Volume 61 Issue 2 (2011) - Годишник на ТУ - София - Технически ...

All the elements of the semiring ID(E(L)) are both additively neutral andmultiplicatively neutral.It follows that it is the Viterbi semiring (see [6] for moredetails about the Viterbi semirings).5. TOWARDS A CONCRETE CRYPTOSYSTEMThe following lemma is a straightforwardLemma 5.1 Let M and N be n × n symmetric matrices with entries in thesemiring R. If R is a commutative semiring, then MN = NM.If R be a commutative semiring and SMat n R be the semiring of symmetricmatrices with entries in R. Then from Lemma 5.1 immediately followsProposition 5.2 SMat n R is a commutative semiring.Extended Die-Hellman protocol is the following procedure:1. Alice and Bob agree on a nite commutative semiring R. They choose apositive integer n and a matrix X ∈ Mat n (R).2. Alice chooses matrices A 1 , A 2 ∈ SMat n R and computes a matrix A =A 1 X A 2 . She sends A to Bob.3. Bob chooses matrices B 1 , B 2 ∈ SMat n R and computes a matrix B =B 1 X B 2 . He sends B to Alice.4. Their common secret key is thenk = k a = A 1 B A 2 = A 1 B 1 X B 2 A 2 = B 1 A 1 X A 2 B 2 = B 1 A B 2 = k b .The corresponding BSAP that should be hard is : given matrix X of a commutativesemiring SMat n R and matrix Y = A 1 B 1 X B 2 A 2 , nd four matricesA ′ 1, B 1, ′ A ′ 2, B 2 ′ such that Y = A ′ 1 B 1 ′ X B 2 ′ A ′ 2. We do not know if it is necessary foran attacker to solve this problem,but it is sucient.Consider the semiring R = ID(E(L)) as dened above.Let SMat n R be thecommutative semiring of symetric matrices with entries in R.Alice chooses matricesA 1 , A 2 ∈ R and computes A = A 1 X A 2 . Matrices A 1 , A 2 are chosen as private keysby Alice in Extended Die-Hellman protocol 5.3.If we consider matrix semiring SMat n R with n = 2 then Alice has 16 3 choicesto choose a matrix A 1 and the same choices for matrix A 2 .Assume Alice has chosen the matrices A 1 and A 2 in the following particularwayA 1 =( a bb c), A 2 =( d ee f), where a, b, c, d, e, f ∈ R.36