Cayley–Purser algorithm: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 15:01, 16 July 2019 edit 193.104.159.11 (talk) →Security: fixed typo Tags: Mobile edit Mobile web edit ← Previous edit		Latest revision as of 08:53, 19 October 2022 edit undo 157.35.71.50 (talk) commutative property, not some inverse thing
(5 intermediate revisions by 4 users not shown)
Line 1: {{Short description\|1999 public-key cryptography algorithm}} {{One source\|date=October 2019}} The '''Cayley–Purser algorithm''' was a [[public-key cryptography]] [[algorithm]] published in early 1999 by 16-year-old [[Ireland\|Irishwoman]] [[Sarah Flannery]], based on an unpublished work by [[Michael Purser]], founder of [[Baltimore Technologies]], a [[Dublin]] data security company. Flannery named it for [[mathematician]] [[Arthur Cayley]]. It has since been found to be flawed as a public-key algorithm, but was the subject of considerable media attention. == History == During a work-experience placement with [[Baltimore Technologies]], Flannery was shown an unpublished paper by [[Michael Purser]] which outlined a new [[public-key]] cryptographic scheme using [[non-commutative]] multiplication. She was asked to write an implementation of this scheme in [[Mathematica]]. Before this placement, Flannery had attended the 1998 [[Young Scientist and Technology Exhibition\|ESAT Young Scientist and Technology Exhibition]] with a project describing already existing cryptographic techniques from the [[Caesar cipher]] to [[RSA (algorithm)\|RSA]]. This had won her the Intel Student Award which included the opportunity to compete in the 1998 [[Intel International Science and Engineering Fair]] in the United States. Feeling that she needed some original work to add to her exhibition project, Flannery asked Michael Purser for permission to include work based on his cryptographic scheme. On advice from her mathematician father, Flannery decided to use [[Matrix (mathematics)\|matrices]] to implement Purser's scheme as [[matrix multiplication]] has the necessary property of being non-commutative. As the resulting algorithm would depend on multiplication it would be a great deal faster than the [[RSA ~~(algorithm)\|RSA]]~~ algorithm which uses an [[exponent]]ial step. For her Intel Science Fair project Flannery prepared a demonstration where the same plaintext was enciphered using both RSA and her new Cayley–Purser algorithm and it did indeed show a significant time improvement. Returning to the ESAT Young Scientist and Technology Exhibition in 1999, Flannery formalised Cayley-Purser's runtime and analyzed a variety of known attacks, none of which were determined to be effective. Line 21 ⟶ 23: === Key generation === Like [[RSA ~~(algorithm)\|RSA]]~~, Cayley-Purser begins by generating two large primes ''p'' and ''q'' and their product ''n'', a [[semiprime]]. Next, consider [[general linear group\|GL]](2,''n''), the [[general linear group]] of ~~2×2~~2×2 matrices with integer elements and [[modular arithmetic]] mod ''n''. For example, if ''n''=5, we could write: :<math>~~\left[~~\begin{~~matrix~~bmatrix}0 & 1 \\ 2 & 3\end{~~matrix~~bmatrix}~~\right]~~ + ~~\left[~~\begin{~~matrix~~bmatrix}1 & 2 \\ 3 & 4\end{~~matrix~~bmatrix}~~\right]~~ = ~~\left[~~\begin{~~matrix~~bmatrix}1 & 3 \\ 5 & 7\end{~~matrix~~bmatrix}~~\right]~~ =\equiv ~~\left[~~\begin{~~matrix~~bmatrix}1 & 3 \\ 0 & 2\end{~~matrix~~bmatrix}~~\right]~~</math> :<math>~~\left[~~\begin{~~matrix~~bmatrix}0 & 1 \\ 2 & 3 \end{~~matrix~~bmatrix}~~\right]\left[~~ \begin{~~matrix~~bmatrix}1 & 2 \\ 3 & 4\end{~~matrix~~bmatrix}~~\right]~~ = ~~\left[~~\begin{~~matrix~~bmatrix}3 & 4 \\ 11 & 16\end{~~matrix~~bmatrix}~~\right]~~ =\equiv ~~\left[~~\begin{~~matrix~~bmatrix}3 & 4 \\ 1 & 1\end{~~matrix~~bmatrix}~~\right]~~</math> This group is chosen because it has large order (for large semiprime ''n''), equal to (''p''<sup>2</sup>-1−1)(''p''<sup>2</sup>-−''p'')(''q''<sup>2</sup>-1−1)(''q''<sup>2</sup>-−''q''). Let <math>\chi</math> and <math>\alpha</math> be two such matrices from GL(2,''n'') chosen such that <math>\chi\alpha~~^{-1}~~ \not= \alpha\chi</math>. Choose some natural number ''r'' and compute: :<math>\beta = \chi^{-1}\alpha^{-1}\chi,</math> Line 73 ⟶ 75: :<math>x\left(\beta_{ij}^{-1} - \alpha_{ij}\right) \equiv y \pmod n.</math> If <math>d</math> is known, <math>d \mathrm{I} + \gamma = \chi'</math> ~~—~~— a multiple of <math>\chi</math>. Any multiple of <math>\chi</math> yields <math>\lambda = \kappa^{-1} = v^{-1}\chi^{-1} \epsilon v\chi</math>. This presents a fatal weakness for the system, which has not yet been reconciled. This flaw does not preclude the algorithm's use as a mixed private-key/public-key algorithm, if the sender transmits <math>\epsilon</math> secretly, but this approach presents no advantage over the common approach of transmitting a [[symmetric encryption]] key using a public-key encryption scheme and then switching to symmetric encryption, which is faster than Cayley-Purser. ==See also== * [[Non-commutative cryptography]] == References == Line 87 ⟶ 89: {{DEFAULTSORT:Cayley-Purser algorithm}} [[Category:Public-key encryption schemes]] [[Category:Broken cryptography algorithms]]