all exceptional groups of lie type have minimal logarithmic signatures
TRANSCRIPT
AAECCDOI 10.1007/s00200-014-0226-3
ORIGINAL PAPER
All exceptional groups of lie type have minimallogarithmic signatures
Haibo Hong · Licheng Wang · Yixian Yang ·Haseeb Ahmad
Received: 3 July 2013 / Accepted: 27 May 2014© Springer-Verlag Berlin Heidelberg 2014
Abstract As a special type of factorization of finite groups, logarithmic signature (LS)is used as the main component of cryptographic keys for secret key cryptosystemssuch as PGM and public key cryptosystems like M ST1, M ST2 and M ST3. An LSwith the shortest length is called a minimal logarithmic signature (MLS) that is highlyfavourable to be used for cryptographic constructions. The MLS conjecture states thatevery finite simple group has an MLS. Recently, Nikhil Singhi et al. proved the MLSconjecture to be true for some families of simple groups. In this paper, we firstly provethe existence of MLSs for the exceptional groups of Lie type.
Keywords Exceptional groups of Lie type · Simple groups · (Minimal) logarithmicsignature
Mathematics Subject Classification (2010) 94A60 · 11T71 · 14G50 · 20G40 ·20E28 · 20E32 · 20D06 · 05E15 · 51A40
H. Hong · L. Wang (B) · Y. Yang · H. AhmadInformation Security Center, State Key Laboratory of Networking and Switching Technology,Beijing University of Posts and Telecommunications, Beijing 100876, People’s Republic of Chinae-mail: [email protected]
H. Honge-mail: [email protected]
Y. Yange-mail: [email protected]
H. Ahmade-mail: [email protected]
123
H. Hong et al.
1 Introduction
Public Key Cryptography depends on hard mathematical problems that are often drivenfrom number theory. In the early 1980s, several authors explored the possibility ofusing group theoretical problems for cryptography [7]. In particular owing to Magliv-eras et al., there are various proposals for cryptographic schemes such as M ST1, M ST2and M ST3 [5,6,9,10,13,14] which utilize special factorizations [called logarithmicsignatures (LSs)] of finite groups [7,8].
In order to apply LSs in some practical cryptographic schemes effectively, thequestion of finding LSs with shortest length [called minimal logarithmic signatures(MLSs)] arises naturally. Such MLSs would be desirable for realizing the M ST publickey cryptosystems. Besides, from the mathematical point of view, an MLS for a groupallows us to store the group in an efficient way and helps us for understanding thestructure of the group in a better way. However, the problem of existence of MLSs forfinite groups should be taken into account first.
In fact, an outstanding work has been done in searching MLSs for finite groups. In2003, Vasco et al. [3] proved the existence of MLSs for all groups of order less than175,560. In 2004, Holmes [4] presented MLSs for some sporadic groups. In 2005,Lempken et al. [6] proposed MLSs for some finite simple groups. Recently, Singhi etal. [11,12] have achieved some effective results. Meanwhile, they put forward the MLSconjecture that says every finite simple group has an MLS. However, the conjectureis still an open problem. So in this sense, it is meaningful for us to continue the work.
Actually, exceptional groups of Lie type have permutation representations overappropriate subsets of isotopic 1-subspaces. Stabilizers [15] in such permutation rep-resentations are well understood. Thus we proposed a method of creating MLSs by uti-lizing stabilizers and linear transformations in corresponding algebraic systems (Octo-nion algebra, Albert algebra and Lie algebra) to factorize each group G into a productof “disjoint” subgroups with the property that each subgroup has an MLS. Therefore,we obtain a desired MLS for G by joining the MLSs of the subgroups together.
For each of exceptional group of Lie type, the proposed MLS has the similar struc-ture as [A, T1, T2, Gw] or [A, T, Gw], where Gw is the stabilizer of correspondingexceptional group of Lie type G; T1, T2 are the cyclic maximal tori of G [1]; T is thesharp cyclic torus of G [1]; A is a product of some cyclic subgroups of G (see Table 1).
2 Preliminaries
2.1 LS and MLS
Definition 1 (LS) [6] Let G be a finite group, A ⊆ G. Let α = [A1, . . . , As] be asequence of ordered subsets Ai of G such that Ai = [ai1, . . . , airi ] with ai j ∈ G,(1 ≤ j ≤ ri ). Then α is called an LS for G (or A) if each g ∈ G (or A) is uniquelyrepresented as a product
g = a1 j1 . . . as js
with ai ji ∈ Ai (1 ≤ i ≤ s).
123
All exceptional groups of lie type
Tabl
e1
ML
Ssfo
rex
cept
iona
lgro
ups
oflie
type
GA
Tor
T 1,
T 2G
w
G2(q
)A
=〈a〉
|T 1|=
q2
+q
+1
Gw
=q
2+1+
2:G
L2(q
)
a=
xq−1
,x
∈G2(q
)|T 2
|=q
2−
q+
12G
2(q
)A
=〈a〉
|T 1|=
q+
√ 3q+
1G
w=
q1+
1+1
:Cq−1
a=
xq−1
,x
∈2G
2(q
)|T 1
|=q
−√ 3q
+1
3D
4(q
)A
=A
1A
2,
Ai=
〈a i〉,1
≤i≤
2|T
|=q
4−
q2
+1
Gw
=q
2+3+
6:S
L2(q
)·C
q 2−1
a 1=
xq2−1
,a2
=xq
3−1
for
x∈3
D4(q
)
2B
2(q
)|A
|=1
|T 1|=
q+
√ 2q+
1G
w=
q1+
1·C
q−1
|T 2|=
q−
√ 2q+
1
F4(q
)A
=A
1A
2A
3A
4,
Ai=
〈a i〉,1
≤i≤
4|T
|=q
4−
q2
+1
Gw
=q
7+8
:2·�
7(q
) ·Cq−1
for
qod
d,
a 1=
xq−1
1,a
2=
xq2−1
2,a
3=
xq3−1
3,a
4=
xq4−1
4G
w=
(q6
×q
1+8)S
p 6(q
) ·Cq−1
for
qev
en
2F
4(q
)A
=A
1A
2A
3,A
i=
〈a i〉,1
≤i≤
3|T 1
|=q
2+
√2q
3+
q+
√ 2q+
1G
w=
q1
·q4
·q1
·q4
:(2B
2(q
)×
Cq−1
)
a 1=
xq−1
1,a
2=
xq2−1
2,a
3=
xq3−1
3|T 2
|=q
2−
√2q
3+
q−
√ 2q+
1
E6(q
)A
=A
1A
2,A
i=
〈a i〉,1
≤i≤
2|T
|=q
6+
q3
+1
Gw
=q
16:(�
+ 10(q
)×
Cq−1
)
a 1=
xq−1
1,a
2=
xq4−1
22
E6(q
)A
=A
1A
2A
3,A
i=
〈a i〉,1
≤i≤
3|T 1
|=q
6−
q3
+1,
Gw
=q
21:(
SU6(q
)×
Cq−1
)
a 1=
xq−1
1,a
2=
x(q3−1
)(q+1
)2
,a3
=xq
6−1
3|T 2
|=(q
4+
1)(q
2−
1)
E7(q
)A
=A
1A
2A
3,A
i=
〈a i〉,1
≤i≤
3|T
|=q
7+
1fo
rq
even
Gw
=q
27:(
E6(q
)×
Cq−1
)fo
rq
even
a 1=
xq−1
1,a
2=
xq5−1
2,a
3=
xq9−1
3|T
|=(q
7+
1)/2
for
qod
dG
w=
q27
:2·(
E6(q
)×
C(q
−1)/
2)·2
for
qod
d
E8(q
)A
=A
1A
2A
3A
4,A
i=
〈a i〉,1
≤i≤
4|T
|=q
8−
q7
+q
5−
q4
+q
3−
q+
1fo
rq
even
Gw
=q
1·q
56:(
E7(q
)×
Cq−1
)fo
rq
even
a 1=
xq6−1
1,a
2=
xq10
−12
,a3
=xq
12−1
3,a
4=
x|T|(q
−1)
4|T
|=(q
8−
q7
+q
5−
q4
+q
3−
q+
1)/2
for
qod
dG
w=q
1·q
56:2
·(E
7(q
)×
C(q
−1)/
2)·2
for
qod
d
123
H. Hong et al.
The sequences Ai are called the blocks of α, the length of α is defined to bel(α) = ∑s
i=1 ri . Let |G| = ∏kj=1 p
a jj (or |A| = ∏k
j=1 pa jj ) be the prime power decom-
position of |G|(or |A|) and α = [A1, A2, . . . , As] be an LS for G(or A). From [2], wehave l(α) ≥ ∑k
j=1a j p j .
Definition 2 (MLS) [6] An LS α for a finite group G(or A) with l(α) = ∑kj=1 a j p j
is called an MLS for G(or A).
Lemma 1 [11] Let A, B ≤ G, if A and B satisfy any one of the two conditions asfollows:
(i) G = AB and A ∩ B = {1}(ii) G = A : B is a semi-direct product of A and B, A ∩ B = {1}then, [A, B] is an LS for G.
Lemma 2 [11,12] If G is solvable, then G has an MLS.
Lemma 3 [12] Let G be a finite group and x ∈ G be an element of order t . Fors ∈ N , s ≤ t , let S = {xi |0 ≤ i < s} = {1, x1, x2, . . . , xs−1} be a cyclic setgenerated by x. Then S has an MLS β = [A1, A2, . . . , Ak] satisfying the followingcondition:
For any list [ ji , j2, . . . , jk], such that x ji ∈ Ai , 1 ≤ i ≤ k,
k∑
i=1
ji < s.
Lemma 4 [12] Let G be a finite group and [A1, . . . , Ar ] be an LS for G such that foreach subset A j , 1 ≤ j ≤ r , an MLS exists. Then G has an MLS.
2.2 Ten families of exceptional groups of lie type
From the Lie algebra point of view, the exceptional groups can be divided into threedifferent types [15]. The first type consists of five families of Chevalley (untwisted)groups G2(q), F4(q), E6(q), E7(q) and E8(q) with q a power of a prime. Next arethe Steinberg-Tits-Hertzig twisted groups 3 D4(q) and 2 E6(q) for any finite field Fq
with q a power of a prime. Finally, there are three families of Suzuki and Ree groups2 B2(22n+1),2 G2(32n+1) and 2 F4(22n+1).
2.3 Some algebra systems
The (real) Octonion algebra O [15], sometimes called the Cayley numbers, which canbe built by taking 7 mutually orthogonal square roots of −1, labelled by i0, . . . , i6 withthe condition that for each t , the elements it , it+1, it+3 satisfy the same multiplicationrules as i, j, k in the Quaternion algebra. So we observe that multiplication is non-associative. For example, (i0i1)i2 = i3i2 = −i5 but i0(i1i2) = i0i4 = i5. In order toaccurately represent Octonion algebra over any field F of characteristic not only 2,we need to choose a suitable basis. Let a, b ∈ Fq such that b = 0 and a2 + b2 = −1.Thus our new basis is {y1, y2, . . . , y8} defined by Wilson [15]
123
All exceptional groups of lie type
2y1 = i4 + ai6 + bi0,
2y2 = i2 + bi3 + ai5,
2y3 = i1 − bi6 + ai0,
2y4 = 1 + ai3 − bi5,
2y5 = 1 − ai3 + bi5,
2y6 = i1 + bi6 − ai0,
2y7 = i2 − bi3 − ai5,
2y8 = i4 − ai6 − bi0.
Then the general norm N (x) = xx , where “ ¯ ” called octonion conjugation is theF-linear map fixing 1 and negating i0, . . . , i6. Also the real part is denoted by Re(x) =12 (x + x), so x = 2Re(x) − x . The norm N also represents a quadratic form whichsatisfy N (λu + v) = λ2 N (u) + λ f (u, v) + N (v) for all u, v ∈ V, λ ∈ F , and theassociated bilinear form is presented as f (x, y) = N (x + y) − N (x) − N (y) =2Re(x y).
The algebra of n×n matrices is defined by the well-known matrix product, which isassociative but non-commutative when n > 1. Albert algebra [15] is a 27-dimensionalnon-associative real algebra of matrices. It is constructed as the algebra of 3 × 3 Her-mitian matrices (i.e. matrices x such that xT = x) over the octonions. For brevity, we
define (d, e, f |D, E, F)=
⎛
⎝d F EF e DE D f
⎞
⎠ where d, e and f lie in the ground field, while
D, E and F are corresponding 8-dimensional subspaces generated by {1, i0, . . . , i6}.A Lie algebra is a non-associative algebra which is a vector space V over some field
F together with a binary operation [·, ·] : V × V → V satisfies the corresponding Lieconditions [15]. A concrete example of Lie algebra is the algebra of n × n matriceswhich is denoted by the multiplication [A, B] = AB − B A.
3 Main results
In this section, we will describe a construction of MLS concretely for each of thegroups in the ten families of exceptional groups of Lie type. Firstly, we take advantageof Octonion algebra to construct MLSs for G2(q), 2G2(q), 3 D4(q) and 2 B2(q); thenwe use Albert algebra to construct corresponding MLSs for F4(q), 2 F4(q), E6(q) and2 E6(q); finally, we utilize Lie algebra to construct MLSs for the last two groups E7(q)
and E8(q).
3.1 MLSs for G2(q),2 G2(q),3 D4(q) and 2 B2(q)
As described in Sect. 2, we choose the vector space V with basis B = {y1, y2, . . . , y8}.The bilinear form f is defined by f (x, y) = 2Re(x y) for all x , y ∈ V . Quadraticform N can also be defined by N (x) = xx for all x ∈ V . We provide the proofs offollowing theorems.
123
H. Hong et al.
Theorem 1 G2(q) has an MLS.
Proof Let q be a power of prime, and V a vector space with basis B. Then we can seethat |G2(q)| = q6(q6 − 1)(q2 − 1). Let w = 〈y1〉 be the isotopic 1-space of V , thenfrom Wilson [15], the stabilizer Gw which is the maximal parabolic subgroup of G2(q)
has the shape of semi-direct product q2+1+2 : GL2(q). Also from [1], there are twomaximum cyclic tori T1 and T2 in G2(q) which satisfy T1 ∩ T2 = 1, |T1| = q2 +q +1and |T2| = q2 − q + 1. Let W = {y2, y3} be a 2-subspace of V . For s ∈ W , thelinear transformation Ts : W → W is defined by Ts(v) = sv for all v ∈ W . Let α
be a primitive element of the field Fq2 and x ∈ G2(q) be the matrix corresponding tothe linear transformation Tα . Then a = xq−1 is the matrix corresponding to the lineartransformation Tαq−1 . Let A = 〈a〉, so we can see that A is a cyclic group with orderq + 1. Hence, from Lemma 1, we can see that [A, T1, T2, Gw] is an LS for G2(q).Besides, from Lemma 2 and Lemma 3 , A, T1, T2 and Gw have MLSs. Finally now itfollows using Lemma 4, that G2(q) has an MLS. � Theorem 2 2G2(q) has an MLS.
Proof According to the definition of 2G2(q), when q = 32m+1, the basis B of V isgiven as follows [15]:
v1 = i3 + i5 + i6,
v2 = i1 + i2 + i4,
v3 = i0 − i3 + i6,
v4 = i2 − i1,
v5 = −i0 + i3 − i6,
v6 = −i1 = −i2 + i4,
v7 = −i3 + i5 − i6.
Then from Wilson [15], |2G2(q)| = q3(q3 + 1)(q + 1). Let w = 〈v1〉 be theisotopic 1-space of V , from Wilson [15], we can see that the stabilizer Gw has thetype q1+1+1 : Cq−1. Then from [1], 2G2(q) has two cyclic maximum tori T1 withorder q + √
3q + 1 and T2 with order q − √3q + 1 which satisfy T1 ∩ T2 = 1. Let
W = {v2, v3} be a 2-subspace of V . Let α be a primitive element of Fq2 , x ∈ 2G2(q) bea matrix corresponding to the linear transformation Tα . Therefore, a = xq−1 is a matrixcorresponding to the linear transformation T q−1
α . A = 〈a〉 with order q + 1 is also acyclic subgroup of 2G2(q) generated by a. Therefore, from Lemma 1, [A, T1, T2, Gw]is an LS for 2G2(q). From Lemma 2 and Lemma 3, A, T1, T2 and Gw have MLSs.Finally now it follows using Lemma 4, that 2G2(q) has an MLS. � Theorem 3 3 D4(q) has an MLS.
Proof When q is a power of a prime, the basis of 3 D4(q) is the same as G2(q), butthe Octonion algebra is defined over Fq3 by the field automorphism x → xq of order3. From Wilson [15], |3 D4(q)| = q12(q8 + q4 + 1)(q6 − 1)(q2 − 1). The stabilizer
123
All exceptional groups of lie type
Gw of the 1-space w = 〈y1〉 which is the maximal parabolic subgroup of 3 D4(q) hasthe shape q2+3+6 : SL2(q) · Cq2−1, the sharply cyclic torus T is of order q4 − q2 + 1.Let W = {y1, y2, . . . , y6} be a 6-subspace of V , α be the primitive element of Fq6 ,
a1 = xq2−11 and a2 = xq3−1
2 be the matrices corresponding to the linear transformation
T q2−1α and T q3−1
α , respectively. Then A1 = 〈a1〉 and A2 = 〈a2〉 are cyclic subgroupsof 3 D4(q). Besides, A1 ∩ A2 = 1. From Lemma 2 and Lemma 3, A, T1, T2 and Gw
have MLSs. Finally now it follows using Lemma 4, that 3 D4(q) has an MLS.
Theorem 4 2 B2(q) has an MLS.
Proof According to the definition of 2 B2(q), q = 22m+1. Being a little different fromthe basis above, we take the symplectic basis as the basis for 2 B2(q). The basis B ofV is presented as follows [15]:
e1 = (1, 0, 0, 0, 0, 1), f1 = (1, 1, 0, 0, 0, 0),
e2 = (0, 0, 1, 1, 0, 0), f2 = (0, 0, 0, 1, 1, 0).
Also from Wilson [15], |2 B2(q)| = q2(q2 + 1)(q − 1). Let w = 〈e1〉 be theisotopic 1-space of V , from Wilson [15], we can see that the stabilizer Gw has theshape q1+1 · Cq−1. Then from [1], the two maximum cyclic tori are T1 of orderq +√
2q + 1 and T2 of order q −√2q + 1. Meanwhile, T1 ∩ T2 = 1. So from Lemma
1, [T1, T2, Gw] is an LS for 2 B2(q). Then from Lemma 2 and Lemma 3, T1, T2 andGw have MLSs. Finally now it follows using Lemma 4, that 2 B2(q) has an MLS.
3.2 MLSs for F4(q),2 F4(q), E6(q) and 2 E6(q)
As described as Sect. 2, the vector space V in the Albert algebra has basis B ={vi , v
′i , v
′′i |0 ≤ i ≤ 8} which is defined by Wilson [15]
v0 = (1, 0, 0|0, 0, 0) and vi = (0, 0, 0|xi , 0, 0) for i > 0,
v′0 = (0, 1, 0|0, 0, 0) and v′
i = (0, 0, 0|0, xi , 0) for i > 0,
v′′0 = (0, 0, 1|0, 0, 0) and v′′
i = (0, 0, 0|0, 0, xi ) for i > 0.
We provide the proofs of following theorems.
Theorem 5 F4(q) has an MLS.
Proof When q is a power of a prime, from Wilson [15], we can see that |F4(q)| =q24 ∏
i=2,6,8,12(qi − 1). Let W = 〈v1〉 be the isotopic 1-space of V , the stabilizer Gw
has the shape q7+8 : 2 · �7(q).Cq−1 for q odd and (q6 × q1+8)Sp6(q).Cq−1 for qeven. The sharply cyclic torus T is of order q4 −q2 +1. Let W1 = {v1, v
′1, v
′′1 }, W2 =
{v1, v2, v3, v4}, W3 = {v2, v′2, v
′′2 , v3, v
′3, v
′′3 } and W4 = {v0, v1, . . . v7} be the cor-
responding 3- subspace, 4- subspace, 6- subspace and 8- subspace of V, a1 =xq−1
1 , a2 = xq2−12 , a3 = xq3−1
3 and a4 = xq4−14 be the matrices corresponding to
123
H. Hong et al.
the linear transformation T αq−1, T βq2−1, T γ q3−1 and T τ q4−1, respectively. ThenA1 = 〈a1〉, A2 = 〈a2〉, A3 = 〈a3〉 and A4 = 〈a4〉 are the corresponding cyclic sub-groups of F4(q). Lemma 1 implies that [A1, A2, A3, A4, T, Gw] is an LS for F4(q).Also from Lemmas 2 and 3, we conclude that A1, A2, A3, A4, T, Gw have MLSs.Finally now it follows using Lemma 4, that F4(q) has an MLS. � Theorem 6 2 F4(q) has an MLS.
Proof As described as the definition of 2 F4(q), when q = 22m+1, the basis B ofV is almost the same as described aforementioned, but we replace v0, v
′0, v
′′0 with
v9 = v0 + 1, v′9 = v′
0 + 1, v′′9 = v′′
0 + 1. From Wilson [15], we have |2 F4(q)| =q12(q6 +1)(q4 −1)(q3 +1)(q −1). Meanwhile, the stabilizer Gw = q1 ·q4 ·q1 ·q4 :(2 B2(q) × Cq−1) with w = 〈v1〉. The two cyclic maximum tori are T1 and T2 whichsatisfy |T1| = q2+√
2q3+q+√2q+1, |T2| = q2−√
2q3+q−√2q+1 and T1∩T2 =
1. Let W1 = {v1, v′1}, W2 = {v2, v
′2, v3, v
′3}, W3 = {v8, v
′8, v
′′8 , v9, v
′9, v
′′9 }, A1 =
〈a1〉, A2 = 〈a2〉 and A3 = 〈a3〉 be the corresponding cyclic subgroups of 2 F4(q).Then [A1, A2, A3, T1, T2, Gw] is an LS for 2 F4(q). From Theorem 4, 2 B2(q) has anMLS. Hence, Gw has an MLS. Finally now it follows using Lemma 2, Lemma 3 andLemma 4, that 2 F4(q) has an MLS.
Theorem 7 E6(q) has an MLS.
Proof Let q be a power of a prime, the basis B same as F4(q). |E6(q)| =q36 ∏
i=2,5,6,8,9,12(qi − 1). The stabilizer Gw = q16 : (�+
10(q) × Cq−1). Also,the sharply cyclic torus T has order q6 + q3 + 1. Let W1 = {v1, v
′1, v
′′1 }, W2 =
{v2, v′2, v
′′2 , v3, v
′3, v3, . . . , v5, v
′5, v
′′5 } be the corresponding 3-subspace, 12-subspace
of V . A1 = 〈a1〉, A2 = 〈a2〉 are cyclic subgroups of E6(q). Finally now it followsusing Lemma 2, Lemma 3 and Lemma 4, that E6(q) has an MLS.
Theorem 8 2 E6(q) has an MLS.
Proof Let q be a power of a prime, and w = 〈v1〉 the 1-space of V . Then the stabilizerGw has the shape q21 : (SU6(q) × Cq−1). The two cyclic maximum tori are T1 oforder q6 − q3 + 1 and T2 of order (q4 + 1)(q2 − 1), respectively. In addition, we havethat T1 ∩ T2 = 1. Now, let us construct three subspaces W1 = {v1, v1,
′ v′′1 }, W2 =
{v2, v′2, v
′′2 , v3, v
′3, v
′′3 } and W3 = {v4, v
′4, v
′′4 , v5, v
′5, v
′′5 . . . , v7, v
′7, v
′′7 }. Suppose that
a1 = xq−11 , a2 = x (q3−1)(q+1)
2 and a3 = xq6−13 are the matrices corresponding to the
linear transformation T αq−1, T β(q3−1)(q+1) and T γ q6−1, respectively. Then A1 =〈a1〉, A2 = 〈a2〉 and A3 = 〈a3〉 are cyclic subgroups of 2 E6(q). Finally now it followsusing Lemma 2, Lemma 3 and Lemma 4, that 2 E6(q) has an MLS.
3.3 MLSs for E7(q) and E8(q)
To construct the Lie algebra of dimension 248, we take 240 basis vectors er corre-sponding to the roots r and an 8-space H spanned by the E8 lattice with coefficientsin the desired field F [15]. We take this 8-space H called a Cartan subalgebra to be
123
All exceptional groups of lie type
spanned by vectors hr , where r is one of the eight fundamental roots [15]. So the basisB of vector space V is {e1, e2, . . . , e240, h1, h2, . . . h8}. Then we have the followingtheorems:
Theorem 9 E7(q) has an MLS.
Proof From Wilson [15], when q is a power of an odd prime, then |E7(q)| =q63 ∏
i∈I (qi − 1), while when q is a power of 2, we have that |E7(q)| =
q63/2∏
i∈I (qi − 1), where I = {2, 6, 8, 10, 12, 14, 18}. For w = 〈e1〉, the stabilizer
Gw is of the shape q27 : (E6(q)×Cq−1) with q even and q27 : 2·(E6(q)×C(q−1)/2)·2with q odd. The sharply maximum torus T is q7 + 1 with q even and (q7 + 1)/2 withq odd. Let us construct three subspaces W1 = {e1, e2, . . . e7}, W2 = {e8, e9, . . . e17}and W3 = {e18, e19 . . . , e35}. Suppose that a1 = xq−1
1 , a2 = xq5−12 , a3 = xq9−1
3 are
the matrices corresponding to the linear transformation T αq−1, T β(q3−1)(q+1) andT γ q6−1, respectively. Then, A1 = 〈a1〉, A2 = 〈a2〉 and A3 = 〈a3〉 are cyclic sub-groups of E7(q). Finally now it follows using Lemmas 2, 3 and 4, that E7(q) has anMLS. � Theorem 10 E8(q) has an MLS.
Proof Also when q is a power of a prime, let w = 〈e1〉 be the 1-space of V ,then the stabilizer Gw has the shape q1 · q56 : (E7(q) × Cq−1) with q even andq1 · q56 : 2 · (E7(q) × C(q−1)/2) · 2 with q odd, the sharply maximum torus T is q8 −q7+q5−q4+q3−q+1 with q even and (q8−q7+q5−q4+q3−q+1)/2 with q odd.Let W1 = {e1, e2, . . . e12}, W2 = {e13, e14, . . . e32}, W3 = {e33, e34 . . . , e56}, W4 ={e57, e58 . . . , e86}. Suppose that a1 = xq6−1
1 , a2 = xq10−12 , a3 = xq12−1
3 and a4 =xq9+q7+q6−2q5+2q4−q3−q2+2q−1
4 are the matrices corresponding to the linear trans-
formation T αq6−1, T βq10−1, T γ q12−1 and T τ q9+q7+q6−2q5+2q4−q3−q2+2q−1, respec-tively. Then, A1 = 〈a1〉, A2 = 〈a2〉, A3 = 〈a3〉 and A4 = 〈a4〉 are cyclic subgroupsof E8(q). From Theorem 9, we can see that E7(q) has an MLS. Finally now it followsusing Lemma 2, 3 and 4, that E8(q) has an MLS. �
4 Conclusions
We utilize stabilizers of isotopic 1-subspaces and linear transformations in correspond-ing algebraic systems to construct MLSs for all ten families of exceptional groups ofLie type. Our method has universal meanings. One can take advantage of these tech-niques to construct MLSs for other finite simple groups.
Acknowledgments This work is partially supported by the National Natural Science Foundation ofChina (NSFC) (Nos. 61103198, 61121061 and 61370194) and the NSFC A3 Foresight Program (No.61161140320).
References
1. Babai, L., Pálfy, P.P., Saxl, J.: On the number of p regular elements in finite simple groups. LMS J.Comput. Math. 12, 82–119 (2009)
123
H. Hong et al.
2. González Vasco, M.I., Steinwandt, R.: Obstacles in two public key cryptosystems based on groupfactorizations. Tatra Mt. Math. Publ. 25, 23–37 (2002)
3. González Vasco, M.I., Rötteler, M., Steinwandt, R.: On minimal length factorizations of finite groups.Exp. Math. 12, 1–12 (2003)
4. Holmes, P.E.: On minimal factorisations of sporadic groups. Exp. Math. 13, 435–440 (2004)5. Lempken, W., van Trung, T., Magliveras, S.S., Wei, W.: A public key cryptosystem based on non-
abelian finite groups. J. Cryptol. 22, 62–74 (2009)6. Lempken, W., van Trung, T.: On minimal logarithmic signatures of finite groups. Exp. Math. 14,
257–269 (2005)7. Magliveras, S.S.: A cryptosystem from logarithmic signatures of finite groups. In Proceedings of
the 29th Midwest Symposium on Circuits and Systems, pp. 972–975. Elsevier Publishing Company,Amsterdam (1986)
8. Magliveras, S.S., Memon, N.D.: Algebraic properties of cryptosystem PGM. J. Cryptol. 5, 167–183(1992)
9. Magliveras, S.S.: Secret and public-key cryptosystems from group factorizations. Tatra Mt. Math. Publ.25, 11–22 (2002)
10. Magliveras, S.S., Stinson, D.R., van Trung, T.: New approaches to designing public key cryptosystemsusing one-way functions and trapdoors in finite groups. J. Cryptol. 15, 285–297 (2002)
11. Singhi, N., Singhi, N., Magliveras, S.S.: Minimal logarithmic signatures for finite groups of lie type.Des. Codes Cryptogr. 55, 243–260 (2010)
12. Singhi, N., Singhi, N.: Minimal logarithmic signatures for classical groups. Des. Codes Cryptogr. 60,183–195 (2011)
13. Qu, M., Vanstone, S.A.: Factorizations of elementary abelian p-groups and their cryptographic signif-icance. J. Cryptol. 7, 201–212 (1994)
14. Svaba, P., van Trung, T.: On generation of random covers for finite groups. Tatra Mt. Math. Publ. 37,105–112 (2007)
15. Wilson, R.A.: The Finite Simple Groups. Graduate Texts in Mathematics, vol. 251. Springer, London(2009)
123