## A Cryptosystem Based on the Symmetric Group Sn

### BibTeX

@MISC{Doliskani_acryptosystem,

author = {Javad N. Doliskani and Ehsan Malekian and Ali Zakerolhosseini},

title = {A Cryptosystem Based on the Symmetric Group Sn},

year = {}

}

### OpenURL

### Abstract

This paper proposes a public key cryptosystem based on the symmetric group Sn, and validates its theoretical foundation. The proposed system benefits from the algebraic properties of Sn such as non commutative, high computational speed and high flexibility in selecting keys which make the Discrete Logarithm Problem (DLP) resistant to attacks by algorithms such as Pohlig-Hellman. Against these properties, the only disadvantage of the scheme is its relative large memory and bandwidth requirements. Due to the similarities in the algebraic structures, many other cryptosystems can be translated to their symmetric group analogs, and the proposed cryptosystem is in fact the Generalized El-Gamal cryptosystem which is based on Sn instead of GF(p). Key words:

### Citations

8530 |
Introduction to algorithms
- Cormen, Leiserson, et al.
- 2001
(Show Context)
Citation Context ...s. A faster algorithm is the baby-step giant-step algorithm [4] having a running time and memory requirement of O(Ön). Therefore it is a timememory trade-off of the brute-force search method [3]. See =-=[5]-=- for appropriate data structure fort the implementation of this algorithm. Another algorithm is Pollard's r-algorithm [6]. The expected running time of this algorithm is equal to the baby-step giant-s... |

2912 | L.: A method for obtaining digital signatures and public-key cryptosystems
- Rivest, Shamir, et al.
- 1978
(Show Context)
Citation Context ...yptosystem was developed by Chor and Rivest [24], which was broken by Vaudenay [26] at 1998. Two public key cryptosystems with their security based on intractability of integer factorization, are RSA =-=[27]-=- and Rabin public key encryption [28]. It has been proven that breaking the Rabin public key encryption is as difficult as integer factorization, but no such equivalence for the RSA has been proven. T... |

2714 | New directions in cryptography, in
- Diffie, Hellman
(Show Context)
Citation Context ...ission were symmetric key systems. In symmetric key cryptography, any two users who require communicating a message must have a same key to cipher or decipher the message. In 1976, Diffie and Hellman =-=[14]-=- invented a keyexchange system that was entirely a new type of cryptography. The system called the public-key was based on exponentiation in the finite fields. In Diffie-Hellman key exchange, a finite... |

2467 | S.: Handbook of Applied Cryptography
- Menezes, Oorschot, et al.
- 1996
(Show Context)
Citation Context ...tiplication in Sn which is the composition of mappings can be implemented by just n assignments. · There are many optimized methods for exponentiation, such as Right to left, k-Ary and Sliding Window =-=[18]-=- , which can be used for any multiplicative group (commutative/ non-commutative). Therefore, they can also be used in symmetric group Sn. · The generator q in the above scheme can be generated in a ve... |

1113 |
A public key cryptosystem and a signature scheme based on discrete logarithms
- ElGamal
- 1985
(Show Context)
Citation Context ... partial results about the equivalence of these problems are presented in [15] and [16]. A public-key cryptosystem that is essentially a variant of Diffie-Hellman scheme was introduced by T. El-Gamal =-=[17]-=-. The algorithm performs as follows: Suppose GF(q) is known by public. User "A" selects a generator g ÎGF(q), and an integer a. It then publishes (g, g a ) as the public-key and keeps a secret. User "... |

695 |
Elliptic curve cryptosystems
- Koblitz
- 1987
(Show Context)
Citation Context ...cks on the RSA encryption and signatures are presented in [30]. Another important public key cryptosystem is Elliptic Curve Cryptosystem (ECC). The first elliptic curve scheme was proposed by Koblitz =-=[33]-=- and Miller [34] independently. The elliptic curve systems are based on a group of points on an elliptic curve which are defined over a finite field. Systems such as Diffie-Hellman key exchange or El-... |

529 |
Uses of elliptic curves in cryptography
- Miller
- 1986
(Show Context)
Citation Context ...ncryption and signatures are presented in [30]. Another important public key cryptosystem is Elliptic Curve Cryptosystem (ECC). The first elliptic curve scheme was proposed by Koblitz [33] and Miller =-=[34]-=- independently. The elliptic curve systems are based on a group of points on an elliptic curve which are defined over a finite field. Systems such as Diffie-Hellman key exchange or El-Gamal can be eas... |

302 | An improved algorithm for computing logarithms over GF(p) and its cryptographic significance
- Pohlig, Hellman
(Show Context)
Citation Context ...he basis of smooth numbers. If l≥0 is a real number, and a a positive integer, then a is a l-smooth number if for every prime p|a , p≤ l. The Pohlig-Hellman algorithm introduced by Pohlig and Hellman =-=[8]-=-, is an algorithm that takes advantage of the factorization of order n of the group G. Let; l 1 l 2 l k 1 2 k i 227 n = p p K p l > 0, i = 1, K , k be the prime factorization of n. The execution time ... |

289 |
Digitalized signatures and public-key functions as intractable as factorization,” Research Report
- Rabin
- 1979
(Show Context)
Citation Context ...Rivest [24], which was broken by Vaudenay [26] at 1998. Two public key cryptosystems with their security based on intractability of integer factorization, are RSA [27] and Rabin public key encryption =-=[28]-=-. It has been proven that breaking the Rabin public key encryption is as difficult as integer factorization, but no such equivalence for the RSA has been proven. The overview of major attacks on the R... |

230 |
Monte Carlo methods for index computation (mod p
- Pollard
- 1978
(Show Context)
Citation Context ...erefore it is a timememory trade-off of the brute-force search method [3]. See [5] for appropriate data structure fort the implementation of this algorithm. Another algorithm is Pollard's r-algorithm =-=[6]-=-. The expected running time of this algorithm is equal to the baby-step giant-step method, but its memory requirement is negligible. The Pollard's algorithm uses a heuristic function. Oorschot and Wie... |

201 |
A subexponential algorithm for discrete logarithms over all finite fields
- Adleman, DeMarrais
- 1993
(Show Context)
Citation Context ...ke logarithms of both sides of Eq. (1) and obtain: | B| log b = å y log p - i y 0 p Î B (4) a k a k k k k =1 The index-calculus algorithm was also suggested independently by Pollard [6] and Adelman =-=[10]-=-. This algorithm is adopted specially for multiplicative group of finite field GF(p n ), which p is a prime. Due to the heuristic nature of this algorithm, the execution time is often computed asympto... |

147 | Hiding informations and signatures in trapdoor knapsacks
- Merkle, Hellman
- 1978
(Show Context)
Citation Context ...". User "A" who knows a, recovers m by computing m.g ak .(g k ) -a =m.g ak .g -ak . A public-key system that is based on knapsack problem or subset sum problem has been invented by Merkle and Hellman =-=[20]-=-. The problem is as follows: Given a set of positive integers {m1, m2, …, mn} and an integer w, find a n n-bit integer N=(bnbn-1...b1)2 , such that b m = w . å i=1 i i Generally in this public-key sys... |

146 | Parallel Collision Search with Cryptanalytic Applications
- Oorschot, Wiener
- 1999
(Show Context)
Citation Context ...xpected running time of this algorithm is equal to the baby-step giant-step method, but its memory requirement is negligible. The Pollard's algorithm uses a heuristic function. Oorschot and Wiener in =-=[7]-=- have indicated if t processors are employed, then the Pollard's r-method can be parallelized so the expected number of steps required by each processor for the calculation of the discrete logarithm b... |

130 |
Abstract Algebra
- Herstein
- 1986
(Show Context)
Citation Context ...s, and every kÎHn , qi(k) k implies qj(k)=k for all ji. It is apparent that if cycles s1 , s2 Î Sn are disjoint, then s1.s2=s2.s1. The proof of the following theorems and corollaries are stated in =-=[1]-=- and [2]. Theorem 2.1. Every nonidentity permutation q of Sn can be uniquely expressed as the product of disjoint cycles of a length of at least 2. Corollary 2.2. Let s Î Sn be the product of disjoint... |

130 |
A Cryptanalytic Time – Memory trade-Off
- Hellman
- 1980
(Show Context)
Citation Context ... large n's. A faster algorithm is the baby-step giant-step algorithm [4] having a running time and memory requirement of O(Ön). Therefore it is a timememory trade-off of the brute-force search method =-=[3]-=-. See [5] for appropriate data structure fort the implementation of this algorithm. Another algorithm is Pollard's r-algorithm [6]. The expected running time of this algorithm is equal to the baby-ste... |

89 |
Fast evaluation of logarithms in fields of characteristic two
- Coppersmith
- 1984
(Show Context)
Citation Context ... al. [12] made some improvements to index-calculus algorithm in F * , although they do not improve the n 2 execution time asymptotically. The algorithm was substantially improved later by Coppersmith =-=[13]-=-. He estimated the expected execution time of the improved algorithm is 1 L [ ; ] 2 n c for some c<1.587. In general, the 3 Coppersmith algorithm can also be used for GF(p n ) with asymptotic running ... |

74 |
Algorithms for black-box fields and their application to cryptography (extended abstract
- Boneh, Lipton
- 1996
(Show Context)
Citation Context ...e difficulty of this problem is equivalent to computing the discrete logarithms, even though it remains unproven. The partial results about the equivalence of these problems are presented in [15] and =-=[16]-=-. A public-key cryptosystem that is essentially a variant of Diffie-Hellman scheme was introduced by T. El-Gamal [17]. The algorithm performs as follows: Suppose GF(q) is known by public. User "A" sel... |

63 |
A Polynomial Time Algorithm for Breaking the Basic Merkle-Hellman Cryptosystem
- Shamir
- 1984
(Show Context)
Citation Context ...al knapsack problem which is difficult to solve. The later knapsack set can serve as a public key. The general knapsack problem is NP-hard. However, its generality has later been contradicted. Shamir =-=[22]-=- presented an algorithm for the knapsack problem that is polynomial in n. In 1988, another type of knapsack cryptosystem was developed by Chor and Rivest [24], which was broken by Vaudenay [26] at 199... |

50 |
Class number, a theory of factorization, and genera
- Shanks
- 1969
(Show Context)
Citation Context ... is obtained. This algorithm will clearly finds x. However, since it requires O(n) group of operations, it would be inefficient for large n's. A faster algorithm is the baby-step giant-step algorithm =-=[4]-=- having a running time and memory requirement of O(Ön). Therefore it is a timememory trade-off of the brute-force search method [3]. See [5] for appropriate data structure fort the implementation of t... |

45 |
Advanced modern algebra
- Rotman
(Show Context)
Citation Context ...very kÎHn , qi(k) k implies qj(k)=k for all ji. It is apparent that if cycles s1 , s2 Î Sn are disjoint, then s1.s2=s2.s1. The proof of the following theorems and corollaries are stated in [1] and =-=[2]-=-. Theorem 2.1. Every nonidentity permutation q of Sn can be uniquely expressed as the product of disjoint cycles of a length of at least 2. Corollary 2.2. Let s Î Sn be the product of disjoint cycles ... |

40 | A knapsack-type public key cryptosystem based on arithmetic in finite fields
- Chor, Rivest
- 1988
(Show Context)
Citation Context ...ality has later been contradicted. Shamir [22] presented an algorithm for the knapsack problem that is polynomial in n. In 1988, another type of knapsack cryptosystem was developed by Chor and Rivest =-=[24]-=-, which was broken by Vaudenay [26] at 1998. Two public key cryptosystems with their security based on intractability of integer factorization, are RSA [27] and Rabin public key encryption [28]. It ha... |

23 |
The discrete logarithm problem, Cryptology and Computational
- McCurley
- 1990
(Show Context)
Citation Context ...ing power, electrical power and message sizes. 1.2 The Discrete Logarithm Problem (DLP) The security of many modern cryptosystems depends on the intractability of the Discrete Logarithm Problem (DLP) =-=[9]-=-). Let G denotes a cyclic group of order n and g ÎG be a generator of G with γ ÎG. The discrete logarithm of γ to the base g that denotes by loggγ, is an integer 0 ≤ x < n, such that γ =g x . The disc... |

20 | Cryptanalysis of the chor-rivest cryptosystem
- Vaudenay
- 1998
(Show Context)
Citation Context ...Shamir [22] presented an algorithm for the knapsack problem that is polynomial in n. In 1988, another type of knapsack cryptosystem was developed by Chor and Rivest [24], which was broken by Vaudenay =-=[26]-=- at 1998. Two public key cryptosystems with their security based on intractability of integer factorization, are RSA [27] and Rabin public key encryption [28]. It has been proven that breaking the Rab... |

19 |
Computing logarithms in finite fields of characteristic two
- Blake, Fuji-Hara, et al.
- 1984
(Show Context)
Citation Context ...index-calculus algorithm fors228 IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.2, February 2008 extension fields F * with p fixed, is given by [11]. Blake et p n al. =-=[12]-=- made some improvements to index-calculus algorithm in F * , although they do not improve the n 2 execution time asymptotically. The algorithm was substantially improved later by Coppersmith [13]. He ... |

19 | The Xedni calculus and the elliptic curve discrete logarithm problem. Des
- Silverman
- 1999
(Show Context)
Citation Context ...te logarithm problem has been unsuccessful is, elliptic curves over a finite field [31]. An extension of index-calculus method for ECDL (Elliptic Curve Discrete Logarithm), was introduced by Silverman=-=[32]-=-. This algorithm was analyzed in [21] and shown to be inefficient. In general, no attack more efficient than Pollard's r-method is known for ECDL [6]. 2 A Novel Step: DLP in Symmetric Group n S By def... |

7 |
A polynomial form for logarithms modulo a prime
- Wells
- 1985
(Show Context)
Citation Context ...a x =b. Consider the field GF(p) where p is a prime. Assuming a ÎGF(p) is a generator for this field, then for any 1 ≤ b ≤ p-1 , an explicit form for the discrete logarithm function exists as follows =-=[19]-=-: p-2 (1 i -1 ) i (mod p) log b º -a b a å i=1 However, this formula is computationally intensive and practically useless. The simplest algorithm, the brute-force search is to successively compute 1, ... |

6 |
Realization and application of the Massey-Omura lock
- Wah, Wang
- 1984
(Show Context)
Citation Context ... described by illustrating the symmetric group analog of the Generalized El-Gamal system [17]. However it is perfectly practical to also describe other systems such as Diffie-Hellman and Massey-Omura =-=[25]-=- based on our proposed cryptosystem. Suppose user "A" requires sending a message m to user "B". The process of key selection, encryption and decryption in the proposed cryptosystem is as follows: Key ... |

6 |
Teaching combinatorial tricks to a computer,” in Proc. Sympos
- Lehmer
- 1960
(Show Context)
Citation Context ...onal Journal of Computer Science and Network Security, VOL.8 No.2, February 2008 3 Integer Representation of n S There have been several attempts to introduce an effective permutations representation =-=[29]-=-. In this section, a bijection between integers and elements of symmetric groups is introduced which enables to represent the elements of symmetric groups by integers, and vice versa. Fig. 1: Vertical... |

5 |
Fast computation of discrete logarithms in GF(q
- Hellman, Reyneri
(Show Context)
Citation Context ...irst description of an index-calculus algorithm fors228 IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.2, February 2008 extension fields F * with p fixed, is given by =-=[11]-=-. Blake et p n al. [12] made some improvements to index-calculus algorithm in F * , although they do not improve the n 2 execution time asymptotically. The algorithm was substantially improved later b... |

3 |
Secure use
- Kaliski, Robshaw
- 1995
(Show Context)
Citation Context ...ublic key encryption is as difficult as integer factorization, but no such equivalence for the RSA has been proven. The overview of major attacks on the RSA encryption and signatures are presented in =-=[30]-=-. Another important public key cryptosystem is Elliptic Curve Cryptosystem (ECC). The first elliptic curve scheme was proposed by Koblitz [33] and Miller [34] independently. The elliptic curve systems... |

1 |
The relationship between breaking the Diffe-Hellman protocol and computing discrete logarithms
- Maurer, Wolf
(Show Context)
Citation Context ...oblem. The difficulty of this problem is equivalent to computing the discrete logarithms, even though it remains unproven. The partial results about the equivalence of these problems are presented in =-=[15]-=- and [16]. A public-key cryptosystem that is essentially a variant of Diffie-Hellman scheme was introduced by T. El-Gamal [17]. The algorithm performs as follows: Suppose GF(q) is known by public. Use... |

1 |
A permutation representation that knows what "Eulerian
- Mantaci, Rakotondrajao
(Show Context)
Citation Context ...)…f(1). For example, f=201 is a subexceedant function over I3 in which f(3)=2, f(2)=0 and f(1)=1. It is apparent that |Fn | =(n+1)!. In the following, a bijection between Fn and Sn+1, originated from =-=[23]-=-, will be introduced. Lemma 3.5. Let y : F n a S be a map associated with n+ 1 the subexceedant function f. The permutation qf defined as the product of transpositions by: qf=(1 f(1))(2 f(2))…(n f(n))... |

1 |
Lifting IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.2, February 2008 elliptic curves and solving the elliptic curve discrete logarithm problem
- Huang, Kueh, et al.
- 2000
(Show Context)
Citation Context ...a variety of discrete logarithm problems. However, an important case where the index-calculus for treating the discrete logarithm problem has been unsuccessful is, elliptic curves over a finite field =-=[31]-=-. An extension of index-calculus method for ECDL (Elliptic Curve Discrete Logarithm), was introduced by Silverman[32]. This algorithm was analyzed in [21] and shown to be inefficient. In general, no a... |