Symmetric Encryption Algorithms in a Polynomial Residue Number System

,


Introduction
Recently, with the growth of confidential information and the spread of computer systems, the task of ensuring information security has become increasingly important [1][2][3].To minimize the risks of unauthorized access, cryptographic methods of information protection are widely used [4,5], which are divided into symmetric and asymmetric [6,7].In practice, symmetric cryptographic transformations are more common for encrypting large amounts of information, as asymmetric ones are quite laborious [8,9].The requirements for symmetric methods have become more stringent in terms of ensuring their cryptographic strength due to the rapid development of computing tools and their increased speed.Polynomial algorithms are an alternative to modern numerical cryptoalgorithms [10][11][12].In the ring Z x , as in any other ring of polynomials, basic cryptographic operations are performed: addition, multiplication, and division with remainder [13][14][15].The main idea of using polynomials in cryptography is that they can be used as plaintext, keys for encrypting and decrypting messages, building electronic digital signatures, and other cryptographic protocols [16][17][18].
The use of the residue number system (RNS) [19][20][21] in the implementation of cryptographic algorithms for information security based on polynomial arithmetic in the Z x ring [22,23], by analogy with the integer RNS [24,25], leads to parallelization of the computation process [26,27] and reduction of the amount of data that must be processed during cryptographic operations [28][29][30].In turn, it reduces the implementation time and improves the efficiency of the encryption method.Therefore, our work is aimed at developing the concept of polynomial symmetric cryptographic algorithms based on the RNS and their practical application.
1.1.Our Contribution.In this article, our contributions are as follows: 1.A theoretical provision for symmetric cryptographic algorithms based on the polynomial RNS was developed.
2. Mathematical frameworks and schemes for the proposed polynomial symmetric encryption within the RNS were devised.To ascertain its resilience, a deep dive was made into constructing analytical expressions, revealing that the process of cryptanalyzing the proposed algorithm required dealing with combinatorial complexity, ultimately leading to an NPcomplete problem.
3. It was established that cryptographic strength notably improved with increasing degrees and dimensions of the Galois field p.The peak of cryptographic strength was reached when the number of modules equaled half of the potential count of irreducible polynomials with the given polynomial degrees and Galois field orders.
1.2.Related Work.Most modern symmetric cryptographic algorithms are block-based, and this feature limits the functionality of their implementation.In particular, the key size must be equal to or larger than the block size, leading to the encryption algorithm's multiple uses for a large message.This procedure reduces the cryptographic strength of the algorithm, increases the time complexity, and, at the same time, complicates the implementation.Many authors have studied symmetric encryption algorithms in the polynomial number system.For example, Lemaire [31] proposes an 8bit encryption algorithm based on the ideas of well-known symmetric cryptoalgorithms.The authors use divergent polynomials with variable coefficients, bitwise data operations, and two-password identification when generating pseudorandom keys.The hardware implementation of the proposed approach and comparison of the time characteristics with the AES algorithm of the 8-bit architecture based on the Arduino Uno microcontroller (ATmega328) were carried out.
A work [32] is devoted to developing and studying hardware-implemented methods of fast polynomial arithmetic for some homomorphic encryption operations based on the Karatsuba algorithm.In addition, Jayet-Griffon et al. [33] consider the possibilities of speeding up the polynomial multiplication operation for homomorphic encryption when implemented on an FPGA.In [34], a characterization of polynomial multiplication implementations for GPU-based homomorphic encryption is presented.
In [35], a highly efficient image encryption method based on permutation polynomials in finite fields was developed that is resistant to various types of attacks.In addition, the proposed encryption algorithm has no rounding errors, so encryption is lossless.
In the work [36], our effort was dedicated to developing a multifunctional architecture for the polynomial RNS within the context of cryptography.Detailed comparisons with contemporary implementations have indicated the potential utility of polynomial residue arithmetic in modular multiplication.Article [37] presents a schematic diagram of a modular pipeline multiplier, which allows for high-speed data encryption and decryption based on nonpositional polynomial RNS.The authors substantiate the efficiency of the proposed hardware design through a timing diagram.The developed pipeline device can find application in digital computing devices, particularly for high-speed data encryption based on nonpositional polynomial RNS.
In [38], a new method for constructing S-blocks of the AES algorithm is proposed based on replacing the irreducible polynomial and affine mapping.The cryptographic strength of the created S-block is evaluated by several standard tests (bijectivity, nonlinearity, strict avalanche criterion (SAC), and bit-independence criterion).It surpasses the cryptographic strength of the known S-boxes.
An article [39] proposes a method for constructing the S-block of the AES algorithm based on the smallest number of selected irreducible polynomials that meet specific criteria.There are 17 such polynomials, and their use simplifies the hardware implementation of the S-block.The SAC is studied, and it is noted that the polynomial p x = x 8 + x 7 + x 6 + x + 1 is the best, with an outstanding value of SAC = 0 5, which indicates the cryptographic strength and reliability of the constructed S-block.
A paper [40] proposes improving the symmetric AES encryption algorithm using dynamic S-blocks whose parameters depend on the key, dynamic irreducible polynomials, and affine constants.
A paper [41] presents the most commonly used symmetric cryptosystem AES in the ring of polynomials today.The main idea is to choose an irreducible polynomial on the basis of which the encryption algorithm is built.The proposed approach was implemented in MATLAB for 30 different irreducible polynomials.As a result of the numerical experiments, it was possible to establish a negligible effect of changing irreducible polynomials on the level of the avalanche.
The authors in [42] proposed a novel method to enhance AES security against fault attacks using the polynomial RNS.The authors parallelize byte-level AES operations over GF 2 8 by utilizing residues over smaller fields, introducing extended functionalities into AES for side-channel vulnerability analysis.
Polynomial arithmetic has also been used for asymmetric cryptosystems.In particular, in [43], modified arithmetic was developed for the RSA cryptosystem with Gauss integers and polynomials over finite fields.The analysis of the described computational procedures made it possible to determine their advantages over the classical ones.In [44], algorithmic support for the Rabin cryptosystem in the polynomial number system was proposed.
The analysis of the literary sources shows the relevance and importance of polynomial algorithms for protecting 2 Journal of Applied Mathematics information flows.Accordingly, the development of new methods that are resistant to attacks of various types is an important direction in the development of modern cryptosystems.In particular, the combination of polynomial arithmetic and RNS in a ring of polynomials will allow parallelizing the process of performing basic operations in a ring of polynomials, which, in turn, will increase the speed of software implementation and reduce the time complexity of the algorithm, providing the required level of security.
1.3.Organization.Section 2 of this article discusses in detail the theoretical foundations for constructing symmetric cryptographic algorithms based on a polynomial RNS.Subsequently, in Section 3, the cryptographic strength of a polynomial symmetric encryption algorithm in the system of residual classes was evaluated.Finally, in Section 4, the content of this article is summarized.

Materials and Methods
In Subsection 2.1, the theoretical foundations for constructing symmetric cryptographic algorithms based on a polynomial RNS are proposed.Subsection 2.2 described the features of developing polynomial symmetric encryption methods in the RNS.An example of symmetric polynomial encryption in RNS presents in Subsection 2.3.In Subsection 2.4, the polynomial symmetric encryption method based on the Chinese remainder theorem (CRT) is proposed.
2.1.Theoretical Foundations of Polynomial RNS.An arbitrary polynomial N x in the RNS is represented as the residuals b i x from dividing N x by each of the systems of pairwise mutually simple modulo-polynomials p i x [45][46][47]: The recovery of the polynomial N x is usually based on the CRT [48][49][50] in the ring of polynomials Z x : , and s is the number of modules.For polynomial powers, the inequality deg N x < deg P x must be satisfied.

Development of Polynomial Symmetric Encryption
Methods in the RNS.The essence of one of the methods of polynomial symmetric encryption in RNS is that when recovering a polynomial from its residuals in the sum (2), the multiplication is not by the parameters m i x = M −1 i mod p i x , but by arbitrarily chosen polynomials k i x , mutually prime with p i x .
Therefore, to generate keys, both subscribers must choose module systems known only to them p i x and the corresponding polynomials k i x , for which the following conditions are met: where GCD denotes greatest common divisor.If p i x is an irreducible polynomial, then the second condition is always met.Accordingly, both the sender and the receiver know the parameters M i x and m i x .
For encryption, alphabetic information must be written in numerical form.The most common classical method is to replace the letter with its number in the alphabet, with the numbering starting from 0. After that, it must be represented as a polynomial with coefficients that reflect the alphabetic information, so the plaintext N x = a n x n + a n−1 x n−1 + ⋯+a 0 x o , where a i is the sequence of digital representation of letters and i = 0 ⋯ n, n + 1 is the length of the message.Next, the plaintext block N x is written to the RNS according to expression (1).Encryption occurs when the number is restored to the positional number system according to the following expression: The found polynomial is a ciphertext that is transmitted over an open communication channel from one subscriber to another.
When decrypting, the following values are first calculated: To obtain the true residuals b i x , you need to perform the conversion according to the following ratio: Accordingly, the recovery of the plaintext polynomial N x is carried out according to Formula (2) or the expression that follows from it can be used: Figure 1 shows a schematic of the proposed polynomial encryption method based on the RNS.
The correctness of the proposed cryptosystem is established by a formal proof from the properties of congruences, 3 Journal of Applied Mathematics taking into account the divisibility P x by p i x and the equality m i x = M −1 i x mod p i x .Then, we get

An Example of Symmetric Polynomial Encryption in RNS.
Let us consider the plaintext PSMFSRD = 15181205181703 , which corresponds to the polynomial N x = 15x 6 + 18x 5 + 12x 4 + 5x 3 + 18x 2 + 17x + 3.According to the developed polynomial symmetric cryptosystem for three modules s = 3 , p 1 x = x 2 + x + 1, p 2 x = x 3 + x + 1, and p 3 x = x 2 + 1 and the chosen coefficients k 1 x = x 2 + 2x + 3, k 2 x = x 3 + x 2 + 1, and k 3 x = x 2 + 3x + 2, all the parameters are calculated as follows: P x = p 1 x p 2 x p 3 x = x 7 + x 6 + 3x 5 + 3 The search for m i x = M −1 i mod p i x is performed using the method of undetermined coefficients.Firstly, we look for m i x = M −1 1 mod p 1 x = x 5 + 2x 3 + x 2 + x + 1 To do this, we write the equation x + 2 Ax + B mod x 2 + x + 1 = 1, and after transformations, we obtain From the last equation, it follows that 2B − A = 1 and B + A = 0 and takes the form A = 1/3 and B = 2/3.So, the sought-after inverse polynomial takes the form m where Ax 2 + Bx + C is the inverse polynomial modulo.We need to find the coefficients A, B, and C that satisfies the equation.After transformations 2A From here, A = 2/3, B = −1/3, and C = 1/3.So, the inverse polynomial takes the following form: x 2 + 1 is computed.By applying the method of undetermined coefficients, the following transformations can be performed: ⇒ Bx − A = 1.The last equation leads to a system of equations that allows us to compute the coefficients' values A = −1 and B = 0 and thereby find the inverse polynomial modulo m 3 x = −x.Thus, b 1 x = N x mod p 1 x = 15x 6 + 18 x 5 +12x 4 +5x 3 + 18x 2 +17x + 3 mod Therefore, according to expression (3), the ciphertext is given by N The parameters k −1 i x mod p i x are computed using the method of undetermined coefficients.To find the inverse polynomial k −1 where Ax + B is the desired value.To determine the coefficients A and B, we compute the remainder and equate the corresponding values: where Ax 2 + Bx + C is the inverse polynomial modulo.After the transformation 2Ax 4 + 2Bx 3 , we obtain a system of three equations with three unknowns: C − B − A = 0, −C − B = 0, and A − B = 1.From here, A = 2/3, B = −1/3, and C = 1/3.Therefore, the sought inverse polynomial in Z x will take the following form: ; similarly, we can obtain k −1 3 x mod p 3 x = − 3/10 x + 1/10.In the next step, the following quantities are computed: Additionally, for decryption, the following parameters need to be found: Then, according to Formula (6), the original message is recovered as the plaintext: 1/9 x 2 − 2/9 x + 5/9 54x 2 + 124x + 59 mod x 3 + x + 1 + x 5 + x 4 + 2x 3 + 2x 2 + 2x + 1 −x −108x + 24 − 1/10 x − 3/10 mod x 2 + 1 mod x 7 + x 6 + 3x 5 + 3x 4 + 4x 3 + 3 x 2 + 2x + 1 = 15x 6 + 18x 5 + 12x 4 + 5x 3 + 18x 2 + 17x + 3.

Journal of Applied Mathematics
This simplification reduces computational complexity by avoiding the operation of finding the parameters q i x and k −1 1 x mod p i .

Polynomial Symmetric Encryption Method Based on CRT.
Another polynomial method of symmetric encryption based on the CRT involves breaking the plaintext N x into blocks-polynomials N i x of lower order than the selected polynomial modules.These blocks will act as remainders b i x modulo the chosen moduli, such that if + ⋯+a 0 x 0 .After selecting the encryption parameters, the encryption is performed according to the expression (3).The ciphertext will be the value N ′ x .Decryption is carried out using Formulas (4) and ( 5), which are used to find the parameters q i x , b i x = N i x mod p i x = N i ′ x and b i ′ x .Concatenating the coefficients a n−1 of the polynomials N i x forms the plaintext.It should be noted that in the case of requiring fast decryption, the ciphertext can also be represented by the parameters b i x .
Figure 2 depicts the scheme of the polynomial symmetric encryption method in the CRT-based encryption system.
Upon decryption using Formulas (4) and ( 5 For the second block of the input message N 2 x = 12x + 5, the following ciphertext value is obtained: According to Formula (4), the remainders obtained are b The ciphertext for the third block of the input message N 3 x = 18x + 17 will have the following form:  Then, according to Formula (4), the remainders obtained are b 3′ 1 x = 54x + 51, b 3′ 2 x = 18x 2 + 53x + 34, and b 3′ 3 x = −37x − 69.The restoration is done using relation ( 5): Therefore, the encrypted message for the fourth block, N 4 x = 13x + 3 according to (3), will be the following polynomial: Then, according to Formula (4), the obtained remainders are b 4′ 1 x = 39x + 9, b 4′ 2 x = 13x 2 + 29x + 6, and b 4′ 3 x = −36x − 22.The restoration of the fourth block is done based on expression (5): The concatenation of the coefficients of the remainders b j i x corresponds to the input text PSMFSRND = 1518120518171303.According to the agreements between the participants, the ciphertext can be either the parameter N i x , or the remainders b j′ i x , where j is the block number of the message.

Results
In this section, we evaluate the cryptographic strength of a polynomial symmetric encryption algorithm in the system of residual classes.
The proposed polynomial symmetric encryption method based on the CRT is cryptographically strong due to the complexity of finding all possible parameter variants and cryptotransform modules.For its cryptanalysis, it is necessary to perform a complete search of all mutually prime polynomials in the ring Z x over a simple Galois field GF p , where p is the prime number.The biggest challenge will be if the polynomial f x = a n x n + a n−1 x n−1 + a n−2 x n−2 + ⋯+a 0 x 0 is irreducible.Quantity S p n irreducible polynomials of degree n can be calculated by the following formula [51]: where μ d is the Möbius function.It is equal to 1 if d is a divisor of degree n with an even number of prime factors, −1 if d is a divisor of degree n with an odd number of prime factors, and 0 if d contains a square of a prime factor.Accordingly, the number of modules l cannot exceed S p n .Table 1 shows the Möbius functions for the first 64 positive integers.
In general, the security of the proposed cryptosystem with l modules will be defined as the total time of complete search of all irreducible polynomials and the complexity of   Figure 4 shows the graphs of cryptographic strength dependencies O n, l on a logarithmic scale with a base of 10 of the proposed symmetric polynomial encryption algorithm in RNS on the number of modules l for the polynomial powers n = 4 and 8 and the parameters p = 2, p = 3, p = 5, and p = 7.The horizontal line 6 corresponds to the strength of the modern symmetric encryption algorithm AES-128.
The figure shows that all graphs have the same bellshaped character.The cryptographic strength increases significantly with increasing degree and dimension of the Galois field p and reaches its maximum at l = S p n /2.This means that the cryptanalysis of the proposed algorithm requires combinatorial complexity, which leads to an NPcomplete problem.

Conclusion
In this article, we first developed symmetric cryptographic algorithms based on the polynomial RNS.The mathematical support and schemes of the proposed polynomial symmetric encryption in the RNS are developed.To evaluate its robustness, we have studied and constructed analytical expressions that indicate that the cryptanalysis of the proposed algo-rithm requires combinatorial complexity, which leads to an NP-complete problem.It is established that the cryptographic strength increases significantly with the increasing degree and dimension of the Galois field p and reaches its maximum in the case when the number of modules is equal to half the possible number of irreducible polynomials with given polynomial degrees and Galois field orders.This means that finding an efficient algorithm to solve this problem requires significant computing resources and time.
We compare the strength of the proposed encryption method with the modern symmetric encryption algorithm AES-128.As a result of numerical experiments, it was found that the developed polynomial encryption methods in the RNS provide a level of resistance similar to AES-128 with the following parameters: Thus, the proposed cryptographic algorithm based on the polynomial RNS can be used to ensure reliable protection of confidential information in systems with limited computing resources.

Figure 1 :
Figure 1: Scheme of the proposed polynomial symmetric encryption in RNS.

8
Journal of Applied Mathematics performing calculations with each one according to the following formula: O n, l = C l S p n n 2 log l = S p n * n 2 log l S p n − l * l 11 For instance, we can calculate the time (in clock cycles) needed to cryptanalyze the proposed encryption system with l = 5 and n = 32 in the Galois field GF 3 as follows: O 32, 5 = C 5 57906879556410 * 32 2 log 5 = 57906879556410 / 5790687 9556405 * 5 32 2 log 5 ≈ 1 29 * 10 70 .Table 3 estimates the cryptanalysis time in clock cycles for different parameter values of l, n, and S p n .Notably, the modern symmetric encryption algorithm AES-128 requires around 2 128 ≈ 10 37 clock cycles for resilience.Table 3 indicates that the proposed cryptosystem achieves a comparable level of security with the following parameters: S 31 4 , l = 7, and n = 4; S 11 8 , l = 5, and n = 8; S 3 16 , l = 6, and n = 16; S 2 32 , l = 3, and n = 32; and S 2 64 , l = 2, and n = 64.Table3shows that adding one module for parameters n = 4 and S 31 4 increases the strength by about 5 orders of magnitude, for n = 8 and S 11 8 by 7 orders of magnitude, for n = 16 and S 3 16 by 6 orders of magnitude, for n = 32

Figure 3 :
Figure 3: Number of mutually prime modules S p n depending on the Galois field p and degree n.

Table 2 :
The number of irreducible polynomials for different powers of n and values of the parameter p.