Secret material exchange and authentication cryptography operations

Abstract

Aspects of associative cryptography key operations are described. In one embodiment, a first cryptographic function is applied to secret data to produce a first encrypted result. The first encrypted result is transmitted by a first device to a second device. The second device applies a second cryptographic function to the first encrypted result to produce a second encrypted result. At this point, the secret data has been encrypted by two different cryptographic functions, each of them being sufficient to secure the secret data from others. The two different cryptographic function can be inversed or removed, in any order, to reveal the secret data. Thus, the first device can apply a first inverse cryptographic function to the second encrypted result to produce a first result, and the second device can apply a second inverse cryptographic function to the first result to decrypt the secret data.

Claims

1. A method of cryptography using associative cryptography key operations, comprising: generating, with a first computing device, a first random lock; applying, with the first computing device, a first cryptographic function to a combination of secret data and the first random lock to produce a first encrypted result; transmitting, with the first computing device, the first encrypted result to a second computing device; generating, with the second computing device, a second random lock; applying, with the second computing device, a second cryptographic function to a combination of the first encrypted result and the second random lock to produce a second encrypted result, wherein the second random lock operates as an initialization vector for the second cryptographic function; transmitting, with the second computing device, the second encrypted result to the first computing device; applying, with the first computing device, a first inverse cryptographic function to the second encrypted result to produce a first result; transmitting, with the first computing device, the first result to the second computing device; and applying, with the second computing device, a second inverse cryptographic function to the first result to decrypt the secret data at the second computing device.

2. A system, comprising: at least one computing device; and memory storing a plurality of computer instructions that, when executed, cause the at least one computing device to at least: transmit, using the at least one computing device, a first encrypted result to a second computing device, wherein the first encrypted result is based on at least a first cryptographic function applied to a combination of secret data and a first random lock; receive, with the at least one computing device, a second encrypted result from the second computing device, wherein the second encrypted result is based on at least a second cryptographic function applied to a combination of the first encrypted result and a second random lock, wherein the second random lock operates as an initialization vector for the second cryptographic function; and transmit, with the at least one computing device, a first result to the second computing device.

3. The system according to claim 2, wherein the first result is based on at least a first inverse cryptographic function applied to the second encrypted result to produce a first result, wherein the first result is such that a second inverse cryptographic function applied, by the second computing device, to the first result produces the secret data.

4. A method of cryptography, comprising: receiving, with a computing device, a first encrypted result based on at least a first cryptographic function applied to a combination of secret data and a first random lock; applying, with the computing device, a second cryptographic function to a combination of the first encrypted result and a second random lock to produce a second encrypted result, wherein the second random lock operates as an initialization vector for the second cryptographic function; transmitting, with the computing device, the second encrypted result; receiving, with the computing device, a first result based on at least a first inverse cryptographic function applied to the second encrypted result; and applying, with the computing device, a second inverse cryptographic function to the first result to decrypt the secret data.

5. A device, comprising: a memory configured for storing an application, the application configured for: transmitting a first encrypted result to a second computing device, wherein the first encrypted result is based on at least a first cryptographic function applied to a combination of secret data and a first random lock; receiving a second encrypted result from the second computing device, wherein the second encrypted result is based on at least a second cryptographic function applied to a combination of the first encrypted result and a second random lock, wherein the second random lock operates as an initialization vector for the second cryptographic function; and transmitting a first result to the second computing device; and a processor configured for processing the application.

6. The device according to claim 5, wherein the first result is based on at least a first inverse cryptographic function applied to the second encrypted result to produce a first result, wherein the first result is such that a second inverse cryptographic function applied, by the second computing device, to the first result produces the secret data.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) Many aspects of the present disclosure can be better understood with reference to the following drawings. The components in the drawings are not necessarily to scale, with emphasis instead being placed upon clearly illustrating the principles of the disclosure. Moreover, in the drawings, like reference numerals designate corresponding parts throughout the several views.

(2) FIG. 1 illustrates a process of secret text transfer using asymmetric keys.

(3) FIG. 2 illustrates a representative process of secret key transfer using cryptography processes according to various embodiments described herein.

(4) FIG. 3A illustrates an example distribution function of variables resulting from the white noise associative cryptography key operations according to various embodiments described herein.

(5) FIG. 3B illustrates example probability distribution functions of variables resulting from the white noise associative cryptography key operations according to various embodiments described herein.

(6) FIG. 4 illustrates example user interfaces of a program to perform cryptography key operations according to various embodiments described herein.

(7) FIG. 5 illustrates a more particular example of a secret key transfer process according to the concepts described herein.

(8) FIG. 6 illustrates an example of a secret key transfer process using authentication according to the concepts described herein.

DETAILED DESCRIPTION

(9) As noted above, cryptography is related to the study of protocols, techniques, and approaches that prevent third parties from accessing, reading, and/or interpreting secret data. In the context of cryptography, the Rivest-Shamir-Adleman (RSA) cryptosystem, elliptic curve cryptography (ECC) cryptosystem, and other asymmetrical (and symmetrical) methods of secure key exchange have security problems. Those cryptosystems are based on complexity and can, theoretically, be decrypted.

(10) In contrast to the RSA, ECC, and other cryptosystems, the cryptographic processes described herein is more immune to cryptanalysis and permits the sharing of secret data, such as symmetric keys and other secret data, over public networks. The cryptographic system can also be used for authentication. No known methods of traditional or quantum computing can be used to circumvent the cryptographic approaches described herein. The cryptographic system described herein was developed to achieve a number of goals including (1) securely exchanging cryptographic keys over public networks, (2) information ciphering, authentication, and (4) encryption for public networks that is secure against standard and quantum computing.

(11) In the context described herein, white noise can be defined as (or can include) a sequence of independent random variables (e.g., discrete numbers) with a uniform probability distribution. Polynomial white noise can be defined as (or can include) a sequence of polynomial function values composed by independent random variables (e.g., discrete numbers) with a uniform probability distribution.

(12) No known algorithm can decrypt the operations described herein due, at least in part, to the use of white noise randomization. The unknown independent variables appear to third parties as random white noise and, thus, there is no correlation between those variables and any information being transferred. As one example, the key exchange method or process described herein can be shown as an exchange of matrices with a corresponding number of different unknown independent variables and visible values. The number of unknown independent variables always exceeds the number of visible independent values in any combination of subsets of matrices. Further, the number of unknown variables exceeds the number of publically visible polynomial functions. Additionally, no inverse polynomial functions can be determined without information about the secret key—even if the plain text of the secret key is known by a third party.

(13) Turning to the drawings, FIG. 1 illustrates a process of secret text transfer using asymmetric keys. In the example shown in FIG. 1, Alice wishes to communicate secret text to Bob over a public network, such as the Internet, and Eve is the eavesdropper. To communicate the secret text, which can be a symmetric key or any other secret information, Alice and Bob use asymmetric cryptography. Asymmetric cryptography relies upon a key pair including a public key that can be disseminated to third parties (e.g., Alice) and a private key which is kept private (e.g., by Bob). In an asymmetric cryptography system, any person can encrypt a message using the public key, and that encrypted message can only be decrypted using the private key. The strength of asymmetric cryptography relies on the degree of difficulty (e.g., computational impracticality) for a private key to be determined from its associated public key. Asymmetric cryptography also depends on keeping the private key private.

(14) Referring back to FIG. 1, Alice obtains a copy of a public key from Bob (or any other source). Alice encrypts the secret text using the public key to produce the encrypted secret text and communicates it to Bob over the public network. Bob then decrypts the encrypted secret text using the private key to obtain the secret key. Over the public network, Eve can only see the encrypted secret text. Even if Eve obtains a copy of the encrypted secret text and the public key used to create it, Eve cannot obtain the secret text from the encrypted secret text using the public key. Instead, only the private key, which is securely held and protected by Bob, can be used to decrypt the encrypted secret text to obtain the secret text from Alice.

(15) There are drawbacks and limitations to using asymmetric cryptography. For example, it is algorithmically possible to estimate (or determine) the private key in a key pair from the publicly available public key. Additionally, asymmetric key pairs are relatively difficult and time consuming to create, typically depending upon the identification of large prime numbers. Further, asymmetric cryptography can be vulnerable in that it may produce the same predictable encrypted output when the same secret text is encrypted.

(16) To be distinguished from other cryptographic systems, various cryptography processes or operations are described herein. In one embodiment, a first cryptographic function is applied to secret data. The first cryptographic function operates as a type of cryptographic key and encrypts or ciphers the secret data to produce a first encrypted result. The first encrypted result can be securely transmitted by a first device to a second device. The second device then applies a second cryptographic function to the first encrypted result. Similar to the first cryptographic function, the second cryptographic function operates as a cryptographic key and further (or doubly) encrypts or ciphers the first encrypted result to produce a second (or doubly) encrypted result. At this point, the secret data has been encrypted by two different cryptographic functions, each of them being sufficient to secure the secret data. The two different cryptographic functions can then be inversed or removed, in any order, to reveal the secret data.

(17) Turning to the embodiments, FIG. 2 illustrates a representative process 20 of secret key transfer using cryptography processes according to various embodiments described herein. The process described below can be performed by any suitable computing device(s) including a processor and memory, without limitation. In the example shown in FIG. 2, Alice wants to securely pass the secret key X to Bob over a public network. To do so, Alice should first encrypt the secret key X before sending it to Bob.

(18) To encrypt the secret key X, Alice holds a first cryptographic function F.sub.A. In various embodiments, the cryptographic function F.sub.A can be embodied as any suitable mathematical function having an inverse which cannot be determined without knowledge of a certain set of parameters of the mathematical function. In one embodiment, the function F.sub.A can be embodied as a polynomial function or multivariate polynomial function defined in part by one or more variables, combinations of variables, combinations of variables at various powers, and coefficients. To undo or unlock (e.g., decrypt) the effect of the cryptographic function F.sub.A, Alice also holds a first inverse cryptographic function F.sup.−1A.

(19) To start, at step 202, the process 20 includes Alice generating, with a first computing device, a first random lock X.sub.A. The first random lock X.sub.A can be embodied as an array or vector of random scalar integers, for example, or another suitable organized structure of random numbers. In the process 20, the first random lock X.sub.A can operate as a type of initialization vector upon which the cryptographic function F.sub.A is applied in combination with the secret key X. For example, the first random lock X.sub.A helps to randomize the application of the cryptographic function F.sub.A creating, in effect, a new random cryptographic function F.sub.A for each different random lock X.sub.A. In that context, the first random lock X.sub.4 helps to achieve semantic security, so that repeated usage of the cryptographic function F.sub.A with the same operand does not produce the same ciphered result and does not allow an attacker to infer any information.

(20) At step 204, the process 20 includes Alice applying, with the first computing device, the first cryptographic function F.sub.A to a combination of the secret key X and the first random lock X.sub.A to produce a first encrypted result R.sub.1. Here, Alice's secret key X, which can include letters, numbers, American Standard Code for Information Interchange (ASCII) characters, etc., is ciphered with random numbers (i.e., the first random lock X.sub.A) using the cryptographic operation or function F.sub.A. The cryptographic function F.sub.A can be embodied as any suitable mathematical function, such as a polynomial or multivariate polynomial function. For example, the cryptographic function F.sub.A can be embodied as a polynomial function F(CX.sup.k) of kth order written as:

(21) $\begin{array}{cc}F\left({\mathrm{CX}}^k\right)=\underset{i_k=1}{\overset{k}{.Math.}}.Math.\underset{i_k=1}{\overset{k}{.Math.}}{C}_{i_1,i_2}{.Math.}_{i_k}{X}_{i_1}{X}_{i_2}.Math.X_{i_k},& \left(1\right)\end{array}$
where C.sub.i . . . k are coefficients of the polynomial function F(CX.sup.k), and X.sub.i . . . k are combinations of the operand X, which can include a combination of a random lock and secret data.

(22) Thus, at step 204, Alice's secret key X, which may include letters, numbers, American Standard Code for Information Interchange (ASCII) characters, etc., are ciphered with random numbers based on the first random lock X.sub.A and the first cryptographic function F.sub.A. As an example, a distribution function of the variables in the results R.sub.1, R.sub.2, and R.sub.3 is shown in FIG. 3A, and probability distribution functions of the variables in the results R.sub.1, R.sub.2, and R.sub.3 is shown in FIG. 3B.

(23) The structure of the polynomial function F(CX.sup.k) and the coefficients can be known to others (although they generally are not) from the formalization of the algorithm. However, even if the structure of the polynomial function F and values of the coefficients C, k are known to a third party, the third party still cannot decrypt the transferred information.

(24) At step 206, the process 20 includes Alice transmitting, with the first computing device, the first encrypted result R.sub.1 to Bob's second computing device. At step 208, the process 20 includes Bob generating, with the second computing device, a second random lock X.sub.B. Similar to the first random lock X.sub.A, the second random lock X.sub.B can be embodied as an array or vector of random scalar integers, for example, or another suitable organized structure of random numbers. In the process 20, the second random lock Xs can also operate as a type of initialization vector for the cryptographic function F.sub.B. For example, the second random lock X.sub.B helps to randomize the application of Bob's cryptographic function F.sub.B creating, in effect, a new random cryptographic function F.sub.B for each different random lock.sub.XB. In that context, the second random lock X.sub.B helps to achieve semantic security, so that repeated usage of the cryptographic function F.sub.B with the same operand does not produce the same ciphered result and does not allow an attacker to infer any information.

(25) At step 210, the process includes Bob applying, with the second computing device, Bob's cryptographic function F.sub.B to a combination of the first encrypted result R.sub.1 and the second random lock X.sub.B to produce a second encrypted result R.sub.2. Here, the first encrypted result R.sub.1 (e.g., F.sub.A(X,X.sub.A)) is (doubly) ciphered with random numbers (i.e., the second random lock X.sub.B) using the cryptographic operation or function F.sub.B. The cryptographic function F.sub.B can be embodied as any suitable mathematical function, such as a polynomial or multivariate polynomial function. For example, the cryptographic function F.sub.B can be embodied as a polynomial function F(CX.sup.k) of kth order according to that shown above in Equation (1).

(26) At this point, Alice's secret key X has been encrypted or ciphered by two different cryptographic functions F.sub.A and F.sub.B, each of them being sufficient to secure the secret key X from others. The two different cryptographic functions can then be inversed or removed, in any order, to reveal the secret key X. In other words, to decrypt the secret key X from the second encrypted result R.sub.2 (i.e., to undo the effects of the cryptographic functions F.sub.A and Fa) it is possible to either apply the inverse F.sup.−1.sub.A function to F.sub.A or the inverse F.sup.−1.sub.B function to F.sub.B first. Thus, according to one aspect of associative cryptography key operations described herein, the order in which the second encrypted result R.sub.2 is applied to the inverse cryptographic functions F.sup.−1.sub.A and F.sup.−1.sub.B. does not impact the results of the decryption of secret key X from the second encrypted result R.sub.2. Further, any number of cryptographic functions to F.sub.1 . . . F.sub.N can be applied to encrypt secret data in any order to produce an encrypted result R.sub.N, and that encrypted result R.sub.N can be decrypted in any order using the inverse cryptographic functions F.sup.−1.sub.1 . . . F.sup.−1.sub.N.

(27) At step 212, the process 20 includes Bob transmitting, with the second computing device, the second encrypted result R.sub.2 to the first computing device. At step 214, the process 20 includes Alice applying, with the first computing device, the first inverse cryptographic function F.sup.−1.sub.A to the second encrypted result R.sub.2 to produce the result R.sub.3. The first inverse cryptographic function F.sup.−1.sub.A unlocks or removes the effect of both the first random lock X.sub.A and the first cryptographic function F.sub.A. Thus, the result R.sub.3 is what remains of the second encrypted result R.sub.2 after the effect of the first random lock X.sub.A and the first cryptographic function F.sub.A are undone or unlocked (e.g., F.sub.B(X,X.sub.B)). Thus the result R.sub.3 is still encrypted, but only by Bob's second random lock X.sub.B and the second cryptographic function F.sub.B, and the result R.sub.3 can be securely transmitted over the public network.

(28) At step 216, the process 20 includes Alice transmitting, with the first computing device, the result R.sub.3 to the second computing device. Finally, at step 218, the process 20 includes Bob applying, with the second computing device, the second inverse cryptographic function F.sup.−1.sub.B to the result R.sub.3 to arrive at the secret key X.

(29) At the end of the process 20, the secret key X has been securely communicated from Alice to Bob. In contrast to the asymmetric key process described above with reference to FIG. 1, key pairs are not used in the process 20.

(30) The general idea embodied in the process 20 is based on certain features of the publically unknown vectors X and the publically available (potentially visible) vectors R. Particularly, the number of variables “n” of the vectors X {x.sub.1, . . . , x.sub.n} is always more than the number of variables “m” of the vectors R={r.sub.1, . . . , r.sub.m}, i.e., n>m. Thus, there are no known algorithms which give a definite decryption solution of the secret key X, based only on visible values of the vectors R in the public networks. From this point of view, the method is cryptanalysis resistant. To obtain the only solution x.sub.1, . . . , x.sub.n from the values r.sub.1, . . . , r.sub.m of the polynomial functions F.sub.A and F.sub.B, the third party (e.g., outsider Eve) should have additional information about the structure of the random vectors X.sub.A and X.sub.B, which are available for Alice and Bob only. For instance, from x.sub.1+x.sub.2+x.sub.3=r.sub.1, it is not possible for a third party to arrive at a single solution for x.sub.1 with only the value of the variable r.sub.1 being publically visible, because the additional information about the values of the variables x.sub.2+x.sub.3 are not known.

(31) A comparison of the features of asymmetrical methods and the method described herein is give in Table 1 below.

(32) TABLE-US-00001 TABLE 1 Public-Private Key Asymmetrical PWN Three Features (RSA, ECC) Pass Method Numbers Prime Numbers Any Random Numbers Time to Develop New Relatively More Costly Negligible Key Processing Time Relatively More Costly Negligible Inverse Function From Relatively Complex Inverse Function Public Key Does Not Exist Third Party Defeat Possible Never Public Network Output Constant, predictable Random, For Constant Input unpredictable

(33) An example of the use of the method described herein is provided below. Using the method, plain text (as a letter or ASCII code of 256 numbers) is represented in ciphered text by three corresponding random numbers r.sub.1, r.sub.2 and r.sub.3 which are calculated by a random generator. Table 2 shows an example of how the plain text “This is a plain text” appears in ciphered numbers.

(34) TABLE-US-00002 TABLE 2 Plain text Ciphered text text r.sub.1 r.sub.2 r.sub.3 T 0.001251 0.563585 0.003585 h 0.193304 0.808741 0.158307 i 0.585009 0.479873 0.28051 s 0.350291 0.895962 0.313555 0.82284 0.746605 0.614412 i 0.174108 0.858943 0.151801 s 0.710501 0.513535 0.363394 0.303995 0.014985 0.006167 a 0.091403 0.364452 0.035009 0.147313 0.165899 0.02575 p 0.988525 0.445692 0.438709 1 0.119083 0.004669 0.001204 i a 0.00891 1 0.37788 0.005292 i 0.531663 0.571184 0.303183 n 0.601764 0.607166 0.363988 0.166234 0.663045 0.113037 t 0.450789 0.352123 0.159469 e 0.057039 0.607685 0.037377 x 0.783319 0.802606 0.623152 t 0.519883 0.30195 0.157851

(35) Uniform distribution is called “white noise” due to its informative features. For the letter ‘A’ (ASCII code 65), as one example, the random numbers may appear over the public net as r.sub.1=0.001251, r.sub.2=0.563585, r.sub.3=0.560746 or r.sub.1=0.585009, r.sub.2=0.479873, r.sub.3=0.105796 and every time the random variables r.sub.1, r.sub.2, r.sub.3 will be unpredictable. The correlation function between any two variables x and y is estimated as follows:

(36) $\begin{array}{cc}\mathrm{corr}\left(x,y\right)=\frac{\Sigma \left(x-\stackrel{\_}{x}\right)\left(y-\stackrel{\_}{y}\right)}{\sqrt{{\Sigma \left(x-\stackrel{\_}{x}\right)}^2{\Sigma \left(y-\stackrel{\_}{y}\right)}^2}}.& \left(2\right)\end{array}$
The results of correlation function evaluation for pairs (r.sub.1, r.sub.2), (r.sub.2, r.sub.3) and (r.sub.1, r.sub.3) are given in Table 3 below.

(37) TABLE-US-00003 TABLE 3 corr (r.sub.1, r.sub.2) corr (r.sub.2, r.sub.3) corr (r.sub.1, r.sub.3) −0.013927 −0.002873 −0.010771

(38) The correlation is negligibly small, which means that ciphered information is encapsulated into white noise and is not analyzable by a third party. There are no known algorithms to decrypt the ciphered information without the encryption key.

(39) In the approaches described herein, there are neither restrictions nor requirements on the encryption key number and length. All keys are equal in terms of crypt analysis resistance. Additionally, there are no correlations between the plain text and the ciphered random numbers (r.sub.1, r.sub.2, r.sub.3), as the combinations of them are unpredictable. There are no known algorithms which can decrypt ciphered random numbers (r.sub.1, r.sub.2, r.sub.3) into plain text without the key. There are no known algorithms which can recalculate the encryption key using visible ciphered random numbers (r.sub.1, r.sub.2, r.sub.3) and visible plain text. There is no need for rotation of encryption keys if a physical, completely unpredictable random number generator is used. The series repetition period of real random numbers (r.sub.1, r.sub.2, r.sub.3) is infinite.

(40) Computational time needed to encrypt and decrypt data by the method described herein is significantly smaller than commonly used algorithms. Since the method uses polynomial functions, the transaction of numbers (or ASCII) should be controlled by calculation procedures. The analysis of 25,600,000 transactions demonstrates that the final error of the secret key value estimate does not exceed 0.001%. This means that, for example, the transaction of the letter ‘A,’ which is represented by the integer number 65 (ASCII), after all transformations from client to server could be calculated to be a number about 64.9999 (and depends in part on the random generator variables during the transaction).

(41) A comparison of the features of a standard symmetrical method and the method described herein are given in Table 4 below.

(42) TABLE-US-00004 TABLE 4 WNT One Pass Transaction Symmetrical (in combination with Three Features FIPS Pub 197 Pass Transaction) Encryption Key Rotation Must Have Not Needed Processing time Costly Negligible Security resistance and key Strong relation No Relation length Hack Costly Never (Potentially Impossible) Public net output for Constant, Random, Unpredictable constant input (without key Predictable rotation)

(43) A computer program was developed to implement the method described herein. As shown in FIG. 4, Alice securely sends her secret text “Hello bob” to Bob using the three pass transaction. In FIG. 4, random values appear to a third party during the three pass transaction (specially shown in the blue box).

(44) Among other benefits, the processes described herein can be used to achieve unbreakable (or nearly unbreakable) encryption over wireless, wired, and public networks, and against quantum computing attacks. It requires relatively little processing power for encrypting and decrypting and, thus, can be used for rapid verification and transactions. A practically limitless number of new keys can be generated on the fly. Thus, the keys can be changed on every transaction. Encryption and decryption can also occur on individual devices due to the high speed of encryption and low processing requirements. Further, there is no single point of compromise because every individual party has their own key. If a key is compromised, it is the one compromised and can be renewed or replaced.

(45) An outline of various problems encountered and solutions that can be provided by the cryptographic systems described herein are given in Table 5 below.

(46) TABLE-US-00005 TABLE 5 Problem Solution Establishing a secure and Digital ID system in the cloud reliable ID for all transactions for processing Ids ID system only used for registration and verification Information unhackable Having a secure payment Payment system using ID system that eliminates fraud Email, internet banking, wireless transaction Cryptocurrency that is secure Absolutely secure, stable, and and stable based on verifiable IDs Fast enough and secure trading Rapid trading and verification system for cryptocurrencies Trading exchanges connected to Exchange Mobile Payments Integrity over wireless signals and public net Transactions cannot be defrauded via screening or copying Key Management System Cloud key management service ID system to outsource all key management responsibilities People forget passwords and Pass eliminates the use of passwords are a weak point passwords using ID center in security

(47) FIG. 5 illustrates a more particular example of a secret key transfer process 30 according to the concepts described herein. While an example using square matrices of a certain size is provided below, the concepts described herein can be extended to use with square matrices of any size. Further, although the example below is presented in certain cases as steps between “Alice” and “Bob,” the process is conducted by computing systems or devices.

(48) At the outset, consider the key to be exchanged, K, as a sequence of m bytes, each including one of the ASCII codes from 0 to 255, as follows:
K={k.sub.1,k.sub.2, . . . ,k.sub.m},0≤k.sub.i≤255.

(49) For example, the key string “ABCD” can be presented as ASCII codes K={65, 66, 67, 68}. A sequence of real numbers X can then be defined as a transformation of the key numbers (i.e., k.sub.1, k.sub.2, . . . , k.sub.m), which are integers, into real ones, as follows:
X=Φ(K),Φ:N.sup.m.fwdarw.R.sup.m and
X={x.sub.1,x.sub.2, . . . ,x.sub.m},x.sub.iϵR.

(50) The sequence of real numbers is put into set of second order square matrices, as follows:

(51) $X=.Math.\begin{array}{cc}{x}_1& x_2\\ x_3& x_4\end{array}.Math.\mathrm{.Math.}.Math.\begin{array}{cc}{x}_{m-3}& x_{m-2}\\ x_{m-1}& x_m\end{array}.Math.$

(52) If the number of real key numbers is not multiple of four, the last matrix is not fully filled in. In this case, the rest of the matrix members can be generated and added as any random numbers without influencing the algorithm.

(53) Now, assume that Alice wants to pass the secret key K to Bob. For simplicity, however, consider one square matrix X, as follows:

(54) $X=.Math.\begin{array}{cc}{x}_1& x_2\\ x_3& x_4\end{array}.Math.$
The matrix X decomposes into two singular matrices Z.sub.1 and Z.sub.2

(55) $X=Z_1{Z}_2,Z_1=.Math.\begin{array}{cc}{Z}_1& Z_2\\ Z_3& \frac{Z_2{Z}_3}{Z_1}\end{array}.Math.,\mathrm{and}$$Z_2=.Math.\begin{array}{cc}{Z}_4& Z_5\\ Z_6& \frac{Z_4{Z}_5}{Z_6}\end{array}.Math.$

(56) At step 302, the process includes forming the matrix X as a singular matrix using a number of the real key numbers of the secret key K based on the following relationship x.sub.4=x.sub.2x.sub.3/x.sub.1. In that case, the inverse of matrix X, or X.sup.−1, does not exist (see properties of singular matrices and matrix determinants in APPENDIX). In that case, the matrix X represents a portion of the secret key K, {k.sub.1, k.sub.2, k.sub.3}.

(57) As part of a first pass transaction, at step 302, the process further includes generating a uniformly distributed random matrices Y.sub.1, Y.sub.2 and inverse matrices Y.sub.1.sup.−1, Y.sub.2.sup.−1, as follows:

(58) $Y_1=.Math.\begin{array}{cc}{y}_1& y_2\\ y_3& y_4\end{array}.Math.,Y_1^{-1}=\frac{.Math.\begin{array}{cc}{y}_4& -y_2\\ -y_3& y_1\end{array}.Math.}{y_1{y}_4-y_2{y}_3},y_i\in R,y_1{y}_4\ne y_2{y}_3,Y_2=.Math.\begin{array}{cc}{y}_5& y_6\\ y_7& y_8\end{array}.Math.,\mathrm{and}$$Y_2^{-1}=\frac{.Math.\begin{array}{cc}{y}_8& -y_6\\ -y_7& y_5\end{array}.Math.}{y_5{y}_8-y_6{y}_7},y_i\in R,y_5{y}_8\ne y_6{y}_7.$

(59) At step 302, the process also includes generating uniformly distributed random centrosymmetric A.sub.1, A.sub.2, B.sub.1, B.sub.2, and inverse A.sub.1.sup.−1, A.sub.2.sup.−1, B.sub.1.sup.−1, B.sub.2.sup.−1 matrices as follows:

(60) $A_1=.Math.\begin{array}{cc}{a}_1& a_2\\ a_2& a_1\end{array}.Math.,A_2=.Math.\begin{array}{cc}{a}_3& a_4\\ a_4& a_3\end{array}.Math.,A_1^{-1}=\frac{.Math.\begin{array}{cc}{a}_1& -a_2\\ -a_2& a_1\end{array}.Math.}{a_1^2-a_2^2},A_2^{-1}=\frac{.Math.\begin{array}{cc}{a}_3& a_4\\ a_4& a_3\end{array}.Math.}{a_3^2-a_4^2},a_i\in R,a_1^2\ne a_2^2,a_3^2\ne a_4^2,B_1=.Math.\begin{array}{cc}{b}_1& b_2\\ b_2& b_1\end{array}.Math.,B_2=.Math.\begin{array}{cc}{b}_3& b_4\\ b_4& b_3\end{array}.Math.,B_1^{-1}=\frac{.Math.\begin{array}{cc}{b}_1& -b_2\\ -b_2& b_1\end{array}.Math.}{b_1^2-b_2^2},B_2^{-1}=.Math.\begin{array}{cc}{b}_3& -b_4\\ -b_4& b_3\end{array}.Math.,b_i\in R,b_1^2\ne b_2^2,b_3^2\ne b_4^2.$
Centrosymmetric square matrices A and B are always of the form AB=BA.

(61) At step 304, the process includes Alice generating and sending matrices M.sub.1 and M.sub.2 to Bob, as follows:

(62) $M_1=.Math.\begin{array}{cc}{m}_1^{\left(1\right)}& m_2^{\left(1\right)}\\ m_3^{\left(1\right)}& m_4^{\left(1\right)}\end{array}.Math.,M_2=.Math.\begin{array}{cc}{m}_1^{\left(2\right)}& m_2^{\left(2\right)}\\ m_3^{\left(2\right)}& m_4^{\left(2\right)}\end{array}.Math.,M_3=.Math.\begin{array}{cc}{m}_1^{\left(3\right)}& m_2^{\left(3\right)}\\ m_3^{\left(3\right)}& m_4^{\left(3\right)}\end{array}.Math.,\mathrm{and}$$M_4=.Math.\begin{array}{cc}{m}_1^{\left(4\right)}& m_2^{\left(4\right)}\\ m_3^{\left(4\right)}& m_4^{\left(4\right)}\end{array}.Math.,$
which are generated according to the following calculations:
M.sub.1=Y.sub.1A.sub.1,  (3)
M.sub.2=B.sub.1Y.sub.1.sup.−1Z.sub.1,  (4)
M.sub.3=Y.sub.2A.sub.2, and  (5)
M.sub.4=B.sub.2Y.sub.2.sup.−1Z.sub.3.  (6)

(63) Thus, at step 304, Alice sends to Bob fourteen publicly visible values (m.sub.1.sup.(1), m.sub.2.sup.(1), m.sub.3.sup.(1), m.sub.4.sup.(1), m.sub.1.sup.(2), m.sub.2.sup.(2), m.sub.3.sup.(2), m.sub.1.sup.(3), m.sub.2.sup.(3), m.sub.3.sup.(3), m.sub.4.sup.(3), m.sub.1.sup.(4), m.sub.2.sup.(4), m.sub.3.sup.(4)) of matrices M.sub.1, M.sub.2, M.sub.3, and M.sub.4 that are calculated from twenty-two independent unknown (for the third party) variables (a.sub.1, a.sub.2, a.sub.3, a.sub.4, b.sub.1, b.sub.2, b.sub.3, b.sub.4, y.sub.1, y.sub.2, y.sub.3, y.sub.4, y.sub.5, y.sub.6, y.sub.7, y.sub.8, z.sub.1, z.sub.2, z.sub.3, z.sub.4, z.sub.5, z.sub.6) known by Alice only, as follows:

(64) $m_1^{\left(1\right)}=a_1{y}_1+a_2{y}_2,m_2^{\left(1\right)}=a_2{y}_1+a_1{y}_2,m_3^{\left(1\right)}=a_1{y}_3+a_2{y}_4,m_4^{\left(1\right)}=a_2{y}_3+a_1{y}_4,m_1^{\left(2\right)}=\frac{b_1\left(x_1{y}_4-x_3{y}_2\right)+b_2\left(x_3{y}_1-x_1{y}_3\right)}{y_1{y}_4-y_2{y}_3},m_2^{\left(2\right)}=\frac{b_1\left(x_2{y}_4-y_2{x}_2{x}_3\text{/}{x}_1\right)+b_2\left(y_1{x}_2{x}_3\text{/}{x}_1-x_2{y}_3\right)}{y_1{y}_4-y_2{y}_3},m_3^{\left(2\right)}=\frac{b_2\left(x_1{y}_4-x_3{y}_2\right)+b_1\left(x_3{y}_1-x_1{y}_3\right)}{y_1{y}_4-y_2{y}_3}$$m_1^{\left(3\right)}=a_3{y}_5+a_4{y}_6,m_2^{\left(3\right)}=a_4{y}_5+a_3{y}_6,m_3^{\left(3\right)}=a_3{y}_7+a_4{y}_8,m_4^{\left(3\right)}=a_4{y}_7+a_3{y}_8,m_1^{\left(4\right)}=\frac{b_3\left(x_4{y}_8-x_6{y}_6\right)+b_4\left(x_6{y}_5-x_4{y}_7\right)}{y_5{y}_4-y_6{y}_3},m_2^{\left(4\right)}=\frac{b_3\left(x_5{y}_6-y_6\frac{x_5{x}_6}{x_4}\right)+b_4\left(y_5\frac{x_5{x}_6}{x_4}-x_5{y}_7\right)}{y_5{y}_8-y_6{y}_7},\mathrm{and}$$m_3^{\left(4\right)}=\frac{b_4\left(x_6{y}_8-x_6{y}_6\right)+b_3\left(x_6{y}_5-x_4{y}_7\right)}{y_5{y}_8-y_6{y}_7}.$

(65) The variable m.sub.4.sup.(2) and m.sub.4.sup.(4) of the singular matrices M.sub.2 and M.sub.2 are used as m.sub.4.sup.(2)=m.sub.2.sup.(2)m.sub.3.sup.(2)/m.sub.1.sup.(2) and m.sub.4.sup.(2)=m.sub.2.sup.(2)m.sub.3.sup.(2)/m.sub.1.sup.(2).

(66) As a second pass transaction, at step 306, the process includes Bob receiving the M.sub.1 and M.sub.2 matrices from Alice. At step 306, the process includes generating uniformly distributed random centrosymmetric matrices C.sub.1, C.sub.2 and inverse C.sub.1.sup.−1, C.sub.2.sup.−1 matrices, as follows:

(67) 0$C_1=.Math.\begin{array}{cc}{c}_1& c_2\\ c_2& c_1\end{array}.Math.,C_2=.Math.\begin{array}{cc}{c}_3& c_4\\ c_4& c_3\end{array}.Math.,C_1^{-1}=\frac{.Math.\begin{array}{cc}{c}_1& -c_2\\ -c_2& c_1\end{array}.Math.}{c_1^2-c_2^2},c_i\in R,c_1^2\ne c_2^2,\mathrm{and}$$C_2^{-1}=\frac{.Math.\begin{array}{cc}{c}_3& -c_4\\ -c_4& c_3\end{array}.Math.}{c_3^2-c_4^2},c_i\in R,c_3^2\ne c_4^2.$

(68) The process at step 306 also includes generating uniformly distributed random matrices D and H, as follows:

(69) $D=.Math.\begin{array}{cc}{d}_1& d\\ d_3& d_4\end{array}.Math.,\mathrm{and}$$H=.Math.\begin{array}{cc}{h}_1& h_2\\ h_3& h_4\end{array}.Math.,d_i{h}_i\in R,d_1{d}_4\ne d_2{d}_3,h_1{h}_4\ne h_2{h}_3.$

(70) The process at step 306 also includes generating corresponding inverse matrices D.sup.−1 and H.sup.−1, as follows:

(71) $D^{-1}=\frac{.Math.\begin{array}{cc}{d}_1& d_2\\ d_3& d_4\end{array}.Math.}{d_1{d}_4-d_2{d}_3},\mathrm{and}$$H^{-1}=\frac{.Math.\begin{array}{cc}{h}_1& h_2\\ h_3& h_4\end{array}.Math.}{h_1{h}_4-h_2{h}_3}.$

(72) The process at step 306 also includes generating the matrices M.sub.5, M.sub.6, M.sub.7 and M.sub.8, as follows:

(73) $M_5=.Math.\begin{array}{cc}{m}_1^{\left(5\right)}& m_2^{\left(5\right)}\\ m_3^{\left(5\right)}& m_4^{\left(5\right)}\end{array}.Math.,M_6=.Math.\begin{array}{cc}{m}_1^{\left(6\right)}& m_2^{\left(6\right)}\\ m_3^{\left(6\right)}& m_4^{\left(6\right)}\end{array}.Math.,M_7=.Math.\begin{array}{cc}{m}_1^{\left(7\right)}& m_2^{\left(7\right)}\\ m_3^{\left(7\right)}& m_4^{\left(7\right)}\end{array}.Math.,\mathrm{and}$$M_8=.Math.\begin{array}{cc}{m}_1^{\left(8\right)}& m_2^{\left(8\right)}\\ m_3^{\left(8\right)}& m_4^{\left(8\right)}\end{array}.Math.$
as a result of the following calculations:
M.sub.5=DM.sub.1C.sub.1.sup.−1=D.sub.1Y.sub.1A.sub.1C.sub.1.sup.−1,  (7)
M.sub.6=C.sub.1M.sub.2E=C.sub.1B.sub.1Y.sub.1.sup.−1Z.sub.1E,  (8)
M.sub.7=E.sup.−1M.sub.3C.sub.2.sup.−1=E.sup.−1YA.sub.2C.sub.2.sup.−1, and  (9)
M.sub.8=C.sub.2M.sub.4H=C.sub.2B.sub.2Y.sub.2.sup.−1Z.sub.2H.  (10)

(74) At step 308, the process includes Bob sending to Alice fourteen publicly visible values (m.sub.1.sup.(5), m.sub.2.sup.(5), m.sub.3.sup.(5), m.sub.1.sup.(6), m.sub.2.sup.(6), m.sub.3.sup.(6), m.sub.1.sup.(7), m.sub.2.sup.(7), m.sub.3.sup.(7), m.sub.4.sup.(7), m.sub.1.sup.(8), m.sub.2.sup.(8), m.sub.3.sup.(8)) of matrices M.sub.3 and M.sub.4 that are calculated from sixteen independent unknown (for the third party) variables (c.sub.1, c.sub.2, c.sub.3, c.sub.4, d.sub.1, d.sub.2, d.sub.3, d.sub.4, e.sub.1, e.sub.2, e.sub.3, e.sub.4, h.sub.1, h.sub.2, h.sub.3, h.sub.4) which are known by Bob only, as follows:

(75) $m_1^{\left(5\right)}=\frac{c_1\left(d_1{m}_1^{\left(1\right)}+d_2{m}_3^{\left(1\right)}\right)-c_2\left(d_1{m}_2^{\left(1\right)}+d_2{m}_4^{\left(1\right)}\right)}{c_1^2-c_2^2},m_2^{\left(5\right)}=\frac{c_1\left(d_1{m}_2^{\left(1\right)}+d_2{m}_4^{\left(1\right)}\right)-c_2\left(d_1{m}_1^{\left(1\right)}+d_2{m}_4^{\left(1\right)}\right)}{c_1^2-c_2^2},m_3^{\left(5\right)}=\frac{c_1\left(d_3{m}_1^{\left(1\right)}+d_4{m}_3^{\left(1\right)}\right)-c_2\left(d_1{m}_2^{\left(1\right)}+d_4{m}_4^{\left(1\right)}\right)}{c_1^2-c_2^2},m_4^{\left(5\right)}=\frac{c_1\left(d_3{m}_2^{\left(1\right)}+d_4{m}_4^{\left(1\right)}\right)-c_2\left(d_3{m}_1^{\left(1\right)}+d_4{m}_3^{\left(1\right)}\right)}{c_1^2-c_2^2},m_1^{\left(6\right)}=\left(c_1{m}_1^{\left(2\right)}+c_2{m}_3^{\left(2\right)}\right)e_1+\left(c_1{m}_2^{\left(2\right)}+c_2{m}_4^{\left(2\right)}\right)e_3,m_2^{\left(6\right)}=\left(c_1{m}_1^{\left(2\right)}+c_2{m}_3^{\left(2\right)}\right)e_2+\left(c_1{m}_2^{\left(2\right)}+c_2{m}_4^{\left(2\right)}\right)e_4,m_3^{\left(6\right)}=\left(c_2{m}_1^{\left(2\right)}+c_1{m}_3^{\left(2\right)}\right)e_1+\left(c_2{m}_2^{\left(2\right)}+c_1{m}_4^{\left(2\right)}\right)e_3,m_4^{\left(6\right)}=m_2^{\left(6\right)}{m}_3^{\left(6\right)}\text{/}{m}_1^{\left(6\right)},m_1^{\left(7\right)}=\frac{c_3\left(e_4{m}_1^{\left(3\right)}-e_2{m}_1^{\left(3\right)}\right)-c_4\left(e_1{m}_2^{\left(3\right)}-e_2{m}_4^{\left(3\right)}\right)}{\left(c_3^2-c_4^2\right)\left(e_1{e}_4-e_2{e}_3\right)},m_2^{\left(7\right)}=\frac{c_3\left(e_4{m}_2^{\left(3\right)}-e_3{m}_4^{\left(3\right)}\right)-c_4\left(e_4{m}_1^{\left(3\right)}-e_2{m}_1^{\left(3\right)}\right)}{\left(c_3^3-c_4^3\right)\left(e_1{e}_4-e_2{e}_3\right)},m_3^{\left(7\right)}=\frac{c_3\left(e_1{m}_3^{\left(3\right)}-e_2{m}_1^{\left(3\right)}\right)-c_4\left(e_1{m}_4^{\left(3\right)}-e_2{m}_3^{\left(3\right)}\right)}{\left(c_3^2-c_4^2\right)\left(e_1{e}_4-e_2{e}_3\right)},m_4^{\left(7\right)}=\frac{c_3\left(e_1{m}_1^{\left(3\right)}-e_3{m}_2^{\left(3\right)}\right)-c_4\left(e_4{m}_3^{\left(3\right)}-e_2{m}_1^{\left(3\right)}\right)}{\left(c_3^2-c_4^2\right)\left(e_1{e}_4-e_2{e}_3\right)},m_1^{\left(8\right)}=\left(c_3{m}_1^{\left(4\right)}+c_4{m}_3^{\left(4\right)}\right)h_1+\left(c_3{m}_2^{\left(4\right)}+c_4{m}_4^{\left(4\right)}\right)h_3,m_2^{\left(8\right)}=\left(c_3{m}_1^{\left(4\right)}+c_4{m}_3^{\left(4\right)}\right)h_2+\left(c_3{m}_2^{\left(4\right)}+c_4{m}_4^{\left(4\right)}\right)h_4,m_3^{\left(8\right)}=\left(c_4{m}_1^{\left(4\right)}+c_3{m}_3^{\left(4\right)}\right)h_1+\left(c_4{m}_2^{\left(4\right)}+c_3{m}_4^{\left(4\right)}\right)h_3,\mathrm{and}$

(76) As a third pass transaction, at step 310, the process includes Alice receiving from Bob the matrices M.sub.5, M.sub.6, M.sub.7, and M.sub.8 as follows:
M.sub.5=DY.sub.1A.sub.1C.sub.1.sup.−1,
M.sub.6=C.sub.1B.sub.1Y.sub.1.sup.−1Z.sub.1E,
M.sub.7=E.sup.−1Y.sub.2A.sub.2C.sub.2.sup.−1, and
M.sub.8=CBY.sup.−1XH.

(77) Note that centrosymmetric matrices satisfy the following conditions:
AC.sup.−1=C.sup.−1A and
CB=BC,
meaning that the matrices M.sub.5, M.sub.6, M.sub.7, and M.sub.8 can be transformed into:
M.sub.5=DY.sub.1A.sub.1C.sub.1.sup.−1=DY.sub.1C.sub.1.sup.−1A.sub.1,
M.sub.6=C.sub.1B.sub.1Y.sub.1.sup.−1Z.sub.1E=B.sub.1C.sub.1Y.sub.1.sup.−1Z.sub.1E,
M.sub.7=E.sup.−1Y.sub.2A.sub.2C.sub.2.sup.−1=E.sup.−1Y.sub.2C.sub.2.sup.−1A.sub.2, and
M.sub.8=C.sub.2B.sub.2Y.sub.2.sup.−1Z.sub.2H=B.sub.2C.sub.2Y.sub.2.sup.−1Z.sub.2H,

(78) Thus, at step 312, the process includes multiplying the matrices M.sub.5, M.sub.6, M.sub.7 and M.sub.8 with the known inverse matrices A.sub.1.sup.−1, A.sub.2.sup.−1, B.sub.1.sup.−1 and B.sub.2.sup.−1, respectively, as follows:
M.sub.5 A.sub.1.sup.−1=DY.sub.1C.sub.1.sup.−1A.sub.1A.sub.1.sup.−1=DY.sub.1C.sub.1.sup.−1,
B.sub.1.sup.−1M.sub.6=B.sub.1.sup.−1B.sub.1 C.sub.1Y.sub.1.sup.−1Z.sub.1E=C.sub.1Y.sub.1.sup.−1Z.sub.1E,
M.sub.7A.sub.2.sup.−1=E.sup.−1Y.sub.2C.sub.2.sup.−1A.sub.2A.sub.2.sup.−1=E.sup.−1Y.sub.2C.sub.2.sup.−1, and
B.sub.2.sup.−1M.sub.8=B.sub.2.sup.−1B.sub.2C.sub.2Y.sub.2.sup.−1Z.sub.2H=C.sub.2Y.sub.2.sup.−1Z.sub.2H.

(79) Further, at step 314, the process includes multiplying the results of those together to arrive at the matrix M.sub.5, as follows:

(80) $\begin{array}{cc}{M}_9=M_5{A}_1^{-1}{B}_1^{-1}{M}_6{M}_7{A}_2^{-1}{B}_2^{-1}{M}_8,M_9={\mathrm{DY}}_1{C}_1^{-1}{C}_1{C}_1^{-1}{Z}_1{\mathrm{EE}}^{-1}{Y}_2{C}_2^{-1}{C}_2{Y}_2^{-1}{Z}_{2}H={\mathrm{DZ}}_1{Z}_{2}H,\mathrm{such}\mathrm{that}\text{.Math.}{M}_9=\mathrm{DXH},\mathrm{and}{M}_9=.Math.\begin{array}{cc}{m}_1^{\left(9\right)}& m_2^{\left(9\right)}\\ m_3^{\left(9\right)}& m_4^{\left(9\right)}\end{array}.Math..& \left(11\right)\end{array}$

(81) At step 316, the process includes Alice sending the following three publicly visible values to Bob (m.sub.1.sup.(9), m.sub.2.sup.(9), m.sub.3.sup.(9)), as follows:
m.sub.1.sup.(9)=(d.sub.1x.sub.1+d.sub.2x.sub.3)h.sub.1+(d.sub.1x.sub.2+d.sub.2x.sub.4)h.sub.3,
m.sub.2.sup.(9)=(d.sub.1x.sub.1+d.sub.2x.sub.3)h.sub.2+(d.sub.1x.sub.2+d.sub.2x.sub.4)h.sub.4,
m.sub.3.sup.(9)=(d.sub.3x.sub.1+d.sub.4x.sub.3)h.sub.1+(d.sub.3x.sub.2+d.sub.4x.sub.4)h.sub.3, and
m.sub.4.sup.(9)=m.sub.3.sup.(9)m.sub.2.sup.(9)/m.sub.1.sup.(9).

(82) Thus, as part of the final key restoration at step 316, Bob receives the matrix M9 from Alice, as follows:
M.sub.9=DXH.

(83) At step 318, the process includes Bob restoring the key X from Alice by using inverse matrices D.sup.−1 and H.sup.−1, which are known to Bob, and the matrix M.sub.5, as follows:
D.sup.−1M.sub.9H.sup.−1=D.sup.−1DXHH.sup.−1=X.

(84) As shown in Table 6 below, the entire scheme of the key exchange process can be performed using an exchange of matrices with a corresponding number of different unknown independent variables (underlined in Table 6) and visible (by the third party) values (bolded in Table 6). This scheme demonstrates that the number of unknown independent variables always exceeds the number of visible independent values in any combination of subsets of matrices.

(85) This means that the system of nonlinear equations is an indeterminate system. There are no algorithms for the third party to obtain unknown independent variables including the secret key X using the visible independent values.

(86) TABLE-US-00006 TABLE 6 Independent Variables Variables Values 1 Alice Y.sub.1A.sub.1 A.sub.1[2], Y.sub.1[4] 22 M.sub.1[4] 4 14 B.sub.1Y.sub.1.sup.−1Z.sub.1 B.sub.1[2], Z.sub.1[3] M.sub.2[4] 3 Y.sub.2A.sub.2 A.sub.2[2], Y.sub.2[4] M.sub.3[4] 4 B.sub.2Y.sub.2.sup.−1Z.sub.2 B.sub.2[2], Z.sub.2[3] M.sub.4[4] 3 2 Bob DY.sub.1A.sub.1C.sub.1.sup.−1 D [4], C.sub.1[2] 16 M.sub.5[4] 4 14 C.sub.1B.sub.1Y.sub.1.sup.−1 Z.sub.1E E [4] M.sub.6[4] 3 E.sup.−1Y.sub.2A.sub.2C.sub.2.sup.−1 M.sub.7[4] 4 C.sub.2B.sub.2Y.sub.2.sup.−1 Z.sub.2H C.sub.2[2], H [4] M.sub.8[4] 3 3 Alice DXH M.sub.9[3] 3 3 Total 38 31

(87) The direct restoration of the matrix X (using formula transformations of Eqs. 3-11 is also impossible. Note that the matrix X is singular. It leads to several features, which are used to perform the key exchange algorithm resistant against the third party decryption (see APPENDIX):

(88) The matrices M.sub.2, M.sub.4, M.sub.6, M.sub.8, and M.sub.9
M.sub.2=B.sub.1Y.sub.1.sup.−1Z.sub.1,
M.sub.4=B.sub.2Y.sub.2.sup.−1Z.sub.2,
M.sub.6=C.sub.1B.sub.1Y.sub.1.sup.−1Z.sub.1E,
M.sub.6=C.sub.2B.sub.2Y.sub.2.sup.−1Z.sub.2H, and
M.sub.9=DZ.sub.1Z.sub.2H
are also singular (due to the matrices Z.sub.1 and Z.sub.2 being singular).

(89) Thus, the equation M.sub.5L.sub.1M.sub.6M.sub.7L.sub.2M.sub.8=M.sub.9 (from the Eqs. 7-10) can not be resolved in regards to centrosymmetric matrices L.sub.1=A.sub.1.sup.−1B.sub.1.sup.−1 and L.sub.2=A.sub.2.sup.−1B.sub.2.sup.−1 by the third party as far as the matrix M.sub.9 is singular so, the direct calculation X=M.sub.1L.sub.1M.sub.2M.sub.3L.sub.2M.sub.4 is not possible.

(90) The concepts described herein can be used for other cryptographic operations, such as key exchanging using authentication. FIG. 6 illustrates an example secret material or key exchanging process using authentication according to the concepts described herein.

(91) As shown in FIG. 6, Alice wants to pass the secret key K to Bob. They use Ed as an independent party for authentication. In the transaction, the square singular matrix

(92) $X=.Math.\begin{array}{cc}{x}_1& x_2\\ x_3& x_4\end{array}.Math.$
is used to represent key K={k.sub.1, k.sub.2, k.sub.3}, where x.sub.4=x.sub.2x.sub.3/x.sub.1.

(93) It is assumed that Alice and Bob both have passed the authentication procedure and both have got corresponding session numbers N.sub.1.sup.A, N.sub.2.sup.A and N.sub.1.sup.B, N.sub.2.sup.B from Ed according to the concepts described above.

(94) Alice and Bob form centrosymmetric matrices N.sup.A and N.sup.B correspondently, as follows:

(95) $N_A=.Math.\begin{array}{cc}{N}_1^A& N_2^A\\ N_3^A& N_4^A\end{array}.Math.\mathrm{and}{N}_{\mathrm{AB}}=.Math.\begin{array}{cc}{N}_1^B& N_2^B\\ N_3^B& N_4^B\end{array}.Math..$

(96) As part of a first pass transaction, at step 402, the process 40 includes Alice generating uniformly distributed random matrices Y.sub.1, Y.sub.2 and inverse matrices Y.sub.1.sup.−1, Y.sub.2.sup.−1, as follows:

(97) $Y_1=.Math.\begin{array}{cc}{y}_1& y_2\\ y_3& y_4\end{array}.Math.,Y_1^{-1}=\frac{.Math.\begin{array}{cc}{y}_1& -y_2\\ -y_3& y_4\end{array}.Math.}{y_1{y}_4-y_2{y}_3},y_i\in R,y_1{y}_4\ne y_2{y}_3,Y_2=.Math.\begin{array}{cc}{y}_5& y_6\\ y_7& y_8\end{array}.Math.,\mathrm{and}{Y}_2^{-1}=\frac{.Math.\begin{array}{cc}{y}_8& -y_6\\ -y_7& y_5\end{array}.Math.}{y_5{y}_8-y_6{y}_7},y_i\in R,y_5{y}_8\ne y_6{y}_7.$

(98) Alice also generates uniformly distributed random centrosymmetric matrices A and B, as follows:

(99) $A_1=.Math.\begin{array}{cc}{a}_1& a_2\\ a_2& a_1\end{array}.Math.,A_2=.Math.\begin{array}{cc}{a}_3& a_4\\ a_4& a_3\end{array}.Math.,A_1^{-1}=\frac{.Math.\begin{array}{cc}{a}_1& -a_2\\ -a_2& a_1\end{array}.Math.}{a_1^2-a_2^2},A_2^{-1}=\frac{.Math.\begin{array}{cc}{a}_3& a_4\\ a_4& a_3\end{array}.Math.}{a_3^2-a_4^2},a_i\in R,a_1^2\ne a_2^2,a_3^2\ne a_4^2,B_1=.Math.\begin{array}{cc}{b}_1& b_2\\ b_2& b_1\end{array}.Math.,B_2=.Math.\begin{array}{cc}{b}_3& b_4\\ b_4& b_3\end{array}.Math.,B_2^{-1}=.Math.\begin{array}{cc}{b}_3& -b_4\\ -b_4& b_3\end{array}.Math.,b_i\in R,b_1^2\ne b_2^2,b_3^2\ne b_4^2.$

(100) Note that any centrosymmetric square matrices A and B always have the following feature: AB=BA. At step 404, the process includes Alice sending to Bob results as matrices M.sub.1 and M.sub.2, as follows:

(101) 0$M_1=.Math.\begin{array}{cc}{m}_1^{\left(1\right)}& m_2^{\left(1\right)}\\ m_3^{\left(1\right)}& m_4^{\left(1\right)}\end{array}.Math.,M_2=.Math.\begin{array}{cc}{m}_1^{\left(2\right)}& m_2^{\left(2\right)}\\ m_3^{\left(2\right)}& m_4^{\left(2\right)}\end{array}.Math.,M_3=.Math.\begin{array}{cc}{m}_1^{\left(3\right)}& m_2^{\left(3\right)}\\ m_3^{\left(3\right)}& m_4^{\left(3\right)}\end{array}.Math.,\mathrm{and}{M}_4=.Math.\begin{array}{cc}{m}_1^{\left(4\right)}& m_2^{\left(4\right)}\\ m_3^{\left(4\right)}& m_4^{\left(4\right)}\end{array}.Math..$
of the following calculations:
M.sub.1=Y.sub.1A.sub.1,  (1B)
M.sub.2=B.sub.1Y.sub.1.sup.−1Z.sub.1,  (2B)
M.sub.3=Y.sub.2A.sub.2,  (3B)
M.sub.4=B.sub.2Y.sub.2.sup.−1Z.sub.2.  (4B)

(102) As part of a second pass transaction, at step 406, Bob receives M.sub.1 and M.sub.2 from Alice. Bob generates uniformly distributed random centrosymmetric matrices C.sub.1, C.sub.2 and inverse C.sub.1.sup.−1, C.sub.2.sup.−1 matrices, as follows:

(103) $C_1=.Math.\begin{array}{cc}{c}_1& c_2\\ c_2& c_1\end{array}.Math.,C_2=.Math.\begin{array}{cc}{c}_3& c_4\\ c_4& c_3\end{array}.Math.,C_1^{-1}=\frac{.Math.\begin{array}{cc}{c}_1& -c_2\\ -c_2& c_1\end{array}.Math.}{c_1^2-c_2^2},c_i\in R,c_1^2\ne c_2^2,\mathrm{and}{C}_2^{-1}=\frac{.Math.\begin{array}{cc}{c}_3& -c_4\\ -c_4& c_3\end{array}.Math.}{c_3^2-c_4^2},c_i\in R,c_3^2\ne c_4^2.$
and uniformly distributed random matrices D and H, as follows:

(104) $D=.Math.\begin{array}{cc}{d}_1& d_2\\ d_3& d_4\end{array}.Math.,\mathrm{and}H=.Math.\begin{array}{cc}{h}_1& h_2\\ h_3& h_4\end{array}.Math.,d_i,h_i\in R,d_1{d}_4\ne d_2{d}_3,h_1{h}_4\ne h_2{h}_3,$
and correspondent inverse matrices D.sup.−1 and H.sup.−1, as follows:

(105) $D^{-1}=\frac{.Math.\begin{array}{cc}{d}_1& d_2\\ d_3& d_4\end{array}.Math.}{d_1{d}_4-d_2{d}_3},\mathrm{and}{H}^{-1}=\frac{.Math.\begin{array}{cc}{h}_1& h_2\\ h_3& h_4\end{array}.Math.}{h_1{h}_4-h_2{h}_3},$

(106) At step 406, Bob also obtains the matrices M.sub.5, M.sub.6, M.sub.7 and M.sub.8, defined as follows:

(107) $M_5=.Math.\begin{array}{cc}{m}_1^{\left(5\right)}& m_2^{\left(5\right)}\\ m_3^{\left(5\right)}& m_4^{\left(5\right)}\end{array}.Math.,M_6=.Math.\begin{array}{cc}{m}_1^{\left(6\right)}& m_2^{\left(6\right)}\\ m_3^{\left(6\right)}& m_4^{\left(6\right)}\end{array}.Math.,M_7=.Math.\begin{array}{cc}{m}_1^{\left(7\right)}& m_2^{\left(7\right)}\\ m_3^{\left(7\right)}& m_4^{\left(7\right)}\end{array}.Math.,\mathrm{and}{M}_8=.Math.\begin{array}{cc}{m}_1^{\left(8\right)}& m_2^{\left(8\right)}\\ m_3^{\left(8\right)}& m_4^{\left(8\right)}\end{array}.Math.$
as a result of the following calculations:
M.sub.5=DM.sub.1C.sub.1.sup.−1=D.sub.1Y.sub.1A.sub.1C.sub.1.sup.−1,  (5B)
M.sub.6=C.sub.1M.sub.2E=C.sub.1B.sub.1Y.sub.1.sup.−1Z.sub.1E,  (6B)
M.sub.7=E.sup.−1M.sub.3C.sub.2.sup.−1=E.sup.−1YA.sub.2C.sub.2.sup.−1, and  (7B)
M.sub.8=C.sub.2M.sub.4H=C.sub.2B.sub.2Y.sub.2.sup.−1Z.sub.2H,  (8B)

(108) As part of a third pass transaction, at step 408, the process includes Alice generating a uniformly distributed random matrix G, as follows:

(109) $G=.Math.\begin{array}{cc}{g}_1& g_2\\ g_3& g_4\end{array}.Math.,g_i\in R.$

(110) Alice receives from Bob the matrices M.sub.5, M.sub.6, M.sub.7 and M.sub.8, as follows:
M.sub.5=DY.sub.1A.sub.1C.sub.1.sup.−1=DY.sub.1C.sub.1.sup.−1A.sub.1,
M.sub.6=C.sub.1B.sub.1Y.sub.1.sup.−1Z.sub.1E=B.sub.1C.sub.1Y.sub.1.sup.−1Z.sub.1E,
M.sub.7=E.sup.−1Y.sub.2A.sub.2C.sub.2.sup.−1=E.sup.−1Y.sub.2C.sub.2.sup.−1A.sub.2, and
M.sub.8=C.sub.2B.sub.2Y.sub.2.sup.−1Z.sub.2H=B.sub.2C.sub.2Y.sub.2.sup.−1Z.sub.2H,

(111) At step 408, the process also includes Alice multiplying both the matrices M.sub.5, M.sub.6, M.sub.7 and M.sub.8 with the inverse matrices which are known to her, A.sub.1.sup.−1, A.sub.2.sup.−1, B.sub.1.sup.−1 and B.sub.2.sup.−1, respectively, as follows:

(112) $B_1^{-1}{M}_6=B_1^{-1}{B}_1{C}_1{Y}_1^{-1}{Z}_{1}E=C_1{Y}_1^{-1}{Z}_{1}E,B_1^{-1}{M}_6=B_1^{-1}{B}_1{C}_1{Y}_1^{-1}{Z}_{1}E=C_1{Y}_1^{-1}{Z}_{1}E,M_7{A}_2^{-1}=E^{-1}{Y}_2{C}_2^{-1}{A}_2{A}_2^{-1}=E^{-1}{Y}_2{C}_2^{-1},\mathrm{and}{B}_2^{-1}{M}_8=B_2^{-1}{B}_2{C}_2{Y}_2^{-1}{Z}_{2}H=C_2{Y}_2^{-1}{Z}_{2}H,M_5={\mathrm{GM}}_5{A}_1^{-1}{B}_1^{-1}{M}_6{M}_7{A}_2^{-1}{B}_2^{-1}{M}_8={\mathrm{GDY}}_1{C}_1^{-1}{C}_1{Y}_1^{-1}{Z}_1{\mathrm{EE}}^{-1}{Y}_2{C}_2^{-1}{Z}_{2}H,\mathrm{such}{M}_9=\mathrm{GDXH}\left(9B\right),\mathrm{where}{M}_9=.Math.\begin{array}{cc}{m}_1^{\left(9\right)}& m_2^{\left(9\right)}\\ m_3^{\left(9\right)}& m_4^{\left(9\right)}\end{array}.Math..$

(113) At step 410, the process includes Alice sending three publicly visible values to Bob, including (m.sub.1.sup.(9), m.sub.2.sup.(9), m.sub.3.sup.(9)). The matrix M.sub.9 is singular and m.sub.4.sup.(9)=m.sub.3.sup.(9)m.sub.2.sup.(9)/m.sub.1.sup.(9). At step 412, Alice also sends four publicly visible values to Ed (m.sub.1.sup.(6), m.sub.2.sup.(6), m.sub.3.sup.(6), m.sub.4.sup.(6)) of the matrix M.sub.10, defined as:

(114) $M_{10}=.Math.\begin{array}{cc}{m}_1^{\left(10\right)}& m_2^{\left(10\right)}\\ m_3^{\left(10\right)}& m_4^{\left(10\right)}\end{array}.Math.,$
as a result of the following calculations:
M.sub.10−N.sup.AG.  (9B)

(115) For authentication, Ed receives the matrix M6 from Alice. At step 414, Ed sends to Bob the matrix M.sub.11 using the inverse matrix (N.sup.A).sup.−1 and the matrix N.sup.B, as follows:
M.sub.11=N.sup.B(N.sup.A).sup.−1N.sup.AG=N.sup.BG,
M.sub.11=N.sup.BG.  (10B).

(116) As part of the final key restoration, at step 416, the process includes Bob receiving the matrix M.sub.11 from Ed and obtaining the matrix G using the inverse matrix (N.sup.B).sup.−1, as follows:
G=(N.sup.B).sup.−1M.sub.11=(N.sup.B).sup.−1N.sup.BG.

(117) Bob also receives the matrix M.sub.9 from Alice at step 410. Using inverse matrices G.sup.−1, D.sup.−1, and H.sup.−1, which are known to Bob, he can restore the key X from the received matrix M.sub.5 as follows:
D.sup.−1G.sup.−1M.sub.9H.sup.−1=D.sup.−1G.sup.−1GDXH H.sup.−1=X.

(118) The embodiments described herein can be implemented by either a method or process or as a system or device. The method can be performed using any suitable computing device, and the system can be embodied as any suitable computing device. The computing device can include at least one processing system, for example, having one or more processors and memories electrically and communicatively coupled together using a local interface. The local interface can be embodied as a data bus with an accompanying address/control bus or other addressing, control, and/or command lines.

(119) In various embodiments, the memory can store data and software or executable code components executable by the processor. For example, the memory can store executable-code components associated with cryptographic operations for execution by the processor. The software or executable-code components can be developed using or embodied in various programming languages, such as, for example, C, C++, C#, Objective C, JAVA®, JAVASCRIPT®, Perl, PHP, VISUAL BASIC®, PYTHON®, RUBY, FLASH®, or other programming languages.

(120) The embodiments can rely, in part, on executable instructions or instructions for execution by the computing device. The terms “executable” or “for execution” refer to software forms that can ultimately be run or executed by a processor, whether in source, object, machine, or other form. Examples of executable programs include, for example, a compiled program that can be translated into a machine code format and loaded into a random access portion of memory and executed by a processor, source code that can be expressed in an object code format and loaded into a random access portion of the memory and executed by the processor, or source code that can be interpreted by another executable program to generate instructions in a random access portion of the memory and executed by the processor, etc.

(121) An executable program can be stored in any portion or component of the memory including, for example, a random access memory (RAM), read-only memory (ROM), magnetic or other hard disk drive, solid-state, semiconductor, or similar drive, universal serial bus (USB) flash drive, memory card, optical disc (e.g., compact disc (CD)) or digital versatile disc (DVD)), floppy disk, magnetic tape, or other memory component.

(122) Although the process diagram shown in FIGS. 2 and 5 illustrate a certain order, it is understood that the order can differ from that which is depicted. For example, an order of execution of two or more blocks can be scrambled relative to the order shown. Also, two or more blocks shown in succession can be executed concurrently or with partial concurrence. Further, in some embodiments, one or more of the blocks can be skipped or omitted. In addition, any number of counters, state variables, warning semaphores, or messages might be added to the logical flow described herein, for purposes of enhanced utility, accounting, performance measurement, or providing troubleshooting aids, etc. It is understood that all such variations are within the scope of the present disclosure.

(123) Also, any algorithm, method, process, or logic described herein that are embodied, at least in part, by software or executable-code components, can be embodied or stored in any tangible or non-transitory computer-readable medium or device for execution by an instruction execution system such as a general purpose processor. In this sense, the logic can be embodied as, for example, software or executable-code components that can be fetched from the computer-readable medium and executed by the instruction execution system. Thus, the instruction execution system can be directed by execution of the instructions to perform certain processes such as those illustrated in FIG. 2. In the context of the present disclosure, a “computer-readable medium” can be any tangible medium that can contain, store, or maintain any logic, application, software, or executable-code component described herein for use by or in connection with an instruction execution system.

(124) The computer-readable medium can include any physical media such as, for example, magnetic, optical, or semiconductor media. More specific examples of suitable computer-readable media include, but are not limited to, magnetic tapes, magnetic floppy diskettes, magnetic hard drives, memory cards, solid-state drives, USB flash drives, or optical discs. Also, the computer-readable medium can include a RAM including, for example, an SRAM, DRAM, or MRAM. In addition, the computer-readable medium can include a ROM, a PROM, an EPROM, an EEPROM, or other similar memory device.

(125) Disjunctive language, such as the phrase “at least one of X, Y, or Z,” unless specifically stated otherwise, is to be understood with the context as used in general to present that an item, term, etc., can be either X, Y, or Z, or any combination thereof (e.g., X, Y, and/or Z). Thus, such disjunctive language is not generally intended to, and should not, imply that certain embodiments require at least one of X, at least one of Y, or at least one of Z to be each present.

(126) It should be emphasized that the above-described embodiments of the present disclosure are merely possible examples of implementations set forth for a clear understanding of the principles of the disclosure. Many variations and modifications can be made to the above-described embodiment(s) without departing substantially from the spirit and principles of the disclosure. All such modifications and variations are intended to be included herein within the scope of this disclosure and protected by the following claims.

APPENDIX

(127) Matrix Properties:

(128) 1. The inverse matrix X.sup.−1 of matrix

(129) $X=.Math.\begin{array}{cc}{x}_1& x_2\\ x_3& x_4\end{array}.Math.$
is defined as follows:

(130) $X^{-1}=\frac{.Math.\begin{array}{cc}{x}_4& -x_2\\ -x_3& x_1\end{array}.Math.}{x_1{x}_4-x_2{x}_3},\mathrm{and}{\mathrm{XX}}^{-1}=X^{-1}X=I,$
where I is the identity matrix,

(131) 0$I=.Math.\begin{array}{cc}1& 0\\ 0& 1\end{array}.Math..$

(132) 2. In linear algebra and matrix mathematics, a centrosymmetric matrix is a matrix which is symmetric about its center. A centrosymmetric matrix A has the following form:

(133) $A=.Math.\begin{array}{cc}{a}_1& a_2\\ a_2& a_1\end{array}.Math..$
Centrosymmetric matrices A and B satisfy the following conditions:
AB=BA.

(134) 3. A square matrix is singular if and only if its determinant is 0. Because a square matrix formed from a random distribution of values will almost never be singular, singular matrices are rare. The matrix

(135) $X=.Math.\begin{array}{cc}{x}_1& x_2\\ x_3& x_4\end{array}.Math.$
is singular if the determinant of the matrix X, det(X)=0 (i.e., x.sub.4x.sub.1−x.sub.2x.sub.3=0). In this case, the inverse X.sup.−1 of the singular matrix X does not exist (division by zero). If the matrix X is singular, the matrix B=AX is also singular.
Singular Matrix Features:

(136) Consider a singular matrix S and an invertable, nondegenerate, or non-singular matrix V. The matrix W is also singular as a result of SV=W. The singular matrix S can be obtained if the matrices V and W are known, because S=WV.sup.−1, but the non-singular matrix V=S.sup.−1W can not be obtained even if matrices S and W are known because the inverse matrix S.sup.−1 does not exist (division by zero). In this sense, “can not be obtained” means there is no unique solution of the equation (ambiguity).