On the implementation of new symmetric ciphers based on non-bijective multivariate maps

Abstract

Certain families of graphs can be used to obtain multivariate polynomials for cryptographic algorithms. In particular, in this paper, we introduce stream ciphers based on non-bijective multivariate maps. The presented symmetric encryption algorithms are based on three families of bipartite graphs with partition sets isomorphic to $\mathbb{K}^{n}$ where $\mathbb{K}$ is selected as the finite commutative ring. The plainspace of the algorithm is $\Omega = \{x\vert \sum x_{i} \in \mathbb{K}{\ast},x \in \mathbb{K}^{n}\} \subset \mathbb{K}^{n}, \Omega\cong \mathbb{K}{\ast} \times \mathbb{K}^{n-1}$ . We describe the algorithm for the case $\mathbb{K}= \mathbb{Z}_{2^{m}}, m \leq 2$ . In fact, we use the relation $d \ast d_{dec}\equiv 1(\mod 2^{m-1}), d, d_{dec}\in\mathbb{Z}^{\ast}_{2^{m-1}}$ to obtain encryption polynomial map of degree greater than or equal to $d + 2$ and decryption map of degree greater than or equal to $d_{dec} + 2$ . We assume $d_{dec}$ grows with the growth of parameter $m$ , because this makes cryptanalysis very difficult task. Symmetric encryption and decryption algorithms for users are numerical recurrent processes, not requiring generation of encryption and decryption maps in their symbolic forms. They use arithmetical operations of addition, subtraction, and multiplication. That's why the algorithms are robust (execution speed is $O(n)$ ). To break the algorithm an adversary must use linearization attacks for recovering non-bijective “decryption map” of degree greater than $d_{dec} + 2$ in its symbolic form. To achieve this, the adversary needs at least $O(n d_{dec} + 2)$ pairs of plaintext and corresponding ciphertext to restore the non-bijective map of degree greater than or equal to $d_{dec} + 2$ . We present tables for evaluation of execution time for m = 8 with various length of passwords and sizes of files. Computer simulations demonstrate good mixing properties of the encryption functions.