
Our aim is to prove some new fixed point theorems for a hybrid pair of multivalued α∗-dominated mappings involving a generalized Q-contraction in a complete modular-like metric space. Further results involving graphic contractions for a pair of multi-graph dominated mappings have been considered. Applying our obtained results, we resolve a system of nonlinear integral equations.
Citation: Tahair Rasham, Muhammad Nazam, Hassen Aydi, Abdullah Shoaib, Choonkil Park, Jung Rye Lee. Hybrid pair of multivalued mappings in modular-like metric spaces and applications[J]. AIMS Mathematics, 2022, 7(6): 10582-10595. doi: 10.3934/math.2022590
[1] | Huawei Huang, Xin Jiang, Changwen Peng, Geyang Pan . A new semiring and its cryptographic applications. AIMS Mathematics, 2024, 9(8): 20677-20691. doi: 10.3934/math.20241005 |
[2] | B. Amutha, R. Perumal . Public key exchange protocols based on tropical lower circulant and anti circulant matrices. AIMS Mathematics, 2023, 8(7): 17307-17334. doi: 10.3934/math.2023885 |
[3] | Aleksejus Mihalkovich . On the security of the STR key exchange protocol. AIMS Mathematics, 2025, 10(2): 1967-1980. doi: 10.3934/math.2025092 |
[4] | Limin Zhou, Qiuyang Wang . Simple PKE schemes from the TSPEM problem. AIMS Mathematics, 2024, 9(8): 22197-22212. doi: 10.3934/math.20241079 |
[5] | Julian Osorio, Carlos Trujillo, Diego Ruiz . Construction of a cryptographic function based on Bose-type Sidon sets. AIMS Mathematics, 2024, 9(7): 17590-17605. doi: 10.3934/math.2024855 |
[6] | Kun Liu, Chunming Tang . Privacy-preserving Naive Bayes classification based on secure two-party computation. AIMS Mathematics, 2023, 8(12): 28517-28539. doi: 10.3934/math.20231459 |
[7] | Hengbin Zhang . Automorphism group of the commuting graph of 2×2 matrix ring over Zps. AIMS Mathematics, 2021, 6(11): 12650-12659. doi: 10.3934/math.2021729 |
[8] | Rinko Miyazaki, Dohan Kim, Jong Son Shin . Uniform boundedness of solutions to linear difference equations with periodic forcing functions. AIMS Mathematics, 2023, 8(10): 24116-24131. doi: 10.3934/math.20231229 |
[9] | Yongge Tian . Miscellaneous reverse order laws and their equivalent facts for generalized inverses of a triple matrix product. AIMS Mathematics, 2021, 6(12): 13845-13886. doi: 10.3934/math.2021803 |
[10] | Bilal A. Rather, Fawad Ali, Nasim Ullah, Al-Sharef Mohammad, Anwarud Din, Sehra . Aα matrix of commuting graphs of non-abelian groups. AIMS Mathematics, 2022, 7(8): 15436-15452. doi: 10.3934/math.2022845 |
Our aim is to prove some new fixed point theorems for a hybrid pair of multivalued α∗-dominated mappings involving a generalized Q-contraction in a complete modular-like metric space. Further results involving graphic contractions for a pair of multi-graph dominated mappings have been considered. Applying our obtained results, we resolve a system of nonlinear integral equations.
Since the groundbreaking paper [1] by W. Diffie and M. Hellman, the branch of public key cryptography has greatly developed. A simple idea of using a pair of keys, a private key PrK and a public key PuK, to produce a common key is nowadays widely applied to encrypt a message.
The general idea of the Diffie-Hellman (DH) key exchange protocol (KEP) uses the notion of a cyclic group G of order |G| together with two operations: a group operation ∗ and the multiplication by a scalar, which we denote as gα=g∗g∗…∗g, where g∈G and α is a scalar chosen from the ring of integers Z|G|. In the context of DH KEP, the group operation is the multiplication of group elements and the multiplication by a scalar is the exponentiation. Having agreed on the cyclic group G and its generator g, two entities of the protocol, generally called Alice and Bob, perform the following actions to obtain a shared key [1]:
● Alice chooses at random a scalar α∈Z|G| and calculates a=gα. Her private key is PrKA=α and her public key is PuKA=a.
● Bob chooses at random a scalar β∈Z|G| and calculates b=gβ. His private key is PrKB=β and his public key is PuKB=b.
● Alice and Bob swap their public keys PuKA and PuKB.
● Alice calculates the shared key as bα whereas Bob computes aβ. The result is a shared key k0=gαβ.
Note here and elsewhere in this paper that the random choice is uniform in the appropriate set, e.g., α and β are independent random variables uniformly distributed in Z|G|.
The security of DH KEP relies on the difficulty of calculating the discrete logarithm of the public key, say a, base g. The importance of this problem can be seen from the security game—an interaction between the attacker A and the challenger C, where the goal of A is to gain any kind of valuable information to predict the outcome of actions performed by the challenger with a probability significantly different from the coin toss experiment. The following security game is aimed at distinguishing between the shared key k0 and a random element k1∈G [2]:
Security Game 1. Let the cyclic group G and its generator g be fixed. For the randomly chosen value of δ∈{0,1}, we define following experiment:
(1) The challenger C generates the private keys of both Alice and Bob, PrKA=α and PrKB=β, respectively.
(2) C generates public keys a=gα and b=gβ.
(3) If δ=0, then C calculates the shared key k0=gαβ.
(4) If δ=1, then C generates a random value γ and computes k1=gγ.
(5) The challenger sends the triplet (a,b,kδ) to A.
Relying on the obtained data, A outputs a guess δA. He wins the game if δ=δA.
The presented security game is a basis of the decisional Diffie-Hellman (DDH) assumption, i.e., given the public key of Alice and Bob, the attacker A cannot distinguish between their shared key k0=gαβ and a random element k1∈G with a probability significantly different from 12.
Security Game 1 can also be generalized to restrict the domain of the secret elements, e.g., by using polynomials [3]. Furthermore, instead of the standard exponentiation, any conjectured one-way function (OWF) y=φ(x) can be used. Denoting the set of all possible arguments of φ by X and the set of all possible values by Y we obtain the following general form of the DH KEP:
● Alice randomly chooses her private key α∈X. Her public key is a=φ(α);
● Bob randomly chooses his private key β∈X. His public key is b=φ(β);
● Using the mathematical properties of the OWF φ and a binary operation ∗ defined in X, Alice and Bob agree on the shared key k0=φ(α∗β).
The generalized decisional Diffie-Hellman assumption states that, given the public keys of Alice and Bob, A cannot distinguish between the shared key k0=φ(α∗β) and the imitation key k1=φ(γ), where γ∈X is randomly chosen.
Note that if A can solve the discrete logarithm problem (DLP), i.e., if he can find such a scalar ˆα that gˆα=a (or, more generally, φ(α)=a), then he wins with probability P[δ=δA]=1, since he can simply check if bˆα=kδ (a similar action can be performed in the general case). For this reason, the sets X and Y have to be large enough to ensure that the DLP is hard to solve in reasonable time. This problem is also related to the computational Diffie-Hellman (CDH) assumption, which states that it is hard for A to calculate the shared key k0=φ(α∗β) given public keys a,b∈Y of Alice and Bob.
Shortly after DH KEP, another widely used idea was introduced by R. Rivest, A. Shamir, and L. Adleman in [4]. The security of their proposal is based on the integer factorization problem (IFP), i.e., finding the prime factors p,q of a composite integer n=pq.
However, in his paper [5], P. Shor has shown that both DLP and IFP can be solved in polynomial time using quantum computers. Therefore, due to constant developments in this area, we are on the verge of extinction of cryptosystems based on these problems, meaning that the days of DH KEP and RSA are numbered. The thread is so serious that in 2016 the National Institute of Standards and Technology (NIST) announced a call for proposals of quantum-safe cryptographic schemes for their future standardization [6]. As of 2022, three digital signature algorithms and one public-key encryption algorithm have been selected as finalists [7]. Three out of four of these algorithms are based on hard mathematical problems in lattices whereas the SPHINCS+ is based on the security of hash functions. Furthermore, the development of quantum-safe algorithms continues [8].
One of the cryptographic primitives developed in the early days of quantum-secure algorithm research was presented by a group of Korean researchers in [9]. The authors used a conjugation relation in the so-called braid group as a basis of their KEP. This is one of the first examples of a KEP based on a conjugation search problem (CSP) defined in a non-commuting group. Interestingly enough, the conjugation relation resembles exponentiation in the following way: if x and y are two commuting elements of a non-commuting group G and g∈G is random, then
xywy−1x−1=yxwx−1y−1=(xy)w(xy)−1. |
In fact, we have just presented the expression for the shared key k0 of the Ko-Lee KEP. Moreover, we have the private keys PrKA=x, PrKB=y and the public keys can be written as PuKA=gx and PuKB=gy, where we use the notation gx=xgx−1. Therefore, k0=gxy and we can adapt the Security Game 1 to fit the Ko-Lee protocol with minor changes:
Security Game 2. Let the non-commuting group G, its commuting subgroup H, and an element g∈G∖H be fixed. For the randomly chosen value of δ∈{0,1}, we define following experiment:
(1) The challenger C generates the private keys of both Alice and Bob, x∈H and y∈H, respectively.
(2) C generates public keys a=gx and b=gy.
(3) If δ=0, then C calculates the shared key k0=gxy.
(4) If δ=1, then C generates a random value z∈H and computes the imitation key k1=gz.
(5) The challenger sends the triplet (a,b,kδ) to A.
Relying on the obtained data, A outputs a guess δA. He wins the game if δ=δA.
Unfortunately, this proposal suffered a failure due to the result by V. Shpilrain, who showed in [10] that CSP is unnecessary and insufficient to ensure the security of Ko-Lee protocol. In fact, CSP can be replaced by a double coset problem, i.e. the attacker A can swap the private key PrKA=x for a pair (x1,x2) such that x1,x2∈H and a=x1gx2, and win Security Game 2 by finding this pair rather than the original key.
Since 2007, E. Sakalauskas together with coauthors has been developing cryptographic primitives using non-commuting algebraic structures. Recent work in this field is devoted to the study of one particular highly non-linear mapping called the matrix power function (MPF). This mapping was first introduced by E. Sakalauskas in [11]. During these years, we demonstrated various applications of MPF in symmetric and asymmetric cryptography. However, early protocols presented in [11] and [12] were broken using methods of linear algebra in [13]. Though in papers [14] and [15], we were able to fix the flaws found by the authors of [13], and recently we turned our attention to sampling the base matrix entries from non-commuting groups.
In our recent papers, we have presented a KEP [16] and the sigma identification protocol [17] based on MPF defined over the non-commuting modular group generally denoted by M2t. Our previous results have shown some promise that the proposed cryptographic primitives might be quantum-safe [16]. In this paper, we aim to formalize the previously presented results by adapting Security Game 1 to fit our proposal. Furthermore, we present the theoretical results on the distribution of the public key entries. We also back up these results by statistical research which demonstrates that the attacker A cannot distinguish the shared key from an imitation key.
Let us recall definitions of the MPF mapping and the family of non-commuting groups we use in this paper.
Formally, MPF is a mapping acting on matrices in a way similar to classic matrix multiplication. However, instead of addition and multiplication operations defined for group elements, similarly to DH KEP, we use a group operation along with multiplication by a scalar. This way, we can randomly sample the entries of the base matrix from a multiplicative group G without a need to define another group operation other than the one defined already. We call G a platform group. We also denote the set of m×m matrices with entries from G by Gm×m.
The multiplication by a scalar operation is defined exactly as DH KEP suggests, i.e., for any element g∈G and a scalar α, we define gα=g∗g∗…∗g, i.e., g is multiplied by itself α times. As in the case of DH KEP, the scalars are randomly chosen from the ring of integers Z|G|. We refer to it as a power ring.
Using these operations, we can define one-sided MPFs as well as the two-sided MPF as follows [11]:
Definition 1. Let W∈Gm×m and X∈Zm×m|G|. The left-sided MPF is an action LMPF(X,W):Zm×m|G|×Gm×m→Gm×m denoted as
XW=EL, | (2.1) |
where the entries of LMPF value matrix EL are calculated as follows:
(eL)ij=m∏k=1wxikkj. |
Definition 2. Let W∈Gm×m and Y∈Zm×m|G|. The right-sided MPF is an action RMPF(W,Y):Gm×m×Zm×m|G|→Gm×m denoted as
WY=ER, | (2.2) |
where the entries of MPF value matrix ER are calculated as follows:
(eR)ij=m∏k=1wykjik. |
Definition 3. Let W∈Gm×m and X,Y∈Zm×m|G|. The two-sided MPF is an action MPF(X,W,Y):Zm×m|G|×Gm×m×Zm×m|G|→Gm×m denoted as
XWY=E, | (2.3) |
where the entries of MPF value matrix E are calculated as follows:
eij=m∏k=1m∏l=1wxikyljkl. |
It has been previously shown in [11] that for a commuting platform group G, the two-sided MPF can be defined in terms of one-sided MPFs due to the associativity property, i.e.,
(XW)Y=X(WY)=XWY. | (2.4) |
However, if G is non-commuting, then in general Eq (2.4), does not hold. This is one of the key features of the MPF mapping which we use in our research to inflict restrictions on the public parameters of our KEP.
We also emphasize the importance of the two operations used in the definition of MPF as opposed to the classic matrix multiplication, i.e., one group operation and a multiplication by a scalar as opposed to two group operations. This fact was previously misinterpreted by M. Durcheva in her paper [18]. She used a tropical group as a platform. However, she also used the same ring R to define both the tropical semiring ⟨R,min,+⟩ and the semiring of scalars, i.e., entries of power matrices are in R. Therefore, she essentially used two group operations of ⟨R,+,⋅⟩ to define her version of MPFs, since '+' comes from the tropical semiring as a "multiplication" action and the '⋅' comes from 'exponentiation' by a scalar from R (see the toy example in [18]). This choice of operations turns her mappings into simple matrix multiplications rather than MPFs in a sense presented here. Due to the simplicity of operations used in [18], it took less than a year to break her proposal [19]. However, one could use, for example elliptic curves with multiplication by a scalar to define an MPF mapping. Interestingly enough, the above definitions would exactly match the classic matrix multiplication in notation, but would still be considered MPFs due to a group operation of elliptic curves (addition), and the multiplication by a scalar. While extra research might be needed, we think that the security of a KEP based on MPF defined over elliptic curves leaves much to be desired since it is similar to the schemes presented in [11] and [12]. Therefore, linear algebra can be used to compromise the scheme due to the existence of the discrete logarithm mapping in elliptic curves.
Let us also consider another example, namely a group of invertible integers modulo n=pk11pk22…pkrr denoted as Z∗n. Notably, the group Z∗n is not cyclic and hence it may seem that defining a discrete logarithm mapping is not possible. However, all of the groups Z∗pkjj, where j=1,2,…r are cyclic and hence the Chinese remainder theorem can be used to define an analog of a discrete logarithm mapping by considering a Cartesian product Z∗pk11×Z∗pk22×…×Z∗pkrr which is isomorphic to the original group. Therefore, for any element w∈Z∗n, we can define a mapping dlogg1,g2,…,gr(w) as follows:
dlogg1,g2,…,gr(w)=(dlogg1(w mod pk11),dlogg2(w mod pk22),…,dloggr(w mod pkrr)), | (2.5) |
where gj generates the group Z∗pkjj. This mapping along with several facts from number theory and linear algebra can be used to break the MPF-based schemes if Z∗n is used as a platform group.
To prevent applications of these attacks to our new schemes, we use non-commuting platform groups to define MPFs. Currently our attention has turned to the family of modular cyclic groups denoted by M2t and defined in the following way (e is the identity of this group) [20]:
M2t=⟨a,b|a2t−1=e,b2=e,ab=ba2t−2+1⟩. | (2.6) |
We can see from the presented definition that the generators a and b do not commute. Furthermore, the group M2t contains exactly 2t elements and the maximal multiplicative order is 2t−1. Therefore, the multiplication by a scalar operation uses integers from Z2t−1.
Despite the word 'cyclic' in its name, there is no single element that would generate the whole group as opposed to, for example the ring of integers Zp, where p is a prime number. Moreover, due to results presented in [21,22,23], these groups cannot be split into a product of two or more cyclic groups. Hence no mapping analog of the discrete logarithm can be defined in the considered family of groups as opposed to the examples presented above.
However, in order to define a working scheme, we make use of the following two cyclic subgroups of maximal multiplicative order:
⟨a⟩={e,a,a2,…,a2t−1−1}, | (2.7) |
⟨ba⟩={e,ba,(ba)2,…,(ba)2t−1−1}. | (2.8) |
Note that the elements from distinct subgroups in general do not commute. However, they both share even powers of a, which make up a half of the elements in each subgroup.
In the next section, we present the key exchange protocol previously presented in [16]. We slightly modify the previous version of our protocol to make the proof of validity more clear. Furthermore, the natural restrictions on the public power matrices are modified to be more convenient to work with.
We assume that Alice and Bob have agreed on a platform group M2t. The base matrix W is chosen at random to fit the following form:
Template 1. Choose the base matrix W so that
W=(ba2ω11+1aω12⋯bα1ca2ω1c+α1c⋯ba2ω1m+1a2ω21aω22⋯bα2ca2ω2c+α2c⋯a2ω2m⋯⋯⋯⋯⋯⋯a2ωi1aωi2⋯bαica2ωic+αic⋯a2ωim⋯⋯⋯⋯⋯⋯a2ω(m−1)1⋯⋯⋯⋯a2ω(m−1)mba2ωm1+1aωm2⋯bαmca2ωmc+αmc⋯ba2ωmm+1). | (3.1) |
We can see that each column of matrix W consists of commuting entries chosen from one of two cyclic subgroups ⟨a⟩ or ⟨ba⟩ defined above. However, in general, the entries of matrix W do not commute. Also note that we fixed the parity of powers of generators a and b in the first and last columns. We use this fact to choose an appropriate template for the left power matrices.
Template 2. Choose matrix X in Eq (2.1) so that
∀i=1,2,…,m:xi1+xim≡0 mod 2. | (3.2) |
We also use the c-th column to define a template for right power matrices.
Template 3. Choose matrix Y in Eq (2.2) so that
∀j=1,2,…m:ycj≡0 mod 2. | (3.3) |
Note that due to Template 2, by left exponentiating by X we obtain an intermediate matrix XW with its entries aside from those in the c-th column distributed in the cyclic subgroup ⟨a⟩, whereas the entries of the c-th column are distributed in ⟨ba⟩. In other words, left exponentiation is performed with commuting entries. Also note that due to Template 3, during right exponentiation by Y, we deal with commuting entries as well, since for any value of αic, we have (bαica2ωic+αic)ycj∈⟨a⟩.
An important fact to note is that we perform actions with commuting entries as long as we choose power matrices X and Y according to the defined templates and perform exponentiations by X and Y in that particular order.
Obviously, power matrices, satisfying either of the defined templates, are singular modulo 2 and hence non-invertible modulo 2t. Proof of this fact is trivial and follows directly from the basic properties of the determinant and modular arithmetic.
Let us now assume that Alice and Bob desire to agree on a common key. Publicly known parameters are the following:
● square base m×m matrix W defined over M2t and satisfying Template 1;
● square power m×m matrices L and R defined over Z2t−1 satisfying Templates 2 and 3 respectively.
Alice performs the following actions to generate private and public data:
(1) She chooses at random a vector of 2m coefficients α=(α11,α12,…,α1m,α21,α22,…,α2m) and uses it to calculate two matrices as polynomials of L and R, respectively:
X=α11L+α12L2+…+α1mLm,Y=α21R+α22R2+…+α2mRm. |
(2) She then uses the obtained values of X and Y to calculate matrix A=(XW)Y.
Upon completing these steps, Alice acquires her protocol data: private key PrKA=α and her public session parameter PuKA=A. Alternatively, the pair (X,Y) can be kept as a private key for faster execution. As usual, Alice sends her public session parameter to Bob.
Bob performs actions similar to Alice's to obtain his data:
(1) He chooses at random a vector β=(β11,β12,…,β2m) and uses it to calculate two matrices as polynomials of L and R, respectively:
U=β11L+β12L2+…+β1mLm,V=β21R+β22R2+…+β2mRm. |
(2) He uses the obtained values of U and V to calculate matrix B=(UW)V.
Bob now has his private key PrKB=β and his public session parameter PuKB=B, which is sent to Alice.
Alice can use Bob's public session parameter to obtain the following result:
KA=(XB)Y. | (3.4) |
Similarly, Bob can use Alice's public session parameter to obtain a matrix
KB=(UA)V. | (3.5) |
Since Alice and Bob have two pairs of commuting matrices, i.e.,
XU=UX,YV=VY, |
they have agreed on a common key K=KA=KB.
The proof of validity of the presented protocol relies on the fact that exponentiations are performed with commuting entries. First, due to Template 2 and since UX=XU, we have
U((XW)Y)=X((UW)Y), | (3.6) |
for any matrix Y satisfying Template 3. Second, since VY=YV and V satisfies Template 3 as well, we have
U((XW)Y)V=X((UW)V)Y. | (3.7) |
In fact, since the public keys of both parties A and B consist of commuting entries, the parentheses in both Eqs (3.4) and (3.5) can be dropped, i.e., when calculating the shared key KA=KB, the order of actions does not matter. This fact, together the with commutation constraint on the right power matrices allows us to perform a switch of Y and V in Eq (3.7).
Note, however, that the proof of validity of our protocol heavily relies on the specified templates. In other words, if these template are neglected, Alice and Bob cannot agree on a shared key due to non-commutativity of the platform group M2t. Moreover, we cannot generalize our protocol as presented in [12] since none of the invertible matrices satisfy Templates 2 or 3. Hence any malicious adversary is limited in his search for private keys by singular matrices only. Note that the use of the invertible matrices in [12] was one of the key issues which allowed the authors of [13] to break the protocol.
The protocol is also easy to practically implement, since it uses rather simple multiplication and exponentiation operations in M2t and addition and multiplication operations in Z2t−1. Note that actions in M2t are similar to classical ones and hence the squaring technique to compute the power of an element can be applied. Furthermore, polynomials are calculated using operations in Z2t−1 and hence all the classic techniques can be applied to speed up the computation process. Therefore, the main time-consuming operation is the MPF calculation. However, its structure is similar to regular matrix multiplication and, hence, it can be performed in O(m3). Also, the powers of matrices L and R can be calculated once and stored in the memory of the device. Otherwise, the computational costs are bounded by O(m4).
In this paper, we present the basic version of the key exchange protocol inspired by the classic Diffie-Hellman and RSA algorithms. Just as those ideas are, our proposal is anonymous and hence it cannot offer protection against man-in-the-middle attack. This can be fixed by including the identification step in our algorithm. However, we do not consider this feature here.
Let us now consider the security of our KEP. First, we show that the following proposition holds:
Proposition 1. Assume that matrices W, L, and R satisfy Templates 1–3, respectively, and are fixed. Let α be the vector of 2m coefficients uniformly sampled from Z2m2t−1. Then any entry of the public key matrix A is uniformly distributed in ⟨a⟩.
To prove this claim, we need the following lemma:
Lemma 1. Define the bilinear form s(n)=∑ni=1∑nj=1λijxiyj=xTΛy, where λij∈Z2 are uniformly chosen at random, and xi,yj∈Z2 are uniformly distributed random variables. Assume that rank Λ=r. The limit limn→+∞r→nP[s(n)=s0]=12, where s0∈Z2 is a fixed value.
Proof. Let us first consider the simplest possible case when the coefficient matrix Λ is the identity matrix. In this case, the bilinear form s(n) has the following representation:
s(n)=n∑i=1xiyi. | (4.1) |
The following is true if n=1:
P[s(1)=0]=P[x1y1=0]=34=12+122,P[s(1)=1]=P[x1y1=1]=14=12−122. |
Let us define the deviation term:
σ(n)=P[s(n)=0]−P[s(n)=1]2. |
We can see that the deviation term σ(1)=122=121+1.
We now calculate the next iteration, i.e., for n=2, we have
P[s(2)=0]=58=12+123,P[s(2)=1]=38=12−123. |
Hence the deviation term is σ(2)=123=122+1.
Now we apply mathematical induction on n. Hence, for n=k, we have
P[s(k)=0]=12+12k+1,P[s(k)=1]=12−12k+1. |
Then due to the following obvious identity
P[s(k+1)=s0]=P[s(1)=0]⋅P[s(k)=s0]+P[s(1)=1]⋅P[s(k)=s0−1], |
we have
P[s(k+1)=0]=(12+12k+1)⋅34+(12−12k+1)⋅14=12+12k+2,P[s(k+1)=1]=(12+12k+1)⋅14+(12−12k+1)⋅34=12−12k+2, |
and hence we obtain the deviation term σ(k+1)=12(k+1)+1, thus proving the general expressions for probabilities P[s(n)=0] and P[s(n)=1].
Since the identity matrix has full rank, by calculating the limit when n tends to positive infinity we get
limn→+∞P[s(n)=s0]=limn→+∞(12±12n+1)=12. |
More generally, let us now assume that the matrix Λ has full rank. Then the linear operator Λ maps the basis of Zn2 to another basis. However, by denoting z=Λy, we essentially obtain Eq (4.1) in another set of bases since the linear operator Λ is a one-to-one mapping. Hence the proven expressions for probabilities P[s(n)=0] and P[s(n)=1] also hold for this case as well.
Now assume that the coefficient matrix Λ has a rank r=rank Λ<n. Then by calculating Λej=fj, where e1,e2,…,en is the standard basis of Zn2, we obtain a system of r linearly independent vectors and using the same technique as before for the r×r minor of matrix Λ, we obtain the following expressions for the considered probabilities:
P[s(n)=0]=12+12r+1,P[s(n)=1]=12−12r+1. |
Clearly, taking the limits of both probabilities proves the lemma, since limn→+∞r→nP[s(n)=0]=12 and limn→+∞r→nP[s(n)=1]=12.
Note, that in the presented proof both, parameters n and r play their important roles in order to achieve the uniform distribution. For example, if we set λij=1 for all i,j=1,2,…,n, we obtain a matrix Λ with rank r=1. Then we have P[s(n)=0]=34 and P[s(n)=1]=14 regardless of the choice of n. In other words, if r does not tend to n, even if n tends to positive infinity, the null space may be large enough to gobble up most of the pairs (x,y).
Interestingly enough, in our setup the null space of the coefficient matrix Λ is non-trivial and hence r<n. However, since the public matrices L and R are generated at random to fit the presented templates, we can keep the dimension of the null space relatively small as needed.
This lemma can also be generalized to any power of 2. To shorten the paper, we do not present the full proof of the lemma but rather settle for the sketch of the proof of the following fact:
Lemma 2. Define the bilinear form s(n)=∑ni=1∑nj=1λijxiyj=xTΛy, where λij∈Z2t are uniformly chosen at random, and xi,yj∈Z2t are uniformly distributed random variables. Let Λ2=Λmod2 and assume that in Zn×n2, we have rank Λ2=r. The limit limn→+∞r→nP[s(n)=s0]=12t, where s0∈Z2t is a fixed value.
Sketch of proof. We start by dividing the elements of Z2t into t+1 disjoint sets of the form Sh={k⋅2h|k=1,3,…,2t−h−1}, where h=0,1,…,t−1. Also set St={0}. Each element of Sh is equally likely and for any two indices h1<h2, the elements of Sh1 are less probable than the elements of Sh2. We also define the deviation term as follows:
σ(t,n)=P[s(n)=0]−P[s(n)=2t−1]2. |
Now we perform an iterative process by reducing matrix Λ modulo 2 and calculating probabilities P[s(n)=s0] for Λ2=Λmod2 in Z2. Then we consider matrices Λ4=Λmod4, Λ8=Λmod8, and so on until we reach Λ. We calculate probabilities P[s(n)=s0] for all iterations in the appropriate rings. Then due to the identity:
P[s(k+1)=s0]=2t−1∑j=0P[s(1)=j]P[s(k)=s0−j], |
which holds for all k=2,…n we obtain the following expressions for probabilities:
P[s(n)=0]=12t+t−1∑j=0(12t−j⋅σ(j+1,n)),P[s(n)=sh]=12t+[h−1∑j=0(12t−j⋅σ(j+1,n))]−12t−h⋅σ(h+1,n). |
Note that while σ(t,n) do vary depending on the generated coefficient matrix Λ, all of these deviations are functions of n and the limit limn→+∞σ(t1,n)σ(t2,n)=0, if t1<t2. Therefore, we have limn→+∞r→nP[s(n)=s0]=12t for every s0∈Z2t as desired.
Through experiments, we found that the deviation term can vary even when the rank r=rank Λ2 is fixed at some value smaller than n. Moreover, even when we consider the case of 2t=4 and express Λ=2Γ+Λ2, where Γ is a binary matrix, the deviation term varies regardless of the rank of Γ in Z2. However, the deviation term only has a few possibilities and they all differ by some constant factor. For these reasons, the expressions of the probabilities are presented in terms of deviations. Also, no other ranks, e.g., rank Γ, were used to define the goal limit. Notably, these remarks do not change the correctness of the lemma since the main summand in all the expressions is 12t, which is independent of both n and r.
Using these lemmas, we prove Proposition 1.
Proof of Proposition 1. Due to the polynomial structure of the private key matrices X and Y, the expression of the public key matrix A can be rewritten as follows:
A=(XW)Y=((∑mk=1α1kLk)W)(∑mj=lα2lRl). | (4.2) |
Then by expanding Eq (4.2) and focusing on the powers of generator a, we obtain the following result:
a′ij=αT1Λα2+2t−2γij, | (4.3) |
where a′ij=dlogaaij is a discrete logarithm of matrix A entry aij, α1 and α2 are two private vectors of coefficients to generate key matrices X and Y, respectively, Λ is a matrix obtained from Eq (4.2) by calculating dloga((LkW)Rl) for all possible pairs (k,l), and γij∈Z2 takes into account the non-commutativity of the platform group M2t.
However, we can now apply Lemma 2 to the bilinear form αT1Λα2 in Eq (4.3) to show that its value is uniformly distributed in Z2t−1. The term 2t−2γij in no way affects this result, since Z2t−1 is a group under addition.
This, of course, means that due to Lemma 2, the uniform distribution is asymptotic. For this reason, in Section 6, we perform the statistical analysis of the presented KEP to find the minimal value of m for which the distribution of the entries of the public key matrix is indistinguishable from the uniform distribution. We aim to show the validity of the decisional assumption for our proposal analogues to the one defined for DH KEP.
Due to the proven theoretical result, we can see that the distribution of every individual entry of the public key matrix is asymptotically uniform in the set ⟨a⟩ and the deviation from the desired distribution is negligible for a sufficiently large m, which, for now, is yet to be determined. Relying on this result, we define the following security game between the attacker A and the challenger C:
Security Game 3. Let the platform group-defining parameter t and the matrix order m be fixed. Also, let W,L, and R be the public parameters, satisfying Templates 1–3 respectively. For the randomly chosen value of δ∈{0,1}, we define the following experiment:
(1) The challenger C generates the private keys of both Alice and Bob as vectors α and β of size 2m and calculates matrices X,Y,U and V as polynomials of L and R.
(2) C calculates the public keys A=(XW)Y and B=(UW)V of Alice and Bob, respectively.
(3) If δ=0, C calculates the matrix K0=(XB)Y, which is the shared key.
(4) If δ=1, C generates a vector γ=(γ11,…,γ1m,γ21,…γ2m) and calculates matrices Z1,Z2, and K1 as follows:
Z1=γ11L+γ12L2+…+γ1mLm;Z2=γ21R+γ22R2+…+γ2mRm;K1=(Z1W)Z2. |
(5) C sends the triplet (A,B,Kδ) to the attacker A.
Relying on the received data A outputs a value δA. He wins the game if δA=δ.
The defined security game is inspired by the so-called Diffie-Hellman decisional problem presented in [2] in the form of the Attack Game 10.6. Essentially the presented security game means that A cannot distinguish between the shared key K0 and a randomly generated matrix K1. This is the decisional assumption of our proposal and due to the closure of Templates 2 and 3 under exponentiation, it also resembles the generalized decisional Diffie-Hellman assumption presented in [3], where sets of polynomials are used to restrain the domain of the arguments. However, the basic concept of the game is the same: to distinguish between the shared key and the imitation one.
From the statistical point of view, this means that the entries of both matrices K0 and K1 have the same distribution. However, due to Proposition 1 and Lemma 2, this is exactly the case for our protocol.
Due to the classic result (see [2]), the decisional assumption also implies the following result:
Proposition 2. Let the platform group-defining parameter t and the matrix order m be fixed. Also, let W,L and R be the public parameters, satisfying Templates 1–3 respectively. Given Alice's and Bob's public keys A=(XW)Y and B=(UW)V, respectively, it is hard to compute the shared key K=(XB)Y.
The latter proposition is the computational assumption for our proposal.
Algebraically A may try to obtain the private key matrices (or, alternatively, coefficients of polynomials) of one of the parties, say Alice. To put it simpler, his goal is to solve the following system of matrix equations:
{A=(XW)Y,XL=LX,YR=RY. | (4.4) |
Moreover, the solution pair (X,Y) has to satisfy Templates 2 and 3, respectively, since otherwise the protocol falls apart due to the properties of the platform group M2t. Problem (4.4) is the analog of DLP for our proposal.
Evidently, the polynomial construction of private matrices X and Y ensures that the last two equations in system (4.4) are satisfied. However, since M2t cannot be decomposed into smaller groups and since we use elements from both cyclic subgroups ⟨a⟩ and ⟨ba⟩ to define the base matrix W, the discrete logarithm mapping is not applicable to the MPF equation of system (4.4). Furthermore, the non-commutativity of M2t presents an additional obstacle for solving the above system directly. Hence, we present two approaches the attacker can use to solve system (4.4) indirectly.
First, let us consider the linearization technique. Since the MPF equation in system (4.4) uses a power of 2 as a modulo, the simplest task is trying to solve a sub-problem of system (4.4) defined in Z2. To do so, A defines a mapping φ as follows:
φ:M2t↦Z2:φ(bαaω)=ω mod 2, |
i.e., φ is essentially the parity mapping, which completely ignores the generator b. A also defines Φ as the matrix analog of φ by entry-wise application of φ to W. Then by denoting X2=Xmod2 and Y2=Ymod2, A transforms the first equation in the system (4.4) to the following form:
X2Φ(W)Y2=Φ(A). |
Expanding X2 and Y2 as polynomials of L2=Lmod2 and R2=Rmod2, the attacker obtains
(α11L2+α12L22+…+α1mLm2)⋅Φ(W)⋅(α21R2+α22R22+…+α2mRm2)=Φ(A). | (4.5) |
A now introduces m2 variables of the form γk=α1iα2j and hence obtains a system of linear equations (SLE) with respect to the defined γ's. However, all the matrices in Eq (4.5) are singular, and hence the obtained m2×m2 system is underdefined and produces a set of solutions much too large to perform a total scan. Experimental results for the platform group M16 have shown that the maximum rank of the obtained SLE is (m−1)2, i.e., at least (2m+1) variables are free [24]. Furthermore, for randomly chosen matrices L2,R2, and Φ(W), the maximum rank of SLE is a rare event obtained roughly 6% of the time. Hence the probability of determining α's from γ's is at most 122m+1. This makes the linearization technique inefficient for the sub-problem defined by Eq (4.5) and hence for the initial problem defined by system (4.4) as well if the public parameters are appropriately chosen. However, this choice can be studied separately since it may be performed once and can be fixed afterward.
Another approach may involve a faithful representation of the elements of M2t as matrices. This technique was previously used to break protocols constructed using braid groups. In our case, the faithful representation of M2t exists and we denote it by R(bαaω). For t=4, it can be found in [25]. However, as mentioned previously, MPF itself is defined in terms of a group operation and a multiplication by a scalar. Therefore, the latter action (exponentiation in our case) is applied to the element regardless of its representation. Assume that A uses R() to the elements of M2t to view them as matrices. He then obtains a tensor W′=R(W), where w′ij=R(wij) are matrices of the appropriate order. However, the faithful representation does not affect the scalars contained in the power matrices and hence the public key is computed as follows:
R(A)=(XW′)Y, |
i.e., despite commuting entries of R(wij), the non-commutativity of M2t is preserved since otherwise the representation would not be faithful. However, the exponentiation is still applied to matrices R(wij) rather than its individual entries, i.e., we have
R(aij)=m∏k=1m∏l=1(w′ij)xikylj. |
We now see that A gains nothing by using this approach.
For now we limit ourselves to the discussed approaches leaving other possible ways (which may or may not be found) to recover the private key of the user for future work.
Let us, however, mention the following fact: the discrete logarithm mapping can be applied to the expression (XB)Y and to matrices K0 or K1, whichever one is given. This is due to the loss of the non-commutativity factor by that point. However, the methods of search for the private key matrices are similar to the ones given above since Templates 2 and 3 cannot be ignored. Future work may involve an exploration of the question of whether it is possible to maintain the non-commutativity of M2t while also establishing a shared key.
As mentioned previously, our proposal is inspired by the DH KEP and RSA algorithms. However, as opposed to those classic protocols, the security of our proposal relies on a problem related to multivariate quadratic (MQ) equations. It has been previously shown in [26] that the MQ problem is hard to solve using Grobner bases if there are more than 80 equations and variables. Furthermore, schemes like [27,28] also use multivariate quadratic equations defined in some field. Despite the fact that, in our case, there are no linear terms in the MQ problem we think that the security of our proposal could be close to those schemes since the non-commutativity of the platform group M2t brings an additional randomness factor into the obtained multivariate system of equations. However, more investigations may be needed to approve or disapprove our claim.
In this section, we perform the statistical experiments to support the theoretic results presented above. Due to the asymptotic nature of the uniform distribution, here we aim to explore the dependence of the considered distribution on the public parameters m and t. To put it simply, since all of the results regarding the uniform distribution of entries were proven using limits, we explore how fast we can actually obtain a distribution statistically indistinguishable from the uniform. Furthermore, we perform a two-sample chi-squared test for the obtained samples to show that K0 and K1 are computationally indistinguishable to establish the validity of the decisional assumption defined by Security Game 3.
We consider the public parameters of the system: the group-defining parameter t and the matrix size m. For every fixed value of t, our goal is to find the minimum value of m such that for all the performed statistical tests, the appropriate null hypothesis would not be rejected at the 0.95 confidence level. We execute a simulation of Security Game 3 by repeating the described experiment n times with an exception of performing both steps 3 and 4 regardless of the value of δ. Hence we perform a total of n iterations and obtain two samples for the true shared key K0 and the imitation key K1. For a specific value of m, the base matrix W is kept constant throughout all the iterations. In this paper, we set the standard value for the parameter n as 200 although a larger value could be used as well. During each iteration, we append the frequencies of each element in two different arrays: the first array is appended based on generator a values and the second array is based on the matrix coordinates and the generator a value. In other words, in the first array, we consider the distribution of the matrix entries in ⟨a⟩ ignoring their position. In the second array, we consider the distribution of a specific matrix entry. Both of these approaches are important since the attacker may consider individual positions of the key matrix as well as the matrix as a whole. Therefore, it is also important to ensure that each individual entry of the key matrix follows the uniform distribution.
We use Pearson chi-squared (Chi-Sq.) goodness of fit to test the obtained sample for uniform distribution. To compare the shared key and the imitation key samples, we use the two-sample chi-squared test. Also, we inspect the data visually. For better visual comparison (especially when the parameter t grows), we present the graphical data using polygonal chains. That way it is more convenient to view the results for both samples in a single graph.
Let us denote by KEP(m,t,n) the considered algorithm with parameters m,t and n. As an example, let us present the distribution of the shared key and imitation key matrix entries after performing KEP(8,4,200).
The presented information in Figure 1 and all of the subsequent figures should be interpreted as follows: for each element of the form ak, we obtain the relative frequency of that element in the shared key K0 and the imitation key K1 ignoring its position. let us denote these frequencies by freqK0(k) and freqK1(k), respectively. We plot the points (k,freqK0(k)) in blue and (k,freqK1(k)) in red and for better visual interpretation (especially for larger values of t), we connect these points using line segments. Ideally we should obtain a perfect straight line parallel to the x-axis if the distribution of elements of M2t is uniform and the relative frequency should equal 21−t.
We can see from Figure 1 that even powers of the generator a dominate the odd ones. This coincides with the theoretical proof presented in the previous section, i.e., the asymptotic nature of the uniform distribution is clearly visible. Hence the matrix size m=8 is too small if the case of platform group M16 (note that t=4). For similar-looking graphs, we do not consider individual position distributions, since the overall distribution is far from uniform. Note also that even for the imitation key K1, the distribution is not too close to being uniform.
Let us now explore the asymptotic nature of the uniform distribution. We fix the parameter t=4 and increase the matrix size. Several obtained graphs are displayed in Figure 2.
We can clearly see from Figure 2 that the pattern exists by looking at the presented frequencies: the previously observed parity effect diminishes when the parameter m increases, which coincides with the results of Section 4.2. However, we also see from Figures 2a and 2b that the matrix size is still too small to achieve the uniform distribution of the shared key entries. However, we see from Figures 2c and 2d that the obtained distributions are similar and can be considered uniform.
To sum up the obtained results in Table 1, we present the p-values for the goodness of fit tests as well as the p-value of the two-sampled chi-squared test.
m | p(χ2K0) | p(χ2K1) | p(χ2K0,K1) |
8 | < 10-3 | < 10-3 | < 10-3 |
10 | < 10-3 | 0.333 | < 10-3 |
12 | < 10-3 | 0.334 | 0.008 |
14 | 0.010 | 0.817 | 0.108 |
16 | 0.422 | 0.883 | 0.598 |
We can see from the presented table that we cannot reject the null hypothesis at a 95% significance level for values of m≥14. However, since the p-value for m=14 is close to the bottom edge, we prefer to choose the value of m=16 for further experiments.
We now continue experimenting with the system parameter values t=4 and m=16. For KEP(16,4,200), we perform Pearson's chi-squared test for each individual position of K0 and define the boolean matrix P={pij}, with its entries
pij={0,if p-value p(χ2k0ij)<0.05,1,otherwise, | (6.1) |
where k0ij is a 200-element sample of the possible values of the (i,j)-th position of matrix K0.
We also define the accuracy for matrix entries following the uniform distribution as:
ACC(P)=1m2m∑i=1m∑j=1pij. | (6.2) |
We execute KEP(16,4,200) 25 more times and perform the goodness-of-fit tests. The obtained results show that only 1 experiment out of 25 does not follow the uniform distribution for K0 values. However, the analysis of the imitation key K1 has also 1 experiment that rejects the null hypothesis. We define the accuracy for K1 by Eq (6.2) with p(χ2k0ij) replaced by p(χ2k1ij) in Eq (6.1).
For more clarity, let us present the results of four executions of KEP(16,4,200). We also present the accuracy of uniformity and the two-sample chi-squared test p-value.
We can see from Table 2 that the null hypothesis for the uniform distribution was not rejected for both shared and imitation keys in all of the presented experiments. Moreover, due to the high accuracy value, we can see that for each individual positions the null hypothesis was not rejected for the most part. The takeaway is that looking at matrices K0 and K1 as a whole and at the individual positions, we get different results. However, both of these ways are important for statistical analysis, since the presented results show that individual positions can be treated as independent random variables if the overall uniform distribution is achieved.
Index | Shared key K0 | Imitation key K1 | Two-sample Chi-Sq. | ||
Chi-Sq. | ACC | Chi-Sq. | ACC | ||
1 | 0.322 | 0.94 | 0.506 | 0.94 | 0.121 |
2 | 0.175 | 0.94 | 0.182 | 0.91 | 0.470 |
3 | 0.055 | 0.93 | 0.661 | 0.95 | 0.583 |
4 | 0.275 | 0.95 | 0.547 | 0.96 | 0.529 |
All in all, relying on the p-values for the two-sample chi-squared test presented in Table 2, we can see that there is no significant difference between the distribution of the entries of the shared key K0 and the imitation key K1.
Let us now consider the twice larger group M32, i.e., t=5. We execute KEP(16,5,200), KEP(18,5,200) and KEP(20,5,200), and present the obtained results for K0 and K1.
We can see from Figure 3 that the presented distributions are almost identical. These observations are also backed up by the statistical tests. In Table 3, we present a short summary of the obtained results.
m | p(χ2K0) | p(χ2K1) | p(χ2K0,K1) |
16 | 0.030 | 0.622 | 0.097 |
18 | 0.240 | 0.803 | 0.714 |
20 | 0.355 | 0.360 | 0.569 |
Relying on the obtained results based on the p-value of the shared key K0 set, we settle on the matrix size m=20 for further analysis as the p-value 0.355 is the largest of the presented three. Note, however, that a value of m≥18 may also be used based on the results presented in Table 3. Similarly as before, let us present the results obtained for four executions of KEP(20,5,200) in Table 4.
Index | Shared key K0 | Imitation key K1 | Two-sample Chi-Sq. | ||
Chi-Sq. | ACC | Chi-Sq. | ACC | ||
1 | 0.185 | 0.96 | 0.844 | 0.96 | 0.593 |
2 | 0.952 | 0.96 | 0.157 | 0.94 | 0.978 |
3 | 0.478 | 0.94 | 0.094 | 0.95 | 0.461 |
4 | 0.589 | 0.96 | 0.126 | 0.94 | 0.524 |
We can see from Table 4 that the obtained results are similar to the ones presented in Table 2. Hence we see that the value of matrix size m does not change drastically as the size of the platform group M2t doubles. Therefore, we see that for practical implementation of our proposal, we can settle on a balance of both security parameters to achieve the uniform distribution of both K0 and K1 while also keeping them computationally indistinguishable. However, more experiments may be necessary to determine the reasoning behind the chaotic changes of the p-values.
After performing additional experiments for different values of parameters t and m, we present the lower bound of m for each individual key, i.e., for every t, we find a minimal value of m such that the uniformity test is passed for the entries of K0 and K1.
The results presented in Table 5 should be interpreted as follows: for a fixed value of t, the order of the square matrices should be no less than the presented value of m for the entries of the considered key to pass the uniformity test. For example, if t=7, then the shared key passes the uniformity test if the matrices are at least 26×26. However, the imitation key passes the uniformity test significantly earlier, i.e., for 16×16 matrices. This shows that, for practical implementation, the pair (t,m)=(7,26) may be considered a reasonable choice. Of course, the value of m could be rounded up to, say, 30 or 32 depending on the available memory space. Moreover, the linearization technique presented in Section 4.2 should also be kept in mind when choosing the value of m.
t | 4 | 5 | 6 | 7 |
K0 | 16 | 20 | 24 | 26 |
K1 | 14 | 14 | 14 | 16 |
In this paper, we have revisited the previously proposed KEP based on the MPFs defined over the non-commuting platform group. We formalized the definition of the MPF mapping and emphasized its significant difference from the classical matrix multiplication. Furthermore, we have demonstrated that the definition of MPF was previously misinterpreted.
Due to the non-commuting platform group, the discrete logarithm mapping cannot be applied either directly or indirectly to the system (4.4) and hence the algebraic analysis of the decisional problem becomes more complex. In fact, it was shown in [16] that this problem is NP-complete. Therefore, there is some indication that our proposal can withstand quantum attacks.
We have also shown that neither linearization nor faithful matrix representation can be used to obtain any kind of advantage in winning the Security Game 3 if the parameters of our KEP are appropriately chosen. However, we think that the linearization technique should be kept in mind when generating the publicly known matrices W,L, and R. As of now, we do not know if there are any other approaches the attacker can use to achieve a significant advantage. This is grounds for future work in the security of our protocol.
The proposed protocol is anonymous and hence is vulnerable to man-in-the-middle attack. This can be fixed by adding an identification step. We can consider this in the future. Also, we intend to study if the proposed protocol provides a forward secrecy property.
Statistical analysis of Security Game 3 has shown that there is a dependence between the group-defining parameter t and the matrix size m. However, we see that the value of m does not change drastically as the platform group M2t doubles in size. On the other hand, the results presented in Table 5 show that the value of m to pass the uniformity test for the imitation key K1 is smaller than in the case of the true key K0. Furthermore, based on the results presented in [29], we can see that both matrices K0 and K1 look random to an attacker. Therefore, the statistical analysis in no way can help the attacker to distinguish between the shared and imitation keys.
Based on the obtained results, we claim that it is safe to use the proposed KEP in internet communications providing a secure shared key for two protocol parties. This key is used to ensure confidentiality using secure symmetric encryption methods, e.g., AES.
Aleksejus Mihalkovich: conceptualization, formal analysis, investigation, methodology, project administration, supervision, validation, writing-original draft, writing-review and editing; Jokubas Zitkevicius: data curation, investigation, software, visualization, writing-original draft; Eligijus Sakalauskas: formal analysis, methodology, supervision, validation.
The authors declare they have not used Artificial Intelligence (AI) tools in the creation of this article.
The authors declare no conflict of interest.
[1] |
A. A. N. Abdou, M. A. Khamsi, Fixed point results of pointwise contractions in modular metric spaces, Fixed Point Theory A., 2013 (2013), 163. https://doi.org/10.1186/1687-1812-2013-163 doi: 10.1186/1687-1812-2013-163
![]() |
[2] |
A. A. N. Abdou, M. A. Khamsi, Fixed points of multivalued contraction mappings in modular metric spaces, Fixed Point Theory A., 2014 (2014), 249. https://doi.org/10.1186/1687-1812-2014-249 doi: 10.1186/1687-1812-2014-249
![]() |
[3] | Ö. Acar, G. Durmaz, G. Minak, Generalized multivalued F-contractions on complete metric spaces, B. Iran. Math. Soc., 40 (2014), 1469–1478. |
[4] |
M. R. Alfuraidan, The contraction principle for multivalued mappings on a modular metric space with a graph, Can. Math. Bull., 59 (2016), 3–12. https://doi.org/10.4153/CMB-2015-029-x. doi: 10.4153/CMB-2015-029-x
![]() |
[5] |
I. Altun, H. Sahin, M. Aslantas, A new approach to fractals via best proximity point, Chaos Soliton. Fract., 146 (2021), 110850. https://doi.org/10.1016/j.chaos.2021.110850 doi: 10.1016/j.chaos.2021.110850
![]() |
[6] |
M. Aslantas, H. Sahin, I. Altun, Best proximity point theorems for cyclic p-contractions with some consequences and applications, Nonlinear Anal.-Model., 26 (2021), 113–129. https://doi.org/10.15388/namc.2021.26.21415 doi: 10.15388/namc.2021.26.21415
![]() |
[7] | S. Banach, Sur les opérations dans les ensembles abstraits et leur application aux éequations intégrales, Fund. Math., 3 (1922), 133–181. |
[8] | L. C. Ceng, Q. H. Ansari, J. C. Yao, Strong and weak convergence theorems for asymptotically strict pseudocontractive mappings in intermediate sense, J. Nonlinear Convex A., 11 (2010), 283–308. |
[9] |
L. C. Ceng, A. Petrusel, Krasnoselski-Mann iterations for hierarchical fixed point problems for a finite family of nonself mappings in Banach spaces, J. Optimiz. Theory App., 146 (2010), 617–639. https://doi.org/10.1007/s10957-010-9679-0 doi: 10.1007/s10957-010-9679-0
![]() |
[10] |
L. C. Ceng, A. Petrusel, J. C. Yao, Y. Yao, Systems of variational inequalities with hierarchical variational inequality constraints for Lipschitzian pseudocontractions, Fixed Point Theor., 20 (2019), 113–133. https://doi.org/10.24193/fpt-ro.2019.1.07 doi: 10.24193/fpt-ro.2019.1.07
![]() |
[11] |
L. C. Ceng, H. K. Xu, J. C. Yao, Uniformly normal structure and uniformly Lipschitzian semigroups, Nonlinear Anal., 73 (2010), 3742–3750. https://doi.org/10.1016/j.na.2010.07.044 doi: 10.1016/j.na.2010.07.044
![]() |
[12] |
P. Chaipunya, C. Mongkolkeha, W. Sintunavarat, P. Kumam, Fixed-point theorems for multivalued mappings in modular metric spaces, Abstr. Appl. Anal., 2012 (2012), 503504. https://doi.org/10.1155/2012/503504 doi: 10.1155/2012/503504
![]() |
[13] |
V. V. Chistyakov, Modular metric spaces—Ⅰ: Basic concepts, Nonlinear Anal., 72 (2010), 1–14. https://doi.org/10.1016/j.na.2009.04.057 doi: 10.1016/j.na.2009.04.057
![]() |
[14] |
A. H. Hammad, P. Agarwal, J. L. G. Guirao, Applications to boundary value problems and homotopy theory via tripled fixed point techniques in partially metric spaces, Mathematics, 9 (2021), 16. https://doi.org/10.3390/math9162012 doi: 10.3390/math9162012
![]() |
[15] |
A. H. Hammad, M. De la Sen, Analytical solution of Urysohn integral equations by fixed point technique in complex valued metric spaces, Mathematics, 7 (2019), 852. https://doi.org/10.3390/math7090852 doi: 10.3390/math7090852
![]() |
[16] |
A. H. Hammad, M. De la Sen, Fixed point results for a generalized almost (s,q)-Jaggi F-contraction-type on b-metric-like spaces, Mathematics, 8 (2020), 63. https://doi.org/10.3390/math8010063 doi: 10.3390/math8010063
![]() |
[17] | A. Hussain, M. Arshad, M. Nazim, Connection of Ciric type F-contraction involving fixed point on closed ball, Gazi. Univ. J. Sci., 30 (2017), 283–291. |
[18] |
N. Hussain, S. Al-Mezel, P. Salimi, Fixed points for ψ-graphic contractions with application to integral equations, Abstr. Appl. Anal., 2013 (2013), 575869. https://doi.org/10.1155/2013/575869 doi: 10.1155/2013/575869
![]() |
[19] |
N. Hussain, A. Latif, I. Iqbal, Fixed point results for generalized F-contractions in modular metric and fuzzy metric spaces, Fixed Point Theory A., 2015 (2015), 158. https://doi.org/10.1186/s13663-015-0407-1 doi: 10.1186/s13663-015-0407-1
![]() |
[20] | J. Jachymski, The contraction principle for mappings on a metric space with a graph, Proc. Am. Math. Soc., 136 (2008), 1359–1373. |
[21] |
C. Mongkolkeha, W. Sintunavarat, P. Kumam, Fixed point theorems for contraction mappings in modular metric spaces, Fixed Point Theory A., 2011 (2011), 93. https://doi.org/10.1186/1687-1812-2011-93 doi: 10.1186/1687-1812-2011-93
![]() |
[22] |
A. Padcharoen, D. Gopal, P. Chaipunya, P. Kumam, Fixed point and periodic point results for α-type F-contractions in modular metric spaces, Fixed Point Theory A., 2016 (2016), 39. https://doi.org/10.1186/s13663-016-0525-4 doi: 10.1186/s13663-016-0525-4
![]() |
[23] |
S. K. Panda, T. Abdeljawad, K. K. Swamy, New numerical scheme for solving integral equations via fixed point method using distinct (ω−F)-contractions, Alex. Eng. J., 59 (2020), 2015–2026. https://doi.org/10.1016/j.aej.2019.12.034 doi: 10.1016/j.aej.2019.12.034
![]() |
[24] |
T. Rasham, A. Shoaib, B. A. S. Alamri, M. Arshad, Multivalued fixed point results for new generalized F-dominated contractive mappings on dislocated metric space with application, J. Funct. Space., 2018 (2018), 4808764. https://doi.org/10.1155/2018/4808764 doi: 10.1155/2018/4808764
![]() |
[25] |
T. Rasham, A. Shoaib, C. Park, R. P. Agarwal, H. Aydi, On a pair of fuzzy mappings in modular-like metric spaces with applications, Adv. Differ. Equ., 2021 (2021), 245. https://doi.org/10.1186/s13662-021-03398-6 doi: 10.1186/s13662-021-03398-6
![]() |
[26] |
T. Rasham, A. Shoaib, C. Park, M. De la Sen, H. Aydi, J. Lee, Multivalued fixed point results for two families of mappings in modular-like metric spaces with applications, Complexity, 2020 (2020), 2690452. https://doi.org/10.1155/2020/2690452 doi: 10.1155/2020/2690452
![]() |
[27] |
H. Sahin, M. Aslantas, I. Altun, Feng-Liu type approach to best proximity point results for multivalued mappings, J. Fix. Point Theory A., 22 (2020), 11. https://doi.org/10.1007/s11784-019-0740-9 doi: 10.1007/s11784-019-0740-9
![]() |
[28] | A. Shoaib, A. Hussain, M. Arshad, A. Azam, Fixed point results for α∗-ψ-Ciric type multivalued mappings on an intersection of a closed ball and a sequence with graph, J. Math. Anal., 7 (2016), 41–50. |
[29] | A. Shoaib, T. Rasham, N. Hussain, M. Arshad, α∗-dominated set-valued mappings and some generalised fixed point results, J. Natl. Sci. Found. Sri, 47 (2019), 235–243. |
[30] |
D. Wardowski, Fixed points of a new type of contractive mappings in complete metric spaces, Fixed Point Theory A., 2012 (2012), 94. https://doi.org/10.1186/1687-1812-2012-94 doi: 10.1186/1687-1812-2012-94
![]() |
[31] | W. K. Williams, V. Vijayakumar, U. Ramalingam, S. K. Panda, K. S. Nisar, Existence and controllability of nonlocal mixed Volterra-Fredholm type fractional delay integro-differential equations of order 1<r<2, Numer. Meth. Part. D. E., In press. https://doi.org/10.1002/num.22697 |
[32] | M. Younis, D. Singh, I. Altun, V. Chauhan, Graphical structure of extended b-metric spaces: An application to the transverse oscillations of a homogeneous bar, Int. J. Nonlin. Sci. Num., In press. |
1. | Mariana Durcheva, Cryptography Based on (Idempotent) Semirings: Abandoning Tropicality?, 2025, 5, 2673-8392, 26, 10.3390/encyclopedia5010026 |
m | p(χ2K0) | p(χ2K1) | p(χ2K0,K1) |
8 | < 10-3 | < 10-3 | < 10-3 |
10 | < 10-3 | 0.333 | < 10-3 |
12 | < 10-3 | 0.334 | 0.008 |
14 | 0.010 | 0.817 | 0.108 |
16 | 0.422 | 0.883 | 0.598 |
Index | Shared key K0 | Imitation key K1 | Two-sample Chi-Sq. | ||
Chi-Sq. | ACC | Chi-Sq. | ACC | ||
1 | 0.322 | 0.94 | 0.506 | 0.94 | 0.121 |
2 | 0.175 | 0.94 | 0.182 | 0.91 | 0.470 |
3 | 0.055 | 0.93 | 0.661 | 0.95 | 0.583 |
4 | 0.275 | 0.95 | 0.547 | 0.96 | 0.529 |
m | p(χ2K0) | p(χ2K1) | p(χ2K0,K1) |
16 | 0.030 | 0.622 | 0.097 |
18 | 0.240 | 0.803 | 0.714 |
20 | 0.355 | 0.360 | 0.569 |
Index | Shared key K0 | Imitation key K1 | Two-sample Chi-Sq. | ||
Chi-Sq. | ACC | Chi-Sq. | ACC | ||
1 | 0.185 | 0.96 | 0.844 | 0.96 | 0.593 |
2 | 0.952 | 0.96 | 0.157 | 0.94 | 0.978 |
3 | 0.478 | 0.94 | 0.094 | 0.95 | 0.461 |
4 | 0.589 | 0.96 | 0.126 | 0.94 | 0.524 |
t | 4 | 5 | 6 | 7 |
K0 | 16 | 20 | 24 | 26 |
K1 | 14 | 14 | 14 | 16 |
m | p(χ2K0) | p(χ2K1) | p(χ2K0,K1) |
8 | < 10-3 | < 10-3 | < 10-3 |
10 | < 10-3 | 0.333 | < 10-3 |
12 | < 10-3 | 0.334 | 0.008 |
14 | 0.010 | 0.817 | 0.108 |
16 | 0.422 | 0.883 | 0.598 |
Index | Shared key K0 | Imitation key K1 | Two-sample Chi-Sq. | ||
Chi-Sq. | ACC | Chi-Sq. | ACC | ||
1 | 0.322 | 0.94 | 0.506 | 0.94 | 0.121 |
2 | 0.175 | 0.94 | 0.182 | 0.91 | 0.470 |
3 | 0.055 | 0.93 | 0.661 | 0.95 | 0.583 |
4 | 0.275 | 0.95 | 0.547 | 0.96 | 0.529 |
m | p(χ2K0) | p(χ2K1) | p(χ2K0,K1) |
16 | 0.030 | 0.622 | 0.097 |
18 | 0.240 | 0.803 | 0.714 |
20 | 0.355 | 0.360 | 0.569 |
Index | Shared key K0 | Imitation key K1 | Two-sample Chi-Sq. | ||
Chi-Sq. | ACC | Chi-Sq. | ACC | ||
1 | 0.185 | 0.96 | 0.844 | 0.96 | 0.593 |
2 | 0.952 | 0.96 | 0.157 | 0.94 | 0.978 |
3 | 0.478 | 0.94 | 0.094 | 0.95 | 0.461 |
4 | 0.589 | 0.96 | 0.126 | 0.94 | 0.524 |
t | 4 | 5 | 6 | 7 |
K0 | 16 | 20 | 24 | 26 |
K1 | 14 | 14 | 14 | 16 |