Hindawi Publishing Corporation Mathematical Problems in Engineering Volume 2014, Article ID 630421, 11 pages http://dx.doi.org/10.1155/2014/630421
Research Article A Digital Signature Scheme Based on MST 3 Cryptosystems Haibo Hong, Jing Li, Licheng Wang, Yixian Yang, and Xinxin Niu Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China Correspondence should be addressed to Licheng Wang;
[email protected] Received 5 December 2013; Revised 13 March 2014; Accepted 14 March 2014; Published 20 May 2014 Academic Editor: Wang Xing-yuan Copyright Β© 2014 Haibo Hong et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. As special types of factorization of finite groups, logarithmic signature and cover have been used as the main components of cryptographic keys for secret key cryptosystems such as PGM and public key cryptosystems like πππ1 , πππ2 , and πππ3 . Recently, Svaba et. al proposed a revised πππ3 encryption scheme with greater security. Meanwhile, they put forward an idea of constructing signature schemes on the basis of logarithmic signatures and random covers. In this paper, we firstly design a secure digital signature scheme based on logarithmic signatures and random covers. In order to complete the task, we devise a new encryption scheme based on πππ3 cryptosystems.
1. Introduction With the interdisciplinary development of information science, physical science, and biological science, a lot of new technology appeared in the field of cryptography and has made new progress. The new branches of cryptography mainly consist of quantum cryptography, chaotic cryptography, DNA cryptography, and so forth. The security of quantum cryptography is based on the Heisenberg uncertainty principle. Quantum cryptography is the only one that can realize unconditional security at present [1β4]. Matthews [5] firstly applied chaos theory in cryptography and proposed a chaotic stream cipher scheme based on revised logistic map. From then on, chaotic cryptography has attracted wide attention [6, 7]. Most of the researches in chaotic cryptography focus on secret key cryptography. With the recent constructions due to Wang et al. [8β14], chaos-based public key cryptographic protocols come to us. DNA cryptography, which utilizes DNA computing, is a new branch of cryptography in recent years [15, 16]. Using the high storage density and high parallelism of DNA molecular, DNA cryptography can realize the encryption, authentication, signature, and so forth [17]. Meanwhile, cryptographers look forward to applying new intractable mathematical problems in classical cryptography. Currently, most public cryptographic primitives are based on
the perceived intractability of certain mathematical problems in very large finite abelian groups [18]. Prominent hard problems consist of the problem of factoring large integers, the discrete logarithm problem over a finite field πΉπ or an elliptic curve, and so forth. However, due to quantum algorithms for factoring integer and solving the discrete logarithm problem, most known public-key cryptosystems will be insecure when quantum computers become practical. Therefore, it is an imminent work to design effective cryptographic schemes which can resist quantum attacks. Actually, since the 1980s, several experts have been trying to design new cryptography schemes based on difficult problems in group theory. In 1985, Wagner and Magyarik [19] proposed an approach to designing public-key cryptosystems based on groups and semigroups with undecidable word problem. In 2000, Ko et al. [20] developed the theory of braid-based cryptography based on the hardness of the conjugator search problem (CSP) in braid groups. In 2004, Eick and Kahrobaei [21] proposed a new cryptosystem based on polycyclic groups. In 2005, Shpilrain and Ushakov [22] suggested that Thompsonβs group may be a good platform for constructing public-key cryptosystems. Recently, Kahrobaei et al. [23] proposed a public key exchange on the basis of matrices over group rings. Meanwhile, an active branch of noncommutative cryptography based on the hardness of group factorization problem has achieved great success during the last two decades. In 1986,
2
Mathematical Problems in Engineering
Magliveras [24] proposed a symmetric cryptosystem ππΊπ based on a special type of factorization of finite groups named logarithmic signatures for finite permutation groups. Then, the algebraic properties of logarithmic signatures and cryptosystem ππΊπ were specifically discussed in [25, 26]. In 2002, Magliveras et al. [27] put forward two public key cryptosystems πππ1 and πππ2 . In 2009, Lempken et al. [18] designed a new public key cryptosystem πππ3 on the basis of random covers and logarithmic signatures for nonabelian finite groups. Meanwhile, there are some interesting papers studying attacks on πππ1 , πππ2 , and πππ3 [28β33]. In 2010, Svaba and van Trung [34] constructed an ππππ3 cryptosystem by adding a homomorphism as a component of secret key. However, until now, there is no paper on constructing digital signature schemes on the basis of πππ cryptosystem. Hence, Svaba and van Trung put forward an open problem on constructing digital signature schemes based on random covers and logarithmic signatures. Our main contribution is to devise a digital signature scheme based on random covers and logarithmic signatures. In this process, we also construct a secure and more efficient encryption scheme based on πππ3 cryptosystems. The rest of contents are organized as follows. Necessary preliminaries are given in Section 2. In Section 3, we specifically describe a new encryption scheme and give corresponding security analysis. In Section 4, we propose a digital signature scheme based on random covers and logarithmic signatures; The related comparisons and illustrations are presented in Section 5.
2. Preliminaries 2.1. Cover and Logarithmic Signature. Let πΊ be a finite abstract group and let π = [π₯1 , π₯2 , . . . , π₯π ] and π = [π¦1 , π¦2 , . . . , π¦π ] be two elements in πΊ[Z] . Then π β π = [π₯1 π¦1 , . . . , π₯1 π¦π , π₯2 π¦1 , . . . , π₯2 π¦π , . . . , π₯π π¦1 , . . . , π₯π π¦π ] . (1) If π = [π₯1 , . . . , π₯π ] β πΊ[Z] , π denotes the element βππ=1 π₯π in the group ring ZπΊ. Definition 1 (cover and logarithmic signature [18, 27]). Suppose that πΌ = [π΄ 1 , π΄ 2 , . . . , π΄ π ] is a sequence of π΄ π β πΊ[Z] , such that βπ π=1 |π΄ π | is bounded by a polynomial in log |πΊ|. Let π΄ 1 β
π΄ 2 β
β
β
π΄ π = β ππ π, πβπΊ
ππ β Z.
(2)
Let π be a subset of πΊ. Then πΌ is
expressed uniquely (at least one way) as a product of the form [18] π = π1 β
π2 β
β
β
ππ ,
for ππ β π΄ π . πΌ is called tame (factorizable) if the factorization above can be achieved in polynomial in the width π€ of πΊ. Definition 2 (cover (logarithmic signature) mappings [35]). Let πΌ = [π΄ 1 , π΄ 2 , . . . , π΄ π ] be a cover (logarithmic signature) of type (π1 , π2 , . . . , ππ ) for πΊ with π΄ π = [ππ,1 , ππ,2 , . . . , ππ,ππ ], where π = βπ π=1 ππ . Let π1 = 1 and ππ = βπβ1 π=1 ππ for π = 2, . . . , π . Let π denote the canonical bijection π : Zπ1 Γ Zπ2 Γ β
β
β
Γ Zππ σ³¨β Zπ π
π (π1 , π2 , . . . , ππ ) = βππ β
ππ .
The sequences π΄ π are called the blocks; the vector (π1 , . . . , ππ ) with ππ = |π΄ π | is the type of πΌ and the length of πΌ is defined to be π(πΌ) = βπ π=1 ππ . More generally, if πΌ = [π΄ 1 , π΄ 2 , . . . , π΄ π ] is a logarithmic signature (cover) for πΊ, then each element π β πΊ can be
(4)
π=1
Then the surjective (bijection) mapping πΌσΈ : Zπ β πΊ induced by πΌ is πΌσΈ (π₯) = π1π1 β
π2π2 β
β
β
ππ ππ ,
(5)
where (π1 , π2 , . . . , ππ ) = πβ1 (π₯). 2.2. MST3 Cryptosystems and Suzuki 2-Groups. In [18], Lempken et al. utilized logarithmic signatures and random covers to construct a generic πππ3 encryption scheme. In this scheme, the public key consists of a tame logarithmic signature as well as some random numbers, and the secret key is composed of a random cover and a sandwich transformation of the cover [27]. The intractability assumptions of this scheme are group factorization problem on nonabelian groups. Furthermore, motivated by attacks in [31], Svaba and van Trung devised an enhanced version of the generic scheme [34] named ππππ3 cryptosystems. In this scheme, they introduced a secret homomorphism to mask the secret logarithmic signature with a transformation of a random cover. Meanwhile, they proposed a new setup with random encryption. Until now, the only instantiation of πππ3 cryptosystems is a Suzuki 2-group of order π2 with π = 2π (π β₯ 3) [18, 34]. From [34], the Suzuki 2-group of order π2 can be denoted by π΄(π, π), where π is an automorphism of Fπ with an odd order. Moreover, the group π΄(π, π) can be represented by a matrix group πΊ and
(i) a cover for πΊ (or π) if ππ > 0 for all π β πΊ (π β π), (ii) a logarithmic signature for πΊ (or π) if ππ = 1 for every π β πΊ (π β π).
(3)
πΊ = {π (π, π) | π, π β Fπ } ,
(6)
1 π π π (π, π) = (0 1 ππ ) 0 0 1
(7)
where
is a 3 Γ 3 matrix over Fπ . Hence, πΊ is of order π2 and the center Z(πΊ) = {π(0, π) | π β πΉπ }. Besides, to store the group
Mathematical Problems in Engineering
3
elements conveniently, π(π, π) can be denoted by (π, π, ππ ), so the product of two elements in group πΊ is π (π1 , π1 ) π (π2 , π2 ) =
π (π1 , π1 , π1π ) π (π2 , π2 , π2π )
= (π1 + π2 , π1 + π2 + π1 π2π , π1π + π2π ) ,
(8)
and the computation of the product just requires a single multiplication and four additions in Fπ . Furthermore, the inverse of an element in group πΊ is π β1
π(π, π, π )
π
π
π+1
= π (π, π β
π + π, π ) = π (π, π
Encryption Input: a message π₯ β Z and the public key [πΌ, πΎ, π]. Output: a ciphertext (π¦1 , π¦2 ) of the message π. (1) Choose a random π
β Z|Z| . (2) Compute π¦1 = πΌσΈ (π
) β
π, π¦2 = πΎσΈ (π
)
π
+ π, π ) , (9)
and it also requires a single multiplication and one addition in Fπ . If π = π(π₯, π¦) β πΊ and π₯, π¦ β πΉπ , then π₯ and π¦ can be denoted by πβ
π and πβ
π , respectively. Hence, π = π(πβ
π , πβ
π ), where πβ
π and πβ
π are the corresponding projections of π along the first and second coordinates.
3. Building Block: A New MST 3 Encryption Scheme Through comparison and analysis, we find that it is rather difficult to devise signature schemes based on the two πππ3 encryption schemes [18, 34]. Therefore, in order to complete the task, we design a new encryption scheme based on logarithmic signatures and random covers. In our scheme, the original secret key π becomes a component of public key, and the encryption process is also simplified. Meanwhile, compared with original schemes, our scheme has a bit improvement in efficiency. 3.1. Description of the Scheme Key Generation Input: a large group πΊ = π΄(π, π), π = 2π . Output: a public key [πΌ, πΎ, π] with corresponding private key [π½, (π‘0 , . . . , π‘π )]. (1) Choose a tame logarithmic signature π½ = [π΅1 , π΅2 , . . . , π΅π ] = (πππ ) = (π(0, π(ππ)β
π )) of type (π1 , π2 , . . . , ππ ) for Z, where πππ β πΊ and π(ππ)β
π β Fπ . (2) Select a random cover πΌ = [π΄ 1 , π΄ 2 , . . . , π΄ π ] = (πππ ) = (π(π(ππ)β
π , π(ππ)β
π )) of the same type as π½ for a certain subset π½ of πΊ such that π΄ 1 , . . . , π΄ π β πΊ \ Z, where πππ β πΊ, π(ππ)β
π β Fπ \ {0}, and π(ππ)β
π β Fπ . (3) Choose π‘0 , π‘1 , . . . , π‘π β πΊ \ Z. (4) Construct a homomorphism π : πΊ β Z defined by π(π(π, π)) = π(0, π). (5) Compute πΎ := (βππ ) = (π(β(ππ)β
π , β(ππ)β
π )), where βππ = β1 π‘πβ1 β
π(πππ ) β
πππ β
π‘π . (6) Output public key [πΌ, πΎ, π] and private key [π½, (π‘0 , . . . , π‘π )].
(10)
= π‘0β1 β
π (πΌσΈ (π
)) β
π½σΈ (π
) β
π‘π . (3) Output (π¦1 , π¦2 ). Decryption Input: a ciphertext pair (π¦1 , π¦2 ) and the private key [π½, π‘0 , . . . , π‘π ]. Output: the message π β Z corresponding to ciphertext (π¦1 , π¦2 ). (1) Compute π
= π½σΈ β1 (π¦2 π‘π β1 π(π¦1 )β1 π‘0 ). (2) Compute π = πΌσΈ (π
)β1 β
π¦1 . (3) Output π. Correctness For π β Z and π
β Z|Z| , we have π¦1 = πΌσΈ (π
) β
π, π¦2 = πΎσΈ (π
) β1 π (ππ ππ ) π‘π = π1ππ π‘0β1 π (π1π1 ) π‘1 β
β
β
ππ ππ π‘π β1
= π1ππ π2π2 β
β
β
ππ ππ π‘0β1 π (π1π1 π2π3 β
β
β
ππ ππ ) π‘π = π½σΈ (π
) β
π‘0β1 β
π (πΌσΈ (π
)) β
π‘π
(11)
= π½σΈ (π
) β
π‘0β1 β
π (πΌσΈ (π
) β
π) β
π‘π = π½σΈ (π
) β
π‘0β1 β
π (π¦1 ) β
π‘π β1
σ³¨β π½σΈ (π
) = π¦2 β
π‘π β1 β
π(π¦1 )
β
π‘0 ;
then using π½σΈ β1 we can recover the random number π
by β1
π½σΈ β1 (π½σΈ (π
)) = π½σΈ β1 (π¦2 π‘π β1 π(π¦1 ) π‘0 ) = π
.
(12)
Consequently, using π¦1 we can recover message π by π = πΌσΈ (π
)β1 β
π¦1 .
(13)
4
Mathematical Problems in Engineering
3.2. Security Analysis 3.2.1. Attack on Private Key. (a) In general, the adversary tries to obtain π½ and (π‘0 , π‘π ) from the equation β1
π½σΈ (π
) = π¦2 β
π‘π β1 β
π(π¦1 )
β
π‘0 ,
(14)
where π
β Z|Z| , π¦1 = πΌσΈ (π
) β
π, π¦2 = πΎσΈ (π
), and π(π¦1 )β1 β Z. The adversary mainly attempts to compute enough values π½σΈ (π
π ) in order to construct π½ using the corresponding conclusion in [27]. If π½ is of type (π1 , π2 , . . . , ππ ), then one can construct a logarithmic signature equivalent to π½ by using π selected values π½σΈ (π
π ), where π = 1 β π + βπ π=1 ππ . Let {π
1 , π
2 , . . . , π
π } be a collection of random numbers chosen by the adversary. Then β1
π½σΈ (π
π ) = π¦π2 π‘π β1 π(π¦π1 ) π‘0 β1
= π(π¦π1 ) π¦π2 π‘π β1 π‘0 ,
π = 1, . . . , π,
(15)
where π¦π1 = πΌσΈ (π
π ) β
π, π¦π2 = πΎσΈ (π
π ), and π(π¦π1 )β1 β Z. Note that in the equation above, π(π¦π1 )β1 and π¦π2 are known and π½σΈ (π
π ) β Z; then we have β1
π(π¦π1 )
π¦π2 π‘π β1 π‘0
βZ
σ³¨β π‘0 β π‘π π¦π2β1 π (π¦π1 ) Z.
(16)
Since π‘π β πΊ \ Z, there are π2 β π possibilities for π‘π . If π‘π is chosen, from π‘0 β π‘π π¦π2β1 π(π¦π1 )Z, there are π possibilities for π‘0 . Hence, there are π(π2 β π) suitable pairs (π‘0 , π‘π ). Besides, for each solution pair (π‘0 , π‘π ), there are π equivalent solutions (π‘0 π§, π‘π π§) with π§ β Z. Consequently, there are π2 β π different solutions, so the success probability of the attacker is 1/π(π β 1). (b) In this attack, an adversary mainly wants to utilize equivalent secret key [π½β , (π‘0β , . . . , π‘π β )] to replace the real secret key [π½, (π‘0 , . . . , π‘π )]. From [34], we can see that the adversary only needs to let π‘πβ = π‘π π§π (1 β€ π β€ π ) and πππβ = πππ πππ (1 β€ π β€ π , 1 β€ π β€ ππ ) for π§π , πππ β Z. So for the first block of πΎ, we have β1π = π1π π‘0ββ1 π§0 π (π1π ) π‘1 .
(17)
Let ππ1β = ππ; then ππ1 = ππ1 ; we have β π11 π‘0ββ1 π§0 π (π11 ) π‘1 β11 = π11 β ββ1 = π11 π‘0 π (π11 ) (π‘1 π11 π§0 ) σ³¨β π‘1β = π‘1 π11 π§0 ,
β1π = π1π π‘0ββ1 π§0 π (π1π ) (π‘1β π11 π§0 ) β π1π = π1π π1π =
β1 β1π π‘1ββ1 π(π1π ) π‘0β
β1
π = 2, . . . , π2 ,
β π2π = π2π π2π = β2π π‘2ββ1 π(π2π ) π‘1β σ³¨β π2π = π21 = π21
.. .
π
= π½σΈ (π
) π‘0ββ1 π§0β1 π (πΌσΈ (π
)) π‘π β π§0 βππ π=1
(18)
(19)
π
= (π½σΈ (π
) βππ ) π‘0ββ1 π (πΌσΈ (π
)) π‘π β . π=1
Let π½σΈ (π
) = π1π₯1 π2π₯2 β
β
β
ππ π₯π , π½β := (πππβ ), and πππβ = πππ ππ for ππ β Z; then β β β π β
β
β
ππ π₯ π½β (π
) = π1π₯ 1 2π₯2 π
= π1π₯1 π1 π2π₯2 π2 β
β
β
ππ π₯π ππ
(20)
π
= π½σΈ (π
) βππ . π=1
Since π½β is tame, so the adversary can use forgery secret key [π½β , (π‘0β , . . . , π‘π β )] to recover the random number π
. Meanwhile, from conclusions in [31], as there are π = |πΊ/Z| possible choices for π‘0 in π‘0 Z, the complexity for this attack is O(π). Since the center Z of Suzuki 2-group has a large order π, so the attack is computationally infeasible. 3.2.2. Attack on Ciphertext OW (onewayness). In the stage of encryption, from the equation π¦1 = πΌσΈ (π
) β
π₯, we can get that π₯ = πΌσΈ (π
)β1 β
π¦1 . Hence, if the adversary wants to recover message π₯, he either directly seeks the random number π
or recovers π
from πΎσΈ (π
). However, since π is large enough and πΎσΈ is a one-way map, so the attack is computationally infeasible. IND (indistinguishability). Although we cannot give a formal proof on the indistinguishability of the scheme, we would like to analyse it in a heuristic manner. Suppose that (π¦1β , π¦2β ) is the ciphertext of π0 or π1 , where π¦1β = πΌσΈ (π
) β
ππΏ , π¦2β = πΎσΈ (π
), πΏ = 0 or 1, π0 , and π1 are randomly selected by the adversary. Then we can analyse the following two cases:
π¦1σΈ = πΌσΈ (π
σΈ ) β
π1
σ³¨β π1π = π11 = π11 ,
β2π = π2π π‘1ββ1 π11 π§0 π (π2π ) π‘2β π21 π11 π§0
πΎσΈ (π
) = π½σΈ (π
) π‘0β1 π (πΌσΈ (π
)) π‘π
π¦1 = πΌσΈ (π
) β
π0
π = 2, . . . , π1 ,
β π21 π‘1ββ1 π11 π§0 π (π21 ) π‘2 σ³¨β π‘2β = π‘2 π21 π11 π§0 , β21 = π21
We can get that πππ = ππ1 = ππ1 for all π = 1, . . . , π . If we denote πππ = ππ , then π‘πβ = π‘π π§0 βππ=1 ππ . Consider
π¦2 = πΎσΈ (π
) , π¦2σΈ = πΎσΈ (π
σΈ ) .
(21)
Since π
and π
σΈ are randomly selected, and they admit the same distribution, thus, π
and π
σΈ are statistically indistinguishable for the adversary. It can be denoted by π
βπ π
σΈ . Meanwhile, since πΌσΈ and π½σΈ are both one-way maps, so we can get that πΌσΈ (π
) βπ πΌσΈ (π
σΈ ) and πΎσΈ (π
) βπ πΎσΈ (π
σΈ ). Besides, since
π0 βπ π1 , so πΌσΈ (π
) β
π0 βπ πΌσΈ (π
σΈ ) β
π1 . Consequently, we can get that (π¦1 , π¦2 ) βπ (π¦1σΈ , π¦2σΈ ).
Mathematical Problems in Engineering
5
4. A Digital Signature Scheme Based on the New MST 3 Cryptosystem
π2 .
In this section, we utilize the encryption scheme above to construct a digital signature scheme based on random covers and logarithmic signatures.
Meanwhile, π1 = π½σΈ β1 (π(π1 )β1 β
π‘0 β
π2 β
π‘π β1 ) and π1 = πΌσΈ (π1 ) β
Hence, β1
β
π‘0 β
πΎσΈ (π1 ) β
π‘π β1
β1
β
π‘0 β
π2 β
π‘π β1
π(πΌσΈ (π1 ))
4.1. Description of the Scheme
= π(π1 )
Key Generation
= π(πΌσΈ (π1 ) β
π2 )
β1
Input: a large group πΊ = π΄(π, π) and π = 2π . Output: a public key [πΌ, πΎ, π, π»] with corresponding private key [π½, (π‘0 , . . . , π‘π )]. (1) Choose a tame logarithmic signature π½ = [π΅1 , π΅2 , . . . , π΅π ] := (πππ ) = (π(0, π(ππ)β
π )) of type (π1 , π2 , . . . , ππ ) for Z, where πππ β πΊ and π(ππ)β
π β Fπ . (2) Select a random cover πΌ = [π΄ 1 , π΄ 2 , . . . , π΄ π ] := (πππ ) = (π(π(ππ)β
π , π(ππ)β
π )) of the same type as π½ for a certain subset π½ of πΊ such that π΄ 1 , . . . , π΄ π β πΊ \ Z, where πππ β πΊ, π(ππ)β
π β Fπ \ {0}, and π(ππ)β
π β Fπ . (3) Choose π‘0 , π‘1 , . . . , π‘π β πΊ \ Z. (4) Construct a homomorphisms π : πΊ β Z defined by π(π(π, π)) = π(0, π). (5) Compute πΎ := (βππ ) = (π(β(ππ)β
π , β(ππ)β
π )), where βππ = β1 π‘πβ1 β
π(πππ ) β
πππ β
π‘π . (6) Define a hash function π» : πΊ Γ πΊ β πΊ. (7) Output public key [πΌ, πΎ, π, π»] and private key [π½, (π‘0 , . . . , π‘π )]. Signature Input: a message π β πΊ and private key [π½, (π‘0 , . . . , π‘π )]. Output: signature π = (π1 , π2 ). (1) Randomly select π§ β Z and compute a random element π = π‘0β1 π§π‘π β πΊ. Let π2 = π, π1 = π»(π, π). (2) Compute π1 = π½σΈ β1 (π(π1 )β1 β
π‘0 β
π2 β
π‘π β1 ) and π2 = πΌσΈ (π1 )β1 β
π1 . (3) Output π = (π1 , π2 ).
Verification Input: the message π β πΊ, signature π = (π1 , π2 ), and public key [πΌ, πΎ, π, π»]. Output: 0 or 1. (1) Compute π΄ = πΌσΈ (π1 ) β
π2 and π΅ = π»(π, πΎσΈ (π1 ) β
π(π2 )). (2) If π΄ = π΅, output 1; otherwise output 0. Correctness. For a given message π β πΊ, πΎσΈ (π1 ) = π‘0β1 β
π (πΌσΈ (π1 )) β
π½σΈ (π1 ) β
π‘π σ³¨β π1 = π½σΈ β1 (π(πΌσΈ (π1 ))
β1
β
π‘0 β
πΎσΈ (π1 ) β
π‘π β1 ) . (22)
σΈ
β1
= π(πΌ (π1 ))
β
π‘0 β
π2 β
π‘π β1
β
π‘0 β
(π(π2 ) β1
σ³¨β πΎσΈ (π1 ) = π(π2 )
β1
β
π2 ) β
(23) π‘π β1
β
π2
σ³¨β π2 = πΎσΈ (π1 ) β
π (π2 ) . Consequently, we have π» (π, π2 ) = π1 σ³¨β π» (π, πΎσΈ (π1 ) β
π (π2 )) = πΌσΈ (π1 ) β
π2 .
(24)
4.2. Security Analysis 4.2.1. Attack on Private Key. (a) Compared with the encryption scheme in Section 3, we add a secure hash function in the signature scheme. Hence, analysis of the security of the signature scheme is similar to that in the encryption scheme. In the signature scheme, the goal of the general attack is also to determine π½ and (π‘0 , π‘π ) from the equation β1
π½σΈ (π
) = π¦2 π‘π β1 π(π¦1 ) π‘0 ,
(25)
where π¦1 = πΌσΈ (π
) β
π₯, π¦2 = πΎσΈ (π
), and π(π¦1 )β1 β Z. Let {π
1 , π
2 , . . . , π
π } be a collection of random numbers chosen by the adversary. Then we have β1
π½σΈ (π
π ) = π¦π2 π‘π β1 π(π¦π1 ) π‘0 β1
= π(π¦π1 ) π¦π2 π‘π β1 π‘0 ,
(26)
where π¦π1 = πΌσΈ (π
π ) β
π₯, π¦π2 = πΎσΈ (π
π ), and π(π¦π1 )β1 β Z. Then β1
π(π¦π1 ) π¦π2 π‘π β1 π‘0 β Z σ³¨β π‘0 β π‘π π¦π2β1 π (π¦π1 ) Z.
(27)
As described in Section 3, there are π2 β π different solutions; the success probability of the adversary is 1/π(π β 1). (b) In our signature scheme, we construct a ciphertext pair (π1 , π2 ) then obtain the signature π = (π1 , π2 ) by decrypting the pair (π1 , π2 ). Therefore, analysis of the equivalent key is similar to that in Section 3. In this attack, an adversary mainly wants to utilize equivalent secret key [π½β , (π‘0β , . . . , π‘π β )]
6
Mathematical Problems in Engineering
to replace the real secret key [π½, (π‘0 , . . . , π‘π )]. As described in Section 3, for a random number π
β Z|Z| , πΎσΈ (π
) = π½σΈ (π
) π‘0β1 π (πΌσΈ (π
)) π‘π π
= π½σΈ (π
) π‘0ββ1 π§0 π (πΌσΈ (π
)) π‘π β π§0 βππ π=1
(28)
π
= (π½σΈ (π
) βππ ) π‘0ββ1 π (πΌσΈ (π
)) π‘π β . π=1
Let π½σΈ (π
) = π1π₯1 π2π₯2 β
β
β
ππ π₯π and π½β := (πππβ ), πππβ = πππ ππ ; then β β β π β
β
β
ππ π₯ π½β (π
) = π1π₯ 1 2π₯2 π
= π1π₯1 π1 π2π₯2 π2 β
β
β
ππ π₯π ππ
(29)
π
= π½σΈ (π
) βππ . π=1
Consequently, the complexity for this attack is O(π). While, due to the center Z of Suzuki 2-group having a large order π, so the attack is computationally infeasible. 4.2.2. Unforgeability. Suppose that Eve attempts to forge a message-signature pair (πβ , π1β , π2β ) such that πΌ (π1β ) β
π2β = π» (πβ , πΎσΈ (π1β ) β
π (π2β )) .
(30)
Case 1. Eve chooses a random number π1β β Z|Z| and π2β β πΊ then computes πΌ(π1β ) β
π2β and πΎ(π1β ) β
π(π2β ). If Eve can get a message πβ satisfying the above equation, then he can answer the preimage of hash function π», but it is infeasible since π» is a secure cryptographic hash function. Case 2. Eve randomly selects two elements πβ β πΊ and π2β β πΊ and computes π2β = π»(πβ , π1β ). In order to obtain a valid π1β , Eve selects π1β and computes π¦ = π»(πβ , π1β β
π(π2β )) β
(π2β )β1 . Getting a right π1β such that πΌ(π1β ) β
π2β = π»(πβ , πΎσΈ (π1β ) β
π(π2β )) is equivalent to solving the equations π1β = πΎσΈ (π1β ) and π¦ = πΌσΈ (π1β ). Since πΌσΈ and πΎσΈ are both one-way functions, so Eve cannot answer right π1β by considering the corresponding ciphertext (π1β , π¦). Case 3. Eve randomly chooses one pair (πβ , π1β ) and π β Z then computes π2β = πΌσΈ (π1β )β1 β
π»(πβ , πΎσΈ (π1β ) β
π). If π(π2β ) = π, then Eve can forge one valid signature. Note that the probability of this case is Pr[π(π2β ) = π] = 1/π for |Z| = π. Since π is large enough, this attack is computationally infeasible.
5. Comparisons and Illustrations 5.1. Comparisons. In this subsection, we compare ππππ3 encryption scheme in [34] and our encryption scheme on number of basic operations. Then, we make further efforts to show the performance of our signature scheme. We
summarize the number of basic operations (addition (ADD), multiplication (MULT), exponentiation with π (EXP(π)), etc.). Table 1 shows the number of operations required for ππππ3 scheme and our scheme. The corresponding operations are namely addition (ADD), multiplication (MULT), exponentiation with π (EXP(π)), generation of m-bit random R (PRNG) [36], and factorization of π½σΈ (π
) β Z with respect to a logarithmic signature π½ using the Algorithms 9, 10, and 11 (FACTOR) [34]. Table 2 presents the number of operations required for public key and secret key. The corresponding operations are, namely, addition (ADD) and multiplication (MULT) generation of π-bit random π
(PRNG) [36]. For example, when π = 26, V = 52, the number of multiplication for secret key π½ is 1792 and the number of generation of π-bit random π
is 760; when π = 23, V = 44, the number of multiplication for secret key π½ is 2688 and the number of generation of π-bit random π
is 948; when π = 20, V = 58, the number of multiplication for secret key π½ is 4864 and the number of generation of π-bit random π
is 712. Table 3 indicates the performance of the signature scheme. Table 4 indicates parameter size in our schemes. Here, we mainly analyse the number of elements in Suzuki 2-group. Remark 3. In the community of cryptography based on chaos theory, a lot of efforts were focused on secret key cryptography in early years [5β7]. Recently, Wang et al. [8β14] made progress on building public key agreement protocols by using chaos theory. The corresponding schemes also have high efficiency and strong security. Being different from quantum cryptography, chaotic cryptography, and DNA cryptography, πππ3 cryptosystem is a public key cryptosystem of classical cryptography. The hardness of our encryption scheme is based on a type of intractable mathematical problem called group factorization problem. Meanwhile, our encryption scheme and signature scheme are efficient in classical computer. 5.2. A Toy Example. In this subsection, we present a toy example of signing a random element π β Fπ . In fact, our method is universal in the sense that it can be used to sign documents or realize authentication protocols based on images. Key Generation Input: a Suzuki 2-group πΊ = π΄(π, π) with π = 8, π = 28 and π = 2. Output: public key [πΌ, πΎ, π, π»] and private key [π½, π‘0 , π‘1 , π‘2 ]. In general, let a pair (π, π) denote an element of group πΊ. For simplicity, we use a binary number of an element π β Fπ to present (0, π) β Z and a binary numbers pair to present (π, π) β πΊ.
Mathematical Problems in Engineering
7
Table 1: Number of basic operations for one encryption/decryption.
Encryption1 Decryption2
F2π ADD 8π β 6 8π β 7 4π + 15 4π + 10
ππππ3 scheme [34] Our scheme ππππ3 scheme Our scheme
F2π MULT 2π β 2 2π β 2 π +5 π +3
F2π EXP(π) β β 1 β
F2π PRNG 1 1 β β
Factor β β 1 1
1
Compared with ππππ3 scheme, our scheme reduces a step of multiplication with the element of the center Z in the stage of encryption. Thus, the number of (F2π ADD) reduces once. 2 In the stage of decryption, our scheme reduces a step of inverse operation, a step of multiplication operation, and a F2π EXP(π) operation, so the number of (F2π ADD) reduces five times and (F2π MULT) reduces twice.
Table 2: Number of basic operations for public key generation. F2π ADD F2π MULT F2π PRNG
Secret key π½ π3 β 5 V βπ=1 ππβ
Secret key [π‘0 , . . . , π‘π ] β π + 14 2(π + 1)
Public key πΌ π πβπ 2π β π
Public key πΎ 9π + π 2π + π β
{0 if π’π = 1 π’π β . π = βπ π=1 ππ , ππ = βπ=1 πππ β
π€π for 1 β€ π β€ π and βπ π=1 π’π = V, where π€π = { {1 if π’π > 1 4 For π β Fπ , π : π β π2 is a Frobenius automorphism. Hence, π can be reduced to a multiplication. 5 V represents the number of blocks before fusion. 3
(i) For simplicity, we use a one-way function π» as the hash function in our scheme. That is, π»: πΊ Γ πΊ β πΊ is given by π
π
π» ((π1 , π1 ) , (π2 , π2 )) = (π1 2 , π12 ) .
(31)
Actually, one can also use standard hash functions like SHA1 and so forth. (ii) A factorizable logarithmic signature π½ = [π΅1 , π΅2 ] = (ππ,π ) = (π(0, π(ππ)β
2 )) of type (π1 , . . . , ππ ) for Z. (1) We first construct canonical logarithmic signature [π΅1β , π΅2β , π΅3β ] of type (4, 8, 8) in standard form: π΅1β = {[0 0 0 0 0 0 0 0] , [0 1 0 0 0 0 0 0] , [1 0 0 0 0 0 0 0] , [1 1 0 0 0 0 0 0]} ,
(2) Fuse blocks π΅1β , π΅3β to construct the product π΅2 = (π΅1β β
= π΅2β . That is, π΅1 , π΅2 is the logarithmic signature of type (π1 , π2 ) (π1 = 8, π2 = 32) π΅3β ) and let π΅1
π΅1 = {[1 1 0 0 0 0 0 0] , [0 1 0 0 1 0 0 0] , [0 1 0 1 0 0 0 0] , [0 0 0 1 1 0 0 0] , [0 0 1 0 0 0 0 0] , [0 0 1 0 1 0 0 0] , [1 1 1 1 0 0 0 0] , [1 1 1 1 1 0 0 0]} , (33) π΅2 = {[1 1 0 1 0 0 0 0] , [1 1 1 1 0 0 0 1] , [0 1 0 1 0 0 1 0] , [1 1 1 1 1 0 1 1] , [0 1 1 0 1 1 0 0] , [0 1 1 1 0 1 0 1] ,
π΅2β = {[1 1 0 0 0 0 0 0] , [0 1 0 0 1 0 0 0] ,
[1 0 1 0 0 1 1 0] , [0 1 1 1 1 1 1 1] ,
[0 1 0 1 0 0 0 0] , [0 0 0 1 1 0 0 0] ,
[1 0 0 1 0 0 0 0] , [1 0 1 1 0 0 0 1] ,
[0 0 1 0 0 0 0 0] , [0 0 1 0 1 0 0 0] ,
[0 0 0 1 0 0 1 0] , [1 0 1 1 1 0 1 1] ,
[1 1 1 1 0 0 0 0] , [1 1 1 1 1 0 0 0]} ,
[0 0 1 0 1 1 0 0] , [0 0 1 1 0 1 0 1] ,
π΅3β = {[1 1 0 1 0 0 0 0] , [1 1 1 1 0 0 0 1] ,
[1 1 1 0 0 1 1 0] , [0 0 1 1 1 1 1 1] ,
[0 1 0 1 0 0 1 0] , [1 1 1 1 1 0 1 1] ,
[0 1 0 1 0 0 0 0] , [0 1 1 1 0 0 0 1] ,
[0 1 1 0 1 1 0 0] , [0 1 1 1 0 1 0 1] ,
[1 1 0 1 0 0 1 0] , [0 1 1 1 1 0 1 1] ,
[1 0 1 0 0 1 1 0] , [0 1 1 1 1 1 1 1]} . (32)
[1 1 1 0 1 1 0 0] , [1 1 1 1 0 1 0 1] , [0 0 1 0 0 1 1 0] , [1 1 1 1 1 1 1 1] ,
8
Mathematical Problems in Engineering Table 3: Number of basic operations for digital signature scheme.
Signature Verification
F2π ADD 4π + 11 8π β 7
F2π MULT π +3 2π β 2
F2π EXP(π) β β
[0 0 0 1 0 0 0 0] , [0 0 1 1 0 0 0 1] , [1 0 0 1 0 0 1 0] , [0 0 1 1 1 0 1 1] , [1 0 1 0 1 1 0 0] , [1 0 1 1 0 1 0 1] , [0 1 1 0 0 1 1 0] , [1 0 1 1 1 1 1 1]} . (34) (i) A random cover πΌ = [π΄ 1 , π΄ 2 ] = (πππ ) = (π(π(ππ)β
1 , π(ππ)β
2 )) of the same type as π½ π΄ 1 = {([0 1 0 1 0 1 0 1] , [0 0 1 0 1 0 0 0]) , ([0 1 1 0 0 0 1 0] , [0 0 0 0 0 1 0 0]) , ([1 0 1 1 1 0 1 0] , [1 1 1 1 0 0 0 0]) , ([1 1 1 1 1 0 1 0] , [0 1 0 1 1 1 1 0]) ,
F2π PRNG 1 β
Factor 1 β
Table 4: Parameter size. Public key Secret key Encryption Signature Number of elements 6
2π6
π+π +1
2
2
π is the same as Table 2.
([1 0 1 0 0 1 0 0] , [1 0 1 0 0 0 0 1]) , ([1 1 1 0 0 0 0 0] , [1 1 0 0 1 1 1 0]) , ([0 0 0 0 0 0 0 1] , [0 0 1 0 1 1 0 0]) , ([1 1 1 0 1 1 0 1] , [0 0 1 0 0 0 1 0]) , ([1 1 0 0 0 0 0 0] , [0 0 0 0 0 1 0 0]) , ([0 1 1 0 1 1 1 1] , [1 0 0 0 0 0 0 1]) , ([0 0 1 0 0 0 0 0] , [1 1 0 0 0 0 0 0]) ,
([1 1 1 1 1 0 0 0] , [1 0 0 1 1 1 1 0]) ,
([1 1 0 1 1 0 1 0] , [0 0 0 1 1 0 1 0]) ,
([1 1 0 0 0 1 1 1] , [0 0 0 1 0 1 0 0]) ,
([0 1 0 0 1 0 1 0] , [0 1 0 1 1 1 0 0]) ,
([0 1 0 1 1 0 1 1] , [1 1 1 0 1 0 1 1]) ,
([1 1 1 1 0 1 1 1] , [0 0 1 0 1 0 1 0]) ,
([0 0 0 1 0 0 1 1] , [1 0 1 0 1 1 1 1])} ,
([1 0 0 1 0 1 1 1] , [1 1 1 0 0 1 0 1]) ,
π΄ 2 = {([0 1 0 1 1 1 0 1] , [0 0 1 1 1 1 1 0]) , ([0 0 1 1 0 0 1 0] , [0 0 0 0 1 0 0 0]) , ([0 1 0 0 1 0 1 0] , [1 1 1 0 0 0 1 1]) , ([1 1 0 0 1 1 0 0] , [0 0 0 0 1 0 1 1]) ,
([0 1 0 0 1 1 1 0] , [1 0 1 1 1 0 1 1]) , ([1 1 1 1 1 0 1 0] , [0 1 0 0 1 1 0 0]) , ([1 1 1 1 0 1 0 0] , [1 0 0 1 1 1 0 0]) , ([0 0 0 0 0 0 1 1] , [1 0 1 0 1 1 1 0]) , ([0 0 0 0 1 1 0 0] , [1 0 1 0 1 1 0 1]) ,
([1 1 1 0 1 0 0 1] , [1 0 0 1 1 1 1 0]) ,
([1 1 1 1 1 0 0 1] , [0 0 1 0 1 0 0 0]) ,
([1 0 0 0 1 0 1 1] , [1 0 1 1 0 0 0 0]) ,
([0 0 0 0 1 1 0 1] , [0 1 0 0 0 0 1 0]) ,
([0 0 1 1 1 0 1 1] , [1 1 0 1 1 0 1 0]) ,
([0 1 0 1 1 1 0 1] , [0 1 1 0 1 0 1 1])} . (35)
([0 1 1 1 0 1 0 1] , [0 1 0 1 1 1 0 1]) , ([0 0 1 1 0 0 0 1] , [0 1 1 1 1 1 0 0]) ,
(ii) Select π‘0 , π‘1 , π‘2 β πΊ \ Z: π‘0 = ([1 1 1 1 0 1 0 0] , [1 1 1 1 1 0 0 1]) ,
([0 0 1 0 1 1 1 0] , [0 0 1 0 0 1 1 0]) ,
π‘1 = ([0 0 1 0 0 0 1 0] , [0 1 0 0 1 1 1 1]) ,
([1 1 0 1 1 1 1 1] , [1 1 0 0 1 0 1 1]) ,
π‘2 = ([1 1 1 0 1 0 1 1] , [1 0 1 1 0 0 0 0]) .
([0 1 0 0 0 0 1 1] , [1 1 0 0 0 1 1 0]) , ([0 1 1 1 0 1 1 1] , [1 0 0 1 0 0 1 1]) ,
(36) (iii) Construct a homomorphism π: πΊ β Z: π(π, π) = (0, π).
Mathematical Problems in Engineering β1 (iv) Compute πΎ = (βπ,π ), βπ,π = π‘πβ1 β
π(ππ,π )β
ππ,π β
π‘π = [π1 , π2 ], and π = 0, 1, 2:
π1 = {([1 1 0 1 0 1 1 0] , [1 0 1 0 1 1 1 1]) ,
9 ([1 1 0 0 1 0 0 1] , [0 0 1 1 1 0 1 0]) , ([1 1 0 0 1 0 0 1] , [0 0 0 0 1 1 0 0]) ,
([1 1 0 1 0 1 1 0] , [0 0 0 1 0 0 0 0]) ,
([1 1 0 0 1 0 0 1] , [1 0 0 1 1 0 0 1]) ,
([1 1 0 1 0 1 1 0] , [1 1 0 1 0 0 0 0]) ,
([1 1 0 0 1 0 0 1] , [0 0 1 1 0 1 0 0]) ,
([1 1 0 1 0 1 1 0] , [1 1 0 1 1 0 0 0]) ,
([1 1 0 0 1 0 0 1] , [0 1 1 0 1 0 1 0]) ,
([1 1 0 1 0 1 1 0] , [1 1 1 0 0 0 1 0]) ,
([1 1 0 0 1 0 0 1] , [1 1 1 1 0 0 1 0]) ,
([1 1 0 1 0 1 1 0] , [1 1 0 1 0 1 0 1]) ,
([1 1 0 0 1 0 0 1] , [0 0 0 1 1 1 1 0]) ,
([1 1 0 1 0 1 1 0] , [1 0 0 1 0 0 0 1]) , ([1 1 0 1 0 1 1 0] , [1 1 0 1 0 0 0 1])} , (37) π2 = {([1 1 0 0 1 0 0 1] , [1 1 0 1 1 1 1 1]) , ([1 1 0 0 1 0 0 1] , [1 0 0 1 0 0 0 1]) ,
([1 1 0 0 1 0 0 1] , [0 0 1 1 1 0 0 1]) , ([1 1 0 0 1 0 0 1] , [1 0 1 1 0 0 0 0])} . (38) Signature
([1 1 0 0 1 0 0 1] , [0 1 1 0 0 1 0 1]) ,
(i) Choose a message π = ([1 0 0 1 1 1 0 1], [1 1 0 1 0 1 0 1]). (ii) Sample π§ = ([0 0 0 0 0 0 0 0], [1 0 0 1 1 0 1 0]) (β Z) and compute π = π‘0β1 β
π§ β
π‘2
([1 1 0 0 1 0 0 1] , [1 1 0 1 0 1 1 1]) ,
π2 = π = ([0 0 0 1 1 1 1 1] , [0 0 0 1 1 0 1 1]) ,
([1 1 0 0 1 0 0 1] , [1 0 1 0 1 1 0 0]) ,
π1 = π» (π, π)
([1 1 0 0 1 0 0 1] , [0 1 0 0 1 0 1 0]) ,
([1 1 0 0 1 0 0 1] , [1 1 0 0 1 1 1 1]) , ([1 1 0 0 1 0 0 1] , [0 1 0 1 1 0 0 0]) , ([1 1 0 0 1 0 0 1] , [1 1 1 1 0 0 1 1]) , ([1 1 0 0 1 0 0 1] , [1 1 0 0 1 1 0 1]) , ([1 1 0 0 1 0 0 1] , [1 0 0 1 1 1 1 1]) , ([1 1 0 0 1 0 0 1] , [1 0 1 0 1 0 1 0]) ,
= ([0 0 0 1 0 1 0 1] , [0 1 1 0 0 1 0 0]) . (39) (iii) Signature π = (π1 , π2 ): π1 = 71 (β Zπ ) , π2 = ([0 0 1 1 1 0 1 1] , [0 1 0 1 0 1 1 0]) . (40) Verification
([1 1 0 0 1 0 0 1] , [0 0 0 0 1 0 0 1]) ,
(i) Compute
([1 1 0 0 1 0 0 1] , [1 1 0 0 0 0 1 1]) ,
π1 = πΌσΈ (π1 ) β
π2
([1 1 0 0 1 0 0 1] , [0 1 0 1 0 1 0 0]) , ([1 1 0 0 1 0 0 1] , [0 1 1 0 1 1 0 0]) , ([1 1 0 0 1 0 0 1] , [1 1 1 0 1 1 1 1]) , ([1 1 0 0 1 0 0 1] , [1 1 1 0 0 0 1 1]) , ([1 1 0 0 1 0 0 1] , [1 1 1 0 1 1 1 1]) , ([1 1 0 0 1 0 0 1] , [0 0 0 0 1 0 0 1]) , ([1 1 0 0 1 0 0 1] , [0 1 1 0 0 1 0 0]) , ([1 1 0 0 1 0 0 1] , [1 1 1 0 1 1 0 1]) , ([1 1 0 0 1 0 0 1] , [1 0 0 0 0 0 1 1]) ,
= ([0 0 0 1 0 1 0 1] , [0 1 1 0 0 1 0 0]) . (41) (ii) Compute πΎσΈ (π1 ) = ([0 0 0 1 1 1 1 1] , [0 0 1 0 0 0 0 0]) , π (π2 ) = ([0 0 0 0 0 0 0 0] , [0 0 1 1 1 0 1 1]) , π2 = πΎσΈ (π1 ) β
π (π2 ) = ([0 0 0 1 1 1 1 1] , [0 0 0 1 1 0 1 1]) . (42)
10 Since π1 β π1 = [0 0 0 0 0 0 0 0] and π2 β π2 = [0 0 0 0 0 0 0 0], so we can get that π»(π, πΎσΈ (π1 ) β
π(π2 )) = πΌσΈ (π1 ) β
π2 .
Conflict of Interests The authors declare that there is no conflict of interests regarding the publication of this paper.
Acknowledgments This work is partially supported by the National Natural Science Foundation of China (NSFC) (nos. 61103198, 61121061, 61370194) and the NSFC A3 Foresight Program (no. 61161140320).
References [1] C. H. Bennett and G. Brassard, βQuantum cryptography: public key distribution and coin tossingin,β in Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing, pp. 175β179, Bangalore, India, 1984. [2] C. H. Bennett, βQuantum cryptography using any two nonorthogonal states,β Physical Review Letters, vol. 68, no. 21, pp. 3121β 3124, 1992. [3] C. H. Bennett, G. Brassard, and N. D. Mermin, βQuantum cryptography without Bellβs theorem,β Physical Review Letters, vol. 68, no. 5, pp. 557β559, 1992. [4] N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden, βQuantum cryptography,β Reviews of Modern Physics, vol. 74, no. 1, pp. 146β 195, 2002. [5] R. Matthews, βOn the derivation of a βchaoticβ encryption algorithm,β Cryptologia, vol. 13, no. 1, pp. 29β42, 1989. [6] M. S. Baptista, βCryptography with chaos,β Physics Letters A, vol. 240, no. 1-2, pp. 50β54, 1998. [7] G. Alvarez, G. Pastor, F. Montoya, and M. Romera, βChaotic cryptosystems,β in Proceedings of the IEEE International Carnahan Conference on Security Technology, pp. 332β338, 1999. [8] X.-Y. Wang and Q. Yu, βBlock encryption algorithm based on dynamic sequences of multiple chaotic systems,β Communications in Nonlinear Science and Numerical Simulation, vol. 14, no. 2, pp. 574β581, 2009. [9] X. Wang and J. Zhao, βAn improved key agreement protocol based on chaos,β Communications in Nonlinear Science and Numerical Simulation, vol. 15, no. 12, pp. 4052β4057, 2010. [10] Y. Niu and X. Wang, βAn anonymous key agreement protocol based on chaotic maps,β Communications in Nonlinear Science and Numerical Simulation, vol. 16, no. 4, pp. 1986β1992, 2011. [11] L. Hongjun, W. Xingyuan, and K. Abdurahman, βImage encryption using DNA complementary rule and chaotic maps,β Applied Soft Computing, vol. 12, no. 5, pp. 1457β1466, 2012. [12] X. Wang and D. Luan, βA novel image encryption algorithm using chaos and reversible cellular automata,β Communications in Nonlinear Science and Numerical Simulation, vol. 18, no. 11, pp. 3075β3085, 2013. [13] W. Xingyuan and L. Dapeng, βA secure key agreement protocol based on chaotic maps,β Chinese Physics B, vol. 22, no. 11, Article ID 110503, 2013.
Mathematical Problems in Engineering [14] Y.-Q. Zhang and X.-Y. Wang, βSpatiotemporal chaos in mixed linearβnonlinear coupled logistic map lattice,β Physica A: Statistical Mechanics and Its Applications, vol. 402, pp. 104β118, 2014. [15] L. M. Adleman, βMolecular computation of solutions to combinatorial problems,β Science, vol. 266, no. 5187, pp. 1021β1024, 1994. [16] D. Boneh, C. Dunworth, R. J. Lipton, and J. Sgall, βOn the computational power of DNA,β Discrete Applied Mathematics, vol. 71, no. 1β3, pp. 79β94, 1996. [17] G. Cui, L. Qin, Y. Wang, and X. Zhang, βAn encryption scheme using DNA technology,β in Proceedings of the 3rd International Conference on Bio-Inspired Computing: Theories and Applications (BICTA β08), pp. 37β41, October 2008. [18] W. Lempken, T. van Trung, S. S. Magliveras, and W. Wei, βA public key cryptosystem based on non-abelian finite groups,β Journal of Cryptology, vol. 22, no. 1, pp. 62β74, 2009. [19] N. R. Wagner and M. R. Magyarik, βA public-key cryptosystem based on the word problem,β in Advances in Cryptology, vol. 196 of Lecture Notes in Computer Science, pp. 19β36, Springer, Berlin, Germany, 1985. [20] K. H. Ko, S. J. Lee, J. H. Cheon, J. W. Han, J. Kang, and C. Park, βNew public-key cryptosystem using braid groups,β in Advances in cryptologyβCRYPTO 2000, vol. 1880 of Lecture Notes in Computer Science, pp. 166β183, Springer, Berlin, Germany, 2000. [21] B. Eick and D. Kahrobaei, βPolycyclic groups: a new platform for cryptology?β http://arxiv.org/abs/math/0411077. [22] V. Shpilrain and A. Ushakov, βThompsons group and public key cryptography,β in Applied Cryptography and Network Security, vol. 3531 of Lecture Notes in Computer Science, pp. 151β164, 2005. [23] D. Kahrobaei, C. Koupparis, and V. Shpilrain, βPublic key exchange using matrices over group rings,β Groups, Complexity, and Cryptology, vol. 5, no. 1, pp. 97β115, 2013. [24] S. S. Magliveras, βA cryptosystem from logarithmic signatures of finite groups,β in Proceedings of the 29th Midwest Symposium on Circuits and Systems, pp. 972β975, Elsevier Publishing, Amsterdam, The Netherlands, 1986. [25] S. S. Magliveras and N. D. Memon, βAlgebraic properties of cryptosystem PGM,β Journal of Cryptology, vol. 5, no. 3, pp. 167β 183, 1992. [26] A. Caranti and F. Dalla Volta, βThe round functions of cryptosystem PGM generate the symmetric group,β Designs, Codes and Cryptography, vol. 38, no. 1, pp. 147β155, 2006. [27] S. S. Magliveras, D. R. Stinson, and T. van Trung, βNew approaches to designing public key cryptosystems using oneway functions and trapdoors in finite groups,β Journal of Cryptology, vol. 15, no. 4, pp. 285β297, 2002. [28] M. I. GonzΒ΄alez Vasco and R. Steinwandt, βObstacles in two public key cryptosystems based on group factorizations,β Tatra Mountains Mathematical Publications, vol. 25, pp. 23β37, 2002. [29] J.-M. Bohli, R. Steinwandt, M. I. GonzΒ΄alez Vasco, and C. MartΒ΄Δ±nez, βWeak keys in MST 1 ,β Designs, Codes and Cryptography, vol. 37, no. 3, pp. 509β524, 2005. [30] M. I. GonzΒ΄alez Vasco, C. MartΒ΄Δ±nez, and R. Steinwandt, βTowards a uniform description of several group based cryptographic primitives,β Designs, Codes and Cryptography, vol. 33, no. 3, pp. 215β226, 2004. [31] S. S. Magliveras, P. Svaba, T. van Trung, and P. Zajac, βOn the security of a realization of cryptosystem MST 3 ,β Tatra Mountains Mathematical Publications, vol. 41, pp. 65β78, 2008.
Mathematical Problems in Engineering [32] S. R. Blackburn, C. Cid, and C. Mullan, βCryptanalysis of the MST 3 public key cryptosystem,β Journal of Mathematical Cryptology, vol. 3, no. 4, pp. 321β338, 2009. [33] M. I. G. Vasco, A. L. P. del Pozo, and P. T. Duarte, βA note on the security of MST 3 ,β Designs, Codes and Cryptography, vol. 55, no. 2-3, pp. 189β200, 2010. [34] P. Svaba and T. van Trung, βPublic key cryptosystem MST 3 cryptanalysis and realization,β Journal of Mathematical Cryptology, vol. 4, no. 3, pp. 271β315, 2010. [35] W. Lempken and T. van Trung, βOn minimal logarithmic signatures of finite groups,β Experimental Mathematics, vol. 14, no. 3, pp. 257β269, 2005. [36] P. Marquardt, P. Svaba, and T. van Trung, βPseudorandom number generators based on random covers for finite groups,β Designs, Codes and Cryptography, vol. 64, no. 1-2, pp. 209β220, 2012.
11
Advances in
Operations Research Hindawi Publishing Corporation http://www.hindawi.com
Volume 2014
Advances in
Decision Sciences Hindawi Publishing Corporation http://www.hindawi.com
Volume 2014
Journal of
Applied Mathematics
Algebra
Hindawi Publishing Corporation http://www.hindawi.com
Hindawi Publishing Corporation http://www.hindawi.com
Volume 2014
Journal of
Probability and Statistics Volume 2014
The Scientific World Journal Hindawi Publishing Corporation http://www.hindawi.com
Hindawi Publishing Corporation http://www.hindawi.com
Volume 2014
International Journal of
Differential Equations Hindawi Publishing Corporation http://www.hindawi.com
Volume 2014
Volume 2014
Submit your manuscripts at http://www.hindawi.com International Journal of
Advances in
Combinatorics Hindawi Publishing Corporation http://www.hindawi.com
Mathematical Physics Hindawi Publishing Corporation http://www.hindawi.com
Volume 2014
Journal of
Complex Analysis Hindawi Publishing Corporation http://www.hindawi.com
Volume 2014
International Journal of Mathematics and Mathematical Sciences
Mathematical Problems in Engineering
Journal of
Mathematics Hindawi Publishing Corporation http://www.hindawi.com
Volume 2014
Hindawi Publishing Corporation http://www.hindawi.com
Volume 2014
Volume 2014
Hindawi Publishing Corporation http://www.hindawi.com
Volume 2014
Discrete Mathematics
Journal of
Volume 2014
Hindawi Publishing Corporation http://www.hindawi.com
Discrete Dynamics in Nature and Society
Journal of
Function Spaces Hindawi Publishing Corporation http://www.hindawi.com
Abstract and Applied Analysis
Volume 2014
Hindawi Publishing Corporation http://www.hindawi.com
Volume 2014
Hindawi Publishing Corporation http://www.hindawi.com
Volume 2014
International Journal of
Journal of
Stochastic Analysis
Optimization
Hindawi Publishing Corporation http://www.hindawi.com
Hindawi Publishing Corporation http://www.hindawi.com
Volume 2014
Volume 2014