Research article Special Issues

A new semiring and its cryptographic applications

  • This paper introduced a novel semiring structure involving nonnegative integers, where operations depended on the comparison of the magnitudes of decimal digit sums. Consequently, a corresponding matrix semiring can be established on this commutative semiring. We showed that the 3-satisfiability problem can be polynomial-time reduced to solving systems of quadratic polynomial equations over this semiring. We proposed a key exchange protocol based on this matrix semiring, with its security relying on the two-sided digital circulant matrix action problem over this semiring. This scheme provides a novel cryptographic primitive for post-quantum cryptography.

    Citation: Huawei Huang, Xin Jiang, Changwen Peng, Geyang Pan. A new semiring and its cryptographic applications[J]. AIMS Mathematics, 2024, 9(8): 20677-20691. doi: 10.3934/math.20241005

    Related Papers:

    [1] B. Amutha, R. Perumal . Public key exchange protocols based on tropical lower circulant and anti circulant matrices. AIMS Mathematics, 2023, 8(7): 17307-17334. doi: 10.3934/math.2023885
    [2] Waheed Ahmad Khan, Abdul Rehman, Abdelghani Taouti . Soft near-semirings. AIMS Mathematics, 2020, 5(6): 6464-6478. doi: 10.3934/math.2020417
    [3] Kaiqing Huang, Yizhi Chen, Miaomiao Ren . Additively orthodox semirings with special transversals. AIMS Mathematics, 2022, 7(3): 4153-4167. doi: 10.3934/math.2022230
    [4] Kaiqing Huang, Yizhi Chen, Aiping Gan . Structure of split additively orthodox semirings. AIMS Mathematics, 2022, 7(6): 11345-11361. doi: 10.3934/math.2022633
    [5] Rukhshanda Anjum, Saad Ullah, Yu-Ming Chu, Mohammad Munir, Nasreen Kausar, Seifedine Kadry . Characterizations of ordered $h$-regular semirings by ordered $h$-ideals. AIMS Mathematics, 2020, 5(6): 5768-5790. doi: 10.3934/math.2020370
    [6] Saba Al-Kaseasbeh, Madeline Al Tahan, Bijan Davvaz, Mariam Hariri . Single valued neutrosophic $ (m, n) $-ideals of ordered semirings. AIMS Mathematics, 2022, 7(1): 1211-1223. doi: 10.3934/math.2022071
    [7] Abdelghani Taouti, Waheed Ahmad Khan . Fuzzy subnear-semirings and fuzzy soft subnear-semirings. AIMS Mathematics, 2021, 6(3): 2268-2286. doi: 10.3934/math.2021137
    [8] Liaqat Ali, Yaqoub Ahmed Khan, A. A. Mousa, S. Abdel-Khalek, Ghulam Farid . Some differential identities of MA-semirings with involution. AIMS Mathematics, 2021, 6(3): 2304-2314. doi: 10.3934/math.2021139
    [9] Aleksejus Mihalkovich . On the security of the STR key exchange protocol. AIMS Mathematics, 2025, 10(2): 1967-1980. doi: 10.3934/math.2025092
    [10] Pakorn Palakawong na Ayutthaya, Bundit Pibaljommee . On $ n $-ary ring congruences of $ n $-ary semirings. AIMS Mathematics, 2022, 7(10): 18553-18564. doi: 10.3934/math.20221019
  • This paper introduced a novel semiring structure involving nonnegative integers, where operations depended on the comparison of the magnitudes of decimal digit sums. Consequently, a corresponding matrix semiring can be established on this commutative semiring. We showed that the 3-satisfiability problem can be polynomial-time reduced to solving systems of quadratic polynomial equations over this semiring. We proposed a key exchange protocol based on this matrix semiring, with its security relying on the two-sided digital circulant matrix action problem over this semiring. This scheme provides a novel cryptographic primitive for post-quantum cryptography.


    Research on the theory of semiring algebra began in the early twentieth century when Vandiver [1] introduced the concept of semiring in 1934. Semirings encompass all properties of rings except for additive inverses and have extensive applications in combinatorics, functional analysis, topology, automata, computer science theory, and cryptography. Over the past two decades, various algebraic structures have been employed to enhance existing public-key cryptosystems. In 1998, Yamamura [2,3] employed modulo groups to construct cryptosystems; however, in 2001, Steinwandt [4] demonstrated their vulnerability to ciphertext-only attacks. In 2013, Kahrobaei et al. [5] employed the 3×3 matrix over F7[S5] to develop a key exchange protocol and cryptosystem, which Eftekhari [6] later successfully cracked. Literature [7,8,9] proposed cryptosystems based on braid groups, but Hofheinz and Steinwandt [10] demonstrated their insecurity.

    Brazilian mathematician Imre Simon [11] introduced the concept of tropical semirings, where addition represents the comparative size of a number, and multiplication corresponds to ordinary addition. Recently, researchers have actively explored the application of tropical semirings in various cryptographic schemes. Shpilrain and Grigoriev [12,13] developed a key exchange protocol utilizing tropical matrix semirings.

    However, Kotov and Ushakov [14] identified patterns in higher powers of tropical matrices, resulting in an attack on the protocol proposed by Shpilrain and Grigoriev [12]. Rudy and Monico [15] exploited the monotonically decreasing nature of the first part of the sequence {(M,H)m} to propose a fairly effective attack on [13]. Isaac and Kahrobaei [16] utilized the almost linear periodicity of the first part of the sequence {(M,H)m} to propose an attack on [13] and demonstrated that the second protocol cannot be implemented. Muanalifah and Sergeev [17] proposed three types of key exchange protocols using the Jones matrix and Line de la Puente matrix, along with introducing a generalized Kotov-Ushakov attack.

    Cryptographic schemes generally rely on the hardness of certain mathematical problems. If such a problem is non-deterministic polynomial-time (NP) complete or NP hard, the corresponding cryptographic scheme is considered to be resistant to quantum attacks. The main types of post-quantum cryptography currently include lattice-based cryptography [18], code-based cryptography [19], and multivariate cryptography [20]. Their security relies on the shortest vector problem of lattice, the closest vector problem of lattice, the problem of decoding random linear codes, and the problem of solving systems of multivariate quadratic equations over finite fields. Lattice-based cryptographic schemes are considered highly secure against quantum attacks. In recent years, this field of research has developed rapidly. For example, Nassr, Anwar, and Bahig [21] proposed a new lattice-based cryptosystem, which offers significant improvements in security and efficiency. The system's security is comparable to that of the number theory research unit (NTRU) and remains robust against attacks by quantum computers.

    The 3-satisfiability (3-SAT) problem is a well-known NP-complete problem in the computational complexity theory. It involves determining if there exists an assignment of variables that satisfies a given Boolean formula expressed in conjunctive normal form (CNF) with exactly three literals per clause. Introduced in the early 1970s, the 3-SAT problem is a cornerstone in theoretical computer science, serving as a benchmark for many computational problems and algorithms [22,23].

    In the literature [24,25], several quantum-resistant cryptosystems have been proposed. These cryptosystems utilize the multiple exponential power problem of tropical matrices and the tropical circulant matrix action problem, respectively. Other researchers have proposed cryptosystems based on different types of semirings. For instance, Thiruveni [26] devised an Elgamal-type cryptographic system using regular semirings, while Nivetha [27] extended the Diffie-Hellman key exchange protocol by incorporating exponential semirings within its multiplicative left ideal.

    This paper introduces a new semiring called the digital semiring and proposes a key exchange protocol based on the matrix semiring over it. Its security relies on the difficulty of solving quadratic polynomial systems over it. We show that the 3-SAT problem can be polynomial-time reduced to it. The scheme presented in this article introduces a new paradigm for post-quantum cryptography.

    Definition 2.1. [1] A semiring is a nonempty set S on which the operations of + and are defined to satisfy the following conditions:

    (1) (S,+) is a commutative monoid with identity element 0;

    (2) (S,) is a monoid with identity element 1s;

    (3) Multiplication distributes over addition from either side;

    (4) s0=0s=0, for all sS;

    (5) 01s.

    The semiring satisfies all properties of the ring except the additive inverse. If (S,) is commutative, then S is referred to as a commutative semiring. For example, the set N of natural numbers, including 0, forms a commutative semiring under addition and multiplication.

    Let W=N{}, where N is the set of natural numbers. We define the symbol "()" as follows:

    (a)={b when aN, when a=,

    where b is the sum of all digits of a. For example, (123)=1+2+3=6,(3456)=3+4+5+6=18.

    Definition 2.2. Define two operations and over W=N{} as follows:

    ab={a(a)>(b),b(a)<(b),max(a,b)(a)=(b),ab={a(a)<(b),b(a)>(b),min(a,b)(a)=(b).

    Theorem 2.3. (W,,) is a semiring.

    Proof. (1) First, we prove that W forms a commutative monoid with respect to the operation . Let a,b,cW.

    (A) Since the result of ab is either a or b, it follows that the operation satisfies closure property.

    (B) The operation satisfies the associative property. Table 1 shows that the associative law of when (a), (b), and (c) are pairwise distinct. Table 2 shows that the associative law of when two of (a), (b), and (c) are equal.

    Table 1.  The associative property of ((a)(b)(c)).
    Possible cases a(bc) (ab)c
    (a)<(b)<(c) ac=c bc=c
    (a)<(c)<(b) ab=b bc=b
    (b)<(a)<(c) ac=c ac=c
    (b)<(c)<(a) ac=a ac=a
    (c)<(a)<(b) ab=b bc=b
    (c)<(b)<(a) ab=a ac=a

     | Show Table
    DownLoad: CSV
    Table 2.  The associative property of ((a),(b), and (c) involve two elements being equal).
    Possible cases a(bc) (ab)c
    (a)=(b)<(c),ab ac=c bc=c
    (a)=(b)<(c),a>b ac=c ac=c
    (a)=(b)>(c),ab ab=b bc=b
    (a)=(b)>(c),a>b ab=a ac=a
    (a)=(c)<(b),ac ab=b bc=b
    (a)=(c)<(b),a>c ab=b bc=b
    (a)=(c)>(b),ac ac=c ac=c
    (a)=(c)>(b),a>c ac=a ac=a
    (b)=(c)<(a),bc ac=a ac=a
    (b)=(c)<(a),b>c ab=a ac=a
    (b)=(c)>(a),bc ac=c bc=c
    (b)=(c)>(a),b>c ab=b bc=b

     | Show Table
    DownLoad: CSV

    When (a)=(b)=(c), we have a(bc)=max(a,b,c)=(ab)c.

    (C) aW, and we have a0=0a=a. Thus, 0 is the identity element (zero element) for the operation .

    (D) a,bW, and we have ab=ba. Therefore, satisfies the commutative property.

    (E) Let a,bW. If a0, then ab0. Hence, apart from 0, none of the other elements have additive inverses.

    In summary, W forms a commutative monoid with respect to the operation .

    (2) Next, we prove that W forms a monoid with respect to the operation .

    (A) Since the result of ab is either a or b, the operation is closed.

    (B) The operation satisfies the associative property. Table 3 describes the associative law of when (a), (b), and (c) are pairwise distinct. Table 4 describes the associative law of when two of (a), (b), and (c) are equal.

    Table 3.  The associative property of ((a)(b)(c)).
    Possible cases a(bc) (ab)c
    (a)<(b)<(c) ab=a ac=a
    (a)<(c)<(b) ac=a ac=a
    (b)<(a)<(c) ab=b bc=b
    (b)<(c)<(a) ab=b bc=b
    (c)<(a)<(b) ac=c ac=c
    (c)<(b)<(a) ac=c bc=c

     | Show Table
    DownLoad: CSV
    Table 4.  The associative property of ((a),(b), and (c) involve two elements being equal.
    Possible cases a(bc) (ab)c
    (a)=(b)<(c),ab ab=a ac=a
    (a)=(b)<(c),a>b ab=b bc=b
    (a)=(b)>(c),ab ac=c ac=c
    (a)=(b)>(c),a>b ac=c bc=c
    (a)=(c)<(b),ac ac=a ac=a
    (a)=(c)<(b),a>c ac=c ac=c
    (a)=(c)>(b),ac ab=b bc=b
    (a)=(c)>(b),a>c ab=b bc=b
    (b)=(c)<(a),bc ab=b bc=b
    (b)=(c)<(a),b>c ac=c bc=c
    (b)=(c)>(a),bc ab=a ac=a
    (b)=(c)>(a),b>c ac=a ac=a

     | Show Table
    DownLoad: CSV

    When (a)=(b)=(c), we have a(bc)=min(a,b,c)=(ab)c.

    (C) aW, a=a=a. Therefore, the identity element for is .

    In conclusion, W forms a monoid with respect to the operation .

    (3) Next, we prove that the operation distributes over . Table 5 shows that satisfies the distributive law over when (a), (b), and (c) are pairwise distinct. Table 6 shows that satisfies the distributive law over when two of (a), (b), and (c) are equal.

    Table 5.  The distributive property ((a)(b)(c)).
    Possible cases a(bc) abac
    (a)<(b)<(c) ac=a aa=a
    (a)<(c)<(b) ab=a aa=a
    (b)<(a)<(c) ac=a ba=a
    (b)<(c)<(a) ac=c bc=c
    (c)<(a)<(b) ab=a ac=a
    (c)<(b)<(a) ab=b bc=b

     | Show Table
    DownLoad: CSV
    Table 6.  The distributive property (two elements are equal in (a),(b), (c).
    Possible cases a(bc) abac
    (a)=(b)<(c),ab ac=a aa=a
    (a)=(b)<(c),a>b ac=a ba=a
    (a)=(b)>(c),ab ab=a ac=a
    (a)=(b)>(c),a>b ab=b bc=b
    (a)=(c)<(b),ac ab=a aa=a
    (a)=(c)<(b),a>c ab=a ac=a
    (a)=(c)>(b),ac ac=a ba=a
    (a)=(c)>(b),a>c ac=c bc=c
    (b)=(c)<(a),bc ab=b bc=b
    (b)=(c)<(a),b>c ab=b bc=b
    (b)=(c)>(a),bc ac=a aa=a
    (b)=(c)>(a),b>c ab=a aa=a

     | Show Table
    DownLoad: CSV

    When (a)=(b)=(c), we have

    a(bc)=min(a,max(b,c))=max(min(a,b),min(a,c))=abac.

    In conclusion, the distributive property of over holds.

    Finally, let's prove the last two conditions.

    (4) aW, and we have a0=0a=0.

    (5) 0.

    In conclusion, (W,,) forms a semiring and is also a commutative semiring.

    For convenience, we refer to it as "digital semiring". It has the following properties:

    (1) (W,) is a commutative monoid with identity element 0;

    (2) (W,) is a monoid with identity element ;

    (3) aa=a,aa=a, for all aW.

    The security of the cryptographic scheme proposed in this paper relies on the problem of solving quadratic polynomial systems over the new semiring. If this problem is NP-hard, then cryptographic schemes based on it will be resistant to quantum attacks. If we can prove that the 3-SAT problem can be polynomial-time reduced to the problem of solving quadratic polynomial systems over the new semiring, then the problem of solving quadratic polynomial systems over the new semiring is NP-hard.

    The Boolean satisfiability problem is NP complete. If all expressions are written in the form of a conjunction normal form with 3 variables per clause (3-CNF), then it is still an NP complete problem and called the 3-SAT problem. The theorem below asserts that the problem of solving quadratic polynomial systems over this semiring is usually NP hard.

    Theorem 2.4. 3-SAT problem can be polynomial-time reduced to the problem of solving quadratic polynomial systems over this semiring.

    Proof: Suppose we have a 3-CNF. We can construct a system of nonlinear equations on a digital semiring. And this system of equations has a solution if and only if there is a solution for the 3-CNF. Let the variable in the 3-CNF be ui, corresponding to two variables xi and yi, where ui=xi and ¬ui=yi.

    Suppose a clause in a 3-CNF expression: ui¬ujuk. The corresponding system of polynomial equations can be constructed as follows:

    {xiyi=0,xjyj=0,xkyk=0,xiyi=1,xjyj=1,xkyk=1,xiyjxk=1.()

    Suppose ui¬ujuk is TURE, i.e., ui=1, uj=0, or uk=1.

    (1) If ui=1, then xi=1,yi=0, and the system of equations () is satisfied;

    (2) if uj=0, then xj=0,yj=1, and the equation () is satisfied;

    (3) if uk=1, then xk=1,yk=0, and the equation () is satisfied.

    So, when ui¬ujuk is TURE, there is a solution to equation ().

    Conversely, when there is a solution to equation (), i.e., xi=1, yj=1, or xk=1.

    (1) If xi=1, then ui=1, and ui¬ujuk is TURE;

    (2) if yj=1, then ¬uj=1, and ui¬ujuk is TURE;

    (3) if xk=1, then uk=1, and ui¬ujuk is TURE.

    Thus, for each clause in the given 3-CNF, we can construct a system of quadratic polynomial equations on a digital semiring. Finally, we obtain the corresponding system of equations over the whole 3-CNF that has a solution if, and only if, the given 3-CNF expression is satisfied. Thus, the 3-CNF satisfiability problem can be effectively reduced to solving a system of quadratic polynomial equations over the digital semiring.

    Next, we define the matrix semiring for digital semiring.

    Definition 2.5. Let Mn(W) be the set of all n×n matrices over W. We can define and as follows:

    (AB)ij=aijbij,(AB)ij=nk=1(aikbkj), for all A,BMn(W).

    Then, (Mn(W),,) is also a semiring with respect to the above operation, which is called a digital matrix semiring.

    The identities under and on (Mn(W),,) are:

    O=[000000000],I=[000000], respectively. 

    Definition 2.6. [28] If a matrix A has the following form,

    A=(a1a2a3anana1a2an1an1ana1an2a2a3a4a1)

    then it is called a circulant matrix and it is denoted A=[a1,a2,,an]. It can be easily verified that if A,B are circulant, then AB=BA. For example,

    (828608635435482860866086354828)(939108351435143939108310835143939)=(828608651435143828608660865143828),
    (939108351435143939108310835143939)(828608635435482860866086354828)=(828608651435143828608660865143828).

    Alice and Bob agree to exchange keys over the digital semiring W and randomly select a matrix MMn(W) and a prime p as public keys. To obtain the shared secret, Alice and Bob perform the following steps:

    (1) Alice chooses two circulant matrices A1,A2Mn(W) as her private keys. She computes her public key U=A1MA2 and sends it to Bob;

    (2) Bob chooses two circulant matrices B1,B2Mn(W) as his private keys. He computes his public key V=B1MB2 and sends it to Alice;

    (3) Alice computes: Kab=A1VA2=A1B1MB2A2. Bob computes: Kba=B1UB2=B1A1MA2B2. By the commutability of the circulant matrix, Kab=Kba.

    (4) Alice and Bob compute the shared key:

    K=(ni=1a1i,ni=1a2i,,ni=1ani)modp,aijKab,1i,jn.

    An example with small parameter.

    Alice and Bob choose p=199 and the public matrix M,

    M=(75908263379841480305528181377194915629155497848775255781924673009070978637227193617626724513457815938659693769919699562727321244820495823705615166).

    (1) Alice chooses two circulant matrices A1,A2M5(W) and computes U;

    A1=[211034,686963,978737,940353,370520],A2=[983661,534026,194077,276808,138247],U=(2768089070979836619836615781922768089836619836619836619836612768089836619836619836619836617590826337982049575908263379276808276808983661983661578192).

    (2) Bob chooses two circulant matrices B1,B2M5(W) and computes V;

    B1=[680091,792838,334272,935627,522570],B2=[787257,284933,18528,186041,365280],V=(284933935627787257877525935627176267907097284933820495176267284933578159787257787257787257284933194915935627935627578192176267907097284933271936176267).

    (3) Alice and Bob's shared matrix is

    Kab=(276808983661983661983661983661276808983661983661983661983661276808907097935627935627578192276808935627983661983661935627276808935627983661983661935627).

    (4) Alice and Bob's shared key is

    K=(4211452,4211452,3633351,4115384,4115384)mod199=(15,15,9,64,64).

    Table 7 shows the size of the private and public key matrices under different parameters, as well as the time of key generation, where the elements of the matrix are randomly selected in [0,106] and p=199.

    Table 7.  Performance comparison under different parameters.
    n Size of private key B Size of public key (B) Key generation s
    20 49.83 996.57 0.2066
    25 62.29 1557.14 0.4029
    30 74.74 2,242.28 0.6872
    35 87.20 3051.20 1.1041
    40 99.66 3,986.28 1.6526
    45 112.11 5,045.14 2.3468
    Our tests were run on Intel Core: Intel(R) Core (TM) i5-1155G7@2.50GHz

     | Show Table
    DownLoad: CSV

    In this section, we evaluate the security of the proposed key exchange protocol.

    Definition 4.1. Let A1,A2Mn(W) be circulant matrices and MMn(W) be an arbitrary matrix. Suppose that A1MA2=U. The two-side digital circulant matrix action problem (MAP) is to find two circulant matrices A1,A2Mn(W) such that A1MA2=U, given the matrices M,U.

    Definition 4.2. Let A1,A2,B1,B2Mn(W) be circulant matrices and MMn(W) be an arbitrary matrix. Suppose that A1MA2=U and B1MB2=V. The computational two-side digital circulant matrix action problem (CMAP) is to find a matrix KabMn(W) such that A1B1MB2A2=Kab, given the matrices M,U, and V.

    Proposition 4.3. An algorithm that solves MAP can be used to solve CMAP.

    Proof. Suppose there is an algorithm A of solving MAP. Then, for M,U,V in definition 4.2, A(M,U)=(A1,A2) such that A1MA2=U.

    So, we have

    A1VA2=A1B1MB2A2=Kab.

    Proposition 4.4. Solving CMAP is equivalent to finding the matrix Kab from the public information of the protocol.

    Proof. Suppose there is an algorithm A of solving CMAP. Let the public information in the protocol be public matrix M, Alice's public key U, and Bob's public key V. Then,

    A(M,U,V)=A1B1MB2A2=Kab.

    Conversely, suppose there is an algorithm B which can compute the matrix Kab when the input is the public information in the protocol. Let the instance of CMAP be (M,U,V). Then we can take M as the public matrix, U as Alice's public key, and V as Bob's public key. So, B(M,U,V)=Kab. According to Definition 4.2, this solves the problem of CMAP.

    Proposition 4.5. MAP can be reduced to the problem of solving quadratic polynomial systems over the digital semiring.

    Proof. Suppose there is an algorithm A which can solve the systems of quadratic polynomial equations over this semiring. That is,

    A((f1,b1),(f2,b2),(fm,bm))=(a1,,an),

    where fi=fi(x1,,xn) is a quadratic polynomial over this semiring and aiW such that

    {f1(a1,a2,,an)=b1,f2(a1,a2,,an)=b2,fm(a1,a2,,an)=bm.

    Suppose that we are given U,MMn(W), where U=A1MA2 for some A1,A2Mn(W). Then we can find A1,A2 by the algorithm A. Let

    A1=(x1x2x3xnxnx1x2xn1xn1xnx1xn2x2x3x4x1),

    and

    A2=(y1y2y3ynyny1y2yn1yn1yny1yn2y2y3y4y1).

    By U=A1MA2, we can obtain a system of quadratic polynomial equations with 2n unknowns x1,,xn,y1,,yn and n2 equations as follows,

    {g1(x1,,xn,y1,,yn)=d1,g2(x1,,xn,y1,,yn)=d2,gn2(x1,,xn,y1,,yn)=dn2.

    Now, we can compute its solution by the algorithm A since g1,,gn2 are the quadratic polynomial equations over the semiring.

    Proposition 4.6. The computational complexity of solving the CMAP by enumeration is O((n2+1)tn2), where n is the order of the matrix and t is the number of distinct elements in U,V,M.

    Proof. Kab is completely dependent on the matrices U,V, and M, that is, Kab is a certain combination of different elements in U,V, and M. If we solve CMAP through an exhaustive attack, we need to enumerate all possible scenarios, which requires O(tn2) operations, where t is the number of different elements in U,V, and M, and n is the order of the matrix. After each operation, we need to determine whether the possible value is equal to Kab, each determination requires O(n2) operations, and verifying all possible values requires O(n2ttn2) operations. Therefore, in the worst case, where all combinations need to be verified, O((n2+1)tn2) operations are required. Therefore, the computational complexity of solving CMAP through exhaustive search is O((n2+1)tn2).

    In summary, it is infeasible for an attacker to obtain the shared secret key using exhaustive search methods. The attacker's only option is to acquire the shared matrix Kab by solving the MAP or CMAP. However, the currently known methods for solving MAP involve addressing quadratic polynomial systems over the digital semiring. Theorem 2.4 demonstrates that solving such systems of equations is typically NP-hard.

    In the appendix, we explain why the key exchange protocol based on the digital semiring is resistant to Kotov-Ushakov(KU) attacks.

    This paper introduces a novel semiring structure called the digital semiring and proposes a new key exchange protocol based on it. The shared matrix Kab in this protocol is entirely dependent on the matrices U, V, and M, but this does not compromise the security of the protocol. Solving Kab through U, V, and M is equivalent to solving the CMAP. Proposition 4.6 states that the computational complexity of CMAP is O((n2+1)tn2). Current methods for solving CMAP involve addressing quadratic polynomial systems over the digital semiring. Theorem 2.4 demonstrates that solving such systems is an NP-hard problem. Additionally, the traditional KU attack cannot be applied within the digital semiring.

    This work highlights the application value of the digital semiring in cryptography. This semiring possesses many intriguing properties that are yet to be discovered, presenting ample opportunities for future research. We recommend further exploration of the structure and properties of the digital semiring to uncover its full potential in cryptography and related fields.

    The key exchange protocol proposed in this study offers a new primitive for post-quantum cryptography. This not only enriches the theoretical framework of cryptography but also provides new methods for constructing secure encryption systems. Future work could include the following directions:

    (1) In-depth analysis of the algebraic properties of the digital semiring: Investigate its behavior under different operations to identify possible optimizations and enhancements.

    (2) Expanding the application scope of the digital semiring: Explore its potential use in other cryptographic problems, such as signature algorithms and zero-knowledge proofs.

    (3) Improving efficiency and security of the protocol: Enhance the performance and resistance to attacks by refining algorithms and incorporating new mathematical tools.

    (4) Experimental validation and practical implementation: Test the protocol's performance and security in real-world applications to facilitate its practical adoption.

    In conclusion, the digital semiring offers new perspectives and tools for cryptographic research, and we anticipate that future studies will further explore its potential, contributing new insights and advancements to the field of cryptography.

    Huawei Huang: Methodology, supervision, writing-review & editing; Xin Jiang: writing-original draft, software, validation; Changwen Peng: Writing-review & editing, investigation; Geyang Pan: Software, validation. All authors have read and approved the final version of the manuscript for publication.

    The authors declare they have not used Artificial Intelligence (AI) tools in the creation of this article.

    This work is supported by the Science and Technology Foundation of Guizhou Province (QIANKEHEJICHU-ZK [2021] Ordinary313), the National Key Research and Development Program of China (No.2022YFB2701401), the National Natural Science Foundation of China (No. 62272124, 61462016, U1836205).

    The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

    The tropical semiring (a1b=min(a,b),a1b=a+b) has higher computational efficiency, which has attracted many cryptologists' research in recent years. However, there are also many attacks. In particular, the KU attack has a significant impact on two-side tropical matrix action. Next, we will describe the KU attack and explain how our scheme can resist this attack.

    KU attack [14]:

    Assuming matrices A,B, and U(=p1(A)1p2(B)) are known, find X and Y such that U=X1Y.

    (1) suppose X=Di=0xi1Ai,Y=Dj=0yj1Bj;

    (2)

    U=X1Y=D1i=0,j=0(xi1yj)1Ai1Bj=D1i=0,j=0(xi1yj)1Vij

    where Vij=Ai1Bj;

    (3) From the properties of tropical semiring operations, we can obtain:

    mini,j(xi+yj+Tijkl)=0,Tijkl=VijklUk,

    where Tij=Ai1BjU;

    (4) Compute mij=mini,j(Tijrs),Pij={(r,s)Tijrs=mij};

    (5) Among all minimal covers of Cartesian product [1,2,,n]×[1,2,,n] by Pij, that is, all minimal subsets τ[0,1,,D]×[0,1,,D] such that

    (i,j)τPij=[1,2,,n]×[1,2,,n]

    find a cover for which the system {xi+yj=mij,(i,j)τxi+yjmij,(i,j)τ is solvable.

    We can find that from step (2) to step (3):

    U=D1i=0,j=0xi1yj1Vij0=D1i=0,j=0(xi1yj)1VijUmini,j(xi+yj+Tijkl)=0,Tijkl=VijklUkl()

    Now, regarding the new semiring in this article, we analyze whether similar methods are feasible. Since any circulant matrix can be linearly represented by a basic circulant matrix, that is,

    A=a0Ia1Pa2P2an1Pn1,

    where

    P=[000000000],

    0 is the additive identity element, and is the multiplicative identity element.

    In our protocol,

    (a) let A1=n1i=0aiPi,A2=n1j=0bjPj, such that U=A1MA2;

    (b) U=A1MA2=n1i=0,j=0(aibj)PiMPj=n1i=0,j=0(aibj)Vij where Vij=PiMPj.

    However, due to the difference of operation between digital semiring and tropical semirings, the implication relationship similar to () cannot be established on the digital semiring. Therefore, our protocol can resist the KU attack.



    [1] H. S. Vandiver, Note on a simple type of algebra in which the cancellation 1 aw of addition does not hold, Bull. Amer. Math. Soc., 40 (1934), 914–920. https://doi.org/10.1090/S0002-9904-1934-06003-8 doi: 10.1090/S0002-9904-1934-06003-8
    [2] A. Yamamura, A functional cryptosystem using a group action, In: Information Security and Privacy, Berlin: Springer, 1999. https://doi.org/10.1007/3-540-48970-3_26
    [3] A. Yamamura, Public-key cryptosystems using the modular group, In: Public Key Cryptography, Berlin: Springer, 1998. https://doi.org/10.1007/BFb0054026
    [4] R. Steinwandt, Loopholes in two public key cryptosystems using the modular group, In: Public Key Cryptography, Berlin: Springer, 2001. https://doi.org/10.1007/3-540-44586-2_14
    [5] D. Kahrobaei, C. Koupparis, V. Shpilrain, Public key exchange using matrices over group rings, Groups Complex. Crypt., 5 (2013), 97–115. https://doi.org/10.1515/gcc-2013-0007 doi: 10.1515/gcc-2013-0007
    [6] M. Eftekhari, Cryptanalysis of some protocols using matrices over group rings, In: Progress in Cryptology-AFRICACRYPT 2017, Cham: Springer, 2017. https://doi.org/10.1007/978-3-319-57339-7_13
    [7] I. Anshel, M. Anshel, D. Goldfeld, An algebraic method for public-key cryptography, Math. Res. Lett., 6 (1999), 287–291, https://doi.org/10.4310/MRL.1999.v6.n3.a3 doi: 10.4310/MRL.1999.v6.n3.a3
    [8] K. H. Ko, S. J. Lee, J. H. Cheon, J. W. Han, J. S. Kang, C. Park, New public-key cryptosystem using Braid groups, In: Advances in Cryptology-CRYPTO 2000, Berlin: Springer, 2000. https://doi.org/10.1007/3-540-44598-6_10
    [9] I. Anshel, M. Anshel, B. Fisher, D. Goldfeld, New key agreement protocols in Braid group cryptography, In: Topics in Cryptology-CT-RSA 2001, Berlin: Springer, 2001. https://doi.org/10.1007/3-540-45353-9_2
    [10] D. Hofheinz, R. Steinwandt, A practical attack on some braid group based cryptographic primitives, In: Public Key Cryptography-PKC 2003, Berlin: Springer, 2003. https://doi.org/10.1007/3-540-36288-6_14
    [11] D. Sypeyer, B. Sturmfels, Tropical mathematics, Math. Mag., 82 (2009), 163–173, https://doi.org/10.1080/0025570X.2009.11953615
    [12] D. Grigoriev, V. Shpilrain, Tropical cryptography, Commun. Algebra, 42 (2014), 2624–2632. https://doi.org/10.1080/00927872.2013.766827
    [13] D. Grigoriev, V. Shpilrain, Tropical cryptography II: Extensions by homomorphisms, Commun. Algebra, 47 (2019), 4224–4229. https://doi.org/10.1080/00927872.2019.1581213 doi: 10.1080/00927872.2019.1581213
    [14] M. Kotov, A. Ushakov, Analysis of a key exchange protocol based on tropical matrix algebra, J. Math. Cryptol., 12 (2018), 137–141. https://doi.org/10.1515/jmc-2016-0064 doi: 10.1515/jmc-2016-0064
    [15] D. Rudy, C. Monico, Remarks on a tropical key exchange system, J. Math. Cryptol., 15 (2021), 280–283. https://doi.org/10.1515/jmc-2019-0061 doi: 10.1515/jmc-2019-0061
    [16] S. Isaac, D. Kahrobaei, A closer look at the tropical cryptography, Int. J. Comput. Math. Co., 6 (2021), 137–142. https://doi.org/10.1080/23799927.2020.1862303 doi: 10.1080/23799927.2020.1862303
    [17] A. Muanalifah, S. Sergeev, Modifying the tropical version of Stickel's key exchange protocol, Appl. Math., 65 (2022), 727–753. https://doi.org/10.21136/AM.2020.0325-19 doi: 10.21136/AM.2020.0325-19
    [18] O. Regev, On lattices, learning with errors, random linear codes, and cryptography, J. ACM, 56 (2009), 1–40. https://doi.org/10.1145/1568318.1568324
    [19] R. J. McEliece, A public-key cryptosystem based on algebraic coding theory, Deep Space Netw. Progr. Rep., 44 (1978), 114–116.
    [20] J. Patarin, Hidden fields equations (HFE) and isomorphisms of polynomials (IP): Two new families of asymmetric algorithms, In: Advances in Cryptology-EUROCRYPT'96, Berlin: Springer, 1996. https://doi.org/10.1007/3-540-68339-9_4
    [21] D. I. Nassr, M. Anwar, H. M. Bahig, New public key cryptosystem (First version), Cryptology ePrint Archive, 2021.
    [22] D. S. Johnson, M. R. Garey, Computers and intractability: A guide to the theory of NP-completeness, WH Freeman, 1979.
    [23] S. A. Cook, The complexity of theorem-proving procedures, In: Logic, Automata, and Computational Complexity: The Works of Stephen A. Cook, 1971,151–158.
    [24] H. Huang, C. Li, Tropical cryptography based on multiple exponentiation problem of matrices, Secur. Commun. Netw., 2022 (2022), 1024161. https://doi.org/10.1155/2022/1024161 doi: 10.1155/2022/1024161
    [25] H. Huang, C. Li, L. Deng, Public-key cryptography based on tropical circular matrices, Appl. Sci., 12 (2022), 7401. https://doi.org/10.3390/app12157401 doi: 10.3390/app12157401
    [26] V. Thiruveni, Elgamal encryption using regular semiring, 2018.
    [27] S. Nivetha, M. Chandramouleeswaran, Action of a semiring to encrypt asymmetric key elgamal, J. New Front. Math. Stat., 2 (2021), 1–10.
    [28] G. Robert, Toeplitz and circulant matrices: A review, Found. Trends Commun., 2 (2006), 155–239. https://doi.org/10.1561/0100000006 doi: 10.1561/0100000006
  • This article has been cited by:

    1. Mariana Durcheva, Cryptography Based on (Idempotent) Semirings: Abandoning Tropicality?, 2025, 5, 2673-8392, 26, 10.3390/encyclopedia5010026
  • Reader Comments
  • © 2024 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)
通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

Metrics

Article views(1083) PDF downloads(63) Cited by(1)

Figures and Tables

Tables(7)

Other Articles By Authors

/

DownLoad:  Full-Size Img  PowerPoint
Return
Return

Catalog