[ieee 2013 national security days (jns3) - rabat, morocco (2013.04.26-2013.04.27)] 2013 national...
TRANSCRIPT
Special Ideal Ring A3 and Cryptography My Hachem HASSIB
Moulay I smail Univcr.>ity FSTE
Errachid.ia, Moroeco hachcm7 1 gmail.com
Abdelhak.im CHILLAU SMBA
Mohamed Abdou ELOMARY Moulay I smail Univer.>ity
FSTE FSf Fez, Mor()tt()
chil2007@voilaJr Errachid.ia, Morocco
elomaryabdou yahoo.fr
Abstract-I.n [l) and [2) we defined the elliptic curve o er the ring J:13 J[e], e = 0. In this work we will give some properties or the clliptic curve o er the special ideal ring of characteristic 3,
:1 = F3 ,r[e] ,€3 = 0, and an application in cryptography. Our rutu.re \lUrk \ ill rocus on the stud or the general case or these ring.~. wh.ich seen1 to be beneficial and interesting in cryptography, specially the one based on the identity (ffiE) [6) , [1), [8).
Index Terms-Elliptic curve, finite ring, characteristic 3, cryptograph, .
IN RODUCTlON
Let d be a po.~itive integer. \Ve consider Lhe quotient ring A,. = IF;!J( ]/( "), where IF;\J is Lhc. llnite field of order :~u. and n ~ a. Then the ring A, is identilled lO the ring IF3.r(c),c" = 0. So we have:
fl-1
A, = {L x,c; I (x;)6 .,,.,,_, E IF;!•' and c" = 0} !JJ, (3]. i=O
I. TH RING IF;!J(c],c" = 0
Similar a, in [31 we have Lhe following lemmas:
?t-1
Lemma 1. Let = L x;c;. i=O
is inlllmible in A,. if and only if xo f. 0.
Lemma 2. A11 is a local ring, its matima! ideal is 9Ji = (c).
Lemma 3. A, is a vector !>pace over IF;\J, mzd (1, c, ... , c"- 1)
is a basis of .4,.
Remark 1. We denote 11 = (c1 ), where j = 1, ... , n - l then: (11 ), s1 .,;11 - l is a decnwsing sequence of ideals of A,. and 11 = 9Ji, so:
9Ji = I, 2 h. ... 2 f .. _,_
II . ELLIPTIC CURVES OVER THE RING IF;!•' (c], ~! = 0
We con.'>ider Lhe elliptic curve over Lhe ring A ;\ which is given by Lhc. equation:
978-1-4799.{)324- /131$3L.OO @2013 IEEE
A. Notations
We denote Lhe elliptic curve over A;l by E;~.b , and we write:
B. Classification of elemellls of E;~.b
To have a clear idea on Lhe eUiptic curve E;.b• we can take a look on il.! elcmcnL~ and cia. ify them according to their projective coordinate! . lbis is the subject of the following proposi tion.
Proposition 1. Every element in E-~.b isofthefomz ( or (xc + yc2 : 1 : 0], where x, y E IF;\J.
: Y : 1)
We write: ~.b = {( : y : 1] E JP2(A;l) I {[xc + yf!l : 1 : 0] I x, y E IF.1J}.
;\+
Proof Let ( : Y : Z ) E E;.b , where , Y and Z E A.1. We have tv.'O cas~ for Z:
• Z inver tible: Lhen (X': Y : z] = ( z-': yz-': 1] ~ ( : Y: 1].
• Z non Invertible: so Z E 9Ji from lemma I; Lhen we have two case.~ for Y:
lmoertlble: [X: : Z] =[X - t : 1: Z _ ,]....,[X: 1: Z] . Since ( : 1 : Z) E E;.b• then
3 = Z(1 - a.X2 - bZ2 ), so 3 E 9Ji. 2
But ;\ = L x;;\c;\, E 9Ji implic.~ that xo3 = 0, i=O
then xo = 0 , th.is means that X' E 9Ji. So ;~ = x 0 ;l = 0, we deduce that Z = 0 and
= xc + yc2 , where x E IF;!•' and y E !Fa·'· At last, ( : Y : Z ] ~ (xc + y c2 : 1 : 0]
- Y non invertible: We have Y and Z E 9Ji, since:
;! = Z (Y 2 - aX2 - bZ2 ) E 9Ji
then xo;\ = 0 and so X' E 9Ji. We deduce that (X' : Y : Z ] i.~n ' t a projective point since (X', Y, Z) isn't a primitive Lriplc [5, pp. 104-1051.
0
C. The group law over E�,b After classifying the elements of E� b we will define the
group law on it. '
We first consider the canonical projection 7r defined by:
2 A3 � lF3d
L XiCi f------i Xo i=O
and the mapping K by :
E�,b [X : Y : Z]
Then, we are ready to define the group law on E� b. Theorem 1. Let P = [Xl : YI : Zl] and Q = [X2 : Y2 : Z2] two points in E�,b' and P + Q = [X3 : Y3 : Z3] :
• IfK (P) = K (Q) then:
X3 = yly22 Xl +YI2Y2X2+2aXI2 X2Y2+2aXIX22YI + 2ZlZ22abYI + 2Z12 Z2abY2.
Y3 yl2y22 + 2a2 Xl2 X22 + a2bXIZIZ22 + a2bX2Z12 Z2.
Z3 = aXIX2(YIZ2+Y2ZI)+a(XIY2+X2Yd(XIZ2+ X2Zd + YIY2(YIZ2 + Y2ZI).
• IfK (P) i= K (Q) then:
X3 2XIY2YIZ2 + Xly22Z1 + 2X2yl2Z2 + X2YIY2Z1 + 2aXl2 X2Z2 + aXlX22 Zl.
Y3 2yl2Y2Z2 + yly22Z1 + 2aXIX2YIZ2 + aXIX2Y2Z1 + 2aXl2Y2Z2 + aX22y1ZI.
Z3 = 2yl2 Z22 + y22 Zl2 + aXl2 Z22 + 2aX22 Z12.
Proof By using the explicit formulas in [4, pp. 236-238] we prove the theorem. D
Corollary 1. (E�,b' +) is a commutatiJ group with [0 : 1 : 0] as unity.
The group law is now defined on E� b' we will give some of its properties and morphisms defined' on it.
D. The K3 homomorphism
Theorem 2. Let X = X +X2c2, Y = Y +Y2c2, Z = Z + z2c2, a = a + a2c2 and b = b + b2c2 are elements in A3. If [X : Y : Z] E E�,b then:
y2Z = X3 + aX2Z + bZ3 - [AX2 + BY2 + CZ2 + D]c2
where A = aoxozo , B = 2yozo , C = Y02 - aox6 and D = 2a2x02z0 + 2b2z03.
Proof Since [X : Y : Z] E E�,b then:
y 2 Z = X3 + aX2 Z + bZ3,
so y2Z X3 + aX2Z + bZ3 + [a(xo2z2 + 2XOX2Z0) + a2x02z0]c2 + b2zo3c2, then: y2Z = X3 + aX2Z + bZ3 + [(a2xo2zo + b2z03) + (2aoXOZO)X2 - (2YOZO)Y2 + (aoxo2 - Y02)Z2]c2, and so, the theorem is proved. D
Definition 1. We define the map 7r3 as follows:
2 A3 �
L Xici f------i i=O
where c3 = 0 and 62 = o.
Lemma 4. 7r3 is a surjective morphism of ring s .
Lemma 5. The map:
E�b -4 [X : Y : Z] f------i
is a surjective homomorphism of groups.
Proof Let [X : Y : Z] E E�,b . • From theorem 2, we deduce that K3 is well defined.
Then, let Q = [X : Y : Z] E E;3(a),7r3(b)' where X = Xo + xl6, Y = Yo + Yl6 and Z = Zo + z16. We consider in IF 3d the equation:
Ax + By + Cz + D = k mod 3 (1)
where A, B, C and D are as in theorem 2. Since A, Band C are partial derivatives of the function F(X, Y, Z) = y 2 Z - X3 - aoX2 Z - bOZ3 at the point (xo, Yo, zo), and since [xo : Yo : zo] E E�o,bo (the elliptic curve over Al which is defined by the equation: F(X, Y, Z) = 0); then A, Band C can't be all null, so the equation (1) has at least a solution in lF3d3
which we denote (X2' Y2, Z2); then: P = [XO+XIC+X2c2 : YO+YIC+Y2c2 : ZO+ZIC+Z2c2] is in E� band K3 (P) = Q, and so:
• 7r3 is surjective.
Lemma 6. The mapping:
lF3d � x f------i
E�b [xc2 : 1. : 0]
is an injective morphism of groups.
Proof We have from proposition 1:
D
then:
• 83 is well defined. And since: [ls2 : 1 : 0] + [hs2 : 1 : 0] = [(I + h)S2 : 1 : 0], then:
• 83 is a morphism of groups. Now let l E IF 3d, we have: 83(l) = [0 : 1 : 0], which implies that l = 0, and so:
• 83 is injective.
Corollary 2. ker(1f3) = 83(IF3d).
Proof Let [ls2 : 1 : 0] E 83 (IF 3d) then, 1f3 ( [lS2 : 1 : 0]) = [0 : 1 : 0], and so:
• ker(1f3) � 83(IF3d).
Now let [X : Y : Z] E ker(1f3), then
D
1f3 ( [X : Y : Z]) = [0 : 1 : 0]; and by using the same notations as in theorem 2 we obtain: [X : Y : Z] = [0 : 1 : 0], then: X = 0, Z = 0, and Y is invertible in A2, so X = X2S2, Z = Z2S2 and Y is invertible in A3. We deduce that: [X : Y : Z] rv [X2S2 : 1 : Z2S2] E E� b' this means that: Z2S2 = 0; and so: [X : Y : Z] rv [X2S� : 1 : 0], then:
• ker(1fk) � 8k(IF3d). We conclude that ker(1fk) = 8k(IF3d). D
From corollary 2, we deduce the following corollary:
Corollary 3. The sequence :
k ( � ) i3 E3 7r3 E2
o ----7 er 7r3 � a,b ----'-7 7r3(a),7r3(b) ----70
is a short exact sequence which defines the group extension
E�,b of E;3(a),7r3(b) by Ker(1f3)' where i3 is the canonical
injection.
Remark 2. The last corollary allows us to calculate the
cardinal of E�,b depending on the cardinals of E;3(a),7r3(b) and ker(1f3).
After defining the elliptic curve over A3, the group law on it, including its properties and defining typical morphisms over E�,b' we will give some cryptographic applications on it.
III. CRYPTOGR APHIC APPLIC ATION
Let E� b be an elliptic curve over A3 and P E E� b of order I. We will use the subgroup (P) of E� b to encrypt and decrypt messages, and we denote G = (P). '
A. Coding of element of G We will give a code to each element Q = mP E G where
m E {I, ... ,I} defined as it follows: if Q = [xo + XIS + X2S2 : Yo + YIS + Y2S2 : zo] where
Xi, Yi E IF3d for i = 0,1 or 2 and Zo = 0 or 1. We set:
Xi = COi + CliO: + ... + C(d_l)io:d-1
Yi = fOi + hiO: + ... + f(d_l)io:d-l
where 0: is a primitive root of an irreducible polynomial of degree d over IF 3, and Cij ,fij E IF 3·
We code Q as it follows:
• If Zo = 1, then: Q = COOClO· .. C(d-l)OCOICn ... C(d-l)lCnCI2 ... C(d-l)2 fooflO'" f(d-l)ofn ... f(d-1)dodI2 ... f(d-I)21.
• If Zo = 0, then: Q = 0 ... OCOlCll ... C(d-I)ICllC12 ... C(d-I)210 ... 0 0 ... 00 ... 00.
Remark 3. The security of this encryption is based on the
discrete logarithm problem.
Now, we will give a cryptographic example which will illustrate the previous description of coding.
B. Example
Let a = (2 + 0:) + S + S2 and b = 1 + o:s + 2S2 two elements in A3, then: #E� b = 1 134 and #E� b-= 126. , a, Let P = [1 : 20: + o:s : 1] and G = (P). G is a subgroup of E� -b and #G = 42. a, ('VQ E G) (:3m E {I, ... ,42}) : Q = mP.
The coding results of the elliptic curve elements, will be found in the table I below.
Now, we are ready to encrypt and decrypt messages as described previously.
Encryption of a message:
Let the following message: "jns3 rabat"
Its encryption is:
112000010100100100010000002 102000102001122100101100121 010002200011121000201001100 000020100112010010220011000 0002010010011001002001
Decryption of a message:
Let the following message:
210100011000100100010000001 122000200001210100022000110 020002220010001001002001210 100022000100110010020010021 002001001210100011000121010 002200010011001002001100000 020100112210020220010112002 200001
Its decryption is:
"end of the talk"
Remark 4. With this application, we can encrypt and decrypt
any message of any length.
This application was implemented with Maple.
The following table brings together: the elements of the previous elliptic curve, their codes and the symbols attributed to them.
m 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
TABLE I TABLE OF CODES
code of mP Symbol 1000000201001 a 1201001 022001 b 0120001110001 c 1122000200001 d 2101000110001 e 0001001 002001 f 2211000001001 g 0021002001001 h 2100000212001 i 1120000101001 j 0112002200001 k 1221002022001 I 1001000120001 m 0010001000000 n 1002000222001 0 1211001000001 P 0101001120001 q 1121000201001 r 2102000102001 s 0011001002001 t 2211000000001 u 0011002001001 v 2102000201001 w 1121000102001 x 01 0 1002210001 Y 1211002000001 z 1002000111001 0 0020001000000 I 1001000210001 2 1221001011001 3 0112001100001 4 1120000202001 5 2100000121001 6 0021001002001 7 2211000002001 8 0001002001001 9 2101000220001 space 1122000100001 0120002220001 ? 1201002011001 ! 10000001 02001 , 0000001000000
IV. CONCLUSION
In this work we have defined the ring A3, given its properties, and used the elliptic curve defined on it to encrypt and
decrypt messages. We reveal that much remains to perform about the subject, we cite for example:
• Generalization of the ring An for the case n ?: 3. • Create new cryptosystems. • Discrete logarithm attack. • Cryptography over the elliptic curve defined over An.
REF ER ENC ES
[l] Abdelhakim Chillali, The j-invariant over E�, lnt. 1. Open Problems Compt. Math. Vol. 5, No. 4, December 2012, ISSN 1998-6262, Copyright ICSRS Publication, pp. 106-111,2012.
[2] My Hachem Hassib and Abdelhakim Chillali, Example of cryptography
over the ring IF 3d [ee] , ee2 = 0, Latest trends in Applied Informatics and Computing, pp.71-73, ISBN 978-1-61804-130-2, 2012.
[3] Abdelhakim Chillali, Elliptic curves of the ring IF q [ee] , een = 0, International Mathematical Forum, 2011.
[4] Wieb Bosma and Hendrik Willem Lenstra Junior, Complete system of two addition laws for elliptic curved, Journal of Number Theory, 1995.
[5] Hendrik Willem Lenstra Junior, Elliptic curves and number-theoretic algorithms, Processing of the International Congress of Mathematicians, Berkely, California, USA, 1986.
[6] Nicolas Meloni, Arithmetique pour la cryptographie basee sur les courbes elliptiques, These Doctorat, Univ. Montpellier II, Montpellier, France, 2007.
[7] Dan Boneh and Matt Franklin, Identity-Based Encryption from the Weil Pairing, Advances in Cryptology - CRYPTO 2001, Vol. 2139, chap. 13, pp. 213-229, Springer Berlin Heidelberg, ISBN 978-3-540-42456-7, 2001.
[8] Giray Komurcu and Erkay Savas, An efficient hardware implementation of the Tate pairing in characteristic three, Third International Conference on Systems, DOl 1O.109/ICONS.2008.27, IEEE 2008.