A New Key Exchange Scheme Based on Extended
Chebyshev Polynomials
Wang Dahu 1, 2 ，Wei Xueye 1
1.School of Electronic and Information Engineering
Beijing Jiaotong University
Beijing，100044, China
2.State Key Laboratory of Information Security
Graduate School of Chinese Academy of Sciences
Beijing，100039, China
Abstract:- Kocarev gave the first cryptosystems based on the semi-group property of
Chebyshev polynomials, which seemed excellent but actually insecure. Due to the inherent
periodicity of trigonometric function, an attack can easily get plaintext given ciphertext. In
this paper, we extend Chebyshev polynomials from real number to finite fields to avoid the
attack and present the corresponding key exchange scheme, which is secure and practical.
Key-words:- Extended Chebyshev polynomials, Key exchange, Semi-group property, Security,
Trap-door one-way function
1 Introduction
2 Diffie-Hellman key exchange
In order to realize secure and fast
communication in public channel, there is a
key exchange method before the desired
message is encrypted. The first key
exchange scheme appeared in the seminal
paper by Diffie and Hellman. Over several
decades, based on traditional mathematic
difficult question, RSA and ECC have been
given[1-5]. In this paper, we propose a key
exchange scheme based on extended
Chebyshev polynomials, which is practical
and secure. In section 2, we review
Diffe-Hellman key exchange. Section 3
presents property of extended Chebyshev
polynomials. In section 4, a key exchange
scheme and analysis of its performances are
given. In the end, we close the paper with
conclusion.
The purpose of the algorithm is to enable
two users to exchange a key securely that
can then be used for subsequent encryption
of messages. The Diffie-Hellman key
exchange is summarized as following [15]:
Global Public Elements
q
Prime number

  q and  a primitive root of q
User A Key Generation
-1-
Select private X A
XA  q
Calculate public Y A
YA   X A mod q
ZP we can definite the Chebyshev
polynomials as the following.
Definition 3.1.1[14] ： Let n∈ Z and
User B Key Generation
Select private X B
XB  q
Calculate public YB
YB   X B mod q
variable
xZP
.
The
polynomial
Tn ( x ) : Z P  Z P is recursively defined as
Tn ( x)  (2 xTn1 ( x)  Tn2 ( x)) (mod P)
Generation of Secret Key by User A
n2
K  (YB ) X A mod q
(1)
Generation of Secret Key by User B
T0 ( x )  1 (mod P )
where
K  (YA ) X B mod q
T1 ( x )  x (mod P ) .
It is easy to see such that:
K  (YB ) X A mod q  ( X B mod q) X A mod q
 ( X B ) X A mod q   X B X A mod q
Thus, we can get Chebyshev
polynomials on finite field ZP as the
following:
T0 ( x )  1 (mod P )
 ( X A ) X B mod q  ( X A mod q) X B mod q
 (Y A ) X B mod q
T1 ( x )  x ( m o dP )
by the rules of modular arithmetic
The security of the Diffie-Hellman
key exchange lies in the fact that, while it is
relatively easy to calculate exponentials
modulo a prime, it is very difficult to
calculate discrete logarithms. For large
primes, the latter task is considered
infeasible.
T2 ( x )  ( 2 x 2  1 ) (mod P )
3
Properties
and
of
T3 ( x )  ( 4 x 3  3 x ) (mod P )
T4 ( x )  ( 8 x 4  8 x 2  1 ) (mod P )
…
(2)
Tn ( x ) is algebraic polynomial, so we
extended
have the following equation:
over
Tn ( x ) (mod P )  Tn ( x (mod P )) (mod P )
3.1 Extended Chebyshev polynomials
over finite fields
(3)
According to[7] ， the semi-group
property
of
extended
Chebyshev
polynomials over finite fields is that:
Chebyshev
polynomials
finite fields
Tr (Ts ( x (mod P))) (mod P)  Trs ( x) (mod P)
Since Chebyshev polynomials have
semi-group property [6] [7] [8] on real field
R, they also have semi-group property over
integer Z. Then we can further extend the
definition field and value field of
Chebyshev polynomials to finite field ZP,
where P is a prime number. Over finite field
 Ts (Tr ( x (mod P))) (mod P)
 Tr (Ts ( x)) (mod P)  Trs ( x) (mod P)
 Ts (Tr ( x)) (mod P)
r, s  Z
(4)
-2-
3.2 A new trap-door one-way function
based on extended Chebyshev
polynomials over finite fields
and find whether Tk (x) = Tn (x) one by
one. However, if n is a large enough number,
it is impossible to do so.
Due to the one-way trapdoor property
of Chebyshev polynomials over finite fields,
they can be used to construct key exchange
scheme. Since we extend the Chebyshev
We know any Chebyshev polynomial
Tn ( x ) can be written as that:
Tn ( x)  (a n x n  a n1 x n 1    a1 x1  a0 ) (mod P)
（5）
polynomials from x∈ [-1, 1] to x  Z P , the
In equation （5）, gaining Tn ( x ) given
attack by the way of [7] is invalid to our
cryptosystem. Moreover, it is clear that our
cryptosystem is more secure than RSA and
ElGamal system. Here we assume that ZP is
a finite field and Zn is an integer ring. All
computation of the following is over ZP and
Zn.
n and x is very easy, but gaining n given
Tn ( x ) and x is very difficult, and almost
unfeasible in computation. The difficulty
can be compared with the intractability of
discrete logarithm problem. When the value
of n in equation（5） is equal to the value of
discrete logarithm, solving the n of equation
（5） is more difficult and complex than
solving discrete logarithm for the existence
of other low power elements in equation
（5）, such as xn-1, xn-2, and so on. So
equation （5） has a good one-way property
in computation. Equally, Chebyshev
polynomials on finite fields have good
one-way property.
In equation （5）, n is equal to a
trapdoor. If we know n and x, it is easy and
4 The new key agreement based
on
Extended Chebyshev polynomials enjoying
the semi-group property and the one-way
trap door function can be also used to design
a Diffie-Hellman like key agreement
scheme. Two definitions [14] are firstly
given:
Definition 4.1 Key establishment is
any process whereby a shared secret key
becomes available to two or more parties,
for subsequent cryptographic use.
Definition 4.2 A key agreement
protocol or mechanism is a key
establishment technique in which a shared
secret is derived by two or more parties as a
function of information contributed by, or
associated with, each of these, ideally such
that no party can predetermine the resulting
value.
We assume that two entities of
communication are Alice and Bob. The
process of key agreement is that:
fast algorithm. According to the semi-group
property
of
equation
(4),
k
k
k
and n  s1 1  s 2 2    s mm , Tn ( x ) can be
computed by that:
 Ts1k1 (Tsk2 2 (Tskmm ( x) )) (mod P)
The
number
of
. (6)
iteration
Chebyshev
polynomials
fast to compute Tn ( x ) by using following
Tn ( x) (mod P)
extended
is
k 1 +k 2 +…+k m .
If n isn’t known, the only possible
way is to compute Tk (x) for all k=2,…,n,
-3-
scheme, which is secure and practical.
From the analyses of this paper, we can
conclude that (i) any algebraic polynomials,
which have semi-group property of equation
(2) and recursion property like equation (1)
over real field, can be used to construct a
trap-door one-way function. (ii) the
proposed function can be used to construct
public key encryption algorithm , entity
authentication
and
digital
signature
algorithm besides key agreement.
The detailed study of the proposed
extended Chebyshev polynomials as well as
the further application in cryptography is
topics of our future research.
Let an integer x  Z *P be a public value.
Bob, in order to agree on a common key with
Alice, does the following:
1. Generates a large integer KB  Z *n .
2. Computes Y  TKB ( x) (mod P) .
3. Sends Y to Alice.
Alice, in order to agree on a common key
with Bob, does the following:
4. Generates a large integer KA  Z *n .
Acknowledgements
5. Computes X  TKA ( x) (mod P)
The authors gratefully acknowledge the
assistance and support of Dr. Ning
Hongzhou and State Key Laboratory of
Information Security.
References：
[1] Diffie W., Hellman M.E., New directions
in cryptography, Information Theory,
IEEE, 1976, 22(6): 644-654.
[2] Rivest R.L., Shamir A., Adleman L.,
Method for obtaining digital signatures
and
public-key
cryptosystems,
Communications of the ACM, 1978,
21(2): 120-126.
[3] Rivest R.L., Shamir A., Adleman L., On
digital signatures and public key
cryptosystems, MIT Laboratory for
Computer Science, Technical Report,
1979.
[4] Elgamal T., A public key cryptosystem
and a signature scheme based on
discrete
logarithms,
Information
Theory, IEEE, 1985, 31(4): 469-472.
[5] Elgamal T., A public key cryptosystem
and a signature scheme based on
discrete logarithms, CRYPTO 84 on
Advances in Cryptology Proceedings,
1984, 10-18.
6. Sends X to Bob.
Then, Alice and Bob compute the common
value
K  TKA (Y ) (mod P)  TKB ( X ) (mod P)
 TKA (TKB ( x) (mod P)) (mod P)
 TKA KB ( x) (mod P)
An adversary who taps the channel can
employ successful attack only when gains
KA or KB given TKA (x) or TKB (x) . In fact,
from analysis above, it is impossible.
Moreover, from the formula (6), it is fast to
compute TKA (x) or TKB (x) given KA or KB.
Therefore, our scheme is feasible and
practical.
5 Conclusion
In conclusion, in this letter we extend
Chebyshev polynomials from real number
to finite fields. Based on this extended
Chebyshev polynomials over finite fields,
we have proposed a novel key exchange
-4-
[6] Kocarev L., Tasev Z., Public-key
encryption based on Chebyshev maps,
The
2003
IEEE
International
Symposium on Circuits and Systems
Proceedings, 2003. 28-31.
[7] Pina Bergamo, Paolo D'Arco, Alfredo
De Santis, et al., Security of public key
cryptosystems based on Chebyshev
polynomials, http://citebase.eprints.org,
2004.
[8] D Xiao, X Liao, G Tang, Chuandong Li.
Using Chebyshev chaotic map to
construct infinite length hash chains,
Circuits and Systems, 2004. ISCAS '04.
Proceedings of the 2004 International
Symposium , 25-28
May
2004,
Volume: 1 ,Pages:11-12.
[9] Xiao Di， Liao Xiaofeng， Wong K.W.
An efficient entire chaos-based scheme
for deniable authentication. Chaos,
Solitons and Fractals , Issue: 4,
February, 2005, Volume: 23, pp.
1327-1331
[10] Kocarev L. Chaos-based cryptography:
a brief overview.Circuits and Systems
Magazine, IEEE , Issue: 3 , 2001
Volume: 1 ,Pages:6 – 21
[11] Kocarev L， Sterjev M， Amato P.
RSA encryption algorithm based on
torus automorphisms. Circuits and
Systems,
2004.
ISCAS
'04.
Proceedings of the 2004 International
Symposium on , 23-26 May 2004
Volume: 4 ,Pages:IV - 577-80 Vol.4
[12]Kohda Tohru ，
Fujisaki Hirohi.
Jacobian elliptic Chebyshev rational
maps.Physica D Issue: 3-4, January 15,
2001, Volume: 148,pp. 242-254
[13] William Stallings. Cryptography and
Network Security Principles and
Practices .Third Edition. Prentice
Hall.2003
[14] A.Menezes, P. van Oorschot,
S.Vanstone, Handbook of Applied
Cryptography, CRC Press, 1997.
[15]Douglas R. Stinson. Cryptography
Theory and Practice, second edition,
CRC Press, 2002.
Biography
Wang Dahu was born in Jiangsu, China in
1969. He received his B.S. degree in
electronics engineering from Tongji
University, Shanghai, China, in 1991, and
the M.S. degree in electrical engineering
from Henan Polytechnic University in
2003.He is a graduate in school of electronic
and information engineering, Beijing
Jiaotong University, Beijing, China. His
research interests include channel code and
information
security
in
mobile
communication system. His email is
wangdahu-69@126.com.
or
dahuwang@126.com.
Wei Xueye was born in Shandong,
China,in 1964. He received his B.S. and
M.S. from Tianjing University, China, in
1987 and 1990,the Ph.D. from Beijing
Polytechnic University, China in 1995.He is
a Professor in school of electronic and
information engineering, Beijing Jiaotong
University, Beijing, China. His research
interests include DSP and nonlinear theory.
-5-