-1}A\left(L^{2}M\right),\omega :A\to {\left(L{M}^2\right)}^{-1}A\left(L{M}^2\right), \forall A\in M_3\left(R_8^{\prime }\right).$$

7. Calculate

$$\begin{array}{l}\gamma \left(T\right)={(L^{2}M)}^{-1}T\left(L^{2}M\right)\\ =\left(\begin{array}{ccc}{w}^7+w^6+w^4& w^6+w^2+w+1& w^7+w^5+w^4+1\\ w^4+w^3+w^2+w+1& w^5+w^3+w& w^4+w\\ w^6+w^5+w^3+w^2& w^7+w^6+w^5+w^4+w^3+w+1& w^7+w^6+w^5+w^4+w^3+w^2+1\end{array}\right)\\ \omega \left(T^{-1}\right)={\left(L{M}^2\right)}^{-1}{\left(T\right)}^{-1}\left(L{M}^2\right)\\ =\left(\begin{array}{ccc}{w}^7+w^6+w^5+w^3+w^2+1& w^4+w^2& w^6+w^4+w^2\\ w^7+w^6+w^2& w^6+w^5+w^3& w^7+w^6+w^3\\ w^6+w^4+w^2+w& w^6+w^5+w& w^7+w^5+w^4+1\end{array}\right)\\ LM=\left(\begin{array}{ccc}{w}^5+w^4+w^3+w^2& w^5+w^3+w^2+w+1& w^6+w^5+w^3+w+1\\ w^6+w^5+w^4+w^3+w& w^7+w^6+w^4+w^3+1& w^7+w^4+w^3\\ w^7+w^6+w^5+w^2+w+1& w^6+w^5+w+1& w^3+w^2+1\end{array}\right)\end{array}$$

8. The public key is $\left(256,LM,\gamma \left(T\right),\omega \left(T^{-1}\right)\right)$ and the private key is $\left(L,M\right).$

Encryption

1. Select the plaintext $m\in M_3\left(R_8^{\prime }\right)$

$$m=\left(\begin{array}{ccc}w& w^7& 1\\ w^2+1& w^2& w^5\\ w^3& 1& w+1\end{array}\right)$$

2. Select unique random number $f=2,$ for each plaintext $m$ and then compute matrix $V={(LM)}^2$,

$$\left(\begin{array}{ccc}{w}^7+w^5+w^4+w^3+w^2& w^5& w^7+w^5+w^3+w^2\\ w^7+w^6+w^3+w^2+1& w^6+w^5+w^4+w^2+w+1& w^3+w^2+1\\ w^5+w^4+w^3+w& w^7+w^5+w^2+w& w^7+w^6+w^4+w^3+w^2+w+1\end{array}\right)$$

3. Define automorphism $\delta :A\to {\left(V\right)}^{-1}\left(A\right)\left(V\right),\forall A\in M_3\left(R_8^{\prime }\right).$

4. Compute the matrices $\left(\delta \left(\gamma \left(T\right)\right),\delta \left(\omega \left(T^{-1}\right)\right)\right)$

$$\left(\begin{array}{c}\left(\begin{array}{ccc}{w}^7+w^5+w^4& w^7+w^4+1& w^6+w^4+w^3+w^2+1\\ w^7+w^6+w^5+w^3& w^7+w^6+w+1& w^6+w+1\\ w^6+w^5+w^4& w^6+w^2& w^6+w^5+w^4+w^2\end{array}\right),\\ \left(\begin{array}{ccc}{w}^6+w^5+w^4+w^3+1& w^4& w^7+w^6+w^5+w+1\\ w^7+w^2+1& w^2& w^4+w^3+w^2+w\\ w^6+w^5+w^2+w+1& w^5+w^3+w+1& w^6+w^3+1\end{array}\right)\end{array}\right)$$

5. Now choose a unit element $u=1+w+w²$ and calculate the ciphertext

$$K=\left(K_1,K_2\right)=\left(u\delta \left(\omega \left(T^{-1}\right)\right),u^{-1}m\delta \left(\gamma \left(T\right)\right)\right)$$

$$\left(\begin{array}{c}\left(\begin{array}{ccc}{w}^6+w^5+w^3+w^2+w& w^6+w^5+w^4& w^6+w^5+w^3+w+1\\ w^7+w^4+w^3& w^4+w^3+w^2& w^6+w^4+w^3+w\\ w^5+w^4+w^2& w^7+w^6+w^4+1& w^7+w^6+w^5+w^4+w^3+w^2+w\end{array}\right),\\ \left(\begin{array}{ccc}{w}^4+w^2+w+1& w^7+w^6+w^5+w^3+w^2& w^7+w^6+w^3+w^2+w+1\\ w^5+w^3+1& w^7+w^6+w^2+w& w^7+w^6+w^5+w+1\\ w^7+w^4+w& w^7& w^7+w^6+w^4+1\end{array}\right)\end{array}\right)$$

Decryption

1. Compute the plaintext matrix

$$m=K_2\alpha {\beta }^{-1}\left(K_1\right)=\left(\begin{array}{ccc}w& w^7& 1\\ w^2+1& w^2& w^5\\ w^3& 1& w+1\end{array}\right).$$

Theorem 1.

The algorithm of Cryptosystems 1 and 2 are accurate.

Proof of Theorem 1.

Since automorphisms in the proposed cryptosystems remain the same, so its proof is similar to the original scheme. The commutative inner automorphisms are defined in this article $\alpha :A\to L^{-1}AL,\beta :A\to M^{-1}AM,\forall A\in M\left(k,R_n^{\prime }\right)$, and another automorphism of $M\left(k,R_n^{\prime }\right)$ by taking the composition of above two automorphisms $\gamma ={\alpha }^2\beta :A\to {(L^{2}M)}^{-1}A\left(L^{2}M\right),$ $\omega ={\beta }^2\alpha :A\to {(L{M}^2)}^{-1}A\left(L{M}^2\right).$ Since $\alpha \mathrm{and}\beta$ commute, therefore $\gamma \mathrm{and}\omega$ also commute, and we have $\gamma =\alpha {\beta }^{-1}\omega ,\omega ={\alpha }^{-1}\beta \gamma$

$$K_2\alpha {\beta }^{-1}\left(K_1\right)=\left(um\delta \left(\gamma \left(T\right)\right)\right)\left(\alpha {\beta }^{-1}\left(u^{-1}\delta \left(\omega \left(T^{-1}\right)\right)\right)\right)$$

$$=\left(u{u}^{-1}m\delta \left(\gamma \left(T\right)\right)\right)\left(\left(\delta (\alpha {\beta }^{-1}\left(\omega \left(T^{-1}\right)\right)\right)\right)$$

$$=\left(m\delta \left(\gamma \left(T\right)\right)\right)\left(\left(\delta (\gamma \left(T^{-1}\right)\right)\right) , u{u}^{-1}=1$$

$$=\left(m\delta \left(\gamma \left(T{T}^{-1}\right)\right)\right)$$

$$=\left(m\delta \left(\gamma \left(I\right)\right)\right) =\left(m\delta \left(I\right)\right) =m\left(I\right)=m$$

 □

Now, we illustrate the comparison of proposed and original schemes in Table 1. This demonstrates that we compute different public keys from the same private keys in both algebraic structures. Further detail is given in the security analysis section. (Note that we can convert elements from $R_8^{\prime }$ to ${\mathbb{Z}}_{256}$ and vice versa).

Table 1. Comparison of the proposed scheme and the original scheme.

Comparison of Proposed Scheme Original Scheme
	Proposed Scheme	Original Scheme
Local Ring	$R_8^{\prime }$	${\mathbb{Z}}_{256}$
Operation	Polynomial addition and multiplication s.t $w^{8n}=1, w^{9n}=w, w^{10n}=w^2, w^{11n}=w^3,w^{12n}=w^4,w^{13n}=w^5,w^{14n}=w^6,w^{15n}=w^7, n\in N$	Modulo addition and multiplication
Non-Commutative Group	$GL\left(3,R_8^{\prime }\right)$	$GL\left(3,{\mathbb{Z}}_{256}\right)$
Cryptsystem 1
Public-Key	$L=\left(\begin{array}{ccc}1& 1+w& w^2\\ 0& 1& 1+w\\ 0& 0& 1\end{array}\right), M=\left(\begin{array}{ccc}1+w+w^2& w& 1+w^2\\ 0& 1+w+w^2& w\\ 0& 0& 1+w+w^2\end{array}\right)$	$L=\left(\begin{array}{ccc}1& 3& 4\\ 0& 1& 3\\ 0& 0& 1\end{array}\right),$ $M=\left(\begin{array}{ccc}7& 2& 5\\ 0& 7& 2\\ 0& 0& 7\end{array}\right)$
Private-Key	$\left(256, \gamma \left(T\right), \omega \left(T^{-1}\right)\right)$ $\left\{\begin{array}{c}\begin{array}{c}256,\end{array}\\ \left(\begin{array}{ccc}{w}^7+w^6+w^5+w^4+w^3+1& w^7+w^6+w^3+w^2+1& w^6+w^5+w^4+w^3+w^2+w+1\\ w& w^7+w^5+w^4+w^2+w& w^5+w^3\\ w^3+1& 0& w^6+w^3+w^2+w+1\end{array}\right)\\ \left(\begin{array}{ccc}{w}^7+w^2& w^7+w^5+w^4& w^6+w^5+w^4+w^3+w^2+w+1\\ w^6+w^3+w^2& w^7& w^7+w^6+w^3+w^2+1\\ w^7+w^5+w^4+w& w^7+w^3& w^5+w^4+w^3+w^2+w\end{array}\right)\end{array}\right\}$	$\left(256, \gamma \left(T\right), \omega \left(T^{-1}\right)\right)$ $\left\{\begin{array}{c}256,\\ \left(\begin{array}{ccc}73& 202& 133\\ 240& 11& 156\\ 9& 26& 178\end{array}\right)\\ \left(\begin{array}{ccc}95& 166& 87\\ 187& 252& 96\\ 155& 153& 207\end{array}\right)\end{array}\right\}$
Cryptsystem 2
Public-Key	$A=\left(\begin{array}{ccc}1& w& w^2+1\\ w^2& w+1& w^3\\ w^3+1& w^2+w& w\end{array}\right)$ $L=\left(\begin{array}{ccc}{w}^5+w^2& w^4+w^3+w& w^4+w^3+w^2+w+1\\ w^6& w^5+w^4+w^3+w^2+1& w^4+w^3+w^2\\ w+1& w^4+w^2& w^4+w^3+1\end{array}\right)$ $M=\left(\begin{array}{ccc}{w}^7+w^5+w^3+w+1& w^5+w^2& w^6+w^4+w^3+w\\ w^6+w^3& w^7+w^3+w^2+w+1& w^7+w^4\\ w^7+w& w^6+w^5+w^3+w^2& w^7+w^4+w^3+w^2+1\end{array}\right)$	$A=\left(\begin{array}{ccc}1& 2& 5\\ 4& 3& 8\\ 9& 6& 2\end{array}\right),$ $L=\left(\begin{array}{ccc}54& 38& 31\\ 88& 65& 60\\ 51& 48& 97\end{array}\right)$ $M=\left(\begin{array}{ccc}229& 152& 124\\ 120& 219& 56\\ 92& 60& 65\end{array}\right)$
Private-Key	$\left(256,\gamma \left(T\right), \omega \left(T^{-1}\right),LM\right)$ $\left\{\begin{array}{c}\begin{array}{c}256,\end{array}\\ \left(\begin{array}{ccc}{w}^7+w^6+w^4& w^6+w^2+w+1& w^7+w^5+w^4+1\\ w^4+w^3+w^2+w+1& w^5+w^3+w& w^4+w\\ w^6+w^5+w^3+w^2& w^7+w^6+w^5+w^4+w^3+w+1& w^7+w^6+w^5+w^4+w^3+w^2+1\end{array}\right),\\ \left(\begin{array}{ccc}{w}^7+w^6+w^5+w^3+w^2+1& w^4+w^2& w^6+w^4+w^2\\ w^7+w^6+w^2& w^6+w^5+w^3& w^7+w^6+w^3\\ w^6+w^4+w^2+w& w^6+w^5+w& w^7+w^5+w^4+1\end{array}\right),\\ \left(\begin{array}{ccc}{w}^5+w^4+w^3+w^2& w^5+w^3+w^2+w+1& w^6+w^5+w^3+w+1\\ w^6+w^5+w^4+w^3+w& w^7+w^6+w^4+w^3+1& w^7+w^4+w^3\\ w^7+w^6+w^5+w^2+w+1& w^6+w^5+w+1& w^3+w^2+1\end{array}\right)\end{array}\right\}$	$\left(256,\gamma \left(T\right), \omega \left(T^{-1}\right),LM\right)$ $\left\{\begin{array}{c}256,\\ \left(\begin{array}{ccc}123& 21& 104\\ 6& 133& 180\\ 126& 53& 9\end{array}\right),\\ \left(\begin{array}{ccc}29& 37& 156\\ 50& 7& 94\\ 52& 52& 117\end{array}\right),\\ \left(\begin{array}{ccc}66& 214& 87\\ 192& 235& 20\\ 251& 20& 213\end{array}\right)\end{array}\right\}$

5. Security Analysis of the Proposed Cryptosystem

The essence of every cryptosystem lies in its security. So, to find the efficiency of any cryptosystem, security analysis plays a fundamental role in this aspect. Now we discuss some attacks. The proposed scheme has the potential to resist these attacks effectively.

5.1. Ciphertext-Only Attack

Suppose $\left(r, \gamma \left(T\right), \omega \left(T^{-1}\right), K_1,K_2\right)$ information is known to the adversary, and he wants to compute the message $m$ by using a ciphertext-only attack, as done by Jianwei Jia et al.’s [14] for ${\mathbb{Z}}_n$. First of all, the attacker finds out the invertible element $u\in R_n^{\prime \ast }$ by $det\left(K_1\right)={\left(u\right)}^{2}det \left(\omega \left(T^{-1}\right)\right),$ $\forall K_1$ (Note inverse of $R_n^{\prime }$ is hard to compute as compare with ${\mathbb{Z}}_n$, since the square root of polynomials makes this step laborious for the attacker). Now, the cryptanalyst solves the system of homogeneous linear equations,

$$(Z^m)K_1=u\omega \left(T^{-1}\right)\left(Z^m\right)$$

(1)

After solving the system of Equation (1), he can compute the unknown matrix $Z^m=Z_o^m$ for each $u=u_0$. Finally, he solves the system (2) and decrypts the corresponding message $m=m_o.$

$$m_0=u_0{K}_2{(Z_o^m)}^{-1}\gamma {\left(T\right)}^{-1}{Z}_o^m$$

(2)

(Note that here, the systems consist of the polynomial matrices from $GL\left(k,R_n^{\prime }\right)$ since equations have become nonlinear, so it becomes hard to find an unknown matrix $Z_o^m$ for a large value of k. However, the attacker can easily compute this system in ${\mathbb{Z}}_n.$ On the other hand, if an attacker tries to compute the system in ${\mathbb{Z}}_n$ by converting the given information from $R_n^{\prime }$ to ${\mathbb{Z}}_n,$ it does not work because the public key generated in both cryptosystems differ and the attacker fails to compute $m$ as demonstrate in comparison Table 1 $\mathrm{for}{R}_8^{\prime }\mathrm{and}{\mathbb{Z}}_{256}).$

The cryptanalyst gets $\varphi \left(r\right)r^{k-1}$ possibilities of $Z^m$ since he has $\varphi \left(r\right)$ possibilities of diagonal entry and $r^{k-1}$ possibilities rest of upper diagonal entries of $Z^m$. Hence, it is clear that it becomes infeasible for the attacker to decrypt the plaintext for a large value of $r \mathrm{and} k$.

5.2. Known-Plaintext Attack

In this case, the adversary gets access to some of the plaintext $m$ and its ciphertext $K$. He fails to reveal any information about the key. Because for each plaintext $m$, we choose a unique matrix $Z^m$, the cryptanalyst wants to find out all pairs $\left(m,Z^m\right),$ but, in this case, he cannot find a new pair from the known information. Hence the attacker is not able to retrieve any information and is incapable of this attack.

5.3. Chosen-Ciphertext Attack and its Prevention

Suppose Alice wants to send a message $m$ to Bob. She decrypts the message $m$ and finds the ciphertext $K=\left(K_1,K_2\right).$ The attacker intercepts during the communication and gets access to ciphertext $K.$ He selects a random matrix $\ddot{m }\in GL\left(k,R_n^{\prime }\right)$ and sends $K^{\ast }=\left(K_1,\ddot{m }{K}_2\right)$ to Bob. Now Bob deciphers the false ciphertext $K^{\ast }$ and computes a new plaintext $m^{\ast }=m{K}^{\ast }$. The cryptanalyst uses this information and finds the original message $m$ successfully.

$${\left(\ddot{m}\right)}^{-1}\left(\ddot{m}m\right)=m$$

To protect the cryptosystem from this type of attack, one must replace the one-sided ciphertext with the two-sided ciphertext text. Now replace the ciphertext, $K_1=u{(Z^m)}^{-1}\left(\omega \left(T^{-1}\right)\right)Z^m$, $K_2={(u^{-1})}^2{(Z^m)}^{-1}\left(\gamma \left(T\right)\right)Z^m$ $\left(m\right){(Z^m)}^{-1}\left(\gamma \left(T\right)\right)Z^m$. In this case, one can decrypt the message by calculating $m=\alpha {\beta }^{-1}\left(K_1\right)K_2\alpha {\beta }^{-1}\left(K_1\right)$ since the matrices $Z^m\mathrm{and}m$ do not commute in general. Hence this attack is inefficient in this scenario.

6. Conclusions

In this article, asymmetric cryptosystems of [13] have been generalized and the residue ring has been replaced by a finite chain ring. The local ring ${\mathbb{Z}}_n$ resulted in the insecurity of the cryptosystem, as inferred by Jianwei Jia et al.’s [14] in their cryptoanalysis of the original scheme. It can be anticipated that the security of the proposed algorithm increased compared to the original one for various attacks. The finite local ring $R_n^{\prime }$ enhances the complexity of algorithms in a way that it becomes laborious for the attacker to decrypt it. Hence, it maximizes the computational security of the cryptosystem. The chain ring has the potential to resist the attacks and both cryptosystems are invulnerable in a sense that attackers unable to solve the system of equation in $R_n^{\prime }$ for large values of $n$ and $k$. The use of a binary field in the local ring $R_n^{\prime }$ avoids the exponentiation approach, which makes it efficient to use in various applications.