Next Article in Journal
Channel-Pruning Convolutional Neural Network with Learnable Kernel Element Position Convolution Utilizing the Symmetric Whittaker–Shannon Interpolation Function
Next Article in Special Issue
Discrete-Time Dynamical Systems on Structured State Spaces: State-Transition Laws in Finite-Dimensional Lie Algebras
Previous Article in Journal
Cross-Session Graph and Hypergraph Co-Guided Session-Based Recommendation
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Brauer Analysis of Some Time–Memory Trade-Off Attacks and Its Application to the Solution of the Yang–Baxter Equation

by
Agustín Moreno Cañadas
1,*,
Ismael Gutierrez
2,
Odette M. Mendez
3,
Andrés Sarrazola-Alzate
4 and
Jesus Antonio Zuluaga-Moreno
2
1
Departamento de Matemáticas, Universidad Nacional de Colombia, Edificio Yu Takeuchi 404, Kra 30 No 45-03, Bogotá 11001000, Colombia
2
Departamento de Matemáticas y Estadística, Universidad del Norte, Kilómetro 5, Via Puerto Colombia, Barranquilla, Atlántico 081007, Colombia
3
Departamento de Matemáticas, Universidad Nacional de Colombia, Sede, La Nubia, Manizales 170003, Colombia
4
Departamento de Matemáticas, University EIA, Calle 25 Sur, 42-73, Envigado 055420, Colombia
*
Author to whom correspondence should be addressed.
Symmetry 2025, 17(3), 391; https://doi.org/10.3390/sym17030391
Submission received: 15 January 2025 / Revised: 17 February 2025 / Accepted: 25 February 2025 / Published: 4 March 2025
(This article belongs to the Special Issue Symmetry and Lie Algebras)

Abstract

:
This paper is focused on some algebraic and combinatorial properties of a TMTO (Time–Memory Trade-Off) for a chosen plaintext attack against a cryptosystem with a perfect secrecy property. TMTO attacks aim to retrieve the preimage of a given one-way function more efficiently than an exhaustive search and with less memory than a dictionary attack. TMTOs for chosen plaintext attacks against cryptosystems with a perfect secrecy property are associated with some directed graphs, which can be defined by suitable collections of multisets called Brauer configurations. Such configurations induce so-called Brauer configuration algebras, the algebraic and combinatorial invariant analysis of which is said to be a Brauer analysis. In this line, this paper proposes formulas for dimensions of Brauer configuration algebras (and their centers) induced by directed graphs defined by TMTO attacks. These results are used to provide some set-theoretical solutions for the Yang–Baxter equation.

1. Introduction

Hellman [1] introduced the TMTO (Time–Memory Trade-Off) attack to carry out brute-force attacks against DES. It consists of a precomputation phase whose results are stored in tables to reduce the time a brute-force attack requires. It is worth noting that if a search problem has K possible solutions, then the time–memory trade-off allows the solution to be found with high probability in T operations (time) with M words of memory, given that the time–memory product ( T × M ) is larger than K.
After the introduction of TMTO attacks, several improvements were defined and applied to different cryptographic systems; for example, Oechslin [2] introduced rainbow tables (RTs), which aim to retrieve an element (x) in a domain (A) from its image ( y = h ( x ) ) of a one-way function ( h : A B ). Dictionary attacks are faster, but they require too much memory for practical uses.
Denning [3] attributed to Rivest the idea of using some points satisfying some appropriate criteria to minimize the frequency of accesses to the memory. According to her, Rivest suggested reducing the number of disk accesses to  T . This approach was intensively studied as the Distinguished Method (DM) by Standaert et al. [4] and Quisquater et al. [5]. Biryukov and Shamir [6] compared Hellman’s attack with the DM and applied TMTOs to stream ciphers.
Saran applied TMTO attacks to symmetric ciphers [7] and password hashing algorithms [8], and Avoine et al. introduced descending [9] and ascending [10] stepped rainbow tables.
Stinson and Paterson [11] investigated TMTO attacks for a chosen plaintext attack on a specific cipher type with the perfect secret property. Instead of distinguished points or rainbow tables, in the pre-computation phase, they used some appropriated directed graphs to retrieve a key (K) in a  o ( N )  time-memory trade-off, where N is the size of the associated plaintext, ciphertext, and key sets.
Green and Schroll [12] introduced Brauer configuration algebras to study the representation theory of a special type of path algebra called algebras of the wild representation type. Soon afterward, several applications of Brauer configuration algebras arose in the form of Brauer analyses of their algebraic and combinatorial invariants [13]. Such an analysis allows formulas to be found for the dimensions of such algebras, their centers, and the shape of some undirected graphs called covering graphs induced by the Brauer quivers defining these algebras. An extended Brauer analysis of these data studied some graph entropies based on the degree sequence of the associated covering graphs [14].
Since the combinatorial and algebraic properties of the directed graphs involved in Stinson and Paterson’s TMTO attack [11] have not been investigated, the main problem in this paper is applying Brauer analysis to them to fill this gap. In particular, it is proven that the dimensions of the induced Brauer configuration algebras and their centers depend on the size of the corresponding plaintext sets. In this fashion, this paper provides a new viewpoint of Brauer configuration algebras and their applications.
The Yang–Baxter equation was introduced first by Yang [15] in two short papers in 1967 and by Baxter in 1971 [16]; since then, Yang–Baxter equation research has dealt with advances in several fields of mathematics and sciences, such as quantum computing, quantum group theory, statistical mechanics, Hopf algebras, Lie algebras, braces theory, etc. The authors refer interested readers to [17] for a survey regarding the Yang–Baxter equation [18] and for a description of some computational solutions of such equations and their relationships with non-associative algebras, as well as to [19], where a set-theoretical solution of the Yang–Baxter equation is proposed via some braces and the Cayley graph of a permutation group.
In this paper, the application of Brauer analysis to Stinson and Paterson’s TMTO attack allows us to find set-theoretical solutions of the Yang0-Baxter equation in the following form:
( r × i d ) ( i d × r ) ( r × i d ) = ( i d × r ) ( r × i d ) ( i d × r ) .
where  r : X × X X × X  is a suitable map from the Cartesian product of a set (X) to itself and  i d : X X  is the identity map. Set-theoretical solutions are among the multiple approaches to classifying solutions of the Yang–Baxter equation, which is still an open problem.

Contributions

This paper investigates algebraic properties of time–memory trade-off attacks for chosen plaintext attacks against cryptosystems with a perfect secrecy property. Its main results are Theorems 2–4 and Corollary 1.
Theorem 2 proves that directed graphs associated with TMTOs for chosen plaintext attacks induce integer partitions of numbers with in form of  N ( N 1 ) , where N is the size of the plaintext, ciphertext, and key sets.
Theorem 3 applies a Brauer analysis to the Brauer configuration algebras induced by TMTOs attacks. Such an analysis proves that the corresponding covering graphs are complete.
Corollary 1 analyzes the topological content information or graph entropy of the covering graphs induced by the TMTO attacks.
Theorem 4 provides set-theoretical solutions of the Yang–Baxter equation based on Latin square cryptosystems.
The organization of this paper is outlined as follows: Background, main definitions, and notations are provided in Section 2; we recall definitions of a time–memory trade-off for a chosen plaintext attack against cryptosystems that achieve perfect secrecy (Section 2.2), multisets and their induced Brauer configuration algebras (Section 2.3), and the Yang–Baxter equation (Section 2.4). We present the main results in Section 2.6. This section provides examples of the main definitions and results presented in this paper. Concluding remarks are presented in Section 3.

2. Preliminaries

This section provides basic definitions and notation regarding time–memory trade-off attacks (Section 2.2), Brauer configuration algebras (Section 2.3), and the Yang–Baxter equation Section 2.4.

2.1. Background

Green and Schroll introduced Brauer configuration algebras [12] and Brauer graph algebras [20] between 2017 and 2018 to investigate algebras of wild and tame representation types. Soon afterward, Espinosa [21] introduced the notion of specialized Brauer messages to study snake graphs and their perfect matchings, as well as indecomposable Kronecker modules [22] and the energy of  { 0 , 1 } -matrices arising from some suitable graphs [23].
Brauer analysis was introduced by Cañadas et al. [13] to study quantum entanglement states based on Brauer messages and perfect matchings of the graphs associated with such states. In this work, the authors studied algebraic invariants associated with Brauer configuration algebras ( Λ G H Z n 2 ) induced by quantum entangled states of type  G H Z  (Greenberger–Horne–Zeilinger) defined by the following identities:
| G H Z n d = 1 d d 1 i = 0 | i n .
where n is the number of particles and d is the dimension for every particle. In [13], it was proven that the dimensions of  Λ G H Z n 2  and its center ( dim k Z ( Λ G H Z n 2 ) ) are given by the following identities:
dim k Λ G H Z n 2 = 4 # C r y s t a l s , where k is an algebraically closed field . dim k Z ( Λ G H Z n 2 ) = 1 + # C r y s t a l s .
Brauer analysis has also been applied to analyze several topics in cybersecurity [24]—in particular, the Advanced Encryption Standard (AES) [25].
Extended Brauer analysis, which embraces the study of some degree-based entropies, has been applied to analyze Dynkin and Euclidean diagrams [14]. Such analysis was used in [26] to define realizable branch data associated with some branched covering over some closed, connected surfaces.
Along with the works proposed by Hellman et al. [1,2,3,4,5,6,7,8,9,10,11] mentioned in the Introduction of this paper, regarding the use of TMTOs to attack several cryptosystems, we also remember that van den Broek and Poll [27] devised a TMTO attack for the A5/1 cipher used in GSM, which combines both distinguished points and rainbow tables.
Drinfeld et al. [28] proposed the study of set-theoretical solutions of the YBE (see (1)). In particular, non-degenerate, involutive set-theoretical solutions of the YBE were presented by Etingof et al. [29] and Gateva-Ivanova and Van den Bergh [30] by associating a suitable group ( G ( X , r ) ) with the solution  ( X , r )  of the Yang–Baxter equation.
This paper proposes set-theoretical solutions of the Yang–Baxter equation based on the Brauer analysis realized for the directed graphs defined by Stinson and Paterson [11] in their TMTO attack.
Rump [31] introduced another line of investigation to tackle the problem of classifying the non-degenerate involutive set-theoretical solutions of the YBE. It is worth noting that braces constitute one of the most important investigation lines of such an equation. For instance, Ballester et al. [19] found set-theoretical solutions based on braces and Brauer configuration algebras [32].

2.2. TMTO Attacks

This section describes a TMTO for a chosen plaintext attack proposed by Stinson and Paterson in [11].
Figure 1 shows a standard diagram of a rainbow table or rainbow matrix for a TMTO. Elements in the first column ( x 0 , j  with  1 j m 0 ) are chosen arbitrarily but must differ. They are called start points (SPs). The elements in the last column of the matrix are called end points (EPs). The combination of SPs and EPs is called a table [8].
A chain depicts the collection of elements of the same row. Functions (g) with  g : A A  from the search spaceA to themselves are composition functions of the following form:
r i ( h ( x i , j ) ) = x i + 1 , j = g ( x i , j ) ,
where  r i  is a suitable reduction function and h is the function that the algorithm aims to invert. Functions (g) are called hash-reduction functions.
Let  S = ( P , C , K , E , D )  be a cryptosystem or cryptographic system that possesses the perfect secrecy property, where  P = C = K  denotes the set of plaintexts, ciphertexts and keys, respectively. It should be noted that cryptosystems that achieve perfect secrecy are considered unbreakable.
The following result for cryptosystems with the perfect secrecy property is proven in [11].
Theorem 1 
([11], Theorem 3.4). Suppose  ( P , C , K , E , D )  is a cryptosystem where  | K | = | C | = | P | . Then, the cryptosystem provides perfect secrecy if and only if every key is used with equal probability ( 1 K ), and for every  x P  and every  y C , there is a unique key (K) such that  e K ( x ) = y .
Since  S  achieves perfect secrecy, it holds that  P P ( x / y ) = P P ( x )  for any  x P  and  y C , where  P P ( x )  denotes the probability that the probability distribution associated with the set of plaintexts attains a value of x and  P P ( x / y )  denotes the conditional probability of attaining a plaintext value of x given a ciphertext (y). In such a case, for a given encryption function ( e K : P C ) associated with a key ( K K ), it holds that  e K ( x ) = e K 1 ( x ) , provided that  K = K 1 . Furthermore,  P = Y = K = { y 1 , y 2 , , y N } .
In the sequel, we describe the TMTO introduced by Stinson and Paterson [11] to conduct a chosen plaintext attack against a cryptosystem with the perfect secrecy property. We recall that in these types of attacks, the opponent obtains temporary access to the encryption machinery [11]. Hence, the opponentcan choose a plaintext string (x) and construct the corresponding ciphertext string (y).
Let x be a fixed plaintext and define a function ( g : Y Y ) such that  g ( y ) = e y ( x ) . We define a directed graph or quiver ( Q T M T O = ( Q 0 , Q 1 , s , t ) ) whose sets of vertices ( Q 0 ) and arrows ( Q 1 ) are defined in such a way that
Q 0 = Y , Q 1 = { α Q 1 s ( α ) = y i , t ( α ) = g ( y i ) , 1 i N } = { ( y i , g ( y i ) ) 1 i N } .
According to Stinson and Paterson [11],  Q T M T O  and g have the following properties:
  • Q T M T O  consists of the union of disjoint directed cycles.
  • T is a desired time parameter.
    Suppose we have a set of elements ( Z = { z 1 , z 2 , , z m } Y ) such that, for every element ( y i Y ), either  y i  is contained in a cycle of a length of, at most, T or there exists an element ( z j y i ) such that the distance from  y i  to  z j  in  Q T M T O  is, at most, T; then, there exists a set (Z) satisfying the following properties:
    • | Z | 2 N T ,
    • | Z |  is  o ( N / T ) .
Stinson and Paterson [11] introduced the pseudo-code of an algorithm (Algorithm  1) to find a key (K), given  y = e k ( x ) . It finds K in, at most, T steps, with the time–memory trade-off represented by  o ( N ) , which means that in the worst case, the algorithm recovers a key in N steps (see Example 1 in Section 2.6 of this paper).
This paper introduces Brauer configuration algebras ( Λ T M T O ) induced by quivers of the form of  Q T M T O .
Algorithm 1: Time–memory trade-off(y)
y 0 y
b a c k u p false
while g ( y ) y 0
do if y = z j for some j and not b a c k u p then y g T ( z j ) b a c k u p True else y g ( y ) K y

2.3. Multisets and Brauer Configuration Algebras

This section recalls some definitions and notations dealing with multisets, Brauer configurations, and Brauer configuration algebras. Examples are presented in Example 1 in Section 2.6. The authors refer the interested reader to [12,14,26,33,34] for more information on these topics.
A multiset is a pair  ( M , f )  consisting of a set (M) and a map ( f : M N ) from M to a non-negative integers set ( N ) such that  | M | = m M f ( m ) <  [33,34].  f  is said to be a multiplicity function in the sense that  f ( m )  provides the number of times or occurrences of an element m in M. Roughly speaking, multisets allow for element repetition.
If  ( M , f )  is a multiset and  M = { m 1 , m 2 , , m t } , then  ( M , f )  is determined by a fixed word in the form of  w ( M ) = m i 1 f ( m i 1 ) m i 2 f ( m i 2 ) m i t f ( m i t ) , where  { i 1 , i 2 , , i t }  is a permutation of  { 1 , 2 , , t } .
In [14,26], Cañadas et al. defined multisets of type M. In such a case, if  M = i = 1 n M i  and  M = { ( M 1 , f 1 ) , ( M 1 , f 2 ) , , ( M n , f n ) }  is a collection of  n = | M |  multisets with  | M i | > 1  for  1 i n , then the collection of multisets ( M ) is said to be of type M if it satisfies the following conditions.
  • If  m M  and  I m = { M j 1 , m , M j 2 , m , , M j h , m }  is the collection of all sets ( M i ) that contain m, then  I m  is endowed with a well-order or linear-order (<)with the form of  E M j 1 < E M j 2 < < E M j h , where  E M j s  is an expansion of set  M j s  with the of form  M j s ( 1 ) < M j s ( 2 ) < < M j s ( f j s ( m ) ) f j s ( m )  is the multiplicity of m in  M j s , and  1 s h . Henceforth, we assume the notation of  M i  instead of  M i , m  if no confusion arises.
  • If  S u c c ( M )  denotes the successor of  M j i ( r )  in  I m , then it holds that
    S u c ( M j i ( r ) ) = M j i ( r + 1 ) , if r < f j i ( y ) , S u c ( M j s ( f j s ( y ) ) ) = M j s + 1 ( 1 ) , if j s < h .
  • The valency ( v a l ( m ) ) of an element ( m M ) is expressed by the following sum:
    v a l ( m ) = M j i I m f j i ( m ) .
    M  is endowed with a map ( ν : M N + × N + ) such that  ν ( m ) = ( j m , v a l ( m ) ) , where  N +  is the set of positive integers.
    j m = 1 , if v a l ( m ) > 1 , 2 , if v a l ( m ) = 1 .
  • Chains in the form of  I m = S m = E M j 1 < E M j 2 < < E M j h  are said to be successor sequences. Each successor sequence ( S m ) defined by an element ( m M ) gives rise to a family of equivalent circular orderings by adding a new relation in the form of  M j h ( f j h ( m ) ) < M j 1 ( 1 )  ( S u c ( M j h ( f j h ( m ) ) ) = M j 1 ( 1 ) ). Note that  S m = M i  is the successor sequence of an element ( m M i ) with  v a l ( m ) = 1 .
Remark 1. 
In [14,26] multiset collections of type M assume that  j 1 < j 2 < < j h  in successor sequences ( I m ). This paper does not assume such an order for them.
Collections of multisets ( M ) of type M give rise to so-called Brauer quivers [12] ( Q M = ( Q 0 , Q 1 , s , t ) ) whose set of vertices ( Q 0 ) is in bijective correspondence with multisets ( ( M i , f i ) M ) (Green and Schroll [12] called polygons, the elements of  M  and vertices, the elements of M). Arrows in  Q 1  are represented by subsets in the form of  { M i , S u c ( M i ) } , i.e., these subsets define arrows in the form of  M i α S u c ( M i ) Q 1 . In particular, circular orderings defined by successor sequences induce cycles (special cycles in the sense of Green and Schroll [12]) in  Q M . If  v a l ( m ) = 1 , then the special cycle defined by  m M i  is in the form of  ( M i α 1 M i ) 2  or  C m 2  if  C m = M i α 1 M i .
Collections of multisets of type M are Brauer configurations as defined by Green and Schroll in [12]. According to them, these are quadruples in the form of  M = ( M , M , μ , O ) , where M is a set of vertices,  M  is a collection or set of polygons,  μ  is multiplicity function (defined as  j m ), and  O  is an orientation defined by the successor sequences.
According to Green and Schroll [12] a vertex ( m M ) is truncated (non-truncated), provided that  μ ( m ) v a l ( m ) = 1  ( μ ( m ) v a l ( m ) > 1 ). Thus, a collection of multisets of type M, also called Brauer configurations of type M, has no truncated vertices. In such a case, they are said to be reduced. Moreover, a Brauer configuration is connected if its induced Brauer quiver is connected.
This paper restricts the general definitions of Brauer configuration algebras given by Green and Schroll in [12] to those induced by Brauer configurations (or collections of multisets) of type M.
Given an algebraically closed field (k), a Brauer configuration algebra of type M is a bound quiver algebra ( k Q m / I M ) defined by a Brauer quiver ( Q M ) induced by a Brauer configuration ( M ) of type M and bounded by an admissible ideal ( I M ) generated by relations of the following types:
  • C m C m  if m and  m  belong to the same multiset;  M i M ; and  C m  and  C m  are special cycles at m and  m , respectively. These relations are said to be of type  ρ 1 .
  • C m f  if  C m  is a special cycle at vertex  m M  and f is the first arrow of  C m . In particular,  C m 3 I M  if  v a l ( m ) = 1 . These are relations of type  ρ 2 .
  • Relations of type  ρ 3  have the form of  α i m α j m , if  α i m α j m k Q M m C m m C m m m ; and  C m  and  C m  are special cycles at m and  m , respectively.
Cañadas et al. [14] introduced the covering graph ( c ( Q M ) = ( V c ( Q M ) , E c ( Q M ) ) ) induced by a Brauer configuration ( M ) with a set of polygons ( M ) as the set of vertices ( V c ( Q M ) ) and an edge ( e M i , M j ) connecting two polygons if, for some  m M , there exists a successor sequence ( S m ) for which either  S u c c ( M i ) = M j  or  S u c c ( M j ) = M i  (in other words,  { M i , M j } E c ( Q M ) , provided that, for some  m M E M i < E M j  is a covering in the corresponding successor sequence ( S m )). We note that covering graphs not not have multiple edges or loops.
Given a subset ( A = { a 1 , a 2 , , a m } ) of the set of vertices ( V G ) of a graph  G , a hair graph ( G [ ( a 1 , a 2 , , a m ) ; ( n 1 , n 2 , , n m ) ] ) with respect to A is obtained from  G  by attaching to each point ( a i 1 i m ) a linear path with  n i  vertices.
Remark 2. 
The following properties of Brauer configuration algebras were introduced by Green and Schroll [12], Sierra [35], and Cañadas et al. [14] (see [12] Theorem B, Proposition 2.7, Theorem 3.10, Corollary 3.12, [35] Theorem 4.9, and [14] Theorem 8).
  • Any Brauer configuration algebra ( Λ M ) induced by a Brauer configuration ( M = ( M , M , μ , O ) ) is multiserial, and there exists a bijective correspondence between the set of indecomposable projective  Λ M  modules and the set of multisets or polygons ( M ).
  • The number of summands in the heart ( h t ( P ) = Rad P / Soc P ) of an indecomposable projective  Λ M  module equals the number of non-truncated vertices in the corresponding polygon, where  Soc P  denotes the socle of the indecomposable projective  Λ M  module (P), which is generated by its corresponding simple submodules.
  • Green and Schroll [12] proposed the following Formula (8) for the dimension ( dim k Λ M ) of a Brauer configuration algebra ( Λ M ) induced by a Brauer configuration ( M ).
    dim k Λ M = 2 | M | + m M v a l ( m ) ( μ ( m ) v a l ( m ) 1 ) .
  • Sierra [35] proposed the following Formula (9) for the dimension ( dim k Z ( Λ M ) ) of the center ( Z ( Λ M ) ) of a Brauer configuration algebra ( Λ M ) induced by a reduced and connected Brauer configuration ( M ) (Brauer configurations of type M are reduced).
    dim k Z ( Λ M ) = 1 + | M | + m M μ ( m ) | M | + # Loops ( Q M ) | { m M v a l ( m ) = 1 } | .
  • We note that any graph ( G = ( V G , E G ) ) gives rise to a Brauer configuration ( M G ) of type M, where  M = V G  and  M = E G . Cañadas et al. [14] proved that the covering graph ( c ( Q M G ) ) induced by a Brauer configuration ( M G ) defined by a graph ( G ) is isomorphic to  G  if and only if  G  is a disjoint union of copies of connected hair graphs of type  C n [ ( v 1 , v 2 , , v n ) ; ( s 1 , s 2 , , s n ) ] , where  C n  is an n-point cycle and  n 3 .

2.4. Yang–Baxter Equation

As described before, the Yang–Baxter equation was introduced by Yang [15] in 1967 and Baxter [16] in 1972. Recall that if k is an algebraically closed field of characteristic zero and V is a k-vector space, then a linear automorphism ( R : V V V V ) is a solution of the Yang–Baxter equation, provided that it satisfies the following braided relation [22]:
( R i d ) ( i d R ) ( R i d ) = ( i d R ) ( R i d ) ( i d R ) .
R is a solution of the quantum Yang–Baxter equation if and only if
R 12 R 13 R 23 = R 23 R 13 R 12
where  R i j  indicates R acting on the ith and jth tensor factors and the identity on the remaining factor [17].
Since a complete classification of the Yang–Baxter equation is an open problem, several approaches have been introduced to tackle it. For instance, Drinfeld et al. [28] introduced the notion of a set-theoretical solution of the Yang–Baxter equation (see (1)). In such a case, for a given set (X) and a map ( r : X × X X × X ), the identity (1) has the following form [19]:
r 12 r 23 r 12 = r 23 r 12 r 23 ,
where maps  r 12 , r 23 : X × X × X X × X × X  are defined as  r 12 = r × i d X  and  r 23 = i d X × r , respectively.
Note that if  τ : X 2 X 2  is defined in such a way that  τ ( x , y ) = ( y , x ) , then a map ( S : X 2 X 2 ) is a set-theoretical solution of the YBE if and only if  τ S  and  S τ  satisfy the quantum Yang–Baxter equation (11) [18,29].
A bijective map ( r : X × X X × X ) such that  r ( x , y ) = ( σ x ( y ) , γ y ( x ) )  is involutive if  r 2 = i d X 2 . r is said to be left non-degenerate (right non-degenerate) if each map ( γ x ) ( σ x ) is bijective.
Rump [31] introduced the notion of a brace to provide set-theoretical solutions of the Yang–Baxter equation, and Cañadas et al. proposed set-theoretical solutions of the Yang–Baxter equation based on braces and Brauer configuration algebras [32].
This paper uses Brauer quivers arising from TMTO attacks as described by Stinson and Paterson [11] to provide set-theoretical solutions of the Yang–Baxter equation.

2.5. Entropy of a Graph

The entropy of a graph or network is a measure of its complexity, as introduced by Rashevsky [36] and Trucco [37]. Cañadas et al. [14] studied based-degree graph entropies denoted as  H δ v ( G ) H d ( G ) , and  H ( M G )  to apply extended Brauer analysis to some Dynkin and Euclidean diagrams. Such entropies are defined as follows for a graph ( G ) and a Brauer configuration ( M ) of type M.
H δ v ( G ) = 1 2 | E G | v V G δ v l o g 2 ( δ v ) . H d ( G ) = δ v ¯ i = 1 | N i δ v | | V G | l o g 2 ( | N i δ v | | V G | ) . H ( M ) = α M μ ( α ) v a l ( α ) v l o g 2 ( μ ( α ) v a l ( α ) v ) .
where  V G  ( E G ) denotes the set of vertices (edges) of a graph ( G ),  | N i δ v |  denotes the number of vertices with a degree equal to i, and  δ v ¯ = max v V G δ v δ v  is the degree of  v V G . Furthermore,  v = α M μ ( α ) v a l ( α ) .

2.6. Main Results

This section provides the main results presented in this paper; we start by providing an illustrative example of the definitions described in previous sections.
Example 1. 
Let us consider a Latin square cryptosystem ( S = ( P , C , K , E , D ) ) such that  P = C = K = { 1 , 2 , 3 } , whose rules of encryption and decryption are represented by rows of the  3 × 3  Latin square (L) shown in Table 1, that is,  e i ( j ) = L i j .
It is well known that  S  achieves perfect secrecy, provided that every key is used with equal properties [11].
We define a Brauer configuration ( M L = ( M , M = { Y 1 , Y 2 , Y 3 } , μ , O ) )| of type M such that
M = { t 1 , t 2 , t 3 , x 1 , x 2 , x 3 } , Y 1 = { t 1 , t 2 , x 1 } , Y 2 = { t 2 , t 3 , x 2 } , Y 3 = { t 1 , t 3 , x 3 } .
Then,  v a l ( x i ) = 1 v a l ( t j ) = 2 i , j { 1 , 2 , 3 } . The successor sequences are defined as follows:
S t 1 = Y 1 < Y 3 , S t 2 = Y 1 < Y 2 , S t 3 = Y 2 < Y 3 , S x 1 = Y 1 , S x 2 = Y 2 , S x 3 = Y 3 .
Figure 2 shows the Brauer quiver induced by Brauer configuration  M L .
The Brauer configuration algebra ( Λ M L ) induced by Brauer configuration  M L  is a bound quiver algebra in the form of  Λ M L = k Q M L / I M L , where the admissible ideal ( I M ) is generated by relations of three types. The following are examples of relations in  I M L .
  • α 1 t 1 α 2 t 1 α 1 t 2 α 2 t 2 α 2 t 2 α 1 t 2 α 1 t 3 α 2 t 3 α 2 t 1 α 1 t 1 α 2 t 3 α 1 t 3 .
  • α i t r α j t r ( α 1 x r ) 2 i j i , j { 1 , 2 } r { 1 , 2 , 3 } .
  • α i t r α j t r α i t r i j i , j { 1 , 2 } r { 1 , 2 , 3 } ( α 1 x r ) 3 r { 1 , 2 , 3 } .
  • α i t r α j t s , if  α i t r α j t s k Q M L  and  r s .
  • α i t r α j x s , if  α i t r α j x s k Q M L  and  r , s { 1 , 2 , 3 } .
The Brauer configuration algebra ( Λ M L ) has the following properties:
  • Λ M L  is indecomposable as an algebra, provided that the Brauer quiver ( Q M L ) is connected.
  • dim k Λ M L = 2 ( 3 ) + 3 ( 2 ( 1 ) ) + 3 ( 1 ) = 15 .
  • dim k Z ( Λ M L ) = 1 + 3 + 9 6 + 3 3 = 7 .
  • The covering graph ( G = c ( Q M L ) ) induced by the Brauer configuration ( M L ) is isomorphic to the three-point cycle.
The following are entropies associated with the Brauer configuration ( M L ) and the corresponding covering graph (G).
  • H δ v ( G ) = 1 6 ( 6 l o g 2 ( 2 ) ) = 1 .
  • H d ( G ) = 0 , provided that G is 2-regular.
  • H ( M L ) = 6 ( 2 12 l o g 2 ( 2 12 ) ) = l o g 2 ( 6 ) . Note that  2 H ( M L ) + 1  is an approximation of the dimension of the Brauer configuration algebra ( Λ M L ), where  M L  is a reduction of  M L  obtained by deleting vertices in M ( x M ) with  v a l ( x ) = 1 .
The quiver ( Q T M T O ) induced by the time–memory trade-off for a chosen plaintext attack against the Latin square cryptosystem is isomorphic to the Brauer quiver ( Q M L ). The isomorphism can be realized by the following map between the corresponding sets of arrows ( ( Q T M T O ) 1  and  ( Q M L ) 1 ).
m Q : ( Q T M T O ) 1 ( Q M L ) 1
m Q ( i , g i ( i ) ) = m Q ( i , L ( i , i ) ) = α 1 x i , i { 1 , 2 , 3 } , m Q ( h , g h ( 1 ) ) = m Q ( h , L ( h , 1 ) ) = α f ( h ) t 3 , h { 2 , 3 } , f ( h ) { 1 , 2 } , f ( 2 ) < f ( 3 ) , m Q ( h , g h ( 2 ) ) = m Q ( h , L ( h , 2 ) ) = α f ( h ) t 3 , h { 1 , 3 } , f ( h ) { 1 , 2 } , f ( 1 ) < f ( 3 ) , m Q ( h , g h ( 3 ) ) = m Q ( h , L ( h , 3 ) ) = α f ( h ) t 3 , h { 1 , 2 } , f ( h ) { 1 , 2 } , f ( 1 ) < f ( 2 ) .
In this paper, it is assumed that  Λ T M T O = Λ M L . Thus, a Brauer analysis of the Brauer configuration ( M L ) is also a Brauer analysis for the TMTO of a known plaintext attack against the Latin square cryptosystem.
Table 2 provides examples of the use of Algorithm 1 to recover a key from a plaintext in a Latin square cryptosystem of order  N { 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 } ; columns x and y provide a plaintext and corresponding ciphertext. Column Z shows the set (Z) defined for a TMTO, and column  g ( y )  provides all possible encryption values associated with the ciphertext (y). Column  g T ( y )  provides such a value after applying the first step of the algorithm, and column K shows the recovered key. The Latin squares used to apply the algorithm are presented in Appendix A (the corresponding  3 × 3  Latin square is shown in Table 1).
The following result allows us to define Brauer configuration algebras from quivers of type  Q T M T O  (see (5)).
Theorem 2. 
A quiver ( Q T M T O ) (see (5)) defined by a TMTO for a chosen plaintext attack against a cryptosystem ( S = ( P , C , K , E , D ) ) that achieves perfect secrecy induces an integer partition ( P T M T O = l 2 α 2 l 3 α 3 l N α N  of  N ( N 1 ) ), where  P = C = K = { y 1 , y 2 , , y N } α j 0 l j α j  is the number of all cycles in  Q T M T O  of size j, and  l N α N N 2 .
Proof. 
Firstly, note that  Q T M T O  contains, at most,  N 2  cycles of size N and, at most,  N ( N 1 ) 2  cycles of size 2. In particular, if x is a fixed plaintext ( x P ), then the set of arrows  ( y j , g y j ( x ) )  defines a permutation ( π x S N ), where  S N  denotes the symmetric group consisting of all N-element permutations,  π x  is a product of, at most, and  α j ( x ) = N j  cycles of size j; then, if all the encryption rules are chosen in such a way that the corresponding quiver ( Q T M T O ) consists only of two cycles, it holds that  N ( N 1 ) = x P l 2 α 2 ( x )  (note that in this case, there exits  z P  such that  ( y j , g y j ( z ) ) = ( y j , y j )  for all j). Thus, for any other choice of the encryption rule, it holds that  N ( N 1 ) = j = 2 N l j α j , provided that any permutation is a product of two cycles. This completes the proof.   □
Next, Theorem 3 provides the properties of a Brauer configuration algebra induced by a quiver of type  Q T M T O .
Theorem 3. 
Let  Q T M T O  be a quiver defined by a TMTO for a chosen plaintext attack against a cryptosystem ( S = ( P , C , K , E , D ) ) that achieves perfect secrecy; then, if  Q T M T O  has an associated integer partition ( P T M T O = l i 1 α i 1 l i 2 α i 2 l i m α i m ) with  α i j > 0  and  1 j m , it holds that  Q T M T O  induces a Brauer configuration algebra ( Λ T M T O ) with the following properties:
  • Λ T M T O  is indecomposable as an algebra.
  • Each indecomposable projective  Λ T M T O  module ( y i ) has  d g + ( y i ) + 1  summands, where  d g + ( x )  is the out-degree of the vertex (x) in  Q T M T O .
  • dim k Λ T M T O = 3 N + m j = 1 α i j t i j 1 .
    In particular,  3 N + 2 N 2 dim k Λ T M T O N ( N 2 3 N + 5 ) , where  t i  denotes the ith triangular number.
  • dim k Z ( Λ T M T O ) = 2 N + 1 .
  • The covering graph ( c ( Q T M T O ) ) induced by the Brauer quiver ( Q T M T O ) is isomorphic to the N-vertex complete graph ( K N ).
Proof. 
Note that  Q T M T O  defines a Brauer configuration ( M S = ( M , M , μ , O ) ) of type M such that  M = { x 1 , x 2 , , x Δ , z 1 , z 2 , , z N Δ = α i 1 + α i 2 + + α i m } M = { ( y 1 , f 1 ) , ( y 2 , f 2 ) , , ( y N , f N ) } f h ( z h ) = 1 f h ( z i ) = 0  if  i h 1 h N . If  r y i , then  f i ( r ) = 1 v a l ( x i ) { i 1 , i 2 , , i m } , and  1 i Δ . The orientation ( O ) is represented by arrows and cycles of  Q T M T O  defined by pairs in the form of  ( y j , e y j ( x ) ) , with  x P  fixed. Under these circumstances,  Q T M T O  is the Brauer quiver induced by  M S  whose disjoint cycles are special cycles. It induces the Brauer configuration algebra ( Λ T M T O = k Q T M T O / I T M T O , where k is an algebraically closed field and  I T M T O  is an admissible ideal generated by relations of type  ρ 1 , ρ 2 , and  ρ 3 ).
In the sequel, we prove the different items proposed in the theorem.
  • Note that for  x P  fixed, the pairs  ( y j , e y j ( x ) )  define a permutation ( π x S N ), since the TMTO is applied to the complete set ( P ) and the Brauer configuration ( M S ) is connected; therefore, the Brauer quiver ( Q T M T O ) is connected.
  • Any element ( x M ) is non-truncated and defines a unique cycle in  Q T M T O  up to equivalence. Thus, the out-degree of a vertex ( y i ) in  Q T M T O  equals the number of its elements (x) for which  v a l ( x ) > 1 . The result holds, provided that each polygon ( y i ) contains a unique element ( z i ) such that  v a l ( z i ) = 1 .
  • By definition, there are  α i j  vertices with valency of  i j  for  1 j m . Thus,  dim k Λ T M T O = 2 N + 2 j = 1 m α i j ( i j ( i j 1 ) ) + | { z P v a l ( z ) = 1 } | . Moreover, the function expressed as  D : L S N +  from the set of algebras of type  Λ T M T O  (induced by a TMTO for a chosen plaintext attack against the fixed cryptosystem ( S )) to the set of positive integers attains the minimum value ( d S ) if  v a l ( x i ) = 2  for any  x i M . The maximum value ( m S ) of  D  is attained if  N 2  elements in M have a valency of N. The result holds, taking into account that  d S = 2 N + 2 Δ + | { z M v a l ( z ) = 1 } | = 3 N + 2 N 2  and  m S = 2 N + ( N 2 ) ( N 1 ) N + | { z M v a l ( z ) = 1 } | = 3 N + ( N 2 ) ( N 1 ) N .
  • We note that  Q T M T O  has  N = | P |  vertices and N loops; then,  dim k Z ( Λ T M T O ) = 1 + # L o o p s ( Q T M T O ) + | P | = 2 N + 1 .
  • Note that for a fixed key ( y i ) and  x P E i = { y j P y j = e y i ( x ) } = P . Thus, any pair ( ( y i , y j ) P × P ) with  i j  can be obtained from an arrow in the form of  ( y i , e y i ( x ) )  for some  x P . Such an arrow defines the edge ( ( y i , y j ) E ( c ( Q T M T O ) ) ).
Corollary 1 provides the entropy values associated with the Brauer configuration ( M S ) defined in Theorem 3.
Corollary 1. 
Let  G = c ( Q T M T O )  be the covering graph induced by the Brauer configuration of type M ( M S ); then, the following results hold:
  • H δ v ( G ) = N 1 N ( N + 1 ) l o g 2 ( N 1 ) .
  • H d ( G ) = 0 .
  • H ( M S ) = ( j = 1 m i j α i j l o g 2 ( i j v ) v + 2 N v l o g 2 ( 2 v ) ) , where  v = j = 1 m i j α i j + 2 N .
Proof. 
Since G is  N 1  regular, it holds that the number of edges in G is  t N = N ( N + 1 ) 2 . Thus,  H δ v ( G ) = N 1 2 t N l o g 2 ( N 1 )  and  H d ( G ) = ( N N l o g 2 ( 1 ) ) = 0 .
Since  M S  has N vertices with a valency of 1 and, for each j, there are  α i j  vertices with a valency of  i j , then  H ( M S )  has the proposed values by definition. This completes the proof.  □
Theorem 4 provides set-theoretical solutions to the Yang–Baxter equation (see identity (12)).
Theorem 4. 
Let  S 1  and  S 2  be a pair of Latin square cryptosystems such that  S 1 = ( P , C , K , E 1 , D 1 )  and  S 2 = ( P , C , K , E 2 , D 2 )  with  P = C = K = { 1 , 2 , , n }  and encryption rules  E 1  and  E 2  represented by Latin squares  L 1  and  L 2 , respectively, where  L 2  is obtained from  L 1  by applying a permutation ( π S n ) to the columns of  L 1  and  L 2 ( L 2 ( t , L 1 ( t , u ) ) , L 1 ( L 2 ( t , L 1 ( t , u ) ) , L 2 ( t , L 1 ( t , v ) ) ) ) = L 2 ( t , L 1 ( t , L 2 ( u , L 1 ( u , v ) ) ) )  for any  t , u , v { 1 , 2 , , n } ; then, the map ( δ : P × P P × P ) such that  δ = τ σ , where  τ ( x , y ) = ( y , x )  and  σ = h 2 h 1  with  h 1 ( i , j ) = ( i , L 1 ( i , j ) )  and  h 2 ( i , L 1 ( i , j ) ) = ( i , L 2 ( i , j ) ) , is a set-theoretical solution of the Yang–Baxter equation.
Proof. 
Note that for  ( t , u ) P 2 , it holds that  δ ( t , u ) = ( L 2 ( t , L 1 ( t , u ) ) , t ) . Thus, if  ( t , u , v ) P 3 , then the following identities hold:
( δ × i d ) ( t , u , v ) = ( δ ( t , u ) , v ) = ( L 2 ( t , L 1 ( t , u ) ) , t ) = a 1 , ( i d × δ ) ( a 1 ) = ( L 2 ( t , L 1 ( t , u ) ) , L 2 ( t , L 1 ( t , v ) ) , t ) = a 2 , ( δ × i d ) ( a 2 ) = ( L 2 ( L 2 ( t , L 1 ( t , u ) ) , L 1 ( L 2 ( t , L 1 ( t , u ) ) , L 2 ( t , L 1 ( t , v ) ) ) ) , L 2 ( t , L 1 ( t , u ) ) , t ) ) , ( δ × i d ) ( a 2 ) = a 3 = ( a 3 , 1 , a 3 , 2 , a 3 , 3 ) .
( i d × δ ) ( t , u , v ) = ( t , δ ( u , v ) ) = ( t , L 2 ( u , L 1 ( u , v ) ) , u ) = b 1 , ( δ × i d ) ( b 1 ) = ( L 2 ( t , L 1 ( t , L 2 ( u , L 1 ( u , v ) ) ) ) , t , u ) = b 2 , ( i d × δ ) ( b 2 ) = ( L 2 ( t , L 1 ( t , L 2 ( u , L 1 ( u , v ) ) ) ) , L 2 ( t , L 1 ( t , v ) ) , t ) = b 3 , b 3 = ( b 3 , 1 , b 3 , 2 , b 3 , 3 ) .
Therefore,
a 3 , 1 = L 2 ( L 2 ( t , L 1 ( t , u ) ) , L 1 ( L 2 ( t , L 1 ( t , u ) ) , L 2 ( t , L 1 ( t , v ) ) ) ) , b 3 , 1 = L 2 ( t , L 1 ( t , L 2 ( u , L 1 ( u , v ) ) ) ) = a 3 , 1 , a 3 , 2 = b 3 , 2 = L 2 ( t , L 1 ( t , u ) ) = b 3 , 2 , a 3 , 3 = b 3 , 3 = t .
Thus,  a 3 = b 3  and  δ  satisfy the set-theoretical Yang–Baxter equation. This completes the proof.  □

3. Conclusions

Time–memory trade-off (TMTO) allows chosen plaintext attacks to be conducted against cryptosystems with a perfect secrecy property. Such TMTOs give rise to some directed graphs or quivers associated with appropriate Brauer configurations and their induced Brauer configuration algebras. The analysis of algebraic and combinatorial invariants as their dimensions, the composition series of their indecomposable projective modules, and their covering graphs is a Brauer analysis; some of these invariants can be obtained in terms of the size of the corresponding plaintexts and the length of the cycles contained in the quivers. Brauer analysis includes the topological content information analysis of the covering graphs induced by the investigated TMTOs. The analysis can also be applied to Latin square cryptosystems, which achieve perfect secrecy. As a consequence of this study, it is possible to provide set-theoretical solutions to the Yang–Baxter equation based on the structure of the Latin squares, which provide the encryption rules of such cryptosystems.

FutureWork

  • TMTOs for chosen plaintext attacks against cryptosystems that achieve perfect secrecy induce appropriate integer partitions. Their Brauer analysis includes studying their defects, which allows for classification of partitions as realizable data over closed connected surfaces such as the projective plane or the sphere. An open problem consists of answering the following question:
    What kinds of directed graphs associated with TMTOs for chosen plaintext attacks induce integer partitions realizable as branch data over the projective plane or another closed, connected surface?

Author Contributions

Investigation, writing, review and editing, A.M.C., I.G., O.M.M., A.S.-A. and J.A.Z.-M. All authors have read and agreed to the published version of the manuscript.

Funding

Convocatoria Nacional para el Establecimiento de Redes de Cooperación bajo el Marco del Modelo Intersedes 2022–2024, Universidad Nacional de Colombia. Cod Hermes 59773.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

Data are contained within the article.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
dim k Λ Dimension of a Brauer configuration algebra
dim k Z ( Λ ) Dimension of a Brauer configuration algebra center
δ v ( G ) Degree of a vertex in a graph ( G )
H ( M ) )Entropy of a Brauer configuration ( M )
Λ T M T O Brauer configuration algebra induced by a time–memory trade-off
Q M Brauer quiver induced by a Brauer configuration ( M )
t i ith triangular number
v a l ( x ) Valency of a vertex x
x Greatest integer less than an integer number (x)
TMTOTime–Memory Trade-Off
Z ( Λ ) Center of a Brauer configuration algebra

Appendix A

This section shows Latin squares  L 4 L 10  (Table A1, Table A2, Table A3, Table A4, Table A5, Table A6 and Table A7), which are necessary to build Table 2.
Table A1. Latin square of order 4.
Table A1. Latin square of order 4.
 2143
L4 =3412
4231
 1324
Table A2. Latin square of order 5.
Table A2. Latin square of order 5.
 23154
 12543
L5 =54312
 41235
 35421
Table A3. Latin square of order 6.
Table A3. Latin square of order 6.
 135642
 251436
L6 =312564
463215
 546321
 624153
Table A4. Latin square of order 7.
Table A4. Latin square of order 7.
 1356427
 2514376
 3125764
L7 =4637152
 5472631
 6743215
 7261543
Table A5. Latin square of order 8.
Table A5. Latin square of order 8.
 13564278
 25143786
 31257864
L8 =46328517
54781632
 62875341
 78436125
 87612453
Table A6. Latin square of order 9.
Table A6. Latin square of order 9.
 135642789
 251437896
 312578964
 463289157
L9 =547896321
 628915473
 789351642
 894763215
 976124538
Table A7. Latin square of order 10.
Table A7. Latin square of order 10.
 13564278910
 25143689107
 31257891046
 46328910571
L10 =54789101263
62891073415
 78910154632
 89103516724
 91047632158
 10761245389

References

  1. Hellman, M.E. A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theory 1980, 26, 401–406. [Google Scholar] [CrossRef]
  2. Oechslin, P. Making a faster cryptanalytic time-memory trade-off. In Advances in Cryptology—CRYPTO 2003; Lecture Notes in Computer Science; Boneh, D., Ed.; Springer: Berlin/Heidelberg, Germany, 2003; Volume 2729, pp. 617–630. [Google Scholar]
  3. Denning, D.E. Cryptography and Data Security; Addison-Wesley: Boston, MA, USA, 1982. [Google Scholar]
  4. Standaert, F.X.; Rouvroy, G.; Quisquater, J.J.; Legat, J.D. A time-memory tradeoff using distinguished points: New analysis & FPGA Results. In Cryptographic Hardware and Embedded Systems—CHES 2002; Lecture Notes in Computer Science; Kaliski, B.S., Koçç.K., Paar, C., Eds.; Springer: Berlin/Heidelberg, Germany, 2003; Volume 2523, pp. 593–609. [Google Scholar]
  5. Quisquater, J.J.; Delescaille, J.P. How easy is collision search? Application to DES. In Advances in Cryptology-EUROCRYPT’ 89; Lecture Notes in Computer Science; Quisquater, J.J., Vandewalle, J., Eds.; Springer: Berlin/Heidelberg, Germany, 1990; Volume 434, pp. 429–434. [Google Scholar]
  6. Biryukov, A.; Shamir, A. Cryptanalytic time/memory/data tradeoffs for stream ciphers. In Advances in Cryptology—ASIACRYPT 2000; Lecture Notes in Computer Science; Okamoto, T., Ed.; Springer: Berlin/Heidelberg, Germany, 2000; Volume 1976, pp. 1–13. [Google Scholar]
  7. Saran, A.N. Time Memory Trade off Attack on Symmetric Ciphers. Doctoral Thesis, Middle East Technical University, Ankara, Turkey, 2009. [Google Scholar]
  8. Saran, A.N. On time-memory trade-offs for password hashing schemes. Frontiers 2024, 6, 1368362. [Google Scholar] [CrossRef]
  9. Avoine, G.; Carpent, X.; Leblanc-Albarel, D. Stairway to rainbow. In Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security, Melbourne, Australia, 10–14 July 2023; ACM: New York, NY, USA, 2023; pp. 286–299. [Google Scholar]
  10. Avoine, G.; Carpent, X.; Leblanc-Albarel, D. Ascending Stepped Cryptanalytic Time-Memory Trade-Off. 2024. ffhal-04444552v2f. Available online: https://hal.science/hal-04444552v2 (accessed on 14 December 2024).
  11. Stinson, D.R.; Paterson, M.B. Cryptography: Theory and Practice, 4th ed.; Chapman and Hall/CRC Press: Boca Raton, FL, USA, 2018. [Google Scholar]
  12. Green, E.L.; Schroll, S. Brauer configuration algebras: A generalization of Brauer graph algebras. Bull. Sci. Math. 2017, 121, 539–572. [Google Scholar] [CrossRef]
  13. Cañadas, A.M.; Gutierrez, I.; Mendez, O.M. Brauer Analysis of Some Cayley and Nilpotent Graphs and Its Application in Quantum Entanglement Theory. Symmetry 2024, 16, 570. [Google Scholar] [CrossRef]
  14. Cañadas, A.M.; Espinosa, P.F.F.; Rodríguez-Nieto, J.G.; Mendez, O.M.; Arteaga-Bastidas, R.H. Extended Brauer Analysis of Some Dynkin and Euclidean Diagrams. Electron. Res. Arch. 2024, 32, 5752–5782. [Google Scholar] [CrossRef]
  15. Yang, C.N. Some exact results for the many-body problem in one dimension with repulsive delta-function interaction. Phys. Rev. Lett. 1967, 19, 1312–1315. [Google Scholar] [CrossRef]
  16. Baxter, R.J. Partition function for the eight-vertex lattice mode. Ann. Phys. 1972, 70, 193–228. [Google Scholar] [CrossRef]
  17. Nichita, F.F. Introduction to the Yang–Baxter equation with open problems. Axioms 2012, 1, 33–37. [Google Scholar] [CrossRef]
  18. Nichita, F.F. Yang-Baxter equations, computational methods and applications. Axioms 2012, 4, 423–435. [Google Scholar] [CrossRef]
  19. Ballester-Bolinches, A.; Esteban-Romero, R.; Fuster-Corral, N.; Meng, H. The structure group and the permutation group of a set-theoretical solution of the quantum Yang-Baxter equation. Mediterr. J. Math. 2021, 18, 1347–1364. [Google Scholar]
  20. Schroll, S. Brauer Graph Algebras. In Homological Methods, Representation Theory, and Cluster Algebras; CRM Short Courses; Assem, I., Trepode, S., Eds.; Springer: Cham, Switzerland, 2018; pp. 177–223. [Google Scholar]
  21. Espinosa, P.F.F. Categorification of Some Integer Sequences and Its Applications. Doctoral Thesis, National University of Colombia, Bogotá, Colombia, 2021. [Google Scholar]
  22. Cañadas, A.M.; Espinosa, P.F.F.; Ballester-Bolinches, A. Solutions of the Yang-Baxter equation and automaticity related to Kronecker modules. Computation 2023, 11, 43. [Google Scholar] [CrossRef]
  23. Agudelo, N.; Cañadas, A.M.; Gaviria, I.D.M.; Espinosa, P.F.F. {0,1}-Brauer configuration algebras and their applications in the graph energy theory. Mathematics 2021, 9, 3042. [Google Scholar] [CrossRef]
  24. Cañadas, A.M.; Angarita, M.A.O. Brauer configuration algebras for multimedia based cryptography and security applications. Multimed. Tools. Appl. 2021, 80, 23485–23510. [Google Scholar]
  25. Cañadas, A.M.; Gaviria, I.D.M.; Vega, J.D.C. Relationships between the Chicken McNugget Problem, Mutations of Brauer Configuration Algebras and the Advanced Encryption Standard. Mathematics 2021, 9, 1937. [Google Scholar] [CrossRef]
  26. Cañadas, A.M.; Rodríguez-Nieto, J.G.; Salazar, O.P. Brauer configuration algebras induced by integer partitions and their applications in the theory of branched coverings. Mathematics 2024, 12, 3626. [Google Scholar] [CrossRef]
  27. van den Broek, F.; Poll, E. A Comparison of Time-Memory Trade-Off Attacks on Stream Ciphers. In Progress in Cryptology—AFRICACRYPT 2013; Lecture Notes in Computer Science; Youssef, A., Nitaj, A., Hassanien, A.E., Eds.; Springer: Berlin/Heidelberg, Germany, 2013; Volume 7918, pp. 406–423. [Google Scholar]
  28. Drinfeld, V.G. On some unsolved problems in quantum group theory. In Quantum Groups; Lecture Notes in Mathematics; Kulish, P.P., Ed.; Springer: Berlin/Heidelberg, Germany, 1992; Volume 1510, pp. 1–8. [Google Scholar]
  29. Etingof, P.; Schedler, T.; Soloviev, A. Set-theoretical solutions to the quantum Yang-Baxter equation. Duke Math. J. 1999, 100, 169–209. [Google Scholar] [CrossRef]
  30. Gateva-Ivanova, T.; Van den Bergh, M. Semigroups of I-type. J. Algebra 1998, 308, 97–112. [Google Scholar] [CrossRef]
  31. Rump, W. Braces, radical rings, and the quantum Yang-Baxter equation. J. Algebra 2007, 307, 153–170. [Google Scholar] [CrossRef]
  32. Cañadas, A.M.; Ballester-Bolinches, A.; Gaviria, I.D.M. Solutions of the Yang-Baxter equation arising from Brauer configuration algebras. Computation 2022, 11, 2. [Google Scholar] [CrossRef]
  33. Andrews, G.E. The Theory of Partitions; Cambridge University Press: Cambridge, UK, 2010. [Google Scholar]
  34. Stanley, R.P. Enumerative Combinatorics (V. 2); Cambridge University Press: Cambridge, UK, 1999. [Google Scholar]
  35. Sierra, A. The dimension of the center of a Brauer configuration algebra. J. Algebra 2018, 510, 289–318. [Google Scholar] [CrossRef]
  36. Rashevsky, N. Life, information theory, and topology. Bull. Math. Biophys. 1955, 17, 229–235. [Google Scholar] [CrossRef]
  37. Trucco, E. A note on the information content of graphs. Bull. Math. Biol. 1956, 18, 129–135. [Google Scholar] [CrossRef]
Figure 1. Diagram of a rainbow matrix for a TMTO.
Figure 1. Diagram of a rainbow matrix for a TMTO.
Symmetry 17 00391 g001
Figure 2. Brauer quiver induced by Brauer configuration  M L  of type M.
Figure 2. Brauer quiver induced by Brauer configuration  M L  of type M.
Symmetry 17 00391 g002
Table 1. Example of a  3 × 3  Latin square.
Table 1. Example of a  3 × 3  Latin square.
 132
L =321
 213
Table 2. Examples of using Algorithm 1 to recover keys with the help of a TMTO for a chosen plaintext attack against a Latin square cryptosystem.
Table 2. Examples of using Algorithm 1 to recover keys with the help of a TMTO for a chosen plaintext attack against a Latin square cryptosystem.
NxyZ g ( y ) g 1 ( y ) g 2 ( y ) g 3 ( y ) K
312{2, 3}{2}{3} 3
432{1, 2, 4}{2}{4} 4
523{3, 4, 5}{5, 3} {3} 5
626{2, 4, 5, 6}{4, 5, 2, 6} {5} 4
724{2, 4, 5, 6, 7}{5, 2, 7, 6, 4} {2} 5
825{2, 4, 5, 6}{2, 6, 4, 5} {6} 2
911{1, 4, 6, 7}{6, 1} {7}4
10410{1, 2, 4, 6, 7, 9, 10}{9, 1, 7, 6, 10} {6}7
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Cañadas, A.M.; Gutierrez, I.; Mendez, O.M.; Sarrazola-Alzate, A.; Zuluaga-Moreno, J.A. Brauer Analysis of Some Time–Memory Trade-Off Attacks and Its Application to the Solution of the Yang–Baxter Equation. Symmetry 2025, 17, 391. https://doi.org/10.3390/sym17030391

AMA Style

Cañadas AM, Gutierrez I, Mendez OM, Sarrazola-Alzate A, Zuluaga-Moreno JA. Brauer Analysis of Some Time–Memory Trade-Off Attacks and Its Application to the Solution of the Yang–Baxter Equation. Symmetry. 2025; 17(3):391. https://doi.org/10.3390/sym17030391

Chicago/Turabian Style

Cañadas, Agustín Moreno, Ismael Gutierrez, Odette M. Mendez, Andrés Sarrazola-Alzate, and Jesus Antonio Zuluaga-Moreno. 2025. "Brauer Analysis of Some Time–Memory Trade-Off Attacks and Its Application to the Solution of the Yang–Baxter Equation" Symmetry 17, no. 3: 391. https://doi.org/10.3390/sym17030391

APA Style

Cañadas, A. M., Gutierrez, I., Mendez, O. M., Sarrazola-Alzate, A., & Zuluaga-Moreno, J. A. (2025). Brauer Analysis of Some Time–Memory Trade-Off Attacks and Its Application to the Solution of the Yang–Baxter Equation. Symmetry, 17(3), 391. https://doi.org/10.3390/sym17030391

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop