Some applications of idempotent semirings in public key cryptography

Abstract

A set S equipped with two algebraic operations: addition and multiplication is called a semiring if the following conditions are satisfied: both operations are associative; the addition is commutative; the multiplication is distributive with respect to the addition a.(b+ c) = (a.b) + (a.c) and (a+ b).c = (a.c) + (b.c) ∀a, b, c ∈ S . A semiring S is called an idempotent semiring if a+ a = a for all a ∈ S. Employing additively idempotent semirings semirings as a platform for a cryptographic scheme arose several years ago. In the present work we show how to apply different dual pairs of idempotent semirings for constructing new cryptographic protocol. We are interested in four idempotent semirings: Max-plus semiring: Consider Rmax = R ∪ {−∞}. Given a, b ∈ Rmax, define: a ⊕ b = max{a, b}; a⊙ b = a+ b. If we add the top element ⊤ = +∞ to this set, the resulting semiring is complete and denoted by Rmax. Min-plus semiring: Consider Rmin = R ∪ {+∞}. Given a, b ∈ R+∞, define: a ⊕ b = min{a, b}; a⊙ b = a+ b. If we add the top element ⊥ = −∞ to this set, the resulting semiring is complete and denoted by Rmin. Max-time semiring: Consider Rmax,× = R ∪ {+∞} (non-negative real numbers). Given a, b ∈ Rmax,×, define: a⊕ b = max{a, b}; a⊗ b = a.b. Min-time semiring: Consider Rmin,× = R∪{+∞} (non-negative real numbers). Given a, b ∈ Rmin,×, define: a⊕ b = min{a, b}; a⊗ b = a.b. We give a generalization of the Diffie-Hellman key exchange protocol, to the context of semigroup actions. Our protocol in its most general form consists of the following: two commutative semirings S1, S2 act on a set X i.e. ((S1 × S2)×X) → X. We propose two practical realizations of this scheme based on different dual pairs of idempotent semirings. For the semirings S1 and S2 we suggest commutative semirings generated by two given matrices M and N. These semirings are semirings of polynomials in M and N with coefficient of two dual pairs of idempotent semirings. Set X should be selected carefully with respect to the chosen semirings. In the first protocol: S1 = Mn(Rmax), S2 = Mn(Rmin), M ∈ Mn(Rmax), N ∈ Mn(Rmin),X ∈ Mn(R). In the second protocol: S1 = Mn(Rmax,×), S2 = Mn(Rmin,×), M ∈ Mn(Rmax,×), N ∈ Mn(Rmin,×), X ∈ Mn(R).