Special Ideal Ring A3 and Cryptography My Hachem HASSIB

Moulay I smail Univcr.>ity FSTE

Errachid.ia, Moroeco hachcm7 1 gmail.com

Abdelhak.im CHILLAU SMBA

Mohamed Abdou ELOMARY Moulay I smail Univer.>ity

FSTE FSf Fez, Mor()tt()

chil2007@voilaJr Errachid.ia, Morocco

elomaryabdou yahoo.fr

Abstract-I.n [l) and [2) we defined the elliptic curve o er the ring J:13 J[e], e = 0. In this work we will give some properties or the clliptic curve o er the special ideal ring of characteristic 3,

:1 = F3 ,r[e] ,€3 = 0, and an application in cryptography. Our rutu.re \lUrk \ ill rocus on the stud or the general case or these ring.~. wh.ich seen1 to be beneficial and interesting in cryptography, specially the one based on the identity (ffiE) [6) , [1), [8).

Index Terms-Elliptic curve, finite ring, characteristic 3, cryp­tograph, .

IN RODUCTlON

Let d be a po.~itive integer. \Ve consider Lhe quotient ring A,. = IF;!J( ]/( "), where IF;\J is Lhc. llnite field of order :~u. and n ~ a. Then the ring A, is identilled lO the ring IF3.r(c),c" = 0. So we have:

fl-1

A, = {L x,c; I (x;)6 .,,.,,_, E IF;!•' and c" = 0} !JJ, (3]. i=O

I. TH RING IF;!J(c],c" = 0

Similar a, in [31 we have Lhe following lemmas:

?t-1

Lemma 1. Let = L x;c;. i=O

is inlllmible in A,. if and only if xo f. 0.

Lemma 2. A11 is a local ring, its matima! ideal is 9Ji = (c).

Lemma 3. A, is a vector !>pace over IF;\J, mzd (1, c, ... , c"- 1)

is a basis of .4,.

Remark 1. We denote 11 = (c1 ), where j = 1, ... , n - l then: (11 ), s1 .,;11 - l is a decnwsing sequence of ideals of A,. and 11 = 9Ji, so:

9Ji = I, 2 h. ... 2 f .. _,_

II . ELLIPTIC CURVES OVER THE RING IF;!•' (c], ~! = 0

We con.'>ider Lhe elliptic curve over Lhe ring A ;\ which is given by Lhc. equation:

978-1-4799.{)324- /131$3L.OO @2013 IEEE

A. Notations

We denote Lhe elliptic curve over A;l by E;~.b , and we write:

B. Classification of elemellls of E;~.b

To have a clear idea on Lhe eUiptic curve E;.b• we can take a look on il.! elcmcnL~ and cia. ify them according to their projective coordinate! . lbis is the subject of the following proposi tion.

Proposition 1. Every element in E-~.b isofthefomz ( or (xc + yc2 : 1 : 0], where x, y E IF;\J.

: Y : 1)

We write: ~.b = {( : y : 1] E JP2(A;l) I {[xc + yf!l : 1 : 0] I x, y E IF.1J}.

;\+

Proof Let ( : Y : Z ) E E;.b , where , Y and Z E A.1. We have tv.'O cas~ for Z:

• Z inver tible: Lhen (X': Y : z] = ( z-': yz-': 1] ~ ( : Y: 1].

• Z non Invertible: so Z E 9Ji from lemma I; Lhen we have two case.~ for Y:

lmoertlble: [X: : Z] =[X - t : 1: Z _ ,]....,[X: 1: Z] . Since ( : 1 : Z) E E;.b• then

3 = Z(1 - a.X2 - bZ2 ), so 3 E 9Ji. 2

But ;\ = L x;;\c;\, E 9Ji implic.~ that xo3 = 0, i=O

then xo = 0 , th.is means that X' E 9Ji. So ;~ = x 0 ;l = 0, we deduce that Z = 0 and

= xc + yc2 , where x E IF;!•' and y E !Fa·'· At last, ( : Y : Z ] ~ (xc + y c2 : 1 : 0]

- Y non invertible: We have Y and Z E 9Ji, since:

;! = Z (Y 2 - aX2 - bZ2 ) E 9Ji

then xo;\ = 0 and so X' E 9Ji. We deduce that (X' : Y : Z ] i.~n ' t a projec­tive point since (X', Y, Z) isn't a primitive Lriplc [5, pp. 104-1051.

0

C. The group law over E�,b After classifying the elements of E� b we will define the

group law on it. '

We first consider the canonical projection 7r defined by:

2 A3 � lF3d

L XiCi f------i Xo i=O

and the mapping K by :

E�,b [X : Y : Z]

Then, we are ready to define the group law on E� b. Theorem 1. Let P = [Xl : YI : Zl] and Q = [X2 : Y2 : Z2] two points in E�,b' and P + Q = [X3 : Y3 : Z3] :

• IfK (P) = K (Q) then:

X3 = yly22 Xl +YI2Y2X2+2aXI2 X2Y2+2aXIX22YI + 2ZlZ22abYI + 2Z12 Z2abY2.

Y3 yl2y22 + 2a2 Xl2 X22 + a2bXIZIZ22 + a2bX2Z12 Z2.

Z3 = aXIX2(YIZ2+Y2ZI)+a(XIY2+X2Yd(XIZ2+ X2Zd + YIY2(YIZ2 + Y2ZI).

• IfK (P) i= K (Q) then:

X3 2XIY2YIZ2 + Xly22Z1 + 2X2yl2Z2 + X2YIY2Z1 + 2aXl2 X2Z2 + aXlX22 Zl.

Y3 2yl2Y2Z2 + yly22Z1 + 2aXIX2YIZ2 + aXIX2Y2Z1 + 2aXl2Y2Z2 + aX22y1ZI.

Z3 = 2yl2 Z22 + y22 Zl2 + aXl2 Z22 + 2aX22 Z12.

Proof By using the explicit formulas in [4, pp. 236-238] we prove the theorem. D

Corollary 1. (E�,b' +) is a commutatiJ group with [0 : 1 : 0] as unity.

The group law is now defined on E� b' we will give some of its properties and morphisms defined' on it.

D. The K3 homomorphism

Theorem 2. Let X = X +X2c2, Y = Y +Y2c2, Z = Z + z2c2, a = a + a2c2 and b = b + b2c2 are elements in A3. If [X : Y : Z] E E�,b then:

y2Z = X3 + aX2Z + bZ3 - [AX2 + BY2 + CZ2 + D]c2

where A = aoxozo , B = 2yozo , C = Y02 - aox6 and D = 2a2x02z0 + 2b2z03.

Proof Since [X : Y : Z] E E�,b then:

y 2 Z = X3 + aX2 Z + bZ3,

so y2Z X3 + aX2Z + bZ3 + [a(xo2z2 + 2XOX2Z0) + a2x02z0]c2 + b2zo3c2, then: y2Z = X3 + aX2Z + bZ3 + [(a2xo2zo + b2z03) + (2aoXOZO)X2 - (2YOZO)Y2 + (aoxo2 - Y02)Z2]c2, and so, the theorem is proved. D

Definition 1. We define the map 7r3 as follows:

2 A3 �

L Xici f------i i=O

where c3 = 0 and 62 = o.

Lemma 4. 7r3 is a surjective morphism of ring s .

Lemma 5. The map:

E�b -4 [X : Y : Z] f------i

is a surjective homomorphism of groups.

Proof Let [X : Y : Z] E E�,b . • From theorem 2, we deduce that K3 is well defined.

Then, let Q = [X : Y : Z] E E;3(a),7r3(b)' where X = Xo + xl6, Y = Yo + Yl6 and Z = Zo + z16. We consider in IF 3d the equation:

Ax + By + Cz + D = k mod 3 (1)

where A, B, C and D are as in theorem 2. Since A, Band C are partial derivatives of the func­tion F(X, Y, Z) = y 2 Z - X3 - aoX2 Z - bOZ3 at the point (xo, Yo, zo), and since [xo : Yo : zo] E E�o,bo (the elliptic curve over Al which is defined by the equation: F(X, Y, Z) = 0); then A, Band C can't be all null, so the equation (1) has at least a solution in lF3d3

which we denote (X2' Y2, Z2); then: P = [XO+XIC+X2c2 : YO+YIC+Y2c2 : ZO+ZIC+Z2c2] is in E� band K3 (P) = Q, and so:

• 7r3 is surjective.

Lemma 6. The mapping:

lF3d � x f------i

E�b [xc2 : 1. : 0]

is an injective morphism of groups.

Proof We have from proposition 1:

D

then:

• 83 is well defined. And since: [ls2 : 1 : 0] + [hs2 : 1 : 0] = [(I + h)S2 : 1 : 0], then:

• 83 is a morphism of groups. Now let l E IF 3d, we have: 83(l) = [0 : 1 : 0], which implies that l = 0, and so:

• 83 is injective.

Corollary 2. ker(1f3) = 83(IF3d).

Proof Let [ls2 : 1 : 0] E 83 (IF 3d) then, 1f3 ( [lS2 : 1 : 0]) = [0 : 1 : 0], and so:

• ker(1f3) � 83(IF3d).

Now let [X : Y : Z] E ker(1f3), then

D

1f3 ( [X : Y : Z]) = [0 : 1 : 0]; and by using the same notations as in theorem 2 we obtain: [X : Y : Z] = [0 : 1 : 0], then: X = 0, Z = 0, and Y is invertible in A2, so X = X2S2, Z = Z2S2 and Y is invertible in A3. We deduce that: [X : Y : Z] rv [X2S2 : 1 : Z2S2] E E� b' this means that: Z2S2 = 0; and so: [X : Y : Z] rv [X2S� : 1 : 0], then:

• ker(1fk) � 8k(IF3d). We conclude that ker(1fk) = 8k(IF3d). D

From corollary 2, we deduce the following corollary:

Corollary 3. The sequence :

k ( � ) i3 E3 7r3 E2

o ----7 er 7r3 � a,b ----'-7 7r3(a),7r3(b) ----70

is a short exact sequence which defines the group extension

E�,b of E;3(a),7r3(b) by Ker(1f3)' where i3 is the canonical

injection.

Remark 2. The last corollary allows us to calculate the

cardinal of E�,b depending on the cardinals of E;3(a),7r3(b) and ker(1f3).

After defining the elliptic curve over A3, the group law on it, including its properties and defining typical morphisms over E�,b' we will give some cryptographic applications on it.

III. CRYPTOGR APHIC APPLIC ATION

Let E� b be an elliptic curve over A3 and P E E� b of order I. We will use the subgroup (P) of E� b to encrypt and decrypt messages, and we denote G = (P). '

A. Coding of element of G We will give a code to each element Q = mP E G where

m E {I, ... ,I} defined as it follows: if Q = [xo + XIS + X2S2 : Yo + YIS + Y2S2 : zo] where

Xi, Yi E IF3d for i = 0,1 or 2 and Zo = 0 or 1. We set:

Xi = COi + CliO: + ... + C(d_l)io:d-1

Yi = fOi + hiO: + ... + f(d_l)io:d-l

where 0: is a primitive root of an irreducible polynomial of degree d over IF 3, and Cij ,fij E IF 3·

We code Q as it follows:

• If Zo = 1, then: Q = COOClO· .. C(d-l)OCOICn ... C(d-l)lCnCI2 ... C(d-l)2 fooflO'" f(d-l)ofn ... f(d-1)dodI2 ... f(d-I)21.

• If Zo = 0, then: Q = 0 ... OCOlCll ... C(d-I)ICllC12 ... C(d-I)210 ... 0 0 ... 00 ... 00.

Remark 3. The security of this encryption is based on the

discrete logarithm problem.

Now, we will give a cryptographic example which will illustrate the previous description of coding.

B. Example

Let a = (2 + 0:) + S + S2 and b = 1 + o:s + 2S2 two elements in A3, then: #E� b = 1 134 and #E� b-= 126. , a, Let P = [1 : 20: + o:s : 1] and G = (P). G is a subgroup of E� -b and #G = 42. a, ('VQ E G) (:3m E {I, ... ,42}) : Q = mP.

The coding results of the elliptic curve elements, will be found in the table I below.

Now, we are ready to encrypt and decrypt messages as described previously.

Encryption of a message:

Let the following message: "jns3 rabat"

Its encryption is:

112000010100100100010000002 102000102001122100101100121 010002200011121000201001100 000020100112010010220011000 0002010010011001002001

Decryption of a message:

Let the following message:

210100011000100100010000001 122000200001210100022000110 020002220010001001002001210 100022000100110010020010021 002001001210100011000121010 002200010011001002001100000 020100112210020220010112002 200001

Its decryption is:

"end of the talk"

Remark 4. With this application, we can encrypt and decrypt

any message of any length.

This application was implemented with Maple.

The following table brings together: the elements of the previous elliptic curve, their codes and the symbols attributed to them.

m 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42

TABLE I TABLE OF CODES

code of mP Symbol 1000000201001 a 1201001 022001 b 0120001110001 c 1122000200001 d 2101000110001 e 0001001 002001 f 2211000001001 g 0021002001001 h 2100000212001 i 1120000101001 j 0112002200001 k 1221002022001 I 1001000120001 m 0010001000000 n 1002000222001 0 1211001000001 P 0101001120001 q 1121000201001 r 2102000102001 s 0011001002001 t 2211000000001 u 0011002001001 v 2102000201001 w 1121000102001 x 01 0 1002210001 Y 1211002000001 z 1002000111001 0 0020001000000 I 1001000210001 2 1221001011001 3 0112001100001 4 1120000202001 5 2100000121001 6 0021001002001 7 2211000002001 8 0001002001001 9 2101000220001 space 1122000100001 0120002220001 ? 1201002011001 ! 10000001 02001 , 0000001000000

IV. CONCLUSION

In this work we have defined the ring A3, given its proper­ties, and used the elliptic curve defined on it to encrypt and

decrypt messages. We reveal that much remains to perform about the subject, we cite for example:

• Generalization of the ring An for the case n ?: 3. • Create new cryptosystems. • Discrete logarithm attack. • Cryptography over the elliptic curve defined over An.

REF ER ENC ES

[l] Abdelhakim Chillali, The j-invariant over E�, lnt. 1. Open Problems Compt. Math. Vol. 5, No. 4, December 2012, ISSN 1998-6262, Copyright ICSRS Publication, pp. 106-111,2012.

[2] My Hachem Hassib and Abdelhakim Chillali, Example of cryptography

over the ring IF 3d [ee] , ee2 = 0, Latest trends in Applied Informatics and Computing, pp.71-73, ISBN 978-1-61804-130-2, 2012.

[3] Abdelhakim Chillali, Elliptic curves of the ring IF q [ee] , een = 0, Interna­tional Mathematical Forum, 2011.

[4] Wieb Bosma and Hendrik Willem Lenstra Junior, Complete system of two addition laws for elliptic curved, Journal of Number Theory, 1995.

[5] Hendrik Willem Lenstra Junior, Elliptic curves and number-theoretic algorithms, Processing of the International Congress of Mathematicians, Berkely, California, USA, 1986.

[6] Nicolas Meloni, Arithmetique pour la cryptographie basee sur les courbes elliptiques, These Doctorat, Univ. Montpellier II, Montpellier, France, 2007.

[7] Dan Boneh and Matt Franklin, Identity-Based Encryption from the Weil Pairing, Advances in Cryptology - CRYPTO 2001, Vol. 2139, chap. 13, pp. 213-229, Springer Berlin Heidelberg, ISBN 978-3-540-42456-7, 2001.

[8] Giray Komurcu and Erkay Savas, An efficient hardware implementation of the Tate pairing in characteristic three, Third International Conference on Systems, DOl 1O.109/ICONS.2008.27, IEEE 2008.