Abstract
A public key cryptosystem and signature scheme based on a proposed key exchange algorithm are introduced. The key exchange algorithm is based on the difficulty of calculating the nth partial sum of infinite numerical series where no exponentiation computation is required to share a secret key between two parties as in the Diffie–Hellman algorithm. With the proposed public key cryptosystem ciphering and deciphering of messages, online signing documents and verifying signatures do not require exponentiation computation while providing higher security level than the stateoftheart cryptosystems that depend on the difficulty of discrete logarithmic problem or factorizing large prime numbers. The proposed cryptosystem and signature scheme do not depend on elliptic curve cryptography or RSA cryptography that are computationally too slow, this makes the proposed cryptosystem and signature scheme computationally faster, easier to implement and more practical to be used in online transactions. It also provides a higher level of security as it provides forward secrecy and using large size symmetric keys to encrypt and decrypt messages in a significantly short time. Moreover, the proposed signature scheme can be used as a cryptographic hash function as the hash value significantly changes when a single letter in the document is changed. In comparison with the stateofthe art the experimental results show the superiority of the proposed key exchange algorithm and public key cryptosystem.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
In 1975 Diffie–Hellman proposed the public key cryptosystem [1]. It is a key exchange algorithm that is used to share public and private keys for ciphering and deciphering of messages in a secure way. To our best knowledge all cryptosystems are based on the difficulty of three problems namely the problem of factoring large integers, problem of computing nth residue classes and problem of computing discrete logarithms. Cryptosystems that are based on factoring large integers are the RSA cryptosystem that was described by Rivest–Shamir–Adleman [2] and probabilistic ciphering system that was described by Goldwasser and Micali [3]. Cryptosystems that are based on the difficulty of computing the nth residue classes are Paillier ciphering scheme described in [4], BGN described in [5] by Boneh–Goh–Nissim and Okamoto–Uchiyama in [6] which resembled the Paillier ciphering scheme. Taher ElGamal described a public cryptosystem and signature scheme based on the difficulty of computing discrete logarithms in [7]. Athena et al. introduced elliptic curve cryptography (ECC) uses the properties of elliptic curves to generate keys in [8]. In [9] Freeman used primeorder elliptic curve groups to construct secure pairingbased cryptosystem. In [10], Bahadori et al. proposed a method to speed up a secure generation of RSA public and private key values that are equipped on smart cards. In [11], Blackburn et al. involved the certification authority to generate RSAkeys. The certification authority (CA) does not now about the user’s private key. In [12], Sharma et al. presented a modified version of subsetsum problem over RSA algorithm called RSA algorithm using modified subset sum cryptosystem that relies on the fact that given a set of integers, does the sum of some nonempty subset equal exactly zero. However, this method still relies on RSA cryptography which makes it computationally too slow. Moreover, it is useless for authentication by cryptographic signing of documents. In [13], Ge et al. presented an efficient authentication method for secure key exchange among set of devices that have a single trusted administrator. In [14], Nagar et al. proposed a new method to exchange the values of the RSAkey offline generations between gateways. All generated key values are saved in tables within a database. Each key value includes the public and private key values. In [15], Patidar et al. proposed a modified form of RSA algorithm to speed up the implementation of RSA algorithm during data exchange across the network. The authors introduced a third prime number to produce modulus \(n\) that is not easily decomposed by intruders. In [16], Ashutosh Kumar Dubey et al. proposed a novel clouduser security method which is based on RSA cryptography and MD5 for resource attestation and sharing in java environment. In [17], Wuling Ren et al. proposed a hybridciphering algorithm based on the integration between DES and RSA to enhance the security of data transmission in Bluetooth communication. In this approach, DES algorithm is used for data transmission because of its higher efficiency in block ciphering, and RSA algorithm is used for the ciphering of the key of the DES because of its management advantages in key cipher. In [18], Arazi integrated the Diffie–Hellman key exchange into digital signature algorithm (DSA) by replacing a message in digital signature algorithm (DSA) with exchange key in the Diffie–Hellman to achieve mutual authentication of exchanged keys. In [19], Harn et al. proposed an enhanced integration of the Diffie–Helman and DSA for key exchange by providing three round protocols. In [20], Bernstein, released a key exchange protocol referred to as, Curve25519 that is an elliptic curve Diffie–Hellman key exchange protocol to establish a shared secret. More details on Curve25519 found in [21]. In [22, 23] a highperformance elliptic curve referred to as FourQ was introduced by Costello, C. and Longa, P. FourQ is 128bit security level. In [24], Alvarez et al. showed that standard Diffie–Hellman is little slower than the elliptic curve variants in key pair generation and much slower than elliptic curve invariants in secure key exchange. In [25], Kumar et al. proposed an enhanced Diffie–Hellman algorithm for reliable key exchange by employing the concept of primitive roots. In this algorithm, the sender and receiver to obtain a sharedsecret key use conventional Diffie–Hellman algorithm. Then the sender and receiver find the primitive root of their sharedsecret key. The Diffie–Hellman algorithm is used again to get a second secret key. Finally, the sender and receiver multiply their second sharedsecret key with their own random number and exchange it for getting a newshared secret key for every message and even for the same message. This enhanced Diffie–Hellman algorithm still relies on the conventional Diffie–Hellman algorithm for two rounds and use exponentiation computation in employing the primitive roots which make this algorithm computationally too slow. All the previous public key cryptosystems based on the standard Diffie–Hellman key exchange algorithm that based on the difficulty of discrete logarithmic problem. All ciphering schemes based on discrete logarithms require exponentiation operations for ciphering and deciphering which is computationally time consuming. The modified subset sum cryptosystem relies on RSA cryptography that requires the generation of two large prime numbers \(p\) and \(q\) which is the most difficult process in the RSA algorithm. All methods rely on RSA cryptography are computationally slow. Moreover, the modified subset sum cryptosystem does not allow for secure key exchange between two ends of a conversation. The proposed key exchange algorithm allows for secure exchange of shared secret key that does not require exponential time computation because no exponentiation operations are used. RSA cryptosystems based on elliptic curves are difficult to implement and computationally too slow. The elliptic curve Diffie–Hellman (ECDH) key exchange algorithm allow for two parties to exchange a shared secret key but it is also based on Diffie–Hellman algorithm in integration with elliptic curve cryptography which makes this cryptosystem computationally too slow. Compared to all above cryptosystems, the proposed public key cryptosystem and signature scheme do not depend on exponentiation computation that makes them simpler, computationally faster and provides a higher security level.
This paper introduces a new public key cryptosystem that based on a proposed secure key exchange algorithm and signature scheme that both rely on the difficulty of computing the nth partial sum of an infinite numerical series over a finite field. In case the infinite numerical series, the first term in this series \(a\) and large number of terms \(k\) are all kept secret i.e. unknown, it believes that for an attacker to compute the nth partial sum of an infinite numerical series is computationally intractable. The real contribution of this paper is a new algorithm for a secure key exchange other than the standard Diffie–Hellman algorithm or the enhanced Diffie–Hellman algorithm which both rely on exponentiation computation which makes them computationally too slow. The proposed key exchange algorithm depends on the difficulty of calculating the nth partial sum of infinite numerical series without using exponentiation computation. This makes the proposed algorithm simple, computationally faster, easy to implement and can be used for online ciphering and deciphering of messages and online signing documents. The proposed signature verification scheme can be used as a cryptographic hash function as the hash value significantly changes if there is any change in the document.
This paper organized as follows: Sect. 2 explains infinite numerical series over a finite field and a way to find the nth partial sum. Section 3 shows how to implement the proposed key exchange algorithm based on the difficulty of computing the nth partial sum of an infinite numerical series then shows how the proposed key exchange algorithm used in ciphering and deciphering of messages. Section 4 introduces a proof of the secure key exchange algorithm. Section 5 introduces a new digital signature scheme based on infinite numerical series over a finite field. Section 6 introduces a security analysis of the new digital signature scheme. Section 7 gives some properties of the proposed public key cryptosystem and the signature scheme. Section 8 dedicated for the implementation and experimental results. Section 9 contains conclusion.
2 Sum of series
Definition 1
Suppose we have an infinite sequence of numbers:
The expression
is called a numerical series, the numbers \(u_{1} ,u_{2} ,u_{3} , \ldots ,u_{n} , \ldots\) are called the terms of the series [26].
Definition 2
The sum of a finite number of terms (the first \(n\) terms) of a series called the nth partial sum of the series such that [26]:
If there exists a finite limit:
Then \(s\) called the sum the series in Eq. (1) and we say that the series converges.
If the \(\mathop {\lim }\limits_{n \to \infty } s_{n}\) does not exist i.e. \(s_{n} \to \infty\) as \(n \to \infty\) then the series has no sum and we say this series diverges.
3 Proposed public key system
Suppose that sender \(A\) and receiver \(B\) wants to share a secret key using two different infinite numerical series \(t_{1}\) and \(t_{2}\). Let \(A\) use series \(t_{1}\), \(B\) use series \(t_{2}\) and \(p\) is a large prime number that chosen by A. The two infinite numerical series \(t_{1}\) and \(t_{2}\) can randomly be chosen from a pool of infinite numerical series, the first term \(a\) and large number of terms \(k\) for each series are randomly chosen using true random number generator so that the last term \(k\) in each series is much greater than the first term \(a\) i.e. \(k \gg a\). Assume that user \(A\) randomly chose the first term \(a\) and large number of terms \(k\) in numerical series \(t_{1}\). In addition, user \(B\) randomly chose the first term \(b\) and large number of terms \(r\) in numerical series \(t_{2}\). Assume \(S_{A}\) is the kth partial sum of \(k\) terms in \(t_{1}\) and \(S_{B}\) is the rth partial sum of \(r\) terms in \(t_{2}\). Both users \(A\) and \(B\) can securely share a secret key as follows:
3.1 Key exchange algorithm

Select a very large prime number \(p\).

Private keys

\(S_{A}\): computed by user \(A\).

\(S_{B}\): computed by user \(B.\)


Public keys

Let \(A\) computes \(y_{A}\) such that:
$$y_{A} = S_{A } \,mod\,p$$(4) 
\(A\) sends \((y_{A} ,p)\) to \(B\).

Let \(B\) computes \(y_{B}\) as follows:
$$y_{B} = S_{B} \,mod\,p$$(5) 
\(B\) sends \(y_{B}\) to \(A\).

\(A\) and B compute \(y_{AB}\) as follows:
$$y_{AB} = y_{A} \cdot y_{B}$$(6)


Shared key

\(A\) computes \(S_{AB}\) as follows:
$$S_{AB} = ((y_{AB} \cdot y_{\varvec{B}} ) \cdot S_{A} )\,mod\,p$$(7) 
\(B\) computes \(S_{AB}\) as follows:
$$S_{AB} = ((y_{AB} \cdot y_{\varvec{A}} ) \cdot S_{B} )\,mod\,p$$(8)

Note that:
For an attacker it is difficult to compute the shared key \(S_{AB}\) as it is equivalent to computing the kth partial sum and rth partial sum of two different infinite numerical series \(t_{1}\) and \(t_{2}\) over two different finite fields without knowing the first term and the number of terms in each numerical series.
3.2 Ciphering
Suppose user \(B\) wants to encipher message \(m\) and sends it to user \(A\). The ciphering algorithm works as follows:

\(B\) computes the ciphered message \(m^{{\prime }}\) using the shared secret key \(S_{AB}\):
$$m^{{\prime }} = m \cdot S_{AB}$$(10) 
\(B\) sends \(m^{{\prime }}\) to \(A\).
Note that new \(S_{A}\), \(S_{B}\) and \(S_{AB}\) are generated for every message to improve security. So \(S_{A}\), \(S_{B}\) and \(S_{AB}\) are called ephemeral keys.
3.3 Deciphering
The deciphering algorithm works as follows:

\(A\) receives \(m^{{\prime }}\).

\(A\) uses the shared secret key \(S_{AB}\).

\(A\) recovers \(m\) by dividing \(m^{{\prime }}\) by \(S_{AB}\):
$$m = \frac{{m^{{\prime }} }}{{S_{AB} }} = \frac{{m \cdot S_{AB} }}{{S_{AB} }}$$(11)
4 Proof of secure key exchange algorithm
The proposed key exchange algorithm is based on the difficulty of calculating the nth partial sum of an infinite numerical series problem. Calculating the nth partial sum is based on the subset sum problem that is NPcomplete [27]. The subset sum problem is the following: given a set of \(n\) positive integers \(\left\{ {a_{1} ,a_{2} , \ldots ,a_{n} } \right\}\) and a positive integer \(S\), determine whether there is a subset of \(a_{i}\) that sum to \(S\). The subset sum problem is a decision problem in the complexity theory that states that NPcomplete problems are the hardest problems in NP in the sense that they are at least as difficult as every other problem in NP [27]. The problem of calculating the subset sum problem can be reduced to the nth partial sum of an infinite numerical series problem in polynomial time i.e. the subset sum problem ≤_{P} nth partial sum problem. The following algorithm reduces the subset sum problem to nth partial sum problem in polynomial time as follows:

Step 1 Let \(m\) be the number of terms in numerical series \(t\) such that \(m < n\), where \(n\) is the number of positive integers in the subset sum problem.

Step 2 Select \(z\) terms from the set of positive integers \(\left\{ {a_{1} ,a_{2} , \ldots ,a_{n} } \right\}\) of the subset sum problem such that \(z \gg m\).

Step 3 Sort all the \(z\) terms in an ascending order.

Step 4 Repeat for each (\(z_{i} ,z_{i + 1}\)) in the sorted list of z terms:
$${\text{If}}\;(z_{i} = z_{i + 1} )\,{\text{remove}}\,z_{i + 1} \;{\text{from}}\,{\text{the}}\,{\text{list}} .$$ 
Step 5 Choose the first \(m\) terms form the list obtained from step 4 as the terms of the numerical sequence \(t\).
The time complexity of step 1 is \({\text{O}}(1)\), the time complexity of step 2 is \({\text{O(z)}}\), the time complexity of sorting in step 3 is \({\text{O}}\left( {z^{2} } \right),\) the time complexity of step 4 is \({\text{O(z)}}\) while the time complexity of step 5 is \({\text{O}}({\text{m}})\). \({\text{Therefore}},\) the time complexity of the reduction algorithm is:
Since \({\text{m}}\) ≪ z therefore \({\text{O(m)}} \ll {\text{O(z)}}\) and since \({\text{O}}(z^{2} )\) is the highest order in Eq. (12), therefore \({\text{O}}(z^{2} )\) is dominating the time complexity of the reduction algorithm. This means that the reduction algorithm required to reduce the subset sum problem to the nth partial sum problem is a polynomial time algorithm. Since the subset sum problem is NPcomplete therefore calculating the nth partial sum of an infinite numerical series \(t\) is also NPcomplete problem.
For an attacker to compute the private key \(S_{A}\) for user \(A\) or the private key \(S_{B}\) for user \(B\) who are involved in a conversation is equivalent to the problem of calculating the nth partial sum of an infinite numerical series without knowing what numerical series is used by each user, the first term and number of terms in each numerical series which is proved to be NPcomplete. This proves the security of the proposed key exchange algorithm, proves the security of the proposed cryptosystem and proves the security of the proposed signature scheme.
Lemma
Let \(S\) be the nth partial sum of an infinite numerical series \(t\). Since the problem of computing \(S\) is NPcomplete then multiplying \(S\) by a constant \(C\) is also NPcomplete.
Proof
Let \(t = a_{1} + a_{2} + \cdots + a_{n} + \cdots\) is an infinite numerical series over a finite field. Let \(S\) be the nth partial sum of \(t\) as follows:
Multiply \(S\) by a constant \(C\) to get \(S_{C}\):
Therefore:
Substitute \(d_{i} = Ca_{i}\), \(\forall i = 1, \ldots ,n\)
Therefore:
which still nth partial sum of the infinite numerical series \(t\) that is NPcomplete. Therefore \(S_{C}\) is also NPcomplete problem.
5 Proposed digital signature scheme
A new signature scheme is described where the private key \(y_{r}\) depends on the sequence \((t_{1} , a, r)\) such that \(t_{1}\) is an infinite numerical series over a finite field, \(a\) is the first term in \(t_{1}\) and \(r\) is a large number of terms. The public key \(y_{k}\) depends on a different sequence \((t_{2} , b, k)\) such that \(t_{2}\) is a different infinite numerical series over a different finite field, \(b\) is the first term in \(t_{2}\) and \(k\) is a large number of terms. Assume \(m\) is a document to be signed by user \(A\) such that:

\(A\) generates the private key \(y_{r}\) as follows:
$$y_{r} = S_{r} \,mod\,p$$(17)where \(S_{r}\) is the rth partial sum of numerical series \(t_{1}\).

\(A\) generates the public key \(y_{k}\) as follows:
$$y_{k} = S_{k} \,mod\,p$$(18)where \(S_{k}\) is the kth partial sum of numerical series \(t_{2}\).
5.1 The signing procedure

\(A\) signs document \(m\) with the private key \(y_{r}\):
$$m_{r} = m \cdot y_{r}$$(19) 
\(A\) signs document \(m\) with the public key \(y_{k}\):
$$m_{k} = m \cdot y_{k}$$(20) 
\(A\) calculates \(m_{rk}\) as follows:
$$m_{rk} = m_{r} \cdot m_{k}$$(21) 
The signature for document \(m\) is (\(m_{rk} ,m_{r}\)).

\(A\) publishes the signature of document \(m\) and his public key \(y_{k}\) for any user to verify the signature.
5.2 The verification procedure
Assume user \(B\) wants to verify the signature of user \(A\) on document \(m\) by using the published sequence \((m_{rk} ,m_{r} ,y_{k} )\) as follows:

\(B\) computes \(m_{k}^{'}\) as follows:
$$m_{k}^{{\prime }} = m \cdot y_{k}$$(22) 
\(B\) computes \(m_{rk}^{'}\) as follows:
$$m_{rk}^{{\prime }} = m_{k}^{{\prime }} \cdot m_{r}$$(23) 
If \(m_{rk} = m_{rk}^{'}\) then the signature of user \(A\) is verified otherwise the signature is unverified or the original document \(m\) may be changed.
6 Security analysis
The security of the proposed digital signature scheme based on the assumption that given two infinite numerical series \(t_{r}\) and \(t_{k}\) it is computationally intractable to compute \(m_{r}\) from its partial sums \(S_{r}\) and compute \(m_{k}\) from its partial sum \(S_{k}\) given the following unknowns:

The numerical series used.

The first term \(a\) of series \(t_{r}\).

Large number of terms \(r\) of series \(t_{r}\) which are randomly chosen from \([1,n_{r} ]\) where \(n_{r}\) is the total number of terms in the infinite numerical series \(t_{r}\).

The first term \(b\) of series \(t_{k}\).

Large number of terms \(k\) of series \(t_{k}\) which are randomly chosen from \([1,n_{k} ]\) where \(n_{k}\) is the total number of terms in the infinite numerical series \(t_{k}\).

A very large prime number p.
In this section, we analyse the possible attacks on the signature scheme which are equivalent to computing the nth partial sum of an infinite numerical series over a finite field. Some of these attacks are focused on recovering the secret key \(y_{r}\) and other attacks focus on forging the signature (\(m_{rk} ,m_{r}\)). The attacks to recover private key \(y_{r}\) is difficult because it requires recovering \(S_{r}\) from its \(y_{r}\). Since \(y_{r}\) depends on \(S_{r}\) which is not used twice to sign a new document, and by using very large prime number \(p\) it is difficult for an intruder to recover \(S_{r}\) from \(y_{r}\).
For attacks focus on forging the signature (\(m_{rk} ,m_{r}\)) of user \(A\) a forger may try to find the sequences \((t_{r} , a, r)\) and \((t_{k} , b, k)\). The forger tries different infinite numerical series with different random values for \(a, r\) to compute \(S_{r}\) and different random values for \(b, k\) to compute \(S_{k}\) which are equivalent to compute the rth partial sum of infinite numerical series \(t_{r}\) and the kth partial sum of infinite numerical series \(t_{k}\) with unknown parameters \(a\), \(r\) and \(b, k\) respectively. Suppose there is a pool of \(l\) different infinite numerical series with different finite fields to choose from, therefore the probability for choosing the correct infinite numerical series \(t_{r}\) is \(\frac{1}{l}\). The probability to recover \(m_{r}\) is equivalent to the joint probability \(p\left( {t_{r} ,n_{r} } \right)\) of choosing the correct numerical series \(t_{r}\) and the correct number of terms \(n_{r}\). As choosing \(t_{r}\) is independent of choosing \(n_{r}\) therefore the joint probability \(p\left( {t_{r} ,n_{r} } \right)\) is the product of the probabilities \(p\left( {t_{r} } \right)\) and \(p\left( {n_{r} } \right)\) where \(p\left( {n_{r} } \right)\) is the probability of choosing the correct infinite numerical series \(t_{r}\) and \(p\left( {n_{r} } \right)\) is the probability of choosing the correct \(n_{r}\) terms to calculate the partial sum \(S_{r}\), therefore:
where \(N\) is the size of the numerical set an attacker can choose the \(n_{r}\) terms from it.
In order for the attacker to increase the possibilities to pick up the correct \(n_{r}\) terms, the size of the set of the numerical set \(N\) must increase.
Therefore:
Also, the probability to recover \(m_{k}\) is equivalent to the joint probability \(p\left( {t_{k} ,n_{k} } \right)\) of choosing the correct numerical series \(t_{k}\) and the correct number of terms \(n_{k}\). Since choosing \(t_{k}\) is independent of choosing \(n_{k}\) therefore the joint probability \(p\left( {t_{k} ,n_{k} } \right)\) is the product of the probabilities \(p\left( {t_{k} } \right)\) and \(p\left( {n_{k} } \right)\) where \(p\left( {n_{k} } \right)\) is the probability of choosing the correct infinite numerical series \(t_{k}\) and \(p\left( {n_{k} } \right)\) is the probability of choosing the correct \(n_{k}\) terms to calculate the partial sum \(S_{k}\), therefore:
where \(N\) is the size of the numerical set an attacker can choose \(n_{k}\) terms from it.
For the attacker to increase the possibilities to pick up the correct \(n_{k }\) terms, the size of the set of elements \(N\) must increase.
Therefore:
Since choosing the infinite numerical series \(t_{r} ,t_{k}\) is independent of each other therefore the probability to recover \(m_{rk}\) from its components \(m_{r}\) and \(m_{k}\) is the product of the probabilities to recover \(m_{r}\) and \(m_{k}\) such that:
Therefore:
where \(N\) is the size of the numerical set an attacker can choose \(n_{r} , n_{k}\) terms from it.
We believe it is not feasible to calculate \(y_{r}\) by solving the following equation using \(S_{r}\):
Also, we believe it is not feasible to calculate \(y_{k}\) by solving the following equation using \(S_{k}\):
The proposed cryptosystem provides forward secrecy. Forward secrecy protects past encrypted messages from future compromises of shared secret keys. By generating a unique shared secret key for each message to be ciphered then the compromise of a single shared secret key will not affect any message other than that ciphered using that particular shared secret key. Since the proposed cryptosystem relies on the difficulty of computing the nth partial sum of an infinite numerical series this allows for an infinite numerical space to choose different values for the first term and the number of terms in the numerical series each time a new message is encrypted.
A semantic security ciphering scheme must fulfill the following requirement which is: “It is infeasible to learn anything about the plaintext from the cipher text”. In other words: “Whatever an eavesdropper can compute about the plain text given the cipher text, he can also compute without the cipher text” [28]. Semantic security is commonly defined by the following game:
Let \(M\) be the set of all possible messages and \(T\) be the set of all possible numerical series.

Initialize The challenger \(A\) gives the public key \(key_{A}\) to adversary \(B\) and keeps the shared key \(S_{AB}\) with himself.

Phase 1 The adversary asks different ciphering queries to encrypt message \(m_{i} \in M, i = 1 \ldots N\). Each query uses different infinite numerical series \(t_{i} \in T, i = 1 \ldots N\) with different first term \(a_{i}\) and different number of terms \(k_{i}\) such that:
$$m_{i}^{\prime} = E(m_{i} ,y)\,{\text{where}}\,E\,{\text{is}}\,{\text{the}}\,{\text{ciphering}}\,{\text{algorithm}} .$$ 
Challenge When the adversary decides that phase 1 is over he chooses two equal length plaintext messages (\(m_{i} , m_{j}\)) such that \(i \ne j\) on which he wishes to be challenged. The challenger picks message \(m_{i}\) and sends the adversary \(m_{i}^{'} = E\left( {m_{i} ,S_{AB} } \right)\) as a challenge to the adversary.

Phase 2 The adversary issues more ciphering queries as in Phase 1.

Guess The adversary outputs a guess \(m_{i}^{{\prime \prime }}\) and wins the game if \(m_{i}^{{\prime \prime }} = m_{i}^{{\prime }}\).
7 Proposed scheme properties

A.
The proposed ciphering scheme has an additive homomorphic property: by the distribution property, it is clear that ciphering the sum of \(m_{1}\) and \(m_{2}\) produces a ciphertext equivalent to the sum of \(E\left( {m_{1} } \right)\) and \(E\left( {m_{2} } \right)\) so that:
$$E(m_{1} + m_{2} ) = E(m_{1} ) + E(m_{2} )$$(33)
Proof
Given two different messages \(m_{1}\) and \(m_{2}\):
Unfortunately, the proposed ciphering scheme has no multiplicative homomorphic property.

B.
For the secure key exchange, ciphering and deciphering of messages no exponentiation computations are required which make the proposed scheme significantly faster and more practical than the stateoftheart key exchange algorithms and cryptosystems that are based on the difficulty of discrete logarithmic problem or factoring large prime numbers while producing a higher security level.

C.
For signing the documents no exponentiation computations are required and the same for signatures verification.

D.
The signature scheme can be used as cryptographic hash function to verify that a document is not tampered with as the hash value of a document is changed significantly if there is any change in the document. For example, if an upper case letter is changed to lower case letter or vice versa the hash value of the document is changed significantly.
See “Appendix 2”.
8 Implementation
The proposed key exchange cryptosystem is implemented on Intel Core i3 using MatLab R2017a. In this implementation a random number generator is used to choose the first term and a large number of terms in two different numerical series. The last term generated by the random number generator must be much greater than the first term in each numerical series.
User \(A\) enters a very large prime number \(p\) to be used in the ciphering and deciphering processes. Assume \(A\) chose an infinite numerical series \(n^{2}\) as follows:
The partial sum of its \(k\) terms starting from the ath term to the kth is:
where \(a\) the first term and \(k\) is the last term in the numerical series.
Assume \(B\) chose another infinite numerical series \(2n + 1\) which is:
The partial sum of its \(r\) terms starting from the bth term is:
where \(b\) is the first term and \(r\) is the last term in this numerical series.
Note that \(a\), \(b\), \(r\) and \(k\) are all chosen using a true random number generator such that \(k \gg a\) and \(r \gg b\).
User \(A\) calculates the kth partial sum \(S_{A}\) using his numerical series and calculates \(y_{A}\) using the chosen large prime number \(p\). In this implementation, the length of \(p\) is 78 digits for a key of size 128 bits, 92 digits for keys of sizes 256 bits and 512 bits, 184 digits for keys of sizes 1024 bits and 693 digits for 2048 bits.
User \(A\) sends (\(y_{A} ,p\)) to user \(B\) who calculates the rth partial sum \(S_{B}\) using his numerical series then calculates \(y_{B}\) using the large prime number \(p\) sent by user \(A\). The function share_key_generation() implements the secure key exchange algorithm between the two parties in conversation so that each party will have a shared secret key. The function has no input but its outputs are the public key for user \(A\) which is \(y_{A}\), the private key for user \(A\) which is \(S_{A}\), the public key for user \(B\) which is \(y_{B}\) and the private key for user \(B\) which is \(S_{B}\) and the shared secret key \(S_{AB}\) between users \(A\) and \(B\). The function cipher() implements the ciphering of message \(m\) by user \(B\) using the shared secret key with user \(A\). This function has no inputs but the output is the ciphered message \(mciph\). The function decipher (\(mciph\)) is implemented by the receiver user A, its input the ciphered message \(mciph\) and its output the deciphered message \(m\). See “Appendix 1” for a practical example.
To significantly minimize the generation time for the kth partial sum \(S_{A}\) and rth partial sum \(S_{B}\) for these keys are evaluated using the number of terms used to generate keys of sizes \(< 512\)bits. Finally, the final values for \(S_{A}\) and \(S_{B}\) are obtained by multiplying \(S_{A}\) with a large constant \(C_{A}\) and multiplying \(S_{B}\) with a large constant \(C_{B}\) to obtain the required key size. These large constants are selected empirically and must be changed for every new message to improve the security level.
Table 1 shows a comparison of key generation time, ciphering time, deciphering time and total execution time in milliseconds between the proposed cryptosystem, modified subset sum cryptosystem and standard RSA. Figure 1 shows a comparison in seconds between key generation time of 128bit single key pair RSA, DH, P256, Curve25519, FourQ and 128bits key of the proposed key exchange algorithm.
The proposed signature scheme is implemented using the functions: keys_generation() to generate the public key \(y_{k}\) and private key \(y_{r}\), sign_document() and verify_signature().
See “Appendix 2” for a practical example.
From Table 1, it is clear that the average time for generating 128bits key in RSA and MSSRSA is 16 ms while the average time for generating the same key size using the proposed key exchange algorithm is 0.222 ms which means that it is 98.61% faster than RSA and MSSRSA. The average time to cipher messages of sizes 32 and 64 elements using MSSRSA is 165 ms and using RSA is 55 ms while it takes 6 ms using the proposed cryptosystem. This means that the proposed cryptosystem is 96.36% faster than MSSRSA to cipher a message of 32 elements and 89.09% faster than RSA to cipher the same message. The average time to decipher messages of size 32 elements and 64 elements using the MSSRSA takes 63 ms and using the RSA it takes 55 ms while using the proposed cryptosystem it takes 0.542 ms. This means that the proposed cryptosystem is 99.14% faster than MSSRSA and 99.01% faster than RSA. The total average execution time for MSSRSA is 243 ms, 118 ms for RSA and 7 ms for the proposed cryptosystem. This means that the proposed cryptosystem is faster 97.12% than MSSRSA and 94.07% faster than RSA.
The average time for generating a key of size 512bits using MSSRSA is \(89\;{\text{ms}}\) and by using RSA is \(73 \,{\text{ms}}\) while the average key generation time for the same key size using the proposed key exchange algorithm is \(2\,{\text{ms}}\) which is 97.75% faster than MSSRSA and 97.26% faster than RSA. The average time for ciphering messages of size 32, 64 and 128 elements with 512bits key size using MSSRSA is \(573 \,{\text{ms}}\), \(261\,{\text{ms}}\) for RSA and \(9\;{\text{ms}}\) for the proposed cryptosystem. This means that the proposed cryptosystem is \(98.42\%\) faster than MSSRSA and 96.55% faster than RSA. The average time for deciphering messages of size 32, 64 and 128 elements for MSSRSA is \(1031\;{\text{ms}}\), for RSA is \(1000 \;{\text{ms}}\) while for the proposed cryptosystem is \(2\;{\text{ms}}\). This means that the proposed cryptosystem is faster than the MSSRSA by \(99.81\%\) and faster than RSA by 99.80%. The average total execution time for MSSRSA is \(1678\;{\text{ms}}\), \(1334\;{\text{ms}}\) for RSA and \(65\;{\text{ms}}\) for the proposed cryptosystem. This means that the proposed cryptosystem is \(96.12\%\), faster than MSSRSA and 95.13% faster than RSA.
The average time for generating a key of size 1024bits using MSSRSA is \(3629\;{\text{ms}}\) and using RSA is \(484\;{\text{ms}}\) however by using the proposed key exchange algorithm is \(14\;{\text{ms}}\),which means that the proposed key exchange algorithm is 99.61% faster than MSSRSA and 97.11% faster than RSA. The average ciphering time for messages of size 32, 64, 128 and 512 elements using 1024bits key size and using MSSRSA is \(3176 \;{\text{ms}}\), using RSA is \(1238 \;{\text{ms}}\) while using the proposed cryptosystem it is \(26\;{\text{ms}}\). This means that the proposed cryptosystem is 99.18% faster than MSSRSA and 97.89% faster than RSA. The average deciphering time for messages of size 32, 64, 128 and 512 elements using MSSRSA is \(5176\;{\text{ms}}\), RSA is \(5485\;{\text{ms}}\) while using the proposed cryptosystem is \(2\;{\text{ms}}\). It is clear that the proposed cryptosystem is 99.96% faster than MSSRSA and 99.96% faster than RSA for deciphering messages. The average total execution time for MSSRSA is 11,980 ms, \(7207\;{\text{ms}}\) for RSA and finally the average execution time for the proposed cryptosystem is \(41\;{\text{ms}}\). The proposed scheme is faster 96.66% than MSSRSA and faster than RSA by 99.43%.
The key generation time for the key of size 2048bits using MSSRSA is 11,985 ms and using RSA is \(4591\;{\text{ms}}\) while using the proposed key exchange algorithm is \(7\;{\text{ms}}\) which means that the proposed key exchange algorithm 99.94% faster than MSSRSA and 99.85% faster than RSA. The ciphering time for messages of size 32, 64, 128, 512 and 1024 elements for the MSSRSA is \(4135\;{\text{ms}}\), \(1957\;{\text{ms}}\) for RSA and \(38 \;{\text{ms}}\) for the proposed cryptosystem that means that the proposed cryptosystem is 99.08% faster than MSSRSA and \(98.05\%\) faster than RSA. The average deciphering time for messages of size 32, 64, 128, 512 and 1024 elements for MSSRSA is 31,278 ms, 31,978 ms for RSA and \(5\;{\text{ms}}\) for the proposed cryptosystem. This means that the proposed cryptosystem is 99.98% faster than MSSRSA and 99.98% faster than RSA. The average total execution time for MSSRSA is 47,397 ms, 38,525 ms for RSA while it is \(50\;{\text{ms}}\) for the proposed cryptosystem. This means that the proposed cryptosystem is \(99.89\%\) faster than MSSRSA and 99.87% faster than RSA.
Therefore, the general average time of key generation for MSSRSA is \(3930\;{\text{ms}}\), and for RSA is \(1291\;{\text{ms}}\) while for the proposed key exchange algorithm is \(6\;{\text{ms}}\). The general average time of message ciphering for MSSRSA is \(3975\;{\text{ms}}\) and for RSA is \(878\;{\text{ms}}\) while for the proposed cryptosystem is \(4\;{\text{ms}}\). The general average time of message deciphering for MSSRSA is \(9387\;{\text{ms}}\), and for RSA is 9630 ms while for the proposed cryptosystem is \(2\;{\text{ms}}\).
Figure 1 shows a comparison of the key generation time between the proposed key exchange algorithm and stateoftheart Curve25519, DH, P256 and FourQ cryptosystems. The average key generation time using the proposed key exchange algorithm is \(0.00012\) s which is less than the stateoftheart cryptosystems. Table 1 shows the superiority of the proposed cryptosystem over the stateofthe art cryptosystems.
It is clear from the above analysis that the proposed cryptosystem and key exchange algorithm are significantly faster than the stateoftheart key exchange algorithms and cryptosystems; this makes the proposed cryptosystem and signature scheme more practical to be used in practice and especially in online transactions.
9 Conclusion
This paper described a public key cryptosystem and a signature scheme which employ a proposed secure key exchange algorithm that is based on the difficulty of computing the nth partial sum of infinite numerical series over finite fields. Without using exponentiation for ciphering and deciphering of messages or signing documents and signature verifications the experimental results show that the proposed public key cryptosystem is easier to implement, computationally faster and more practical than stateoftheart cryptosystems which are based on discrete logarithms, elliptic curves or factoring large prime numbers. Also, the proposed cryptosystem provides a higher level of security as the size of the shared secret key can be enlarged significantly with a very short time for key generation, ciphering and deciphering of messages. It supports forward secrecy because the first term and total number of terms in each numerical series involved in the key exchange algorithm are changed each time a message is ciphered. By generating a unique shared secret key each time a message is ciphered, the compromise of single shared secret key will not affect any ciphered message other than that specific message that is ciphered by that key. Finally, the signature scheme can be also used as a cryptographic hash function as the hash value changes significantly with any change in the document.
References
Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654
Rivest R, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public key cryptosystems. Commun ACM 21(2):120–126
Goldwasser S, Micali S (1982) Probabilistic ciphering and how play mental poker keeping secret all partial information. In: Proceedings of 14th symposium on theory of computing, pp 365–377
Paillier P (1999) Public key cryptosystem based on composite residue classes. In: Proceedings of advances in cryptology, EUROCRYPT99, pp 223–238
Boneh D, Goh E, Nissim K (2005) Evaluating 2DNF formulas on ciphertexts. In: Proceedings of theory of cryptography, TCC’05, pp 325–341
Okamoto T, Uchiyama S (1998) A new public key cryptosystem as secure as factoring. In: Proceedings of advances in cryptology, EUROCRYPT’98, pp 308–318
ElGamal T (1985) A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans Inf Theory 31(4):469–472
Athena J, Sumathy V (2017) Survey on public key cryptography scheme for securing data in cloud computing. Circuits Syst 8:77–92
Freeman DM (2010) Converting pairingbased cryptosystems from compositeorder groups to primeorder groups. In: Proceedings of advances in cryptology, EUROCRYPT’10, pp 44–61
Bahadori M, Mali MR, Sarbishei O, Atarodi M, Sharifkhani M (2010) A novel approach for secure and fast generation of RSA public and private keys on smart card. In: 8th IEEE international NEWCAS conference (NEWCAS), pp 265–268
Blackburn SR, Galbraith SD (2000) Certification of secure RSA keys. Electron Lett 36:29–30
Sharma S, Sharma P, Dhakar RS (2011) RSA algorithm using modified subset sum cryptosystem. In: 2nd International conference on computer and communication technology (ICCCT2011), Allahabad, pp 457–461. https://doi.org/10.1109/iccct.2011.6075138
Ge H, Tate SR (2006) Efficient authenticated keyexchange for devices with a trusted manager. In: Third international conference on information technology: new generations (ITNG’06), pp 198–203
Nagar SA, Alshamma S (2012) High speed implementation of RSA algorithm with modified keys exchange. In: 6th International conference on sciences of electronics, technologies of information and telecommunications (SETIT), Sousse, pp 639–6422012. https://doi.org/10.1109/setit.2012.6481987
Patidar R, Bhartiya R (2013) Modified RSA cryptosystem based on offline storage and prime number. In: IEEE international conference on computational intelligence and computing research, Enathi, pp 1–6. https://doi.org/10.1109/iccic.2013.6724176
Dubey AK, Dubey AK, Namdev M, Shrivastava SS (2011) Clouduser security based on RSA and MD5 algorithm for resource attestation and sharing in java environment. Int J Adv Comput Res 1:2
Ren W, Miao Z (2010) A hybrid ciphering algorithm based on DES and RSA in bluetooth communication. In: Second international conference on modeling, simulation and visualization methods, pp 221–225
Arazi A (1993) Integrating a key cryptosystem into the digital signature standard. Electron Lett 29:966–967
Harn L, Mehta M, Hsin WJ (2004) Integrating Diffie–Hellman key exchange into the digital signature algorithm (DSA). IEEE Commun Lett 8:198–200
Bernstein DJ, Birkner P, Joye M, Lange T, Peters C (2008) Twisted Edwards curves. In: Proceedings of the international conference on cryptology in Africa, Casablanca, Morocco. Springer, Berlin, pp 389–405
Chou T (2015) Fastest Curve25519 implementation ever. In: Proceedings of the workshop on elliptic curve cryptography standards, Gaithersburg, MD, USA
Longa P (2016) FourQNEON: faster elliptic curve scalar multiplications on ARM processors. In Proceedings of the selected areas in cryptographySAC, St. John’s, NL, Canada
Costello C, Longa P (2015) FourQ: fourdimensional decompositions on a Qcurve over the Mersenne prime. In: Proceedings of the international conference on the theory and application of cryptology and information security, Kaoshiung, Taiwan. Springer, Berlin, pp 214–235
Alvarez R, CaballeroGil C, Santonja J, Zamora A (2017) Algorithms for lightweight key exchange. Sensors 17:1517. https://doi.org/10.3390/s17071517
Kumar C, Vincent PM (2017) Enhanced Diffie–Hellman algorithm for reliable key exchange. In: IOP conference series: materials science and engineering, vol 263, p 042015. https://doi.org/10.1088/1757899x/263/4/042015
Piskunov N (1974) Differential and integral calculus, vol II. MIR Publishers, Moscow, pp 253–295
Menezes AJ, van Oorschot PC, Vanstone SA (1997) Handbook of applied cryptography. CRC Press, Boca Raton
Goldwasser S, Micali S (1984) Probabilistic ciphering. J Comput Syst Sci 28:270–299
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The author declares that there is no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendices
Appendix 1
For simplicity assume that user \(A\) chose a small prime number p = 179, which is not used in practice and was not in the experiments, the first term \(a\) of the numerical series \(n^{2}\) is 1 and the number of terms is 7. User \(A\) calculates the partial sum \(S_{A} = 20784\) and generates the key \(y_{A} = 20\). User \(A\) sends his public key (\(y_{A}\), \(p\)) to user B. User \(B\) uses the numerical series \(2n + 1\), the first term \(b\) is 1 and the number of terms is 10. User \(B\) calculates the partial sum \(S_{B} = 9960\) and generates the key \(y_{B} = 115\). User \(A\) calculates \(y_{AB} = 2300\) and user \(B\) calculates \(y_{AB} = 2300\).
User \(A\) calculates his key as follows:
User \(B\) calculates his key as follows:
Assume user \(B\) wants to send an encrypted message to user A. Assume the message is “\(Hello\)”.
User \(B\) finds the ASCII code of message \(m\):
User \(A\) encodes this message by multiplying each ASCII code with the shared secret key \(S_{AB} = 13\).
The ciphered message is:
To decode the ciphered message user \(A\) divides each ciphered ASCI code by the shared secret key \(S_{AB} = 13\)
The ASCII Code of the deciphered message is:
Appendix 2
Assume that user \(A\) will sign document m = “Hello” using the sign document scheme based on infinite numerical series. For simplicity assume that user \(A\) chose prime number \(p = 179\) and the numerical series \(n^{2}\) to generate his private key \(y_{r}\) in order to sign document \(m\), the first term \(a\) and the number of terms \(r\) of the numerical series are randomly chosen assume the first term \(a = 17\) and last term \(r = 40\). Assume that user \(A\) chose a different numerical series \(2n + 1\) to generate his public key \(y_{k}\) to be used by any other user to verify his signature, the first term \(b\) of the series and the number of terms \(k\) are also randomly selected assume \(b = 19, \,k = 100\).
User \(A\) calculates the partial sum \(S_{r} = 20644\) and generates his private key \(y_{r} = 59\). Also, user \(A\) calculates the partial sum \(S_{k} = 9840\) and generates his public key \(y_{k} = 174\).
User \(A\) calculates \(m_{r} = 36521\), \(m_{k} = 107706\) and \(m_{rk} = 3933530826\).
User \(A\) publishes the signature (\(3933530826\), \(36521\)) and publishes his public key \(y_{k} = 174\).
Now assume user \(B\) wants to verify that user \(A\) signed document \(m\) suppose document \(m\) is not changed i.e. m = “Hello”.
User \(B\) calculates:\(m_{{k_{1} }} = 107706\).
Since \(m_{{rk_{1} }} = m_{rk}\) then the signature of user \(A\) is verified and the document is not changed.
Now, assume the signature of user \(A\) is changed i.e. either \(m_{rk}\) or \(m_{r}\) is changed. Assume \(m_{r}\) is changed to be \(m_{{r_{1} }} = 13666\), so user \(B\) calculates:
since \(m_{rk} = 3933530826\), \(m_{{rk_{1} }} = 1471910196\) then \(\left {m_{rk}  m_{{rk_{1} }} } \right\) = 2461620630 which means that: \(m_{rk} \ne m_{{rk_{1} }}\). Therefore, the signature is not verified.
Now, assume that a hacker changed document m to m_{1} = “Hell” with letter “o” removed. User \(B\) calculates \(m_{{k_{1} }} = 87000\) and \(m_{{rk_{1} }} = 3177327000\), since \(m_{rk} = 3933530826\) then\(\left {m_{rk}  m_{{rk_{1} }} } \right = 756203826\) which means the signature is not verified or the document changed. Assume that the hacker changed document \(m\) to m_{2} = “hello” with capital letter “H” is replaced by small letter “h” then user \(B\) calculates:\(m_{{k_{1} }} = 108924\) and \(m_{{rk_{1} }} = 3978013404\) so \(\left {m_{rk}  m_{{rk_{1} }} } \right = 44482578\) which means that the signature is not verified or the document may be changed. It is clear from the previous two cases that the proposed signature scheme is too sensitive to any change in the document even if a letter is changed from uppercase to lowercase and vice versa. Hence, the proposed signature scheme can be used as a cryptographic hash function.
Rights and permissions
About this article
Cite this article
Nagaty, K.A. A public key cryptosystem and signature scheme based on numerical series. SN Appl. Sci. 2, 142 (2020). https://doi.org/10.1007/s4245201919288
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s4245201919288