Diffie-Hellman Protocol with a Combination of Hyperelliptic Curves and Neural Synchronization

This work proposes a new cryptosystem, combining a Diffie-Hellman protocol in which hyperelliptic curves over GF(2n) are implemented, with a Tree Parity Machine (TPM) synchronization. Security proposed for this cryptosystem is focused on overcoming a weakness of neuronal synchronization. Specifically, the stimulus vector that is public, which allows an attacker to try to synchronize with one of the participants of the synchronization. Focusing on this weakness, there are the following attacks: genetic attack, geometric attack and probabilistic attack. In the proposed cryptosystem, the initial stimulus vector will be hidden, because this vector is obtained as the common secret key in the Diffie-Hellman protocol. Then in each iteration, the stimulus vectors will be kept secret. This condition causes the learning time tlear to increase by a term of approximately 115% regarding the synchronization time tsync on average when the proposed cryptosystem is compared to the classic TPM synchronization.


INTRODUCTION
Cryptography is the practice and study of techniques for secure communications, it has been approached by many researchers in several applications as the well-known cryptographic protocol of public-key Diffie-Hellman and the ElGamal encryption [1], another of these public-key applications is the one based on Hyperelliptic Curves [2], despite its computational complexity, this application offers security within smaller keys.Another publickey application is the use of Neural Networks Synchronization [3], which is based on the exchange of information between two neural networks ending in the synchronization of their hidden weights acting as the secret key on a communication.This paper is organized as follows.Section 2 introduces an overview of TPM neural networks and their synchronization.Section 3 presents the essential definitions about hyperelliptic curves.Section 4 provide a detailed explanation and the highlights of the proposed cryptosystem.Section 5 presents the analysis of results.Section 6 presents the conclusions and future work.

NEURAL NETWORKS
Generally, a neural network is a machine that is designed to model the way in which the brain performs a single task or function of interest; the network is usually implemented by using electronic components or is simulated in software on a digital computer [4].
One special kind of neural network called Tree Parity Machine (TPM) are used for a secure key exchange, it is based on the synchronization of two of them [3].Each TPM has the following elements: it has only one output , hidden neurons and input units.The input units have values .The synaptic weights are , where L ∈ !they are selected previously and each part selects initially their own weight vector W !" != w ij ( ) randomly.The output of neuron is given by ( 1) where sgn (•) is defined by ( 2) And the output of the TPM is given by ( 3) Also, it is necessary to choose a learning rule that adjust the weights because the initial weights in every TPM are different (selected randomly), and is necessary to make them identical to complete the synchronization process.Note that the sender output goes to the receiver, and the receiver feeds back his output to the sender.Then, both networks are trained with the output of its partner with the learning rule ( 4) where is the Heaviside function and, .
Only weights belonging to the one hidden units which are in the same state as that of their output unit are updated, in each one of the networks.Note that, using this dynamical rule, the sender is trying to imitate the response of the receiver and the receiver is trying to imitate the one of the sender.This rule (Random Walk) has been selected over others because all other suitable learning rules (Hebbian and Anti-Hebbian) converge to it in the limit [5].

HYPERELLIPTIC CURVES
A Galois field GF(p n ) is a finite set with two operations, addition and multiplication , such that (GF(p n ),+) is a commutative group.The nonzero elements together with the multiplication (GF(p n )-{0}, *) form a commutative group.Furthermore, the product is distributive over the addition [7,8].
Galois fields GF(p n ) can be built from GF(p).And these fields are called extensions of GF(p).Primitive polynomials P(x) of degree n defined over GF(p), are used for this construction [8].Thus, the field GF(p n ) has p n -1 distinct elements.Each non-zero element of GF(p n ) can be represented as ( 5) where is a root of the primitive polynomial P(x) chosen for the construction.
Hyperelliptic curves are a special class of algebraic curves and can be viewed as generalizations of elliptic curves [2,6].They hold a series of definitions and properties that can be viewed next.
Definition 1: A hyperelliptic curve C of genus g 1 over a Galois field GF(p n ) is an equation of the form (6) where h(u), f (u) are polynomials with coefficients in GF(p).Further, h(u) has degree at most g, and f (u) is a monic polynomial of degree 2g+1.And, there are no solutions (u,v) GF(p n ) × GF(p n ) which simultaneously satisfy the hyperelliptic curve equation and their partial derivatives 2v + h(u) = 0 and h (u) v -f (u) = 0.
Example 2: The hyperelliptic curve C: v 2 + (u 2 + u) v = u 5 + u 3 + 1 over GF (2 5 ) has the polynomials h(u) = u 2 + u and f(u) = u 5 + u 3 + 1.Some of the points that satisfy the equation of C are listed in Table 2.
A divisor is a formal sum of points on C given by ( 7) where only a finite number of the integers m p are nonzero, and is the point at infinity in the projective plane, for more details about these topics the reader can review the appendix in [2].
A divisor can be represented as two polynomials as stated in the next theorem: Theorem: Let D = m i P i -( m i ) be a divisor, where There exists a unique polynomial b(u) satisfying: (1) The divisors addition is developed with the two following algorithms: Table 2. Some points of C: v 2 + (u 2 + u) v = u 5 + u 3 + 1 over GF(2 5 ).
Once Alice and Bob has reached this level both sides will select their own weights vector W !" !A ,W !" !B randomly and secret, in every step of the synchronization they will exchange their output A , B to adjust their weights, and a shift number S A , S B that will move the components in vector X !" 0 to the right S A + S B .This way the input values will be kept secret and after the process both sides will have a secret common set of weights W !" !c .

RESULTS DISCUSSION
Focusing in the weakness of the neural synchronization, is necessary to clarify that: In an attack of genetic type, the intention is to define the evolution of the population formed by the stimulus vectors of each TPM used in each iteration to predict the weights [9,10].
In an attack of geometric type, the intention is to define the surface formed by the stimulus vectors of each TPM used in each iteration to predict the weights [9,10].
In a probabilistic attack, the intention is to define the probability distribution for the stimulus vectors of each TPM used in each iteration and try to predict the weights vector [9,10].
By cascading the Diffie-Hellman protocol implemented with hyperelliptic curves with the neuronal synchronization of TPMs, the stimulus vector is hidden in each iteration, keeping the first vector of stimuli secret X !" 0, and making slides on it at each iteration.Thus, the learning time t lear , which corresponds to the time necessary for the attack, increases, making very difficult for the intruder to synchronize his TPM with one used by Alice or Bob.
Using the experimental results presented in [11,12] it is possible to estimate the growth of learning time t lear , as a time-dependent synchronization variable t sync , In particular, the authors of [11,12] measure t sync and t lear for L = 1,2,3,4.Where t sync and t lear are the number of steps to synchronize.These measurements are shown in Table 3.Then, from the analysis of these measurements it can be established that t lear grows exponentially in respect of t sync .Figure 2 shows the growth of t lear as a function of t sync .On average the learning time increases in a term of approximately 115% for 100 400, when using the combination of the Diffie-Hellman protocol implemented with hyperelliptic curves with neuronal synchronization of TPMs (DH-HC-TPM Synchronization).

CONCLUSIONS
In this paper has been presented a new cryptosystem that combines Diffie-Hellman protocol using hyperelliptic curves and a public-key exchange based on neural synchronization.Then, in this cryptosystem the initial stimulus vector will be hidden, because this vector is obtained as the secret common key in Diffie-Hellman protocol.Then, in each iteration, the stimulus vectors will be kept secret.This condition makes that the learning time t lear increases in a term of approximately 115% in respect of synchronization time t sync on average, when the proposed cryptosystem is compared to the classic TPM synchronization.
As future works the synchronization for other neural network topologies will be studied.Furthermore, the proposed algorithm will be evaluated on a Visible Light Communication (VLC), Fading, and Wired channels.

Algorithm 1 [ 2 ] 1 . 1 = e 1 a 1 +e 2 a 2 . 2 .
INPUT: Divisors D 1 = (a 1 (u), b 1 (u)) and D 2 = (a 2 (u), b 2 (u)) both defined over GF(p n ).OUTPUT: A divisor D = (a(u), b(u)) defined over GF(p n ) such that D = D 1 + D 2 .Use the Euclidean algorithm to find polynomials d 1 , e 1 , e 2 GF(p n )[u] where d 1 = g.c.d(a 1 , a 2 ) and d Use the Euclidean algorithm to find polynomials d, c 1 , c 2 GF (p n )[u] where g.c.d (d 1 , b 1 + b 2 + h). 3. Let s 1 = c 1 e 1 , s 2 = c 1 e 2 , and s 3 = and s 3 = c 2 , so that , α) OUTPUT: The (unique) reduced divisor D = (a (u), b (u)) such that D = D. 1) Set a = (f -bh -b 2 )/a And b = (-h -b) mod a , 2) If deg u a > g then set a a , b b , and go to step 1. 3) Let c be the leading coefficient of a and set a c -1 a .4) Output (a (u), b (u)).PROPOSED CRYPTOSYSTEM The proposed cryptosystem consists in a Diffie-Hellman cascade implementation with two layers.In the first layer Diffie-Hellman key exchange is implemented with divisors on a hyperelliptic curve (D-H HC).And in the second layer Diffie-Hellman key exchange is implemented with TPM synchronization (D-H TPM S).Figures 1.a and 1.b show the system diagram of the proposed cryptosystem.
Figure 1.a System Diagram.b) System Diagram.