We will define a new family of functions and call them trapdoor Kolmogorov one-way functions. The main motivation for this thesis is to understand the individual approach to analyzing one-way functions using Kolmogorov complexity.
Kolmogorov Complexity
One possible solution is to consider a new set of strings and we will redesign our notion of Kolmogorov complexity. We will now present the Language Compression Theorem which plays a major role in the proof of the Symmetry of Information Theorem.
One-way functions
One can easily see that f−1 cannot return output in polynomial time, therefore f is a one-way function. If is a strong one-way function, then for every polynomial(.), for every positive polynomialq(.), for every probability-time bounded algorithmBand for every sufficiently large,. If ff is a weak one-way function, then we have that for every polynomial(.), there is a polynomial q(.) such that for every probabilistic t-time bounded algorithmB and for every sufficiently large we have.
Then, in particular, the inequality holds for every deterministic algorithm Band, and we conclude that f is a deterministic one-way function. It is also easy to see that there are weak one-way functions that are not strong one-way functions. If is a strong one-way function, then for each constant can for each polynomial(.), the expected value of Kft(x|f(x), r, n) over par(x, r)∈Σn×Σt(n) , is greater than clognfor each sufficiently large.
We say that f is a one-way Kolmogorov function if for every polynomial (.), for every positive integer, for every sufficiently large and for every length x,.
Trapdoor One-Way Functions
Currently, no results exist that relate Kolmogorov one-way function with strong one-way function or weak one-way function. Taking advantage of this new definition, we can define strong, weak, and deterministic one-way functions with the trap door property. From now on, whenever we say one-way function to a one-way function, we will refer to a function f belonging to a family of one-way functions to a one-way function.
From theorem 2.29 we know that if is a Kolmogorov one-way function, then f is a deterministic one-way function. For a given one-way function f, if for every s ∈ N we have that s is a trap door for f, then f is not a good encryption function. This proposition tells us that for each trapdoor Kolmogorov one-way function, the number of trapdoors is always lower than the total number of trapdoor possibilities.
We will present a technique to count the number of points in the rational group, to intuitively provide reasoning for the difficulty of the problem and thus of the system itself.
Preliminaries
A projective n-space over K, denoted by Pn(K), is the set of all (n+ 1)-tuples of the form presented above, such that at least one xi is a nonzero module of the equivalence relation. A polynomialP(x, y, z)overK is said to be an anhomogeneous polynomial of degreen∈N if it is the sum of terms of the formxiyjzk such thati+j+k=n. It is easy to see that the points Z = 0 in the projective space of the projective Weierstrass normal form are mapped to infinity in the affine version of the Weierstrass normal form.
For simplicity of presentation, we will henceforth work with the affine version of the long Weierstrass normal form. In the next chapter, we will see that the set of rational points of an elliptic is actually an Abelian group. By an elliptic curve over the field K, we mean a curve given by a long Weierstrass normal form without singular points and a point at infinity, which we will also call the base point.
We will denote by E(K) the set of rational points of the elliptic curve beyond the field K.
Rational points group law
The idea of singular point is also essential to define what an elliptic curve is. We can prove that the set of rational points is actually stronger than just closed under addition, it is a group. To prove this statement we need to prove that E(K) is closed under addition, it has an identity element, there exists an inverse for every element in the group and the sum is commutative and associative.
For each element P ∈ E consider the line that intersects P and O, this line intersects the third point R∈E, then the sum is P+R=. O and we can conclude that R is the inverse of P. The sum is commutative) If P1 = P2 then there is no need to prove anything. The following theorem states the sum between points in a rational group via algebraic formulas.
Using the results obtained in points 3 and 4 we can complete the proof of the theorem.
Elliptic curves over finite fields
These concepts will be useful in our study in due course, as they play a key role in counting the number of rational points of an elliptic curve. To simplify notation, we will use P when referring to the set of prime numbers. To build algorithms that count the number of rational points on an elliptic curve over a finite field, we will first need to present two important results.
As we will see later, this notion is important in terms of security for cryptosystems based on elliptic curves. With these tools at hand, we are able to build an algorithm that counts the number of rational points in an elliptic curve. It follows easily from the prime number theorem that the number of primes needed is O(log loglogqq), and that the size oflmax=O(logq).
The importance of this algorithm is based on the fact that one can calculate the number of rational points in polynomial time, since the complexity of the Schof algorithm is O(log8q).
Cryptographic system
As we will see in the next chapter, the order of the group of rational points must be divided by a very large prime number, otherwise one can break the system using techniques that we will present later. In the next chapter we will study the security and Kolmogorov complexity of an El Gamal cryptographic system using elliptic curves generated via Algorithm 1. In this chapter we will use the knowledge presented in Chapter 2 and base the cryptosystem on elliptic curves presented in Chapter 3.
In the first section, we will present an example of how the cryptosystem works and based on this example, we will impose restrictions on the cryptographic system to ensure security. We will consider a family of elliptic curves, each of which will have a cryptographic system associated with it. In the second section of this chapter, we will construct a function f that mimics the ECDLP presented in the previous chapter and we will prove that if ECDLP ∈/ P, this function is a Kolmogorov one-way function as presented in Definition 2.28.
Finally, in the third section of this chapter, we will extend the notion of a family of Kolmogor unidirectional functions associated with a cryptosystem to the notion of a Kolmogor unidirectional trapdoor function presented in Definition 2.30, and we will see that every f also has this property .
Security and Kolmogorov complexity
Obviously, we could use brute force to calculate the value of the modulus 53, but we'll use the baby instead. In order to obtain, in principle, a more secure curve, assumptions can be made on the type and size of the private keys as we will see in the following results. From now on, we will be interested in working with a chain or family of elliptic curves.
For each elliptic curve we will have an associated cryptosystem as presented in Example 4.1. For each elliptic curve Ei, we will associate a cryptographic system as presented in Example 3.5. For each Ei, we will determine a pair (mi, li) ∈ N2 of private keys and an element Pi ∈ Ei, the public key, and we will denote the cryptographic system by (Ei,(mi, li), Pi).
For this and based on Example 4.1, we will impose some restrictions on the set of private keys, which the following proposition will state.
A Kolmogorov one-way function candidate
As we said at the beginning of this section, our goal is to build a one-way Kolmogorov function. Therefore, when studying the injectivity from , one only needs to consider the first entry of the output. The calculation of x+ [l][m]P is given by the formulas presented in theorem 3.12 and is therefore calculated in polynomial time.
We are finally at the stage where we have all the machinery to build a connection between our function f and the concept of Kolmogorov one-way function presented in Definition 2.28. The next theorem states that under the assumption that ECDLP ∈/ P, then f is a one-way Kolmogorov function. We will again consider our family of elliptic curves, and to each curve Ei we will associate a function fi that behaves like the function we just built.
For each curveEi take = #Ei and consider a function fi that emulates the ECDLP associated with Ei and is honest, injective, computable in polynomial time, and there exists a polynomial such that mi(|x|) =|fi (x)|.
A trapdoor Kolmogorov one-way function candidate
In the next theorem, we will show that if the ECDLP is not in P, then the family of functions {fi}i∈N, imitating cryptosystems, is one-way Kolmogorov functions. Assume that the ECDLP is not in P, then there exists infinitely many mi such that every function in the family {fi}i∈N associated with (Ei,(mi, li), Pi) is a one-way Kolmogorov function as in Definition 2.30. In this work, we introduced the concept of the Kolmogorov family of unidirectional flap functions and proved that for each function of this family, the number of flaps is always lower (by a polynomial fraction) than the number of possible flaps.
This is a new way of looking at one-way flap functions and we relate them to Kolmogorov complexity. We also presented a public-key cryptographic system based on elliptic curves and defined a function f that mimics the system. Assuming that ECDLP does not exist, we have shown that any function that mimics our cryptographic system is in fact a one-way Kolmogorov function.
Furthermore, we have seen that each of these functions is an element of a family of trapdoor Kolmogorov one-way functions.
Future Work
Based on results from Kolmogorov complexity, we provided constraints on the set of private keys for the cryptographic system. Public Key Cryptography: First International Workshop on Practice and Theory in Public Key Cryptography, PKC'98, Pacifico Yokohama, Japan, February Proceedings.
