Paper 2021/896

Rebuttal to claims in Section 2.1 of the ePrint report 2021/583 "Entropoid-based cryptography is group exponentiation in disguise"

Danilo Gligoroski

Abstract

In the recent ePrint report 2021/583 titled "Entropoid-based cryptography is group exponentiation in disguise" Lorenz Panny gave a cryptanalysis of the entropoid based instances proposed in our eprint report 2021/469. We acknowledge the correctness of his claims for the concrete instances described in our original report 2021/469. However, we find that claims for the general applicability of his attack on the general Entropoid framework are misleading. Namely, based on the Theorem 1 in his report, which claims that for every entropic quasigroup $$, there exists an Abelian group $$, commuting automorphisms $$, $$ of $$, and an element $$, such that $$ the author infers that \emph{"all instantiations of the entropoid framework should be breakable in polynomial time on a quantum computer."} There are two misleading parts in these claim: \textbf{1.} It is implicitly assumed that all instantiations of the entropoid framework would define entropic quasigroups - thus fall within the range of algebraic objects addressed by Theorem 1. \emph{We will show a construction of entropic groupoids that are not quasigroups}; \textbf{2.} It is implicitly assumed that finding the group $$, the commuting automorphisms $$ and $$ and the constant $$ \emph{would be easy for every given entropic operation} $$ and its underlying groupoid $$. However, the provable existence of a mathematical object \emph{does not guarantee an easy finding} of that object. Treating the original entropic operation $$ as a one-dimensional entropic operation, we construct multidimensional entropic operations $$, for $$ and we show that newly constructed operations do not have the properties of $$ that led to the recovery of the automorphism $$, the commutative operation $$ and the linear isomorphism $$ and its inverse $$. We give proof-of-concept implementations in SageMath 9.2 for the new multidimensional entropic operations $$ defined over several basic operations $$ and we show how the non-associative and non-commutative exponentiation works for the key exchange and digital signature schemes originally proposed in report 2021/469.