New Commitment Schemes Based on Conjugacy Problems over Rubik’s Groups
Abstract
:1. Introduction
2. Background
2.1. Notations
2.2. Commitment Scheme
- Hiding (against an adversarial receiver). The receiver cannot learn any non-trivial information of s from c before the opening phrase.
- Binding (against an adversarial committer). The committer cannot open another commitment value without being detected by the receiver, or equivalently, s is uniquely bound to c.
2.3. Rubik’s Group and the Intractability Assumptions
- Suppose the conjugator, denoted by c, of the pair is unique. Then, we have . Now, one possible way that we can conceive is to pick at random and check whether holds.
- Suppose the conjugators of the pair are not unique. Then, for each conjugator , we face a similar group equation .
- Even secure encoding method. For cryptographic applications, the involved group elements should be represented in an unambiguous way, i.e., the so-called canonical form that can be viewed as an encoding method on group elements. For braid-based cryptographic applications, typical canonical forms reveal partial information of the word length of the involved braids, suffering from to the so-called length-based attacks [15]. As for the Rubik’s cube given in Figure 1, no matter how many rotations are done, its canonical form is always a permutation in . Thus, each element in a Rubik’s group admits a fixed-length canonical form, and this property makes the length-based attacks useless.
3. Reviewing of Building Blocks: Encoding and Encryption Using Rubik’s Cubes
3.1. Encoding/Decoding over Rubik’s Cubes
- Encode. Assume that each message is a 108-bit string and can be divided into 54 pairs. Then, each pair of bits can be translated to one of four arrows. For example, let 00, 01, 10, and 11 be translated to ↑, →, ↓ and ←, respectively. Next, the translated 54 arrows are assigned to the 54 facets one by one. Finally, the 54 facets are assigned to the six faces of Rubik’s cube as if they were the original configuration.
- Decode. The reverse process of encoding: given a configuration with 54 faces assigned with arrows, at first, each arrow is translated back to a 2-bit pair accordingly. Furthermore, then, output a 108-bit string by piecing together all these 2-bit pairs in the 54 facets one by one.
3.2. Encryption/Decryption over Rubik’s Cubes
- Setup. Over a Rubik’s cube, let and be the space of messages and ciphertext, respectively.
- KeyGen. Randomly generate a secret key as a random rotating sequence with the proper word length.
- Encrypt. Input a secret key k and message m, then perform the following:
- –
- Choose a random rotation sequence r;
- –
- Encode the message m to the 54 facets of the Rubik’s cube;
- –
- Perform rotation (i.e., the reverse rotation of k);
- –
- Perform rotation r;
- –
- Perform rotation k;
- –
- Decode the arrows on the 54 facets of the Rubik’s cube to a 108-bit string ;
- –
- Output a ciphertext .
- Decrypt. Input the secret key k and the ciphertext , and then perform the following:
- –
- Check whether is a 108-bit string: if not, return ⊥, which indicates that c is an invalid ciphertext; otherwise, continue;
- –
- Check whether r is a valid rotating sequence: if not, return ⊥; otherwise, continue;
- –
- Encode to the 54 facets of the Rubik’s cube;
- –
- Perform rotation ;
- –
- Perform rotation ;
- –
- Perform rotation k;
- –
- Decode the arrows on the 54 facets of the Rubik’s cube to a 108-bit message m;
- –
- Output a message m.
4. Our Proposals: The Commitment Schemes Using Rubik’s Cubes
4.1. Commitment Scheme Based on the CDP Problem
- Commitment phase. The committer commits to a message as follows:
- –
- Choose a random rotation sequence r;
- –
- Compute ;
- –
- Randomly choose a secret key k, i.e., a random rotating sequence with the proper word length;
- –
- , i.e., encrypt s with secret key k and random rotation r;
- –
- , i.e., encrypt h with k and r;
- –
- Send the commitment value to the receiver.
- Opening phase. To open a commitment to the receiver, the committer sends to the receiver directly. Furthermore, upon receiving sent by the committer, the receiver performs the following steps:
- –
- ;
- –
- ;
- –
- Check whether holds: if not, reject the commitment and return ⊥; otherwise, accept the commitment and return s.
4.2. Commitment Scheme Based on the FT-CSP Problem
- Commitment phase.The committer commits to a message as follows:
- (1)
- Encode the message s to the 54 facets of the Rubik’s cube;
- (2)
- Convert s into a rotation sequence t;
- (3)
- Choose a random rotation sequence r;
- (4)
- Perform the rotation ;
- (5)
- Decode the arrows on the 54 facets of the Rubik’s cube to a 108-bit string c;
- (6)
- Send commitment value c to the receiver.
- Opening phase. To open a commitment to the receiver, the committer sends to the receiver directly. Furthermore, upon receiving sent by the committer, the receiver performs the following steps:
- (1)∼(4)
- Same as (1)∼(4) in the commitment phase;
- (5)
- Decode the arrows on the 54 facets of the Rubik’s cube to a 108-bit string ;
- (6)
- Check whether holds: if not, reject the commitment and return ⊥; otherwise, accept the commitment and return s.
- (1)
- Given , finding is to solve the CSP instance with the setting and .
- (2)
- Given , finding is to solve the FT-CSP instance with the setting and for .
- (3)
- Given , finding r is similar to case (1).
- (4)
- Given , finding t is similar to case (2).
5. Performance Evaluation
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Pedersen, T.P. Non-interactive and information theoretic secure verifiable secret sharing. In Proceedings on Advances in Cryptology–CRYPTO, LNCS 576; Springer: Berlin, Germany, 1992; pp. 129–140. [Google Scholar]
- Goldreich, O.; Krawczyk, H. On the composition of zero-knowledge proof systems. SIAM J. Comput. 1996, 25, 169–192. [Google Scholar] [CrossRef] [Green Version]
- Schoenmakers, B. A simple publicly verifiable secret sharing scheme and its application to electronic voting. In Annual International Cryptology Conference; Springer: Berlin/Heidelberg, Germany, 1999; pp. 148–164. [Google Scholar]
- Dreier, J.; Dumas, J.G.; Jonker, H.; Lafourcade, P. Verifiability in e-Auction Protocols & Brandt’s Protocol Revisited. In Proceedings of the 1st Workshop on Hot Issues in Security Principles and Trust (HOTSPOT’13), Rome, Italy, 16 March 2013. [Google Scholar]
- Liu, L.; Kong, X.; Li, G.; Gao, L. Location of public service facilities based on GIS. In Proceedings of the 19th International Conference on Geoinformatics, Shanghai, China, 24–26 June 2011; pp. 1–4. [Google Scholar] [CrossRef]
- Goldwasser, S.; Micali, S.; Rivest, R.L. A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM J. Comput. 1988, 17, 281–308. [Google Scholar] [CrossRef]
- Petit, C.; Quisquater, J.-J. Rubik’s for cryptographers. Not. AMS 2013, 60, 733–739. [Google Scholar] [CrossRef]
- Naik, S.C.; Mahalle, P.N. Rubik’s cube based private key management in wireless networks. In Proceedings of the 2013 15th International Conference on Advanced Computing Technologies (ICACT), Rajampet, India, 10–11 August 2013; pp. 1–6. [Google Scholar]
- Pan, P.; Pan, Y.; Wang, Z.; Wang, L. Provably Secure Encryption Schemes with Zero Setup and Linear Speed by Using Rubik’s Cubes. IEEE Access 2020, 8, 122251–122258. [Google Scholar] [CrossRef]
- Chaidos, P.; Groth, J. Making Sigma-Protocols Non-interactive without Random Oracles. In Public Key Cryptography; Springer: Berlin/Heidelberg, Germany, 2015; pp. 650–670. [Google Scholar]
- Miller, C.F., III. Decision Problems for Groups—Survey and Reflections; Algorithms and Classification in Combinatorial Group Theory; Springer: Berlin/Heidelberg, Germany, 1992. [Google Scholar]
- Seress, A. Permutation Group Algorithms; Cambridge University Press: Cambridge, UK, 2002. [Google Scholar]
- Wang, L.; Wang, L.; Cao, Z.; Yang, Y.; Niu, X. Conjugate adjoining problem in braid groups and new design of braid-based signatures. Sci. China Inf. Sci. 2010, 53, 524–536. [Google Scholar] [CrossRef]
- Wang, L.; Tian, Y.; Pan, Y.; Yang, Y. New construction of blind signatures from braid groups. IEEE Access 2019, 7, 36549–36557. [Google Scholar] [CrossRef]
- Myasnikov, A.G.; Ushakov, A. Random subgroups and analysis of the length-based and quotient attacks. J. Math. Cryptol. 2008, 1, 29–61. [Google Scholar] [CrossRef]
- Cha, J.C.; Ko, K.H.; Lee, S.; Han, J.W.; Cheon, J.H. An Efficient Implementation of Braid Groups. In International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberg, Germany, 2001; pp. 144–156. [Google Scholar]
Algorithms | Schemes | Core Operations | Complexity |
---|---|---|---|
Encode | , | 108 bits ⇒ 54 arrows | |
Decode | , | 54 arrows ⇒ 108 bits | |
Conversion | pick ℓ random basic rotations | ||
Setup | define | 0 | |
define , | 0 | ||
Commitment | rotations | ||
rotations | |||
Verification | rotations | ||
rotations |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Pan, P.; Ye, J.; Pan, Y.; Gu, L.; Wang, L. New Commitment Schemes Based on Conjugacy Problems over Rubik’s Groups. Information 2021, 12, 294. https://doi.org/10.3390/info12080294
Pan P, Ye J, Pan Y, Gu L, Wang L. New Commitment Schemes Based on Conjugacy Problems over Rubik’s Groups. Information. 2021; 12(8):294. https://doi.org/10.3390/info12080294
Chicago/Turabian StylePan, Ping, Junzhi Ye, Yun Pan, Lize Gu, and Licheng Wang. 2021. "New Commitment Schemes Based on Conjugacy Problems over Rubik’s Groups" Information 12, no. 8: 294. https://doi.org/10.3390/info12080294
APA StylePan, P., Ye, J., Pan, Y., Gu, L., & Wang, L. (2021). New Commitment Schemes Based on Conjugacy Problems over Rubik’s Groups. Information, 12(8), 294. https://doi.org/10.3390/info12080294