In the last several decades, personal computers and other consumer computing devices, such has hand-held devices and smart phones, have become ubiquitous among the general public. As the proliferation of personal computers and other computing devices became prevalent, the usefulness of the computers and other computing devices was increased by interconnected communications between different computers/computing devices via various electronic networking communications systems. With the advent of the publicly accessible Internet and the establishment of the World Wide Web (WWW) for common communications between computers and/or other computing devices on the Internet, it became common for private identification and financial information to be transferred over the publicly accessible Internet. To ensure that the private information is not accessed by parties that are not intended to be privy to the private information, various concealment/encryption techniques have been applied to the private data being transferred over the Internet. As data storage has become accessible over networking technologies, including over the publicly accessible Internet, it has also become prudent to store sensitive data in a concealed/encrypted format.
Modem concealment/encryption employs mathematical techniques that manipulate positive integers or binary bits. Asymmetric concealment/encryption, such as RSA (Rivest-Shamir-Adleman), relies on number theoretic one-way functions that are predictably difficult to factor and can be made more difficult with an ever-increasing size of the encryption keys. Symmetric encryption, such as DES (Data Encryption Standard) and AES (Advanced Encryption Standard), uses bit manipulations within registers to shuffle the concealed text/cryptotext to increase “diffusion” as well as register-based operations with a shared key to increase “confusion.” Diffusion and confusion are measures for the increase in statistical entropy on the data payload being transmitted. The concepts of diffusion and confusion in encryption are normally attributed as first being identified by Claude Shannon in the 1940s. Diffusion is generally thought of as complicating the mathematical process of generating unencrypted (plain text) data from the encrypted (cryptotext) data, thus, making it difficult to discover the encryption key of the concealment/encryption process by spreading the influence of each piece of the unencrypted (plain) data across several pieces of the concealed/encrypted (cryptotext) data. Consequently, an encryption system that has a high degree of diffusion will typically change several characters of the concealed/encrypted (cryptotext) data for the change of a single character in the unencrypted (plain) data making it difficult for an attacker to identify changes in the unencrypted (plain) data. Confusion is generally thought of as obscuring the relationship between the unencrypted (plain) data and the concealed/encrypted (cryptotext) data.
Accordingly, a concealment/encryption system that has a high degree of confusion would entail a process that drastically changes the unencrypted (plain) data into the concealed/encrypted (cryptotext) data in a way that, even when an attacker knows the operation of the concealment/encryption method (such as the public standards of RSA, DES, and/or AES), it is still difficult to deduce the encryption key.
Homomorphic Encryption is a form of encryption that allows computations to be carried out on concealed cipher text as it is concealed/encrypted without decrypting the cipher text that generates a concealed/encrypted result which, when decrypted, matches the result of operations performed on the unencrypted plaintext.
The word homomorphism comes from the ancient Greek language: óμóç(homos) meaning “same” and μoρφ{acute over (η)} (morphe) meaning “form” or “shape.” Homomorphism may have different definitions depending on the field of use. In mathematics, for example, homomorphism may be considered a transformation of a first set into a second set where the relationship between the elements of the first set are preserved in the relationship of the elements of the second set.
For instance, a map ƒ between sets A and B is a homomorphism of A into B if
ƒ(a1opa2)=ƒ(a1)opƒ(a2)|a1,a2∈A
where “op” is the respective group operation defining the relationship between A and B.
More specifically, for abstract algebra, the term homomorphism may be a structure-preserving map between two algebraic structures such as groups, rings, or vector spaces. Isomorphisms, automorphisms, and endomorphisms are typically considered special types of homomorphisms. Among other more specific definitions of homomorphism, algebra homomorphism may be considered a homomorphism that preserves the algebra structure between two sets.
An embodiment of the present invention may comprise a method for concealing a message multivector (
An embodiment of the present invention may further comprise a data concealment system for concealment of a message multivector (
In the drawings,
General-purpose methods are proposed for data representation and data concealment via multivector decompositions and a small subset of functions in the three-dimensional Clifford Geometric Algebra. Mechanisms are demonstrated that can be explored for purposes from plain data manipulation to homomorphic data processing with multivectors. The wide variety of algebraic representations in Clifford Geometric Algebra allow us to explore concepts from integer, complex, vector and matrix arithmetic within a single, compact, flexible and yet powerful algebraic structure in order to propose novel homomorphisms. The constructions can be incorporated into existing applications as add-ons as well as used to provide standalone data-centric algorithms.
The digital representation of information creates opportunities as well as challenges given that not everyone should create, access and/or modify data in the same way to avoid violations of ownership and further forms of tampering. As a response to this problem, there are several different data protective techniques, including cryptography, steganography, data masking, data obfuscation, data encoding, data convolution, and data hiding. These technologies have several overlaps, differing however at the application level. With so many different terminologies and sets of rules to define distinct protective data-access techniques, we find it important to treat them as classes of a general-purpose data protection mechanism, which in this document we refer to as data concealment.
Clifford geometric algebra is known by the richness, robustness and flexibility of its algebraic structure, which allows us to take advantage of concepts from several different branches of mathematics such as vector and matrix spaces, integer, rational and complex arithmetic, all in a single compact system.
An embodiment may advantageously utilize Geometric Algebra to provide the concealment (encryption) and recovery (decryption) of numeric messages that may be transmitted through, and possibly have operations performed by, an intermediary computing system (e.g., the broad-based computing system currently, and commonly, referred to as the Cloud, or cloud computing). The use of Clifford Geometric Algebra (aka. Geometric Algebra) to provide the encryption and decryption provides the mathematical basis for the homomorphic operations of an embodiment.
Geometric Algebra is an area of mathematics that describes the geometric interaction of vectors and other objects in a context intended to mathematically represent physical interactions of objects in the physical world. As used herein, this area of mathematics encompasses Geometric Algebra, Conformal Geometric Algebra and Clifford Algebra (referred to collectively herein as “Geometric Algebra”). Generally, Geometric Algebra defines the operations, such as geometric product, inverses and identities, which facilitate many features of the various embodiments disclosed herein. Further, Geometric Algebra allows for the organization and representation of data into the “payload” of a multivector where the data in the payload may represent, for example, plaintext, ciphertext, or identifying signatures. Consequently, the various embodiments make beneficial use of Geometric Algebra properties to provide concealment/encryption, recovery/decryption, and intermediary homomorphic operations in a relatively computationally simplistic manner while still providing robust security for both data in motion and data at rest (e.g., data stored in the Cloud).
It may be demonstrated that through multivector decompositions and a small subset of operations in the Clifford Geometric algebra (sometimes also referred to as GA for simplicity) it is possible to propose new methods for general-purpose data representation and data concealment with multivectors through processes referred to, herein, as multivector packing schemes and concealment schemes, respectively. The methods of the various embodiments may be used as part of the necessary reconciliation of data availability and privacy preservation. This is important because once data is concealed, one cannot meaningfully process it, unless the concealment function is homomorphic with respect to one or more operations. Therefore. homomorphism is a key concern in constructions of the various embodiments since there is particular interest in packing and concealment schemes that allow homomorphic computations over concealed data.
An embodiment that conceals/encrypts and recovers/decrypts messages using Geometric Algebra may utilize the intrinsic algebraic homomorphic properties of Geometric Algebra to permit arithmetic operations on encrypted messages handled by an intermediary computing system without the need for the intermediary computing system to decrypt the concealed/encrypted messages prior to performing the arithmetic operations. Accordingly, the intermediary computing system does not need to know any information regarding any of the secret security keys of the concealment-encryption/decryption processes to properly perform the arithmetic operations. The concealed/encrypted results of the arithmetic operations performed by the intermediary computing system, when decrypted at a destination computing device, produce results equivalent to the same operations as if the operations were performed on the unencrypted plain text messages. An embodiment may provide the homomorphic properties as a product of algebraic homomorphism without the need to use additional methods, such as “bootstrapping” (e.g., performing a recursive operation to reduce the noise associated with a cipher text) to achieve the homomorphic properties.
1. Preliminaries
The various embodiments may be comprised of functional blocks, each of which may be tailored as described in more detail below according to objectives for scope, capability and security. The following sections provide a mathematical and numerical description of these functional blocks.
A central feature of the various embodiments is the use of Geometric Algebra. Geometric Algebra as used herein is an area of mathematics that encompasses Geometric Algebra, Conformal Geometric Algebra and Clifford Algebra (collectively herein, “Geometric Algebra”). Geometric Algebra allows for the organization and representation of data into the “payload” of a multivector where the data may be plaintext, ciphertext, or signatures, for example. Geometric Algebra defines the operations, such as geometric product, inverses and identities, which are enablers of concealment/recovery and data representation calculations of the various embodiments.
Multivectors are simply the additive combination of a scalar, a vector, a bivector and so forth up to an n-dimension vector. However, the unit vectors follow the algebraic structure of quaternions (Hamilton) and non-commutative algebra (Grassman). These two types of algebra allowed Clifford to conceive of the Geometric Product which is used by the various embodiments as one of the “primitive” functions of the embodiments.
Multivectors are denoted by a capital letter with an overbar (
We denote the length in bits of an integer n as |n|bits. The rounding (floor or ceiling operations, whichever is closer to an integer) of the division of two integers x and y is denoted by w=[x/y] where w∈. We denote x mod y but the much shorter |x|y. We write a floor division of x by y mod z as └x/y┘z.
2. Basics of Clifford Geometric Algebra (3.0)
Multivectors in (3, 0) are members of the 3-dimensional geometric product space, denoted herein by 3. For all
An example of a three-dimension (3D) multivector Ā that includes a scalar, a vector, a bivector, and a trivector is:
Ā=a
0
+a
1
ē
1
+a
2
ē
2
+a
3
ē
3
+a
12
ē
12
+a
13
ē
13
+a
23
ē
23
+a
123
ē
123
where ēi is a unit vector along the i-axis and ē12 represents the orientation of the area created by a12. Notably, a Geometric Algebra multivector in N-space (i.e., a N-dimension multivector) has 2N coefficients whereas a standard N-dimension vector has only N coefficients. Accordingly, the Geometric Algebra multivectors provide a sense of size, direction, and volume while a standard vector would only provide a sense of size and direction. As the concepts involved in Geometric Algebra are part of a deep and rich mathematical file, some general observations may be helpful to the description of the various embodiments disclosed herein, below. First, each of the ai values in the multivector Ā above may be “packed” with information and each ai value may range from zero to very large (e.g., >256,000 bits or an entire message). Secondly, the inverse of Ā when multiplied by Ā yields unity, or:
ĀĀ
−1=1
Thus, if a second multivector
ĀĀ
−1
As for the basic operations in 3, similar to the operations of a vector space, one can add, subtract, scalar multiply and scalar divide multivectors component-wise. Multiplication of multivectors is achieved with the geometric product, the fundamental operation in 3 which is given by Ā
A multivector involution is an operation that changes the signs of specific unit basis vectors of a given multivector. Herein, the document makes use of the following involutions:
Note that for all
Definition 1. If
(see Definition 2 below for a description of the rationalize R(
An alternative method of computing the inverse of a multivector relies on a complex numbers technique and uses the following definition:
Definition 2. The rationalize of
Definition 3. The inverse of
Another topic of interest in the various embodiments' GA-based framework is eigenvalue computation in Clifford geometric algebra. Multivector
A summary of the results of computing the eigenvalues of a multivector are shown in Proposition 1 and Theorem 1 below.
Proposition 1. A multivector
Proof. Given
Theorem 1. The eigenvalues α1, α1∈ of a multivector
Proof We know that
2.1 Homomorphisms
Given two messages a, b∈Z, a function ƒ is homomorphic with respect to a given operation ∘ if ƒ(a∘b)=ƒ(a)∘ƒ(b). When we represent the messages a, b as the multivectors Ā,
Definition 4. Let K be an arbitrary space, let ƒ:→, and let operation ∘ be a binary operation ∘: ×→. Function ƒ is said to be homomorphic with respect to ∘ if ƒ(a∘b)=ƒ(a)∘ƒ(b) for all a,b∈.
We are interested in functions that are additive homomorphic, multiplicative homomorphic, or both.
Homomorphic concealment/encryption is a form of concealment/encryption that allows computations to be carried out on cipher text as it is encrypted without decrypting the cipher text that generates a concealed/encrypted result which, when decrypted, matches the result of operations performed on the unencrypted plaintext.
The essential purpose of homomorphic concealment/encryption is to allow computation on concealed/encrypted data without decrypting the data in order to perform the computation. In this way, the concealed/encrypted data can remain confidential and secure while the concealed/encrypted data is processed for the desired computation. Accordingly, useful tasks may be accomplished on concealed/encrypted (i.e., confidential and secure) data residing in untrusted environments. In a world of distributed computation and heterogeneous networking, the ability to perform computations on concealed/encrypted data may be a highly desirable capability. Hence, finding a general method for computing on encrypted data is likely a highly desirable goal for cryptography.
The most sought-after application of homomorphic encryption may be for cloud computing. Data that is stored in the Cloud is typically not encrypted, and the breach of the Cloud stored, unencrypted data is ranked by the Cloud Security Alliance as the number one threat to data security. Concealing/Encrypting Cloud stored data may mitigate the threat of data being compromised by a breach, but then the remote clients (owners of the data) would not then be able to perform operations (i.e., add, multiply, etc.) on the Cloud stored data while the data remains in the Cloud. In order to perform operations on concealed/encrypted data stored in the Cloud, it would be necessary to download the concealed/encrypted Cloud stored data, recover/decrypt the data, perform all desired operations on the data locally, conceal/encrypt the resulting data and send the resulting data back to the Cloud. Alternatively, if a user wants the Cloud services provider to perform the computations, the Cloud would require access to the user's encryption/security keys. It is becoming increasing undesirable to provide the Cloud access to a user's security keys as the more entities that have access to the security keys inherently increases the susceptibility of the security keys to being breached, or even stolen by an unscrupulous provider. Homomorphic concealment/encryption would allow the Cloud to operate on client data without decryption, and without access to the client's security keys.
The concealed/encrypted data values may be stored on the intermediary computing system until such time that particular arithmetic operations are desired by a user, then the intermediary computing system may perform the desired arithmetic operations using the cipher text data stored at the intermediary computing system. Likewise, the concealed/encrypted data values may be immediately operated on by the intermediary computing system as soon as the subject concealed/encrypted data values are received by the intermediary computing system. However, as one skilled in the art will recognize, the process of receiving the concealed/encrypted data values at the intermediary computing system inherently includes storing the encrypted data values at the intermediary computing system even if only fleetingly in an immediately used and erased Random Access Memory (RAM) location or operational register location of a computational subsystem of the intermediary computing system.
For the various embodiments, the “payload” may be packed in the values of the scalars and coefficients of the multivector elements. The packing method may define, among many things, the Geometric Algebra operations permissible for an embodiment. For example, the Rationalize operation on multivectors yields zero when all multivector coefficients are equal. Such multivectors having all equal coefficients have no inverse and the geometric product of such multivectors having all equal coefficients with another multivector has no inverse. Different aspects of the various embodiments, including the decryption methodology that utilizes the inverse of the security key(s) multivector to perform the decryption. Therefore, to avoid problems when performing an inverse operation, the various multivectors being utilized in the various embodiments should not have all equal value coefficients, unless specifically identified as being meant to be non-invertible.
3 Multivector Packing Schemes
Before discussing details of different methods, we propose to represent data, we introduce Definition 5 as a general definition of what is a multivector packing.
Definition 5. Given a function ƒ:3→, a Multivector Packing Scheme is a probabilistic polynomial-time computable function g:→3 such that for all m∈, ƒ(g (m))=m.
3.1 Clifford Eigenvalue Packing (CEP) Scheme
Definition 6. CEP Forward Mapping (
0
ē
0+0ē1+d2ē2+0ē3+0ē12+0ē13+0ē23+0ē123 Eq. 1:
Remark 1. Since a packing scheme is not meant to hide information, A does not need to be secret. Ā can be generated as a system variable and be globally available to the application where the CEP is being implemented and used.
Definition 7. CEP Backward Mapping (m=(
Theorem 2. Correctness of CEP If m∈, it holds that ({right arrow over (CEP)}(m))=m.
Proof Given a multivector
−√{square root over (
Definition 8. Alternative CEP Backward Mapping Since Ā is known, an alternative CEP Backward Mapping is computed as follows:
m=d
0
−d
2
,
−1
Remark 2. The CEP is a packing scheme that leverages the function that computes the eigenvalue of a multivector. Since this function is both additive and multiplicative homomorphic, the packing scheme is also homomorphic with respect to addition and multiplication, i.e., CEP(Ā∘
3.2 Complex Magnitude Squared Packing (CMSP) Scheme
For this packing scheme, we select two coefficients of
Due to the lengthy aspect of the final solution, we break it down into auxiliary equations, which are shown in Definition 9. For computing m0 and m1, let
τ=b2−4bm2m13+4bm3m12+4m22m132+4m22m232
μ=−4m22m1232−8m2m3m12m13+4m32m122+4m32m232−4m32m1232
ν=−4m122m232+4m122m1232−4m132m232+4m132m1232−4m234
ω=8m232m1232+4am232−4m1234−4am1234 Eq. 4
Definition 9. Auxiliary Equations for m0 and m1 Let x1 . . . x6 be auxiliary equations for m0 and x7 . . . x9 be auxiliary equations for m1 such that:
x
1=(b−2m2m13+2m3m12)/(2m123)
x
2
=m
23
x
3
=bm
23
x
4=2m123
x
5=(τ+μ+ν+ω)
x
6=(−2m2m13m23+2m3m12m23)
x
7=(2m123(m23+m123)(m23−m123))
x
8=(2(m23+m123)(m23−m123)) Eq. 5
Definition 10. CMSP Forward Mapping (
Theorem 3. The operation
Proof. The Clifford conjugation of a multivector
Definition 11. CMSP Backward Mapping ((m=(
Theorem 4. Correctness of CMSP For all m∈ and all
Remark 3. The proof of correctness for the CMSP is too long for this manuscript. Instead, we provide a high-level overview of the proof. Given a message m, we compute a complex number z=a+bi by allowing a to be a random integer and b=√{square root over (m−a2)} such that |z|2=m. We then build a multivector
Remark 4. The rationalize of a multivector, similarly to the complex magnitude square of a complex number, is multiplicative homomorphic, i.e., R(Ā
4 Concealment Schemes
We propose methods for concealing arbitrary message multivectors with the support of a secret key. The secret key is a tuple consisting of two secret multivectors k=(
Definition 12. A Concealment Scheme is a polynomial-time algorithm that hides a message multivector by computing a concealed multivector with the support of secret key multivectors.
4.1 Clifford Sylvester's Equation Concealment (CSEC)
The first concealment scheme we propose is based on the well-known Sylvester's equation, where we make use of its multivector variant.
Definition 13. CSEC Forward Mapping (
Definition 14. CSEC Backward Mapping (
=(k,
Theorem 5. Correctness of CSEC For all k=(
Proof. Given
1
2 Eq. 7
left multiply by
1
−1
2
=
1
−1
K
1
2
+
1
−1
2
2 Eq. 8
According to Definition 3,
1
−1
2
=
2
+
1
−1
2
2 Eq. 9
If we sum Eq. 9 with Eq. 7 and combine like terms, we obtain the following:
1
−1
2
=
Note that (
1
−1
2=(
We can now solve Eq. 11 for M to obtain:
=(
Remark 5. The CSEC scheme is homomorphic with respect to addition, since adding
4.2 Modular Concealment (MC)
Definition 15. MC Forward Mapping (
Definition 16. MC Backward Mapping (
Theorem 6. Correctness of MC For all k∈K and for all
Proof. The modulo operation Ā mod
Remark 6. The MC is both additive and multiplicative homomorphic for all message multivectors
In the disclosure described thus far, it has been demonstrated how multivector involutions, decompositions, and a small set of multivector functions can be combined and explored as the sufficient components to implement protocol-agnostic homomorphic data representation and homomorphic data concealment with Clifford geometric algebra. Two methods for representing numerical data were introduced, namely multivector packing schemes, such that a given datum is expressed in terms of the output of the Clifford eigenvalue and the rationalize functions. Also introduced were two methods for hiding data represented as multivectors, namely concealment schemes, which consist of operations that compute a concealed multivector with the support of secret key multivectors. The multivector packing and concealment schemes discussed in this disclosure are homomorphic with respect to addition, multiplication or both. These constructions may be used in a wide variety of privacy preserving applications since, due to its homomorphic properties, data can be meaningfully computed while concealed. The homomorphism on both packing and concealment schemes provides a guarantee that applying methods of the various embodiments will not compromise the numerical meaning of the data represented and concealed as multivectors.
5 Additional Experiments with Clifford GA Applied to Cryptography
The combination of flexibility, simplicity, elegance and power that is found in Clifford Geometric Algebra (GA) is probably one of the main reasons for a growing interest from those willing to explore new algebraic structures for producing many applications in physics, engineering and computer science. As a result, to the surprise of many, existing applications when modified to run as implementations of Clifford GA algorithms, demonstrate higher performance, better maintenance, less complexity and friendlier learning curve for those new to GA. Nonetheless, Clifford GA is virtually unexplored in cryptography, an area of science that can be greatly benefited by a mathematical tool equipped with the aforementioned potential. In the additional disclosure below, experiments of cryptographic solutions based on Clifford geometric algebra are introduced, including a key exchange protocol, a hash algorithm and a private-key encryption scheme.
Modem cryptography (post-1980s) distinguishes from its classical counterpart by its emphasis on definitions, precise assumptions and rigorous proofs. A slightly different description of modern cryptography, says modern cryptography's emphasis is on definitions, schemes and proofs. In both descriptions, definitions are the very step in designing a cryptographic solution. Modem cryptography relies on formally stating what security means for a particular cryptographic mechanism. Definitions of security can sometimes be very strong, however, while efficient constructions that satisfy such strong definitions exist, some cryptographic constructions cannot be unconditionally proven secure. For this reason, most security definitions rely on clearly stated and unambiguously defined (yet unproven) assumptions. Once security definitions and precise assumptions are in place, one particular construction can be proven secure with respect to some clearly stated security definition and under some well-defined cryptographic assumption(s). Once security definitions are stated, one needs to design schemes in the hope that they meet some particular security definition. In combining both descriptions, we have four fundamental building blocks of modem cryptography: definitions, assumptions, schemes and proofs.
One can see these building blocks as what is needed to be achieved. When it comes to how achieve the goals, this really should be a decision of the cryptographic designer. From the 1980s to the present time, a tremendous advance in cryptology as a whole is being witnessed, expressed in new notions of security, new threat models, new attacks, new primitives, new protocols, new goals, etc. At the same time, however, many of these contributions rely on a small set of mathematical resources such as modular arithmetic, group theory, combinatorics, probability, integer factorization, discrete logarithm, elliptic curves, lattices, coding theory, linear algebra, among others. Once the previously discussed building blocks of modern cryptography are in place, i.e., a cryptographer knows what the end goal is, one should not be limited to the aforementioned mathematical tools in order to provide the how. Many other branches of mathematics, sometimes virtually unexplored in cryptography, have interesting and promising properties, along with functionalities, that seem to be, at the very least, worth investigating. One appealing candidate for the task is Clifford Geometric Algebra (GA). With several applications, mostly in physics and engineering, there is a growing interest on the computational aspects of Clifford GA. Among CA's benefits, a highlight is the unification of many mathematical systems into an easy-to-understand mathematical framework, which can serve as an extension of standard programming languages while enabling compact algorithms that can run in parallel yielding high runtime performance and robustness.
5.1 Auxiliary Algorithms
Before proposing GA-based methods for several applications in cryptography we want to define some auxiliary algorithms that will be used in the next sections.
Definition 17: NumToMultmod is a variation of NumToMult that transforms a number n∈ into a multivector
Definition 18: StrToMultmod is a variation of StrToMult that transforms a string s into a multivector
Definition 19: RandMultmod is a variation of RandMult that generates a multivector
Lemma 1: A multivector
Proof: If
Definition 20: RandMultNImod is a variation of RandMultmod that generates a non-invertible multivector
Algorithm 1: Number to Multivector
Given n, b∈, we sorm n into
2
ē
0
+Σ|└n/2ib┘|2
for i=1 . . . 7 and j∈(1, 2, 3, 12, 13, 23, 123).
We define the syntax as
Algorithm 2: Multivector to Number
Given a multivector
n
1
=m
123
,n
2
=m
23
,n
3
=m
13
,n
4
=m
12
,n
5
=m
3
,n
6
=m
2
,n
7
=m
1
,n
1
=m
0 Eq. 14
so the number n is computed as:
n=n
1
,n=n·2b+ni,i=2 . . . 8 Eq.15
We define the syntax as n=MultToNum (
Algorithm 3: String to Multivector
Given a string s of size k, and a positive integer b, obtain the integer representation of each character of s in the form of:
S=(s1 . . . sk),si∈{0, . . . ,255} Eq. 16
We compute a number n from S as follows:
n=s
1
,n=n·256+si,i=2 . . . k Eq.17
We transform n in to the multivector
M=NumToMult(n,b) Eq. 18
We define the syntax as
Algorithm 4: Random Multivector
Given b, a positive integer, we generate the random coefficients r0, r1, r2, r3, r12, r13, r23, r123 uniformly select from the set {0, . . . , 2b−1} such that:
0
ē
0
+r
1
ē
1
+r
2
e
2
+r
3
ē
3
+r
12
ē
12
+r
13
ē
13
+r
23
ē
23
+r
123
ē
123 Eq. 19
We define the syntax as R=RandMult (b).
5.2. Key Exchange
When two parties want to establish a secret communication, they might resort to a cryptographic protocol known as Key Exchange or Key Agreement. We introduce a family of algorithms for a GA-based Key Exchange protocol denoted by Exch, which are efficient algorithms (i.e., probabilistic polynomial-time) designed for a peer-to-peer setting where each shared secret key is used only once per communication event. We define the syntax as:
Exch=(Initparty,PCIparty,Subkeyparty,Exchparty). Eq. 20
For any two parties, Party 1 and Party 2, the following algorithms apply. Each party has a public ID, denoted by
In order to initiate a key exchange, we need to initialize both parties, as shown in Algorithm 5, and have them agreeing on a public communication identifier G that is generated according to Algorithm 6. Each party will compute their subkey, as defined in Algorithm 7, which will be exchanged so both parties can compute the same secret key locally, according to Algorithm 8.
Definition 21: We consider the probability of an event x to occur to be negligible if all elements of a sufficiently large space solution S have approximately equal probability to occur. We define the syntax as Pr[x]≈1/S.
Definition 22: For all non-invertible public communication identifier
Pr└(
where is the space of all possible final
Assumption 1: Solving a unique sample of an underdetermined non-linear system of equation, that is, a non-linear system with fewer non-redundant possible equations than unknowns to solve, for any sufficiently large space solution, where the attacker has only one sample of data for every set of unknowns to solve, is hard.
As part of the share secret agreement, the parties agree on the index i each one will use. There's no secrecy for this particular assignment. If the index i is incorrectly assigned, the secret keys computed by both parties will not match.
Algorithm 5: Party Initialization
Remark 7: The public identifier
Algorithm 6 considers that two parties that intend to share a secret key were already initiated. The first party is assigned with i=1 and the second party with i=2. Party 1 generated (
Algorithm 6: Public Communication Identifier
Given two public party identifiers
We define the syntax as
Since
Algorithm 7: SubKey
Given the party private ID
If i=1 then
We define the syntax as
Algorithm 8: Exchange
Give party 1 subkey
if i=1 then
We write
Party 1 computes
Theorem 7: For all
Proof: Let
Party 2 computes
and we verify that
5.2.1. Key Exchange Protocol
Given that Alice (Party 1) and Bob (Party 2) agreed upon a value for λ, the key exchange routine proceeds as follows:
(
2) Bob generates his identification:
(
3) Alice and Bob establish a public communication identifier:
=PCIparty(
4) Alice generates and sends to Bob her subkey:
1=Subkeyparty(
5) Bob generates and sends to Alice his subkey:
2=Subkeyparty(
6) Alice privately calculates the shared secret key:
1dcalc=Exchparty(
7) Bob privately calculates the shared secret key:
2dcalc=Exchparty(
8) Alice and Bob now share the same secret key. (
Theorem 8: The GA-based Key Exchange protocol Exch is secure under Assumption 1.
Proof: Given a multivector Ā that is unknown and a non-invertible multivector
c
0
=c
3=(a0b+a1b+a2b+a3b−a12b−a13b−a23b−a123b)
c
1
=c
13=(a0b+a1b−a2b−a3b+a12b+a13b−a23b−a123b)
c
2
=c
23=(a0b+a1b+a2b+a3b−a12b+a13b+a23b+a123b)
c
12
=c
123=(a0b+a1b−a2b+a3b+a12b−a13b+a23b+a123b) Eq.32
Thus, the geometric product involving at least one non-invertible multivector generates a multivector that is expressed by four non-redundant equations as opposed to eight, which is the case when the geometric product results on an invertible multivector. Any multivector multiplied by
A multivector in
Theorem 9: For all
M=aē
0
+bē
1
+cē
2
+aē
3
+dē
12
+aē
13
+bē
23
+dē
123 Eq. 33
the following holds:
s
2
+w
2=ν2+t2,
where
Proof: For
s
2
+w
2
=a
2
+b
2
+c
2
+d
2
v
2
+t
2
=a
2
+b
2
+c
2
+d
2
2
=a
2
−d
2
ē
0+2adē23
2
=a
2
−d
2
ē
0+2adē123 Eq.35
thus s2+w2=v2+t2 and
5.3. Edge Computing
One could wonder how useful and/or realistic is a key exchange protocol that generates secret keys that are meant to be used only once. In order to provide an answer with insights for real-world applications, we discuss a scenario where a device requests access to a server. Prior to granting access, the server and the device must agree upon a secret key that must be generated and used only once. This can be seen as a device handshake technique for establishing communications between devices in an Edge Computing setting. To solve this problem, we propose a protocol for edge computing that is based on the key exchange protocol discussed in Section III.
The security definition of this protocol is given by Definition 22 under Assumption 1.
Definition 23: The Edge Computing protocol is composed by the family of algorithms ES (Edge Server) and ED (Edge Device).
Definition 24: The Edge Server family of algorithms is denoted by:
ES=(Initserver,InitReqserver,Regserver,ReqDataserver). Eq. 36
Such that:
1) Initserver initializes a server instance;
2) InitReqserver processes a device's access authorization request;
3) Regserver authorizes a device to access the server instance;
4) ReqDataserver processes a device's data access request.
Definition 25: The Edge Device family of algorithms is denoted by:
ED=(Initdevice,Exchdevice,Recdevice). Eq. 37
Such that:
1) Initdevice initializes a device instance;
2) Exchdevice processes the server's authorization response;
3) Recdevice processes the data received by the server.
Algorithm 9: Edge Server Initialization
The Edge Server initialization receives X as argument and computes b=λ/8 and q such that q is the next prime greater than b. It initializes also an empty list A and a data list B with some data in it. The initialization returns an object s=(b, q, A, B).
We define the syntax as s=Initserver (λ).
Algorithm 10: Server Initiate Request
The Edge Server initialization request receives a device's public ID
Create the server's private and the public identifier (
Compute the public communication identifier
Compute the subkey
Add
We define the syntax as s=InitReqserver (
Algorithm 11: EDGE Server Registration
The Edge Server registration receives a device's public ID
Computes the shared secret key
Add
We define the syntax as s=Regserver (
Algorithm 12: Edge Server Request Data Process
The Edge Server request data process receives a device's public ID
Search and select in the A list a tuple with the device's public ID that matches
1dcalc
1dcalc
† Eq. 38
We define the syntax
Algorithm 13: Edge Device Initialization
Given λ, compute b−λ/8 and q such that q is the first prime greater than b. Create the devices' private and the public identifier (
We define the syntax as =Initdevice (λ).
Algorithm 14: Edge Device Exchange
The Edge Device exchange receives a server's public ID
Compute the public communication identifier
Return =(
We define the syntax as =Exchdevice (
Algorithm 15: Edge Device Receive Data Process
The Edge Device receive data process receives C as argument and proceeds as follows:
Compute
We define the syntax as
5.3.1. Edge Computing Protocol
The Edge Computing protocol is described next:
5.4 Hash Algorithm
A secure Hash algorithm is meant to be a one-way function, that is, a function that is easy to compute and to verify but infeasible to invert. With elementary functions in GA, the use of rounds and coefficients reduced to a certain modulus we propose a lightweight, simple and yet promising GA-based Hash algorithm. Let the bit size of the message digest generated by the Hash algorithm be denoted by λ. We define an iterative Hash algorithm consisting of one-way hash functions that are able to process a message and result in a condensed representation called message digest. The proposed GA Hash algorithm can be used for a variety of applications, including, determining a message's integrity and it is denoted as h=GAHashdige (λ) where GAHash (Algorithm 18) is the combination of the algorithms GAHashprep (Algorithm 16) and GAHasche (Algorithm 17).
Algorithm 16: Prepossessing
Given λ, a string s, b=λ/8, q=2b, we transform it into a multivector
We compute a value multivector
We define the syntax as (
Algorithm 17: Message Schedule
Given a number r of rounds, successively update
†
+
†
†
−
We let h be the concatenation of coefficients of
We define the syntax as h=GAHashsche (
Algorithm 18: GA Hash
Given λ, and a string s, compute
We define the syntax as h=GAHashdige (λ, s)
Remark 8: For every string s a hash value h is computed such that h=GAHashdige (λ, s). In Algorithm 17, the computation of the hash value is based on a message schedule mechanism defined in Eq. 39. Given a number r of rounds, the value multivector
Remark 9: A hash function, to be considered secure, is expected to be collision resistant (finding two different inputs that have the same hash value), preimage resistant (or have the one-way property, that is, given a randomly chosen h it must be infeasible to find s such that h=GAHashdige (λ, s) for any fixed X and second preimage resistant (given s and its corresponding h, finding a second input s′ which its corresponding h′ satisfies h=h′. An evident follow-up of this experiment is investigating if these properties are present in our proposed hash function.
5.5. An Encryption Experiment
We now propose a combination of many of the ideas discussed in the previous sections in order to introduce a probabilistic private-key encryption scheme. In order to provide a concrete insight about the security of the proposed encryption scheme we will introduce some strong assumptions while we will attempt to avoid those to be too strong. We will then claim security based on those assumptions.
In order to provide a probabilistic encryption (encrypting the same input multiple times will randomly generate different ciphertexts) we will use a variation of the RandMultmod algorithm, as stated in Definition 26.
Definition 26: NumToRandMultmod is a variation of RandMultmod that generates a random multivector
Definition 27: For the proposed private-key scheme, we consider three spaces: the key space , containing all possible secret keys, the message space , containing all possible messages, and the ciphertext space , containing all possible ciphertexts.
Definition 28: The private-key encryption scheme Π is composed by three polynomial-time algorithms that we denote by Π=(Gen, Enc, Dec) such that:
i
=
i−1
†
+
i−1
i−1
i−1
+
i−1
†
i
=
i−1
†
i−1
i−1
i−1
i−1
†
i
=
i−1
†
+
i−1
i−1
i−1
+
i−1
† Eq. 41
i−1
=
i
−1((
Definition 29: The proposed encryption scheme is secure if the probability of an adversary algorithm A solving for
Assumption 2:
Proof: For this experiment, we provide a tautological proof of security, that is, if Enc is indeed a one-way function, then the encryption scheme Π is secure given that inverting one-way functions is considered to be hard.
Remark 10: The encryption algorithm is inspired in the message schedule GAHashsche and hence is here assumed to be a one-way function.
Remark 11: The encryption scheme Π can work with the secret key generated by Gen, as defined in Definition 28, or might consider an agreed secret key generated by the key exchange protocol Exch.
Further, as shown in
Various embodiments may implement the network/bus communications channel 106 using any communications channel 106 capable of transferring electronic data between the first 102 and second 104 computing devices. For instance, the network/bus communication connection 106 may be an Internet connection routed over one or more different communications channels during transmission between the first 102 and second 104 devices. Likewise, the network/bus communication connection 106 may be an internal communications bus of a computing device, or even the internal bus of a processing or memory storage Integrated Circuit (IC) chip, such as a memory chip or a Central Processing Unit (CPU) chip. The network/bus communication channel 106 may utilize any medium capable of transmitting electronic data communications, including, but not limited to: wired communications, wireless electro-magnetic communications, fiber-optic cable communications, light/laser communications, sonic/sound communications, etc., and any combination thereof of the various communication channels.
The various embodiments may provide the control and management functions detailed herein via an application operating on the first 102 and/or second 104 computing devices. The first 102 and/or second 104 computing devices may each be a computer or computer system, or any other electronic devices device capable of performing the communications and computations of an embodiment. The first 102 and/or second 104 devices may include, but am not limited to: a general purpose computer, a laptop/portable computer, a tablet device, a smart phone, an industrial control computer, a data storage system controller, a CPU, a Graphical Processing Unit (GPU), an Application Specific Integrated Circuit (ASI), and/or a Field Programmable Gate Array (FPGA). Notably, the first 102 and/or second 104 computing devices may be the storage controller of a data storage media (e.g., the controller for a hard disk drive) such that data delivered to/from the data storage media is always encrypted so as to limit the ability of an attacker to ever have access to unencrypted data. Embodiments may be provided as a computer program product which may include a computer-readable, or machine-readable, medium having stored thereon instructions which may be used to program/operate a computer (or other electronic devices) or computer system to perform a process or processes in accordance with the various embodiments. The computer-readable medium may include, but is not limited to, hard disk drives, floppy diskettes, optical disks, Compact Disc Read-Only Memories (CD-ROMs), Digital Versatile Disc ROMS (DVD-ROMs), Universal Serial Bus (USB) memory sticks, magneto-optical disks, ROMs, random access memories (RAMs), Erasable Programmable ROMs (EPROMs), Electrically Erasable Programmable ROMs (EEPROMs), magnetic optical cards, flash memory, or other types of media/machine-readable medium suitable for storing electronic instructions. The computer program instructions may reside and operate on a single computer/electronic device or various portions may be spread over multiple computers/devices that comprise a computer system. Moreover, embodiments may also be downloaded as a computer program product, wherein the program may be transferred from a remote computer to a requesting computer by way of data signals embodied in a carrier wave or other propagation medium via a communication link (e.g., a modem or network connection, including both wired/cabled and wireless connections).
m
0
=x
1−(x2(x3+x4√{square root over (x5)}+x6))/x7,
m
1=−(x3+x4√{square root over (x5)}+x6)/x8,
x
1=(b−2m2m13+2m3m12)/(2m123),
x
2
=m
23,
x
3
=bm
23,
x
4=2m123,
x
5=(τ+μ+ν+ω),
x
6=(−2m2m13m23+2m3m12m23),
x
7=(2m123(m23+m123)(m23−m123)),
x
8=(2(m23+m123)(m23−m123)),
τ=b2−4bm2m13+4bm3m12+4m22m132+4m22m232,
μ=−4m22m1232−8m2m3m12m13+4m32m122+4m32m232−4m32m1232,
ν=−4m122m232+4m122m1232−4m132m232+4m132m1232−4m234, and,
ω=8m232m1232+4am232−4m1234−4am1234.
At process 414, the second computing device 404 computes the numeric message value m from the message multivector
At process 516, the first device privately generates at least one shared secret key (
The foregoing description of the invention has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise form disclosed, and other modifications and variations may be possible in light of the above teachings. The embodiments were chosen and described in order to best explain the principles of the invention and its practical application to thereby enable others skilled in the art to best utilize the invention in various embodiments and various modifications as are suited to the particular use contemplated.
This application is based upon and claims the benefit of U.S. provisional application Ser. No. 63/046,943, filed Jul. 1, 2020, entitled “Homomorphic Data Concealment Powered By Clifford Geometric Algebra,” and Ser. No. 63/046,954, filed Jul. 1, 2020, entitled “Experiments with Clifford Algebra Applied to Cryptography;” all of which are also specifically incorporated herein by reference for all that they disclose and teach.
Number | Date | Country | |
---|---|---|---|
63046943 | Jul 2020 | US | |
63046954 | Jul 2020 | US |