Cryptanalysis of a Proposal Based on the Discrete Logarithm Problem Inside Sn
2. The Scheme of Doliskani et al.
- Key Generation.
- The key generation algorithm, executed by the receiver, selects an appropriate index n and a suitable permutation The cyclic group generated by g will be denoted by , and we represent its order by . Further, an integer is selected uniformly at random from . The public key is the pair while the private key is the secret “exponent” . (Even though these points are not clarified by the authors, as is customary, we assume n is chosen from an input security parameter ℓ, and is polynomial in ℓ.)
- On input of a plaintext m, which we may assume belongs to (we omit the encoding described in  (Section 3), which is irrelevant for our purposes), an integer k is chosen uniformly at random from . The ciphertext is computed as the pair of group elements .
- The group element is raised to the secret exponent and further inverted to compute .
3. Finding Discrete Logarithms in Cyclic Subgroups of
- Step 1.
- Decompose g and h into disjoint cyclesHere, we include length-one cycles if needed, so that each occurs in exactly one cycle.
- Step 2.
- Compute arrays G and H, such that the ith entry G[i] stores:
That is, would indicate that element i appears in cycle at position . Similarly, in H[i], we store:
- the index j of the cycle containing i; and
- the position of i within this cycle ().
Thus, would indicate that element i appears in cycle at position .
- the index k of the cycle containing i; and
- the position of i within this cycle ().
- Step 3.
- Store the first element of each cycle of h as First[j] in an array. Analogously, store the second element of as entry Second[j] in an array. (For a length-one cycle, we set Second[j] = First[j].) Note that First[j] and Second[j] belong to the same cycle of g.
- Step 4.
- Use the array G to find for each the cycle of g containing First[i] and Second[i], and store the difference D[i] between their positions in an array D. Then, ii, for each . Further, compute the length of the cycle containing element i and store it in an array .
- Step 5.
- Step 5. The solution is congruent to each residue modulo for . Compute with the Chinese Remainder Theorem.
4. Experimental Validation
Conflicts of Interest
- Doliskani, J.N.; Malekian, E.; Zakerolhosseini, A. A Cryptosystem Based on the Symmetric Group Sn. IJCSNS Int. J. Comput. Sci. Netw. Secur. 2008, 8, 226–234. [Google Scholar]
- Gamal, T.E. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 1985, 31, 469–472. [Google Scholar][Green Version]
- Jones, G.A.; Jones, J.M. Elementary Number Theory; Springer Undergraduate Mathematics Series; Springer: Berlin, Germany, 1998. [Google Scholar]
- Bogomolny, A. Chinese Remainder Theorem from Interactive Mathematics Miscellany and Puzzles. 2012. Available online: http://www.cut-the-knot.org/blue/chinese.shtml (accessed on 1 May 2018).
- Von zur Gathen, J.; Gerhard, J. Chapter The Euclidean Algorithm. In Modern Computer Algebra; The Press Syndicate of the University of Cambridge: Cambridge, UK, 1999; pp. 50–55. [Google Scholar]
- Landau, E. Über die Maximalordnung der Permutationen gegebenen Grades. Arch. Math. Phys. 1903, 5, 92–103. [Google Scholar]
- Massias, J.P. Majoration explicite de l’ordre Maximum d’un Élément du groupe symétrique. Ann. Fac. Sci. Toulouse Math. 1984, 6, 269–280. [Google Scholar] [CrossRef]
- Massias, J.P.; Nicolas, J.L.; Robin, G. Effective Bounds for the Maximal Order of an Element in the Symmetric Group. Math. Comput. 1989, 53, 665–678. [Google Scholar] [CrossRef]
© 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
González Vasco, M.I.; Robinson, A.; Steinwandt, R. Cryptanalysis of a Proposal Based on the Discrete Logarithm Problem Inside Sn. Cryptography 2018, 2, 16. https://doi.org/10.3390/cryptography2030016
González Vasco MI, Robinson A, Steinwandt R. Cryptanalysis of a Proposal Based on the Discrete Logarithm Problem Inside Sn. Cryptography. 2018; 2(3):16. https://doi.org/10.3390/cryptography2030016Chicago/Turabian Style
González Vasco, María Isabel, Angela Robinson, and Rainer Steinwandt. 2018. "Cryptanalysis of a Proposal Based on the Discrete Logarithm Problem Inside Sn" Cryptography 2, no. 3: 16. https://doi.org/10.3390/cryptography2030016