A Vector Space Approach to Generate Dynamic Keys for Hill Cipher
aa r X i v : . [ c s . CR ] S e p A VECTOR SPACE APPROACH TO GENERATE DYNAMIC KEYSFOR HILL CIPHER
Sunil Kumar , Sandeep Kumar , Gaurav Mittal , and Shiv Narain DRDO, India Department of Mathematics, Indian Institute of Technology Roorkee, Roorkee, India Department of Mathematics, Arya P. G. College, Panipat, Indiaemails: sunil [email protected], [email protected]@iitr.ac.in, [email protected]
Abstract.
In this paper, a variant of the Hill cipher is proposed. In the classicalHill cipher, an invertible matrix is used for encryption but the scheme is vulnerable tothe known-plaintext attack which can reveal the matrix. In our proposed cryptosystem,each plaintext block is encrypted by a new invertible key matrix that thwarts the known-plaintext attack. To generate the invertible matrices which serve as the dynamic keyswe make use of the vector spaces, randomly generated basis and non-singular lineartransformation. Resulting cipher is secure against the known-plaintext attack.
Keywords:
Hill cipher, Vector space, Basis
Mathematics Subject Classification(MSC) (2010) : 11T71, 94A601.
Introduction
There has been the requirement of secure communication since thousands of years whichled the way for the invention of cryptography. Cryptography enables two persons let’ssay Alice and Bob to communicate securely in the presence of an adversary and thiscan be done using the symmetric key or asymmetric key or both type of cryptography[8]. In this paper, we restrict ourselves to symmetric key cryptography (in particularHill cipher) which involves prior sharing of a secret key between Alice and Bob. Hillcipher is one of the oldest known polyalphabetic cipher invented by Lester Hill [5] but isvulnerable to many attacks (e.g. known plaintext attack). Despite all these vulnerabilitiesit is still gaining the attention of many researchers because of its simplicity, ability todisguise the letter frequencies and importance in educational systems. Yeh et al. [13]proposed an improvement of Hill cipher by presenting a polygraph substitution algorithm.Although their algorithm is safe against known-plaintext attack but as discussed in [11]it is inefficient for bulk data and time-consuming. Sadeenia [12] gave a way for enhancingthe security of Hill cipher by randomly permuting the rows and columns of a master key atrix and use them as a dynamic key matrix. The encrypted plaintext and encryptedpermutation vector are transferred at the receiver end. Clearly each plaintext is encryptedvia new matrix but the known-plaintext attack can still be applied on permutation vector,i.e. same vulnerability as in Hill cipher. A modification similar to [12] is proposed in [3].This involves the use of a pseudo-random permutation generator by both the sides andsharing of necessary permutations with the receiver. Ismail et al. [7] proposed a variantof Hill cipher known as HillMRIV that uses a different key matrix for each plaintext blockinstead of using a single key matrix for every plaintext block. This increases the securityof Hill cipher by thwarting the known-plaintext attack, but the encryption scheme has asevere issue regarding the invertibility of the key matrix which is nowhere discussed in thepaper. Mahmoud [10] gave a modification based on the generation of dynamic encryptionkey matrix by exponentiation with the help of eigenvalues HCM-EE. A modified Hillcipher based on circulant matrices is discussed in [11] and claimed to be secure againstchosen-plaintext as well as known-plaintext attack. But [4] showed that it is vulnerableto both the attacks. Acharya et al. [1] proposed an algorithm termed as AdvHill whichmake use of the involutory key matrix for both encryption and decryption and so there isno need to compute inverse key matrix. Agrawal and Gera [2] produced a new method forencryption in which hill cipher is generated with elliptic curves. This method increasessecurity but is inefficient because of the structure of elliptic curves.In this paper, we introduce a new variant of Hill cipher. More specifically, we proposea vector space-based approach in which dynamic keys are produced with the help of anon-singular transformation and basis. We also show that our scheme is secure againstthe known-plaintext attack. Rest of the paper is designed what follows: All the necessarydefinitions are accumulated in Section 2. Section 3 is devoted to the proposed scheme.Much required security analysis of the scheme is discussed in Section 4. An example ofthe feel of scheme is given in the last section.2. Preliminaries
Definition 1.
Field [9] : A set F is a field having addition and multiplication operationswith the following properties:(1) existence of an additive identity and a multiplicative identity .(2) additive inverses, multiplicative inverses for everything except and the distribu-tive law.(3) rules of associativity and commutativity of both addition and multiplication. xample 1. The set R of all real numbers set Q of all rational numbers and set F p ofintegers modulo p , i.e. { , , · · · , p − } for a prime p are some examples of field. Definition 2.
Vector Space [6] : Let V be a set and F be some field. Then V is said tobe a vector space over F if(1) under vector addition the following properties hold:(a) for all, α, β ∈ V, α + β ∈ V .(b) for all, α, β ∈ V, α + β = β + α .(c) for all, α, β, γ ∈ V, α + ( β + γ ) = ( α + β ) + γ .(d) for all, α ∈ V, α + 0 = α .(e) for all, α ∈ V, ∃ a unique − α ∈ V such that α + ( − α ) = 0 . (2) under scalar multiplication following properties hold: For α, β ∈ V and c , c ∈ F (a) α = α .(b) ( c c ) α = c ( c α ) .(c) c ( α + β ) = cα + cβ .(d) ( c l + c ) α = c α + c α. where is unity of F Example 2.
Let V be the set of all n -tuples ( x l , x , · · · , x n ) of scalars x i , ≤ i ≤ n , in F . Then V forms a vector space over F under the vector addition defined by ( α + β ) = ( x + y , x + y , · · · , x n + y n ) and scalar multiplication defined by cα = ( cx , cx , · · · , cx n ) and written as F n , where α = ( x l , x , · · · , x n ) , β = ( y l , y , · · · , y n ) and c ∈ F . Definition 3.
Span of a set: Let v be an element of vector space V over the field F .Then v is said to be a linear combination of vectors v , v , · · · , v n in V provided thereexists scalars x , x , · · · , x n in F such that v = x v + x v + · · · + x n v n . Let S = { v , v , · · · , v n } . Then the set of all possible linear combination of elements of S is called span ( S ) . Definition 4.
Linear Independence: Let V be a vector space over the field F . A subset S of V is said to be linearly dependent if there exist vectors s , s , s , ..., s n in S and scalars , c , c , ..., c n in F , not all such that c s + c s + c s + ... + c n s n = 0 . A set which is not linearly dependent is called linearly independent.
Definition 5.
Basis and Dimension: Let V be a vector space over the field F . A basisfor V is a linearly independent set of vectors in V which spans V .The number of elementsin the basis of V is its dimension. Example 3.
The vector space F n over the field F is n -dimensional vector space. Definition 6.
Linear Transformation: Let V and W be two vector spaces over the field F . A map T : V → W is said to be the linear transformation provided T ( aα + bβ ) = aT ( α ) + bT ( β ) for all α, β ∈ V and a, b ∈ F . Definition 7.
Non-singular Linear Transformation: A linear transformation T : V → W is non-singular if for any v ∈ V , T ( v ) = 0 implies v = 0 . Hill Cipher.
Hill cipher was invented by Lester S. Hill in 1929 which is a polyalpha-betic cipher. Before encryption, the plaintext message is broken into blocks of length say m . Then each plaintext block is encrypted using an invertible matrix of size m to obtainthe corresponding ciphertext block of the same length. Decryption can be done simplyby using the inverse of the matrix used for encryption. Mathematically, encryption anddecryption process in Hill cipher is as follows: Define P = C = ( Z ) m which means digitsof the message and ciphertext are ranging from 0 to 25. Let K = { K | K is m × m invertible matrix over Z } . For a key K ∈ K , define the encryption function e : K × P → C : e ( K, x) = x K and the decryption function d : K × C → P : d ( K, y) = y K − where all the operations are in Z . . Proposed Hill Cipher Algorithm
In this section, we introduce the variant of Hill cipher based on vector spaces. Let p bea large prime and F p be the corresponding field. Let V = (cid:8) ( x , x , · · · , x n ) : x i ∈ F p , f or ≤ i ≤ n (cid:9) be a vector space of dimension n over the field F p and T : V → V be a non-singularlinear transformation.Since every non-singular linear transformation corresponds to aninvertible matrix over the field F p , T can be seen as an element of GL ( n, F p ) which is agroup of all n × n invertible matrices over the field F p . We choose a T whose order is largein GL ( n, F p ). Rationale behind choosing this T is discussed later on.3.1. How to construct T . It is well known that the vector space of all n × n matri-ces M ( n, F ) over a field F is isomorphic to the vector space Hom F ( V, V ) of all lineartransformation on an n -dimensional vector space V over F [6] . Mathematically, M ( n, F ) ∼ = Hom F ( V, V ) . This means,any invertible matrix in M ( n, F ) can be seen as a non-singular linear trans-formation. Example 4.
Let A = " be a × invertible matrix over the field F . Then T : V → V : T ( x, y ) = h x y i " = (4 x, x + 3 y ) is the required non-singular linear transformation on the -dimensional vector space V . Way of writing the plaintext.
Write the plaintext message in blocks of length n where n is some positive integer (add padding if required), i.e. m = m m · · · where m i = ( m i , m i , · · · , m ni ) is i th message block of length n with m ji ∈ F p for all 1 ≤ j ≤ n .3.3. Whitening process.
Choose a random 1 × n non zero vector I = ( I , I , · · · , I n )with I i ∈ F p , ≤ i ≤ n . This vector is used for whitening of the first message block. Forthis, simply add I and m modulo p . Let m ′ = m ⊕ p I . For the whitening of subsequent blocks, we make the use of the non-singular linear trans-formation T in the following manner: Let m i is the i th , i ≥ I i = T ( I i − ) = ( I i , I i , · · · , I ni ) (mod p ) , for i ≥ , igure 1. Whitening Process for a Message of Three Blocks m m ⊕ p I = m ′ I m = m m m m m ⊕ p I = m ′ I I , T ( I ) = I , T ( I ) = I m m ⊕ p I = m ′ I i.e. I i is obtained from I i − by applying T on it. Now the i th , i ≥ m ′ i = m i ⊕ p I i . This process is included as a part of encryption to overcome the problem of a messageblock with all entries 0 and for enhancing the brute force complexity in comparison tothat of Hill cipher. Figure 1 represents this process schematically where ⊕ p is the sameas the addition of modulo p .3.4. Key Generation Scheme.
Choose a random basis of V . For that, we need aninvertible n × n matrix over F p . If p is a large prime, then the probability of a randomlyselected n × n matrix to be invertible modulo p is approximately 1. Therefore, anyrandomly selected n × n matrix over F p is probably invertible. If not so, choose anotherrandom matrix. Within a few choices, we get the invertible matrix. So, let A be thechosen invertible matrix, i.e. A ∈ GL ( n, F p ) (the group of all n × n invertible matricesover F p ). This is the key matrix for encrypting first whitened block and the set of all rows(let’s say B ) of A serves the purpose of a random basis.Since T is a non-singular linear transformation, it maps basis to basis and thereforeby giving a random basis as a seed, it will generate a sequence of basis { B , B , · · · , } .From this sequence of basis, we obtain a sequence of matrices in GL ( n, F p ) by puttingthe elements of B i as the rows of A i for i ≥ Encryption Scheme.
First, encrypt m ′ with the key matrix A by simply multi-plying both modulo p . This yields ciphertext c = m ′ ⊗ p A . igure 2. Key Generation Process for a Message of Three Blocks GL ( n, p ) A B , TA T ( B ) = B A T ( B ) = B Figure 3.
Encryption Process for a Message of Three Blocks m ′ m ′ ⊗ p A = c A m ′ = m ′ m ′ m ′ m ′ m ′ ⊗ p A = c A A , A , A m ′ m ′ ⊗ p A = c A For encrypting i th , i ≥ A i defined in Subsection3 .
4. Corresponding ciphertext is c i = m ′ i ⊗ p A i . Figure 3 represents this scheme schematically where ⊗ p represents multiplication modulo p .3.6. Symmetric key.
Symmetric key of the scheme consists of the following:(1) Initial vector(2) Non-singular linear transformation(3) Basis of the vector space. .7. Decryption Scheme.
Since the initial vector I , non-singular linear transformation T and invertible matrix A are known at the receiver (say Bob) end, he calculates all therequired keys and whitening vectors. To get the i th plaintext block, following operationis needed to perform by the receiver: m i = (cid:0) c i ⊗ p A − i (cid:1) ⊖ p I i where ⊖ p represents subtraction modulo p .3.8. Rationale behind choosing T . We have chosen the non-singular linear transfor-mation T over the vector space of dimension n having large order t (by order, we meanthe order of T in GL ( n, F p ) ). If this is not the case, then the key matrices may startrepeating themselves before encryption of t − Security Analysis
Our encryption scheme is such that the key matrix used to encrypt any whitenedmessage block is invertible. In this scheme, message block with all zero entries is notencrypted to the same block because of whitening. Further, change in one entry of initialvector changes the entire ciphertext and this highlights the importance of the initial vec-tor. Brute force complexity and resistance to various attacks are discussed in subsequentsubsections.4.1.
Number of key matrices.
Let V be the same n -dimensional vector space over F p considered in Section 3. Then number of basis of V are N = ( p n − p n − p ) · · · ( p n − p n − ) . In other words, we have N invertible matrices which can serve as dynamic keys. If both p and n are large, then the number N becomes so large that it makes the brute forceinfeasible, e.g. if n = 128 and p = 29, then N > which is cryptographically secureeven with the best available computation facility. This shows that brute force complexityof this cipher is greater than that of classical Hill cipher.4.2. Security against known-plaintext attack.
Suppose the attacker is available withplaintext-ciphertext pairs ( m j , c j ) , j ∈ J where J is some index set. Since different keysare used for encrypting different message blocks, so to find the key matrix used for en-crypting j th message block, an attacker can incorporate only one plaintext-ciphertext pair( m j , c j ) provided initial vector and linear transformation is known to the attacker whichitself is an uphill battle. This gives the linear system of n equations with n unknowns nd solving this system yields infinitely many solutions. Therefore, our proposed schemethwart the known-plaintext attack.4.3. Completeness effect.
Each letter of ciphertext block in this scheme depends onall letters of corresponding plain text block. So our proposed scheme has completenesseffect. 5.
Example
Example 5.
Let V = { ( v , v , v ) : v i ∈ F f or ≤ i ≤ } . Clearly F = F andlength of the message block to be encrypted is . Further, consider the non-singular lineartransformation T : V → V defined by T ( v , v , v ) = ( v + v , v + v , v − v + v ) , initial vector I = (2 , , and the random basis B = { (1 , , , (3 , , , (1 , , } . Let m = m m m m m m , where m = (12 , , , m = (2 , , , m = (14 , , ,m = (0 , , , m = (0 , , , m = (8 , , is the message. Initial whitening of the message yields m ′ m ′ m ′ m ′ m ′ m ′ , where m ′ = (14 , , , m ′ = (5 , , , m ′ = (25 , , ,m ′ = (12 , , , m ′ = (16 , , , m ′ = (18 , , . Dynamic keys for the encryption are A = − , A = −
14 3 20 1 6 , A = −
47 11 31 9 5 A =
26 18 − −
110 3 − , A =
15 13 −
425 20 1013 6 4 , A = − −
216 12 1519 22 11 . Corresponding ciphertext is c c c c c c with c = (10 , , , c = (17 , , , c = (26 , , ,c = (18 , , , c = (7 , , , c = (0 , , here all the operations are performed under modulo . Decryption can be performedeasily by computing the inverses of key matrices and knowledge of initial vector. References [1] B. Acharya, S. K. Panigrahy, S. K. Patra, and G. Panda. Image encryption using advanced hillcipher algorithm.
International Journal of Recent Trends in Engineering , 1(1):663–667, 2009.[2] K. Agrawal and A. Gera. Elliptic curve cryptography with hill cipher generation for secure textcryptosystem.
International journal of computer applications , 106(1), 2014.[3] A. Chefranov, A. Elci, B. Ors, and B. Preneel. Secure hill cipher modification shc-m. In
Proc. Ofthe First International Conference on Security of Information and Network , pages 34–37, 2008.[4] A. A. ElHabshy. Augmented hill cipher.
International Journal of Network Security , 2019.[5] L. S. Hill. Cryptography in an algebraic alphabet.
The American Mathematical Monthly , 36(6):306–312, 1929.[6] K. Hoffman and R. Kunze. Linear algebra. 1971.
Englewood Cliffs, New Jersey .[7] I. Ismail, M. Amin, and H. Diab. How to repair the hill cipher.
Journal of Zhejiang University-ScienceA , 7(12):2022–2030, 2006.[8] J. Katz, A. J. Menezes, P. C. Van Oorschot, and S. A. Vanstone.
Handbook of applied cryptography .CRC press, 1996.[9] R. Lidl and H. Niederreiter.
Finite fields , volume 20. Cambridge university press, 1997.[10] A. Y. Mahmoud and A. G. Chefranov. Hill cipher modification based on eigenvalues hcm-ee. In
Proceedings of the 2nd international conference on Security of information and networks , pages164–167. ACM, 2009.[11] K. A. Reddy, B. Vishnuvardhan, A. Krishna, et al. A modified hill cipher based on circulant matrices.
Procedia Technology , 4:114–118, 2012.[12] S. Saeednia. How to make the hill cipher secure.
Cryptologia , 24(4):353–360, 2000.[13] Y.-S. Yeh, T.-C. Wu, C.-C. Chang, and W.-C. Yang. A new cryptosystem using matrix transfor-mation. In
Proceedings. 25th Annual 1991 IEEE International Carnahan Conference on SecurityTechnology , pages 131–138. IEEE, 1991., pages 131–138. IEEE, 1991.