Cell Automaton Public Ryptosystem: U Lar - Key C
Cell Automaton Public Ryptosystem: U Lar - Key C
Cell Automaton Public Ryptosystem: U Lar - Key C
Puh u a G uan
Dep art m ent of Mat hematics, University of P uerto Rico,
Rio Piedras, PR 00931, USA
1. Introduction
A cryptograph ic system is a mat hematica l sys te m for encrypti ng or t ra ns-
forming infor mat ion so th at it a ppe ars useless to those who are not meant
t o h ave access to it . Any cryptographic t echni que , such as the substit ution
and transposit ion of symbo ls, that op er ates on a message wi thou t regard
t o its linguisti c st ructure is ca lled a ciphe r a nd is sa id to gen erat e a ci-
p her tex t. In a public-key c ryptosystem, a receiver , rather t han ag reeing
with each sender on how to operate on a message, simply generates two
d ist inct keys of his own : an enc ipher ing key E , wh ich is commu nicated t o
the public, se rves t he p urpose of enc rypt ion ; a decip hering key E, which is
kept by th e receiver h imself, serves to implemen t t he sys t em's dec iph ering
a lgorithm .
A crypto system shou ld sat isfy t he following three requirements:
Security. For people who do not know t he deciphering key, it sho uld
req uir e a n unrealistic amou nt of t ime to recover the plain infor ma t ion
from a cipher text, whe reas for the receiver who knows the deciphering
key, t he or iginal informat ion should be qui ckly recoverabl e from t he
cipher text.
sender receiver
the effective neighbourhood size is large, th en the table will be t oo lar ge,
since its size grows exponentially with the number of neighbours.
To make ru les wh ich can be st at ed succ inct ly but wh ich h ave large effec-
t ive neighborhood sizes, each S is associated wi th a mathematical st ructure.
For example, we can t hink of S as a m at hemat ical ring or a field an d use
mult ivariate pol ynomials t o rep resent t he cellular automata rules. No te
t h at when lSI is a prime pow er, then every mult ivariate functio n ove r 8
is a poly nomial funct ion . When 181 is not a prime powe r, a large p ortion
of mul tiva riate funct ions ca n still be rep resente d as polynomial funct ion s.
When the degree of each pol ynomial function is bounded by a sma ll num-
ber d, th en t he size of each polynomial is b ounded by m d • wh ere m is th e
number of the variab les. So we can have cellu lar au tomat a rul es with lar ge
effective neighb orh ood sizes but with sho rt represe ntat ions. O n t he other
hand, multivariate polynomial fu nctio ns satisfy conditi on s (a) and (b) well,
sin ce polynomi als a re easy to comp ute. But the ti me needed t o so lve a
system of no nl inear po lynom ia l equa t ions in gen eral grows ex po nent ia lly
wth t he number of va riables 13,4,7] .
To obt ain a system th at satisfies all (a), (b), and (c), we first make th e
following de fin it ions.
Following the above defin it ions, if F/ = Fl for eac h i.i, t he n t he cellu lar
automaton is homogeneous, and if there exists i =1= i such that F/ =j:. Fl,
then the cellu lar automaton is inhomogeneous. If F/ = F/ for all t, s and i,
then t he cellular automaton is t ime stab le, an d if there exists t a nd s suc h
t hat F/ =j:. F/, t he n t he ce llula r automaton is t ime vary ing .
Not mu ch investigation h as been don e on time varyi ng or inhomoge-
neous r ules. For t he t ime stable and hom ogeneous r ules, the be h avior of
most cell ular automata ap pears unpred ictab le 16]. Complete descripti ons
have so far been found only for add it ive cell ula r automata.
fun ctions in the set {F/} that are lin ear functions in the variables of tbe j -
th p art. T he fun cti ons that are lin ear in th e variable of the j -th part can be
any functions of the variables in the prev ious parts. M oreover, the variables
of the lat ter parts can not appear in these [unctions , an d the coefficients of
the variables of the j -th part in these funct ions form an invert ible matrix.
Two examples of 2-fold lin ear inver t ib le cellular au tomata are given in
Sect ion 3.
For any system of size m with an in it ial state (Xl, X2, .. . , X m ), we can eas-
ily compute the state at t he next time (x~ , . . . , x~) under any s-Iold linear
inver t ib le rule. It is also eas y to t race back (Xl l ' . . ,xm) from (x~, . . . 1 x~).
However , if we compose several multifol d linear invertible ru les toget her ,
t he composite function is no longer partially linear. To find t he original
state fro m the final state ob tained by the action of the composed rules , it
is then necessary to so lve a syst em of nonlinear pol ynomial equations , if
on e k nows on ly the compos ite function. On t he other hand , t he designer
of t h e ru les, knowing how the compos ite func tion is constructed, ca n give a
proced ure for recovering t he ini t al va lues without so lving general equat ions .
Now ou r cryptograph ic scheme is clear. Let the ground set b e a comm u-
tati ve r ing . The enc iphering key E is a composition of several time-vary ing
inho mogeneous mult ifold linear inver t ible r ules , which is made pub lic. T he
deciphering key D, which is kep t private by the desig ner, is the set of the
in d ivid ual ru les in the composi te encipher ing function .
T he requirements of inte grity and authori ty can be sat isfied as follows .
After the sender sends th e cipher text M incl ud ing his own name enciphered
acc ording to t he public key of a receiver, he applies t he inverse of his own
p ublic key t o M, gets M', then sends M 1 as well. The receiver first deciphers
M and finds th e sender 's name, then applies the public key of the sender to
M '. If he gets M as given in t he first half of the cipher text, he ca n believe
th at t he signat ur e is authentic and t he info rmation not coded by an enemy
agent.
3. E xamples
Suppose we have a system with a blo ck length of 5 b its and assume t ha t
each bit t akes a value in t he field of 2 elemen t s. A user C publishe s t he
following public keys:
YI = XIX:;: + Xs
yz = X2X3 + X4
~ =XIX2X3 +XIX2X4 +XZ X 3XS+X4 XS+XZ (3.1)
Y4 = X2XI + XZX s + X3
Ys = Xl + Xz
If B wants to send C t he message 10110 , he first looks u p the above
rule under C 's n ame and applies t he rul e to 10110, then se nds 01011.
The r ule is act ua lly composed of
Cellular Automa ton P ublic-K ey Cryptosy stem 55
x~ = X2
x~ = I3
x~ = Xl (3.2)
x~ = IS + XI I 2
x~ = X4 + X 2X3
and
Yl = x~
Y2 = x~
Us = X'I + x~x~ (3.3)
Y4 = x~ + X'lX~
Ys = x~ + x~ .
C keeps (3.2) and (3.3) to himse lf. Upon receiving 01011 he can so lve
(3.3), to get 01101 for Xi a nd th en solve (3.2) , to get 10110.
In general, if t he length of t he block is n bits, an d to rep resent an element
of t he ground set needs k bits, then t he size of t he keys is bo und ed by (V' ,
whe re d is the maximum degree of t he keys. In fact , we can choose d to
be as small as 2 or 3. Known algorithms for solving systems of nonli nea r
syst em of equations take an expected t ime O(2 n ) . In particular, when t he
ground set is the field of two elements, t he genera l probl em of sol ving a
nonl inear syste m of equations known to be N P complet e [8J.
A ck now led g em en t s
I am gr atefu l to P rofesso rs Wolfram and Zassenhaus for t he ir va luable com-
ments a n d suggest ions for t he im p rovem en t of t h is pap er.
R efer en ces
III Martin E. Hellman , "An Overvie w of Public Key Cryptography", IEEE
Transact ions on Communications, 16 (1978)
[3] R. Blakely and G . Blakely, "Security Of Number Theoreti c P ublic Key Cryp-
tosystems Aga inst Ran dom Attack I, II , III" , Cry ptologia, 2 (1978) 305·32 1;
3 ( 1979) 29-42; 3 (1979) 105-118.
14] G. E. Collins , "Q uantifier Elimination For Real Closed Field : A Gui de To
the Litera tu re" , Computer Algebra , ed ited by B. Buchb er ger, G. E. Collins,
R . Lao s, (Springer-Verla g, NY, 1982), 79-81.
[7] Pu hua Guan, "A nalysis Of Cellular Automata Public Key Cry ptography",
su bmitted to 1987 Symposium on Theor y of Computing.
[8] Puhua Guan and H. Zasse nhaus, "Solving Systems of Equations Over F init e
Fie lds". (t o be p u bl ished in Jo urnal of Number Theory, Feb r uary 1987) .
[9] Puh ua Guan, "Public-Key Cryptosystem Bas ed On Higher Order Cell ular
Automata" , submitted to IEEE Tmnsections on Information Theory, 1987.