CIPHERING MAPS WITH PSEUDOINVERSE AND PSEUDOTABULATION
RICHARD GABRIEL
We show that for recursive ciphering maps the symmetry is a necessity. Here ‘re- cursive’ means that the same formula will be used for both encoding and decoding.
Further, we will examine a reasonable pseudotabulation.
AMS 2010 Subject Classification: 94A60, 11T71.
Key words: recursive ciphering maps theλ-symmetry.
0. NON-INVOLUTIVE FIELDS
Let F be a commutative field and λ : F → F, λ(a) = ¯a an involution (involutive automorphism) on F:
(0.1) λ(a+b) =λ(a) +λ(b); λ(a·b) =λ(a)·λ(b); λ(λ(a)) =a; a, b∈F.
Additionally, we call F andλinvolutive if
(0.2) a·¯a= 1, i.e., λ(a) =a−1, a∈F.
If this is the case, we have
(0.3) (a+b)−1=a−1+b−1, (a, b)∈F and
(0.4) (a−1+b−1)·(a+b) = 1, and also
(0.5) a−1·b−1·(a2+b2+a·b) = 0 a, b6= 0.
By multiplying with (a−b) we get
(0.6) a−1·b−1·(a3−b3) = 0.
Therefore, for a6= 0, b6= 0 we have
(0.7) a3−b3= 0
REV. ROUMAINE MATH. PURES APPL.,56(2011),3, 185–194
and if we take b = 1, the identity a3 = 1 must hold for all elements a ∈ F. Therefore, F is a cyclomatic field (unity roots field) of order 3.
Lemma 1. GF(3)is an involutive field. All other fields(especially,GF(p) for p6= 3)are not involutive.
1. REGULAR SPECTRAL PSEUDOINVERSE, DRAZIN INVERSE AND GENERALIZED INVERSE Let F be an algebraic field, in particular the prime field F = GF(p), and let A ∈ Fm×n be a rectangular matrix and C ∈ Fm×m a square matrix.
Assume the Jordan decomposition of C has the form
(1.1) C =T
U 0 0 J
T−1,
where J incorporates all singular Jordan cells (U is regular and J is nilpo- tent); then
(1.2) Cd=T
U−1 0
0 0
T−1
is the Drazin inverse ofC and
(1.3) C(p) =T
U−1 0
0 E
T−1
is the regular spectral pseudoinverse ofC as introduced in [4]. Cdwas investi- gated deeply by Hartwig [8] and it plays a central role among pseudoinverses, because it is the unique solution of Drazin’s multiplicative system
(1.4) Ck+1·X =Ck·X, X·C·X=X, X·C =C·X, k≥k0. C(p) can be expressed usingCd as
(1.5) C(p)=E+Cd−C·Cd. We also have
(1.6) Cd=Ck·[C(p)]k+1, k≥k0. Let
(1.7) G1, G2, . . . , Gk0,∆, Hk0, . . . , H2, H1
be the complete factor system introduced by Cline [1], [2]; then (1.8) Cd=G1·G2·. . .·Gk0 ·∆−k0Hk0 ·. . .·H2·H1
and
(1.9) C(p)=E+G1·G2·. . .·Gk0 ·(∆−k0−1−∆−k0)·Hk0 ·. . .·H2·H1.
The matricesT and U are defined in the decomposition field F0 of the characteristic polynomial ofCbut the matricesCdandC(p)as well asGkand Hk are defined in F.
IfA∈Fm×nis a rectangular matrix, a generalized inverse onF is defined in [4] by the formula
(1.10) A∗(A·A∗)(p)=A+= (A∗A)(p)A∗
and this is a generalization of Moore-Penrose pseudoinverse defined on C.
Lemma 2. For a matrix C∈Fm×n we have
(1.11) (Cd)+= (C+)d,
(1.12) (C(p))∗= (C+)(p), (1.13) (C·C(p))(p)=E = (C(p)·C)(p).
Proof. The first formula can be found in Hartwig [8], while the second follows from the first via (1.5). The lost identity follows from the definition of C(p).
Lemma 3. We have (1.14)
x z 0 0
(p)
=
x−1 z·(x−2−x−1)
0 1
.
Proof. Starting withC=T· x 0
0 0
·T−1 we get (1.15) C(p)=T ·
x−1 0
0 1
·T−1 =E+T ·
x−1−1 0
0 0
·T−1 =
=E+ (x−2−x−1)·T · x 0
0 0
·T−1 =E+ (x−2−x−1)·C=
=E+
x−1−1 z·(x−2−x−1)
0 0
=
x−1 z·(x−2−x−1)
0 1
.
2. LEFT AND RIGHT CIPHERING The maps
(2.1) YL= (X·ΣL·X∗)(p)·X, (2.2) YR=X·(X∗·ΣK·X)(p)
define a left, respectively a right ciphering. Formula (2.1) has been introduced in [7] for λ= identity and thereby we have C∗ =CT. If we suppose that ΣL and ΣK areλ-symmetric, i.e.,
(2.3) Σ∗L= ΣL, Σ∗K = ΣK, then the two maps are recursive, i.e.,
(2.4) X = (YL·ΣL·YL∗)(p)·YL and
X =YK·(YK∗ ·ΣK·YK)(p)
meaning that for both ciphering and deciphering the same formulas and the same coding matrices ΣL, respectively ΣK, will be used. We shall prove this in Propostion 1.
The transpose andλ-conjugate of a left ciphering map will give a right one.
3. λ-SYMMETRY
Definitions. 1. A key matrix Σ∈Fn×n is λ-symmetric if (i) σjk = ¯σjk, k, j = 1, . . . , n.
2. A key matrix Σ∈Fn×n is aλ-Gmatrix if we have (ii)
n
(XΣX∗)(p)·(XΣX∗)·
(XΣX∗)(p)∗o(p)
=
(XΣX∗)(p)−1
for all X ∈Fm×n. 3. A map
(iii) Y = (XΣX∗)(p)·X
is λ-recursive if
(iv) X= (YΣY∗)(p)·Y
for all X ∈Fm×n.
Now we shall study the relationships between these concepts and we will show that they are essentially equivalent.
Remark 1. In (ii) the expression C = XΣX∗ is outlined, therefore (ii) can be written as
(3.1)
h
C(p)·C·
C(p)∗i(p)
= h
C(p) i−1
.
Remark 2. If we replace (iii) in (iv), we get (v)
n
(XΣX∗)(p)(XΣX∗)
(XΣX∗)(p)∗o(p)
X=
(XΣX∗)(p)−1
X.
Now, if we assume that rank(X) =m, then we can cancel the factor X and from (v) we get just (ii).
Proposition 1. A symmetric matrix Σ = Σ∗ is aλ-Gmatrix.
Proof. If we consider thatC =C∗and (C∗)(p)= (C(p))∗, then (3.1) gives (3.2) (C(p)·C·C(p))(p)=
C(p)−1
and this is an identity if we take into account that C =T ·
U 0 0 J
·T−1
and
C(p)=T ·
U−1 0
0 E
·T−1.
Proposition 2. A regularλ-G matrix is λ-symmetric.
Proof. Suppose det(Σ)6= 0 in (ii). If det(X)6= 0, we have also det(C)6= 0 and therefore
(3.3) C−1·C·(C−1)∗−1
= C−1−1
. From (3.3) we get
(3.4) C∗ =C
which means
(3.5) (X·Σ·X∗)∗=X·Σ·X∗ and thus
(3.6) X·(Σ∗−Σ)·X∗ = 0.
Considering the assumption det(X)6= 0 we must have Σ∗ = Σ.
Proposition 3. Forn= 2, aλ-G matrix isλ-symmetric, excepting the case F =GF(3).
Proof. We have to show that (3.1) implies Σ∗ = Σ. For det(Σ)6= 0 this is a consequence of Proposition 2, so we have to study only the case det(C) = 0, i.e., the case C =
x y tx ty
.
Together with (3.1) we have also (3.7)
n
(T ·C·T∗)(p)·T·C·T∗·
(T ·C·T∗)(p)∗o(p)
=
(T ·C·T∗)(p)−1
.
Now, if we takeT =
1 0
−t 1
, we get
(3.8) T ·C·T∗ =
x y−¯tx
0 0
= x z
0 0
.
Case a: x6= 0. In this case, formula (4.6) develops into
(3.9)
( x z 0 0
(p)
· x z
0 0
·
"
x z 0 0
(p)#∗)(p)
= (
x y 0 0
(p))−1
.
As a consequence of Proposition 3, we have (3.10)
x z 0 0
(p)
=
x−1 z(x−2−x−1)
0 1
,
(3.11)
( x z 0 0
(p))−1
=
x z(1−x−1)
0 1
and further
( x z 0 0
(p))∗
=
x¯−1 0
¯
z(¯x−2−x¯−1) 1
.
A substitution in (3.9) gives h
C(p)·C·[C(p)]∗ i(p)
=
u−1 v(u−2−u−1)
0 1
= (3.12)
=
x−1 z(x−2−x−1)
0 1
−1
=
x z(1−x−1)
0 0
= h
C(p) i−1
withv=x−1z,u= ¯x−1+x−1zz(¯¯x−2−x¯−1). This is equivalent to the system (3.13)
( (¯x−1−x−1) +x−1z¯z(¯x−2−x¯−1) = 0, zx−1(x−1)2 = 0.
Symmetry means z= 0, ¯x=x and these are obviously a solution of (3.13).
Now, if C= x z
0 0
is aλ-Gmatrix, then the matrix (3.14)
x1 0 0 x2
· x z
0 0
·
x¯1 0 0 x¯2
=
x1x¯2x x1x2z
0 0
is aλ-Gmatrix, too, and it satisfies the system (3.13). We will use the second equation, which must be an identity in (x1, x2), for x= 1 in order to obtain (3.15) x1x2z(x1x¯2)−1·(x1x¯1−1) = 0
which implies clearly z = 0 and thus from the first equation we get ¯x = x for all (x1, x2) ∈ F. If the condition x1x¯1 = 1 is true for all x1 ∈ F, then Proposition 1 yields F =GF(3).
Case b: x= 0. We use the relationship 1 y
0 1
· 0 z
0 0
1 0
¯ y 1
=
z¯y z 0 0
in order to come back to Case a.
Propositions 1 through 3 allow us to state the main result:
Proposition 4. 1) If F 6= GF(3) a λ-G matrix is also λ-symmetric:
Σ∗ = Σ.
2) A recursive ciphering map Y = (X ·Σ·X∗)(p)·X is λ-symmetric:
Σ∗ = Σ.
Proof. Since all 2×2 submatrices
σkk σkj σjk σjj
areλ-symmetric:
(3.16) σkj = ¯σjk, k, j = 1, . . . , n, the whole matrix is λ-symmetric too: Σ∗ = Σ.
4. PSEUDOTABULATION. COMBINATORIAL KEYS Consider the combinatorial keys
α= (1≤α1 < α2<· · ·< αr≤n) and, accordingly,
β = (1≤β1 < β2<· · ·< βs≤n).
To these keys we append two diagonal matrices
(4.1) D(α) = diag(α1, α2, . . . , αr) = diag(0,1,0, . . . ,1,0, . . . ,1,0) D(β) = diag(β1, β2, . . . , βs) = diag(0, . . . ,0,1,0, . . .1, . . . ,0,1,0).
We call themselection matrices because all entries (aαiβj) of the matrix
(4.2) A¯
α β
=D(α)·A·D(β)
are the same as the corresponding entries of the matrix A, whilst all other entries are zeroes. In other words, ¯A
α β
is the intersection of rows (α1, α2, . . . , αr) and columns (β1, β2, . . . , βs) of the matrix A.
Now, suppose the key matrices
D(α)·ΣL·D(α), D(β)·ΣR·D(β)
are computed from the parametric matrix repository key (shortly, SMPD) (4.3) {ΣL(m, m), A(m, n),ΣR(n, n)}.
If we apply a left ciphering to the pseudotabulation D(α)·A·D(β) this will be replaced by
(4.4) K·D(α)·A·D(β),
where
(4.5) K ={D(α)·A·D(β)·D(β)·ΣL·D(β)·[D(α)·A·D(β)]∗}(p)=
={D(α)·A·D(β)·ΣL·D(β)·A∗·D(α)}(p). Then, the encoded matrix has the form
(4.6)
A−D(α)·A·D(β) +K·D(α)·A·D(β) =
=A+ (K−E)·D(α)·A·D(β) = ˜A α
β
.
5. FOURTABULATION. NINETABULATION
Let us examine pseudotabualtions which are practically interesting. They must satisfy two criteria:
1. They have to cover the matrixA(m, n).
2. They have to exhibit a cardinal number which is big enough.
The first criteria is already meet by fourtabulations; for these we will use the notation V(r, s) and they are described by the pattern
(5.1) r B(r, s) C(r, n−s)
F(m−r, s) G(m−r, n−s) Ciphering leads to
(5.2) K1·B K2·C
K3·F K4·G where
K1= (B·Σ(r, r)·B∗)(p), K2= (C·Σ(r, r)·C∗)(p),
K3= (F ·Σ(n−r, n−r)·F∗)(p), K4= (G·Σ(n−r, n−r)·G∗)(p). (5.3)
Both criteria will be fulfilled by a ninetabulation (5.4) V(r1, s1); A˜
α β
; V(r2, s2),
where the middle one, as described in Section 5, symbolize a tabulation with combinatorial key. The cardinal number for these tabulation is
(5.5) k=m2·n2·2m+n.
To this, a factor σ, representing the linear cryptography, must be in- cluded.
Table fork=m2·n2·2m+n
m/N 20 30 40
10 4.295×1013 9.895×1016 1.801×1020 15 3.092×1015 7.125×1018 1.297×1022 20 1.759×1017 4.053×1020 7.378×1023
Table forσ=ps; p= 31, s= 0.5·(m2+n2+m+n)
m/n 20 30 40
10 1.625×10395 3.221×10775 8.739×101304 15 1.410×10492 2.796×10872 7.585×101401 20 2.354×10626 4.668×101006 1.266×101636
In (5.4) the coding will be performed from left to right, while the decoding is carried on from right to left.
6. FINAL REMARKS
1. A parallel ciphering could be obtained by defining the matrix
(6.1) C(p,−1) =T·
U−1 0
0 E
·T−1
starting from a matrix C = T · U 0
0 J
·T−1 and then using an encoding formula similar to those given in Proposition 1.
2. If we take from the parametric matrix repository key the matrices
(6.2) ΣL=E(m, m), ΣR=E(n, n)
then the pseudotabulation D(α)·A·D(β) will be replaced by
(6.3)
[D(α)·A·D(β)]+ ∗
and the coded matrix will be (see Section 1 and Section 5)
(6.4) A˜
α β
=A−D(α)·A·D(β) + [D(β)·A∗·D(α)]+.
The schema (5.2) will be replaced by
(6.5) (B)∗ (C)∗
(F)∗ (G)∗
In this case we are dealing with a “quasi pure auto ciphering” method.
3. In a broader sense, the involutive ciphering formula
(6.6) Y =KX, K2 =E; K= const.
defined by Hill [9] and studied by Levine and Brawley [11], is also recursive since we get X = KY. However, for tabulation or pseudotabulation no com- paratively useful encryption formula can be derived.
REFERENCES
[1] R.E. Cline, An application of representations for the generalized inverse of a matrix.
MRC Technical Report592, 1965.
[2] R.E. Cline, Note on an extension of the Moore-Penrose inverse.Linear Algebra Appl.
40(1981), 19–23.
[3] M.P. Drazin,Pseudo-Inverses in associate rings and semigroups.Amer. Math. Monthly 65 (1958), 506–514.
[4] R. Gabriel,Das verallgemeinerte Inverse einer Matrix, deren Elemente einenm beliebi- gen K¨orper angeh¨oren.J. Reine Angew. Math.243(1969), 107–122;244(1970), 83–93.
[5] R. Gabriel,Das verallgemeinerte Inverse einer Matrix ber einem beliebigen K¨orper–mit Skelettzerlegungen berechnet.Rev. Roumaine Math. Pures Appl.20(1975), 2, 215–225.
[6] R. Gabriel, Pseudoinversen mit Scl¨ussel und ein System der algebraischen Kryptogra- phie.Rev. Roumaine Math. Pures Appl.22(1977),8, 1077–1099.
[7] R. Gabriel, Verschlsselungsabbildungen mit Pseudo-Inversen, Zufallgeneratoren und Tafelungen.Kybernetika18(1982), 455–504.
[8] R.E. Hartwig,Drazin inverses in cryptography.Unpublished Report 1978.
[9] L.S. Hill,Cryptography in an algebraic alphabet. Amer. Math. Monthly36(1929), 306–
312.
[10] J. Levine and R.E. Hartwig,Application of the Drazin inverse to the Hill cryptographic system.I, II, III, IV. Cryptologia4(1980), 71–85;4(1980), 150–168;5(1981), 67–77;
5(1981), 213–228.
[11] J. Levine and J.V. Brawley,Involutory commutants with some applications to algebraic cryptography.I. J. Reine Angew. Math.224(1966), 20–43; II.227(1967), 1–24.
[12] R. Penrose,A generlized inverse for matrices.Proc. Cambridge Philos. Soc.51 (1985), 406–413.
Received 20 August 2011 Wilhelmshavenerstr. 67
10551 Berlin Germany