Inverse matrices with applications in public-key cryptography

Abstract

The applications of non-square binary matrices span many domains including mathematics, error-correction coding, machine learning, data storage, navigation signals, and cryptography. In particular, they are employed in the McEliece and Niederreiter public-key cryptosystems. For the parity check matrix of these cryptosystems, a systematic non-square binary matrix $H$ with dimensions $m \times n$ , $n > m$ , $m = n - k$ , there exist $2^{m (n - m)}$ distinct inverse matrices. This article presents an algorithm to generate these matrices as well as a method to construct a random inverse matrix. Then it is extended to non-square matrices in arbitrary fields. This overcomes the limitations of the Moore-Penrose and Gauss-Jordan methods. The application to public-key cryptography is also discussed.

Keywords

Code-based cryptography inverse matrix error-correction coding blockchain post quantum cryptography public-key cryptosystem

Introduction

Inverses of systematic binary matrices play a crucial role in many applications in digital communications,¹ navigation systems,² data storage,³ and code-based cryptography.⁴ These matrices can be constructed using the Gauss-Jordan (GJ)⁵ and Moore-Penrose (MP)^6,7 methods. An invertible matrix must have full rank. A matrix with $m$ rows and $n$ columns, $n > m$ , has full rank if its rows are linearly independent. The GJ algorithm is widely used to solve linear systems of equations of the form $A x = b$ ⁸ and can be used to construct inverses of non-square matrices. The MP method provides a unique inverse matrix that has applications in data analysis and machine learning.⁹

Non-square binary matrices are important in several domains including error-correction coding and code-based cryptography.¹⁰¹¹ In this article, a method is presented to construct all inverses of a binary matrix and an algorithm is given to provide a random inverse of a binary matrix. It is shown that this method is more efficient than the MP and GJ methods. Finite fields, also known as Galois fields (GFs), are fundamental mathematical structures with applications in various domains, including cryptography, signal processing, error correction, and data transmission.¹²¹³ In cryptography, finite fields play an important role, forming the basis of secure communication protocols and encryption algorithms. Elliptic curve cryptography¹⁴ and the advanced encryption standard heavily rely on arithmetic operations in finite fields to ensure robust security.^15,16 Finite fields are also employed for Goppa codes,¹⁷ generalized Reed-Solomon (GRS) codes,^17,18 and BCH codes.¹⁹

Broumandnia²⁰ employed matrix inversion in $G F (256)$ to enhance digital image encryption, improving both security and encryption speed. The algorithm proposed by Tiplea and Dragoi²¹ for constructing inverses in finite fields depends on selecting an appropriate range transformation for each inverse. These algorithms simplify the construction of inverse matrices in various fields, including finite fields, real fields, and complex fields. Theyi divide the inverse matrix into two parts: one selected in a random base while the second, approximately half the size of the original matrix, is constructed. This significantly reduces the complexity of inverse matrix construction which is of great value when dealing with large matrices. In the analysis section, the limitations associated with GJ elimination when dealing with large-sized matrices²² and the challenges posed by the MP method in the context of finite fields²¹ will be discussed. The application of the proposed approach to public-key cryptography (PKC) is also considered.

Linear block codes

In communication systems, redundancy is employed to detect and correct errors caused by noisy channels. An encoder maps a message $m = (m_{1}, m_{2}, \dots, m_{k})$ to a codeword $c = (c_{1}, c_{2}, \dots, c_{n})$ , $n > k$ . A binary block code has $2^{k}$ distinct messages of length $k$ and thus $2^{k}$ codewords. A set of codewords is referred to as a $C (n, k)$ block code, where $n$ is the length of a codeword and $k$ is the dimension of the code. A code $C (n, k)$ is linear if its codewords form a vector subspace of dimension $k$ in the $n$ -dimensional vector space. Then a set of $k$ linearly independent codewords $g_{1}, g_{2}, \dots, g_{k}$ forms a generator matrix $G$ . A generator matrix in systematic form can be expressed as follows

G_{k \times n} = (I_{k} | P_{k \times (n - k)})

(1)

where

I_{k}

is the

k \times k

identity matrix and

P

is a

k \times (n - k)

parity matrix so that

G = (\begin{matrix} | & p_{1, 1} & p_{1, 2} & p_{1, 3} & \dots & p_{1, (n - k)} \\ | & p_{2, 1} & p_{2, 2} & p_{2, 3} & \dots & p_{2, (n - k)} \\ I_{k} & | & p_{3, 1} & p_{3, 2} & p_{3, 3} & \dots & p_{3, (n - k)} \\ | & ⋮ & ⋮ & ⋮ & ⋮ \\ | & p_{k, 1} & p_{k, 2} & p_{k, 3} & \dots & p_{k, (n - k)} \end{matrix})

The

(n - k) \times n

parity check matrix

H

satisfies the condition

G H^{T} = 0

and is a basis for the dual space of the code

C_{n, k}

.¹¹ A parity check matrix in systematic form is given by

H_{(n - k) \times n} = (P_{(n - k) \times k}^{T} | I_{n - k})

(2)

where

P_{(n - k) \times k}^{T}

is the transpose of

P_{k \times (n - k)}

Non-square inverse matrix

The parity check matrix $H$ is a full-rank binary matrix with dimensions $m \times n$ , where $n > m$ and $m = n - k$ . Therefore, the inverse of the parity check matrix $H^{- 1}$ has dimensions $n \times m$ and satisfies $H H^{- 1} = I_{m}$

H H^{- 1} = (\begin{matrix} p_{1, 1} & p_{2, 1} & p_{3, 1} & \dots & p_{n, 1} \\ p_{1, 2} & p_{2, 2} & p_{3, 2} & \dots & p_{n, 2} \\ p_{1, 3} & p_{2, 3} & p_{3, 3} & \dots & p_{n, 3} \\ ⋮ & ⋮ & ⋮ & ⋮ \\ p_{1, m} & p_{2, m} & p_{3, m} & \dots & p_{n, m} \end{matrix}) \times (\begin{matrix} a_{1, 1} & a_{1, 2} & a_{1, 3} & \dots & a_{1, m} \\ a_{2, 1} & a_{2, 2} & a_{2, 3} & \dots & a_{2, m} \\ a_{3, 1} & a_{3, 2} & a_{3, 3} & \dots & a_{3, m} \\ ⋮ & ⋮ & ⋮ & ⋮ \\ a_{n, 1} & a_{n, 2} & a_{n, 3} & \dots & a_{n, m} \end{matrix}) = I_{m}

(3)

This is a linear system with

m^{2}

equations and

m n

variables. Consequently, there are

2^{m (n - m)}

solutions for

H^{- 1}

. It was shown by Esmaeili²³ that the inverse parity check matrix

H^{- 1}

is not unique, and there are

2^{k \times m}

possible matrices.

Inverse matrix construction method

The equation $H H^{- 1} = I_{m}$ is a linear system with $m^{2}$ equations and $m n$ variables, resulting in $m k$ more variables than equations. This article introduces a method to reduce the number of variables, thereby creating a linear system with $m^{2}$ equations and variables. This approach enables the construction of all inverse matrices for the parity check matrix $H$ . The proposed method is based on the observation that $H^{- 1}$ has $m$ columns, each of which can have $2^{k}$ values. This leads to a set of $2^{k}$ distinct vectors for each column in the matrix.

Let $Z_{i}$ be a set of $2^{k}$ column vectors of length $n$ , $1 \leq i \leq m$ , such that the $i$ th column of $H^{- 1}$ belongs to a set $Z_{i}$ comprising $2^{k}$ column vectors, as shown below

Z_{i} = {\begin{matrix} z_{1, 1} & z_{1, 2} & z_{1, 3} & \dots & z_{1, 2^{k}} \\ z_{2, 1} & z_{2, 2} & z_{2, 3} & \dots & z_{2, 2^{k}} \\ ⋮ & ⋮ & ⋮ & ⋮ \\ z_{k, 1} & z_{k, 2} & z_{k, 3} & \dots & z_{k, 2^{k}} \\ - - - & - - - & - - - & - - & - - - \\ z_{(k + 1), 1} & z_{(k + 1), 2} & z_{(k + 1), 3} & \dots & z_{(k + 1), 2^{k}} \\ z_{(k + 2), 1} & z_{(k + 2), 2} & z_{(k + 2), 3} & \dots & z_{(k + 2), 2^{k}} \\ ⋮ & ⋮ & ⋮ & ⋮ \\ z_{n, 1} & z_{n, 2} & z_{n, 3} & \dots & z_{n, 2^{k}} \end{matrix}}

(4)

Hence, there are

2^{k}

columns in each set. Now considering that there are

2^{k}

possibilities for a

k

-bit representation, the

Z_{i}

are partitioned into two subsets,

Z_{i}^{1}

and

Z_{i}^{2}

Z_{i}^{1}

encompasses rows

1

k

, while

Z_{i}^{2}

includes rows

k + 1

n

. The first subset,

Z_{i}^{1}

, comprises all

2^{k}

possible binary vectors of length

k

, ranging from all zeros to all ones. By defining the values of subset

Z_{i}^{2}

with dimensions

k \times m

, this approach effectively reduces to

m k

variables, resulting in a linearsystem with

m^{2}

equations and variables. The subsets

Z_{i}^{1}

and

Z_{i}^{2}

can be represented as follows

Z_{i}^{1} = {\begin{matrix} z_{1, 1} & z_{1, 2} & z_{1, 3} & \dots & z_{1, 2^{k}} \\ z_{2, 1} & z_{2, 2} & z_{2, 3} & \dots & z_{2, 2^{k}} \\ z_{3, 1} & z_{3, 2} & z_{3, 3} & \dots & z_{3, 2^{k}} \\ ⋮ & ⋮ & ⋮ & ⋮ \\ z_{k, 1} & z_{k, 2} & z_{k, 3} & \dots & z_{k, 2^{k}} \end{matrix}}

(5)

Z_{i}^{2} = {\begin{matrix} z_{(k + 1), 1} & z_{(k + 1), 2} & z_{(k + 1), 3} & \dots & z_{(k + 1), 2^{k}} \\ z_{(k + 2), 1} & z_{(k + 2), 2} & z_{(k + 2), 3} & \dots & z_{(k + 2), 2^{k}} \\ z_{(k + 3), 1} & z_{(k + 3), 2} & z_{(k + 3), 3} & \dots & z_{(k + 3), 2^{k}} \\ ⋮ & ⋮ & ⋮ & ⋮ \\ z_{n, 1} & z_{n, 2} & z_{n, 3} & \dots & z_{n, 2^{k}} \end{matrix}}

(6)

The elements in

Z_{i}^{2}

z_{(k + b), d}

1 \leq b \leq n - k

and

1 \leq d \leq 2^{k}

, must satisfy

(\begin{matrix} p_{1, 1} & \dots & p_{k, 1} & | \\ p_{1, 2} & \dots & p_{k, 2} & | & I_{n - k} \\ ⋮ & ⋱ & ⋮ & | \\ p_{1, (n - k)} & \dots & p_{k, (n - k)} & | \end{matrix}) \times (\begin{matrix} z_{1, d} \\ z_{2, d} \\ ⋮ \\ z_{k, d} \\ - - - \\ z_{(k + 1), d} \\ z_{(k + 2), d} \\ ⋮ \\ z_{n, d} \end{matrix}) = (\begin{matrix} 1 \\ 0 \\ ⋮ \\ 0 \end{matrix})

(7)

Hence, when

b = 1

\begin{aligned} z_{(k + 1), d} & = 1 + p_{1, 1} z_{1, d} + p_{2, 1} z_{2, d} + \dots + p_{k, 1} z_{k, d}, \\ 1 \leq d \leq 2^{k}, \end{aligned}

and if

b \neq 1

z_{(k + b), d} = p_{1, b} z_{1, d} + p_{2, b} z_{2, d} + \dots + p_{k, b} z_{k, d}, 1 \leq d \leq 2^{k},

so that

(\begin{matrix} p_{1, 1} & \dots & p_{k, 1} & | \\ p_{1, 2} & \dots & p_{k, 2} & | & I_{n - k} \\ ⋮ & ⋱ & ⋮ & | \\ p_{1, (n - k)} & \dots & p_{k, (n - k)} & | \end{matrix}) \times (\begin{matrix} z_{1, d} \\ z_{2, d} \\ ⋮ \\ z_{k, d} \\ - - - \\ z_{(k + 1), d} \\ z_{(k + 2), d} \\ ⋮ \\ z_{n, d} \end{matrix}) = (\begin{matrix} 0 \\ 1 \\ ⋮ \\ 0 \end{matrix})

(8)

When

b = 2

\begin{aligned} z_{(k + 2), d} & = 1 + p_{1, 2} z_{1, d} + p_{2, 2} z_{2, d} + \dots + p_{k, 2} z_{k, d}, \\ 1 \leq d \leq 2^{k}, \end{aligned}

and if

b \neq 2

z_{(k + b), d} = p_{1, b} z_{1, d} + p_{2, b} z_{2, d} + \dots + p_{k, b} z_{k, d}, 1 \leq d \leq 2^{k} .

Similarly, the columns of

Z_{n - k}

must satisfy

(\begin{matrix} p_{1, 1} & \dots & p_{k, 1} & | \\ p_{1, 2} & \dots & p_{k, 2} & | & I_{n - k} \\ ⋮ & ⋱ & ⋮ & | \\ p_{1, (n - k)} & \dots & p_{k, (n - k)} & | \end{matrix}) \times (\begin{matrix} z_{1, d} \\ z_{2, d} \\ ⋮ \\ z_{k, d} \\ - - - \\ z_{(k + 1), d} \\ z_{(k + 2), d} \\ ⋮ \\ z_{n, d} \end{matrix}) = (\begin{matrix} 0 \\ 0 \\ ⋮ \\ 1 \end{matrix})

(9)

so when

b = n - k

the result is

1

and when

b \neq n - k

the result is

0

. Thus, if

b = n - k

z_{n, d} = 1 + p_{1, (n - k)} z_{1, d} + p_{2, (n - k)} z_{2, d} + \dots + p_{k, (n - k)} z_{k, d}),

and if

b \neq n - k

z_{(k + b), d} = p_{1, b} z_{1, d} + p_{2, b} z_{2, d} + \dots + p_{k, b} z_{k, d}, 1 \leq d \leq 2^{k} .

Example

Consider a code $C (n, k)$ with $k = 3$ and $n = 6$ having generator matrix

G = (I_{k} | P_{k \times (n - k)}) = (\begin{matrix} 1 & 0 & 0 & 0 & 1 & 1 \\ 0 & 1 & 0 & 1 & 1 & 0 \\ 0 & 0 & 1 & 1 & 0 & 1 \end{matrix})

and

H = (P^{T} | I_{n - k}) = (\begin{matrix} 0 & 1 & 1 & 1 & 0 & 0 \\ 1 & 1 & 0 & 0 & 1 & 0 \\ 1 & 0 & 1 & 0 & 0 & 1 \end{matrix})

The sets of columns are

Z_{1}, Z_{2}

, and

Z_{3}

resulting in

2^{k \times (n - k)} = 2^{3 \times 3} = 512

possible matrices. The sets

Z_{i}^{1}

and

Z_{i}^{2}

can be expressed as

Z_{i}^{1} = {\begin{matrix} 0 & 1 & 0 & 1 & 0 & 1 & 0 & 1 \\ 0 & 0 & 1 & 1 & 0 & 0 & 1 & 1 \\ 0 & 0 & 0 & 0 & 1 & 1 & 1 & 1 \end{matrix}}

and

Z_{i}^{2} = {\begin{matrix} z_{(k + 1), 1} & z_{(k + 1), 2} & z_{(k + 1), 3} & \dots & z_{(k + 1), 8} \\ z_{(k + 2), 1} & z_{(k + 2), 2} & z_{(k + 2), 3} & \dots & z_{(k + 2), 8} \\ z_{(k + 3), 1} & z_{(k + 3), 2} & z_{(k + 3), 3} & \dots & z_{(k + 3), 8} \end{matrix}}

Combining

Z_{i}^{1}

and

Z_{i}^{2}

gives

Z_{i} = {\begin{matrix} 0 & 1 & 0 & 1 & 0 & 1 & 0 & 1 \\ 0 & 0 & 1 & 1 & 0 & 0 & 1 & 1 \\ 0 & 0 & 0 & 0 & 1 & 1 & 1 & 1 \\ - - & - - & - - & - - & - - & - - & - - & - - \\ z_{4, 1} & z_{4, 2} & z_{4, 3} & z_{4, 4} & z_{4, 5} & z_{4, 6} & z_{4, 7} & z_{4, 8} \\ z_{5, 1} & z_{5, 2} & z_{5, 3} & z_{5, 4} & z_{5, 5} & z_{5, 6} & z_{5, 7} & z_{5, 8} \\ z_{6, 1} & z_{6, 2} & z_{6, 3} & z_{6, 4} & z_{6, 5} & z_{6, 6} & z_{6, 7} & z_{6, 8} \end{matrix}}

For

i = 1

, we have

(\begin{matrix} 0 & 1 & 1 & 1 & 0 & 0 \\ 1 & 1 & 0 & 0 & 1 & 0 \\ 1 & 0 & 1 & 0 & 0 & 1 \end{matrix}) \times (\begin{matrix} 0 \\ 0 \\ 0 \\ - \\ z_{4, 1} \\ z_{5, 1} \\ z_{6, 1} \end{matrix}) = (\begin{matrix} 1 \\ 0 \\ 0 \end{matrix})

\begin{aligned} z_{4, 1} = 1 + (0) (0) + (1) (0) + (1) (0) = 1 \\ z_{5, 1} = (1) (0) + (1) (0) + (0) (0) = 0 \\ z_{6, 1} = (1) (0) + (0) (0) + (1) (0) = 0 \end{aligned}

The elements of

Z_{1}^{2}

are

\begin{aligned} z_{4, d} & = 1 + p_{1, 1} z_{1, d} + p_{2, 1} z_{2, d} + p_{3, 1} z_{3, d} \\ z_{5, d} & = p_{1, 2} z_{1, d} + p_{2, 2} z_{2, d} + p_{3, 2} z_{3, d} \\ z_{6, d} & = p_{1, 3} z_{1, d} + p_{2, 3} z_{2, d} + p_{3, 3} z_{3, d} \end{aligned}

Z_{1} = {\begin{matrix} 0 & 1 & 0 & 1 & 0 & 1 & 0 & 1 \\ 0 & 0 & 1 & 1 & 0 & 0 & 1 & 1 \\ 0 & 0 & 0 & 0 & 1 & 1 & 1 & 1 \\ - - & - - & - - & - - & - - & - - & - - & - - \\ 1 & 1 & 0 & 0 & 0 & 0 & 1 & 1 \\ 0 & 1 & 1 & 0 & 0 & 1 & 1 & 0 \\ 0 & 1 & 0 & 1 & 1 & 0 & 1 & 0 \end{matrix}}

The elements of

Z_{2}^{2}

are

\begin{aligned} z_{4, d} & = p_{1, 1} z_{1, d} + p_{2, 1} z_{2, d} + p_{3, 1} z_{3, d} \\ z_{5, d} & = 1 + p_{1, 2} z_{1, d} + p_{2, 2} z_{2, d} + p_{3, 2} z_{3, d} \\ z_{6, d} & = p_{1, 3} z_{1, d} + p_{2, 3} z_{2, d} + p_{3, 3} z_{3, d} \end{aligned}

Z_{2} = {\begin{matrix} 0 & 1 & 0 & 1 & 0 & 1 & 0 & 1 \\ 0 & 0 & 1 & 1 & 0 & 0 & 1 & 1 \\ 0 & 0 & 0 & 0 & 1 & 1 & 1 & 1 \\ - - & - - & - - & - - & - - & - - & - - & - - \\ 0 & 0 & 1 & 1 & 1 & 1 & 0 & 0 \\ 1 & 0 & 0 & 1 & 1 & 0 & 0 & 1 \\ 0 & 1 & 0 & 1 & 1 & 0 & 1 & 0 \end{matrix}}

The elements of

Z_{3}^{2}

are

\begin{aligned} z_{4, d} & = p_{1, 1} z_{1, d} + p_{2, 1} z_{2, d} + p_{3, 1} z_{3, d} \\ z_{5, d} & = p_{1, 2} z_{1, d} + p_{2, 2} z_{2, d} + p_{3, 2} z_{3, d} \\ z_{6, d} & = 1 + p_{1, 3} z_{1, d} + p_{2, 3} z_{2, d} + p_{3, 3} z_{3, d} \end{aligned}

Z_{3} = {\begin{matrix} 0 & 1 & 0 & 1 & 0 & 1 & 0 & 1 \\ 0 & 0 & 1 & 1 & 0 & 0 & 1 & 1 \\ 0 & 0 & 0 & 0 & 1 & 1 & 1 & 1 \\ - - & - - & - - & - - & - - & - - & - - & - - \\ 0 & 0 & 1 & 1 & 1 & 1 & 0 & 0 \\ 0 & 1 & 1 & 0 & 0 & 1 & 1 & 0 \\ 1 & 0 & 1 & 0 & 0 & 1 & 0 & 1 \end{matrix}}

Hence, to construct

2^{k \times (n - k)} = 2^{3 \times 3} = 512

inverses, we select a random column vector from each set, namely,

Z_{1}

Z_{2}

, and

Z_{3}

. With

2^{k} = 2^{3} = 8

possible choices for each set, resulting in a total of

8 \times 8 \times 8 = 512

possible

H^{- 1}

Random inverse matrix construction

The inverse of a parity check matrix can be partitioned into two sections $A_{1}$ and $A_{2}$ , where $A_{1}$ comprises rows $1$ to $k$ and $A_{2}$ comprises rows $k + 1$ to $n$ so that

H^{- 1} = (\begin{matrix} a_{1, 1} & a_{1, 2} & \dots & a_{1, (n - k)} \\ a_{2, 1} & a_{2, 2} & \dots & a_{2, (n - k)} \\ a_{3, 1} & a_{3, 2} & \dots & a_{3, (n - k)} \\ ⋮ & ⋮ & ⋮ \\ a_{k, 1} & a_{k, 2} & \dots & a_{k, (n - k)} \\ - - - & - - - & - - & - - - \\ a_{(k + 1), 1} & a_{(k + 1), 2} & \dots & a_{(k + 1), (n - k)} \\ a_{(k + 2), 1} & a_{(k + 2), 2} & \dots & a_{(k + 2), (n - k)} \\ a_{(k + 3), 1} & a_{(k + 3), 2} & \dots & a_{(k + 3), (n - k)} \\ ⋮ & ⋮ & ⋮ \\ a_{n, 1} & a_{n, 2} & \dots & a_{n, (n - k)} \end{matrix}) = (\begin{matrix} A_{1} \\ - \\ A_{2} \end{matrix})

(10)

A random inverse of a parity check matrix can be obtained using the following steps.

Select a random matrix $A_{1}$ with dimensions $(n - k) \times k$ .

Construct the corresponding matrix $A_{2}$ with dimensions $(n - k) \times (n - k)$ .

n = 20

and

k = 12

A_{1}

consists of

n - k = 8

randomly selected binary vectors with

k = 12

rows. One such matrix is

A_{1} = (\begin{matrix} 1 & 1 & 0 & 1 & 0 & 1 & 0 & 1 \\ 0 & 0 & 1 & 1 & 0 & 1 & 0 & 0 \\ 1 & 0 & 0 & 0 & 1 & 1 & 0 & 0 \\ 0 & 0 & 1 & 1 & 1 & 1 & 0 & 0 \\ 1 & 0 & 1 & 0 & 0 & 0 & 1 & 1 \\ 1 & 1 & 1 & 1 & 1 & 1 & 0 & 0 \\ 0 & 1 & 0 & 0 & 0 & 1 & 1 & 1 \\ 0 & 1 & 1 & 1 & 1 & 1 & 0 & 0 \\ 0 & 0 & 1 & 0 & 1 & 1 & 0 & 0 \\ 1 & 1 & 0 & 1 & 0 & 0 & 0 & 1 \\ 0 & 0 & 1 & 1 & 1 & 1 & 0 & 0 \\ 0 & 1 & 0 & 1 & 1 & 0 & 1 & 1 \end{matrix})

The corresponding elements of

A_{2}

are

A_{2} = (\begin{matrix} a_{(k + 1), 1} & a_{(k + 1), 2} & a_{(k + 1), 3} & \dots & a_{(k + 1), (n - k)} \\ a_{(k + 2), 1} & a_{(k + 2), 2} & a_{(k + 2), 3} & \dots & a_{(k + 2), (n - k)} \\ a_{(k + 3), 1} & a_{(k + 3), 2} & a_{(k + 3), 3} & \dots & a_{(k + 3), (n - k)} \\ ⋮ & ⋮ & ⋮ & ⋮ \\ a_{n, 1} & a_{n, 2} & a_{n, 3} & \dots & a_{n, (n - k)} \end{matrix})

(11)

where

a_{(k + b), d} = \sum_{i = 1}^{k} p_{i b} a_{i d}, (b \neq d)

and

a_{(k + b), d} = 1 + \sum_{i = 1}^{k} p_{i b} a_{i d}, (b = d)

In general, this can be expressed as

a_{(k + b), d} = 2^{| b - d |} mod 2 + \sum_{i = 1}^{k} p_{i b} a_{i d}

(12)

For example,

a_{(k + 1), 1}

A_{2}

is given by

a_{(k + 1), 1} = 1 + p_{11} a_{11} + p_{21} a_{21} + \dots + p_{k 1} a_{k 1}

Let

A_{1}

be a

k \times (n - k)

matrix consisting of

n - k

column vectors, and

A_{2}

be the

(n - k) \times (n - k)

matrix with entries determined based on

A_{1}

. If

B_{1} = P_{(n - k) \times k}^{T}

and

B_{2} = I_{n - k}

, then

H H^{- 1} = (\begin{matrix} B_{1} | B_{2} \end{matrix}) \times (\begin{matrix} A_{1} \\ - \\ A_{2} \end{matrix}) = B_{1} A_{1} + B_{2} A_{2} = I_{n - k}

A_{2} = (B_{2})^{- 1} (B_{1} A_{1} + I_{n - k})

(13)

which gives

\begin{aligned} H H^{- 1} & = (\begin{matrix} B_{1} | B_{2} \end{matrix}) \times (\begin{matrix} A_{1} \\ - \\ A_{2} \end{matrix}) = (B_{1} | B_{2}) \times (\frac{\begin{matrix} A_{1} \end{matrix}}{B_{1} A_{1} + I_{m}}) \\ = B_{1} A_{1} + B_{2} (B_{1} A_{1} + I_{m}) \\ = B_{1} A_{1} + B_{1} A_{1} + I_{m} = I_{m} . \end{aligned}

Inverse matrix construction analysis

This section compares the computation time of the proposed algorithm for random inverse matrices with the MP method. Table 1 presents the computation time for several values of

n

and

k

. This shows that the proposed method has a lower time for all values.

Table 1.

Random inverse matrix computation time.

Matrix size	Moore-Penrose (MP) (ms)	Proposed (ms)
$n = 500$ , $k = 213$	$94$	$16$
$n = 1568$ , $k = 524$	$2172$	$594$
$n = 2048$ , $k = 768$	$5109$	$2368$
$n = 2896$ , $k = 1024$	$14, 735$	$5211$

The computational complexity is now considered in terms of the number of arithmetic operations. To solve a system of

v

equations with

v

unknowns, the number of arithmetic operations needed to obtain the row echelon form (REF) with the GJ method is

v (v + 1) / 2

divisions,

(2 v^{3} + 3 v^{2} - 5 v) / 6

multiplications, and

(2 v^{3} + 3 v^{2} - 5 v) / 6

additions/subtractions.²⁴ Then, the reduced REF is constructed to solve the system of linear equations which doubles the number of operations which gives a total of

4 / 3 v^{3} + 3 v^{2} - 7 / 3 v

. Hence, for a parity check matrix

H

with dimensions

(n - k) \times n

, the GJ computational complexity to obtain the inverse is

4 / 3 (n - k)^{3} + 3 (n - k)^{2} - 7 / 3 (n - k)

(excluding the nullspace and vector set calculations). The MP algorithm requires

(n - k)^{2} (2 n - 1)

arithmetic operations to obtain the full-rank matrix

H H^{T}

and an additional

(n - k) (2 n^{2} - 2 n k - n)

operations to obtain

H^{- 1} = H^{T} [H H^{T}]^{- 1}

(excluding determinant calculations). Thus, the computational complexity for the MP method is

(n - k)^{2} (4 n - 1) - n (n - k)

. The proposed approach requires no arithmetic operations for constructing

A_{1}

as it is determined through random selection. Constructing

A_{2}

requires

(2 k - 1) (n - k)^{2} + (n - k)

arithmetic operations. Table 2 presents the number of arithmetic operations required with the MP, GJ, and proposed algorithms for constructing a random inverse matrix. This shows that the proposed method has lower computational complexity.

Table 2.

Computational complexity for three algorithms.

GJ	MP	Proposed
$4 / 3 (n - k)^{3} + 3 (n - k)^{2} - 7 / 3 (n - k)$	$(n - k)^{2} (4 n - 1) - n (n - k)$	$(2 k - 1) (n - k)^{2} + (n - k)$

Table 3.

Multiplication in $G F (2^{4})$ with irreducible polynomial $x^{4} + x + 1$ .

$\times$	1	2	3	4	5	6	7	8	9	A	B	C	D	E	F
0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
1	1	2	3	4	5	6	7	8	9	A	B	C	D	E	F
2	2	4	6	8	A	C	E	3	1	7	5	B	9	F	D
3	3	6	5	C	F	A	9	B	8	D	E	7	4	1	2
4	4	8	C	3	7	B	F	6	2	E	A	5	1	D	9
5	5	A	F	7	2	D	8	E	B	4	1	9	C	3	6
6	6	C	A	B	D	7	1	5	3	9	F	E	8	2	4
7	7	E	9	F	8	1	6	D	A	3	4	2	5	C	B
8	8	3	B	6	E	5	D	C	4	F	7	A	2	9	1
9	9	1	8	2	B	3	A	4	D	5	C	6	F	7	E
A	A	7	D	E	4	9	3	F	5	8	2	1	B	6	C
B	B	5	E	A	1	F	4	7	C	2	9	D	6	8	3
C	C	B	7	5	9	E	2	A	6	1	D	F	3	4	8
D	D	9	4	1	C	8	5	2	F	B	6	3	E	A	7
E	E	F	1	D	3	2	C	9	7	6	8	4	A	B	5
F	F	D	2	9	6	4	B	1	E	C	3	8	7	5	A

The proposed algorithm simplifies the construction of inverse matrices and can construct all $2^{k \times m}$ inverses of a given non-square matrix in any field. In contrast, the MP method constructs pseudo-inverses, and as indicated by Tiplea and Dragoi,²¹ it encounters challenges with finite fields. GJ elimination encounters difficulties with large matrices as noted by Xin and George.²² The task of selecting row combinations using the GJ algorithm is known to be NP-hard, and the time complexity increases exponentially.²²

Random inversion of non-systematic binary and finite fields matrix

Let $B$ a full rank non-square matrix with dimensions $m \times n$ , $m < n$ , such that

B_{m \times n} = (\begin{matrix} b_{1} & B_{1} & b_{2} & B_{2} & \dots & b_{y} & B_{x} & b_{y + 1} \end{matrix})

(14)

where

B_{1}, B_{2}, \dots, B_{x}

are matrices with

m

rows and

n_{1}, n_{2}, \dots, n_{x}

columns, respectively, such that

n_{1} + n_{2} + \dots + n_{x} = n - m

, and

b_{1}, b_{2}, \dots, b_{y + 1}

are column vectors with

m

rows,

y + 1 = m

The $B_{i}$ , $i = 1, \dots, x$ , and $b_{j}$ , $j = 1, \dots, y + 1$ , can be a null matrix $B$ and null vector $b$ , respectively. A full-rank matrix $B$ must have $m$ linearly independent column vectors $b_{j}$ $(j = 1, \dots, y + 1)$ . For example, the following matrix $B$ is a full rank matrix with rank $5$ where $B_{1}$ , $B_{2}$ , and $B_{4}$ are null matrices.

If $A$ is the inverse of $B$ , then $B_{m \times n} A_{n \times m} = I_{m \times m}$ with

A_{n \times m} = (\begin{matrix} a_{1} \\ A_{1} \\ a_{2} \\ A_{2} \\ ⋮ \\ a_{y} \\ A_{x} \\ a_{y + 1} \end{matrix})

(15)

where

A_{1}, A_{2}, \dots, A_{x}

, are matrices with

n_{1}

n_{2}

\dots

n_{x}

rows, respectively, such that

n_{1} + n_{2} + \dots + n_{x} = n - m

a_{1}, a_{2}, \dots, a_{y + 1}

are the row vectors with

m

columns, where

y + 1 = m

Hence, $A$ is the inverse of $B$ so the product of $B$ and $A$ will result in the identity matrix

\begin{aligned} B A = (\begin{matrix} b_{1} B_{1} b_{2} B_{2} \dots b_{y} B_{x} b_{y + 1} \end{matrix}) \times (\begin{matrix} a_{1} \\ A_{1} \\ a_{2} \\ A_{2} \\ ⋮ \\ a_{y} \\ A_{x} \\ a_{y + 1} \end{matrix}) = I_{m} \end{aligned}

(16)

\sum_{i = 1}^{x} B_{i} A_{i} + \sum_{j = 1}^{y + 1} b_{j} a_{j} = I_{m}

(17)

A random matrix

A

can be generated by randomly selecting

A_{1}, A_{2}, \dots, A_{x}

and constructing the corresponding row variables

a_{1}, a_{2}, \dots, a_{y + 1}

Define $A_{a}$ and $B_{b}$ as

(A_{a})_{m \times m} = (\begin{matrix} a_{1} \\ a_{2} \\ ⋮ \\ a_{y + 1} \end{matrix}), (B_{b})_{m \times m} = (\begin{matrix} b_{1} & b_{2} & \dots & b_{y + 1} \end{matrix})

(18)

Then

\begin{aligned} \sum_{i = 1}^{x} B_{i} A_{i} + B_{b} A_{a} = I_{m} \\ B_{b} A_{a} = I_{m} + \sum_{i = 1}^{x} B_{i} A_{i} \end{aligned}

(19)

A_{a} = (B_{b})^{- 1} (I_{m} + \sum_{i = 1}^{x} B_{i} A_{i})

(20)

so the columns of

B_{b}

are linearly independent, resulting in a determinant of

1

. Therefore,

B_{b}

is a nonsingular matrix. Consequently, by selecting random matrices

A_{i}

A_{a}

can be constructed as described. Note that for complex and real number inverse matrices,

A_{a}

can be constructed using (20). For example, consider B with dimensions m = 5 and n = 9 such that

Then

A_{9 \times 5}

A_{9 \times 5} = (\begin{matrix} a_{1} \\ a_{2} \\ a_{3} \\ A_{3} \\ a_{4} \\ a_{5} \end{matrix})

where

A_{3}

can be randomly selected as

A_{3} = (\begin{matrix} 0 & 1 & 1 & 0 & 1 \\ 1 & 1 & 0 & 0 & 0 \\ 1 & 0 & 1 & 1 & 1 \\ 0 & 1 & 1 & 1 & 0 \end{matrix})

Given matrices

B_{3}

and

(B_{b})_{m \times m}

the inverse of

(B_{b})_{m \times m}

(B_{b})^{- 1} = (\begin{matrix} 0 & 1 & 1 & 0 & 1 \\ 1 & 0 & 0 & 0 & 1 \\ 1 & 0 & 1 & 1 & 0 \\ 1 & 1 & 0 & 0 & 0 \\ 1 & 1 & 0 & 0 & 1 \end{matrix})

Therefore,

A_{a}

can be constructed as

A_{a} = (B_{b})^{- 1} (I_{5} + B_{3} A_{3})

where

Having

A_{3}

and

A_{a}

, the inverse matrix

A

can be constructed as

where

B_{(5 \times 9)} \times A_{(9 \times 5)} = I_{5}

Finite field random inverse

A finite field has a finite number of elements and is also known as a Galois field denoted $G F (p^{r})$ where $p$ is a prime number and $r$ is a positive integer. In $G F (p^{r})$ , the elements are polynomials of degree less than $r$ with coefficients in $G F (p)$ . Addition and multiplication of polynomials are performed modulo an irreducible polynomial of degree $r$ . Table 3 illustrates multiplication in the finite field $G F (2^{4})$ with irreducible polynomial $x^{4} + x + 1$ .

Consider $G F (2^{4})$ with matrix $B$

= (\begin{matrix} b_{1} & B_{1} & b_{2} & b_{3} & B_{3} & b_{4} \end{matrix})

so there is no

B_{2}

and

B_{1}

B_{3}

, and

B_{b}

are

Therefore,

(B_{b})^{- 1}

can be constructed as

(B_{b})^{- 1} = (\begin{matrix} 9 & C & C & 7 \\ B & 3 & E & F \\ 1 & 4 & E & 9 \\ 4 & 1 & 2 & 1 \end{matrix})

Now by random selection of

A_{1}

and

A_{3}

A_{1} = (\begin{matrix} 5 & 4 & 5 & 2 \end{matrix}), A_{3} = (\begin{matrix} F & 9 & B & 9 \\ 0 & 9 & D & 5 \end{matrix})

A_{a}

can be constructed as

A_{a} = (B_{b})^{- 1} (I_{4} + B_{1} A_{1} + B_{3} A_{3})

A_{a} = (\begin{matrix} 9 & C & C & 7 \\ B & 3 & E & F \\ 1 & 4 & E & 9 \\ 4 & 1 & 2 & 1 \end{matrix}) \times ((\begin{matrix} 1 & 0 & 0 & 0 \\ 0 & 1 & 0 & 0 \\ 0 & 0 & 1 & 0 \\ 0 & 0 & 0 & 1 \end{matrix}) + (\begin{matrix} 5 & 4 & 5 & 2 \\ A & 8 & A & 4 \\ 5 & 4 & 5 & 2 \\ 8 & F & 8 & E \end{matrix}) + (\begin{matrix} 6 & E & A & F \\ 2 & 1 & 3 & D \\ 1 & 7 & F & 9 \\ 5 & 7 & 8 & 7 \end{matrix}))

A_{a} = (\begin{matrix} 9 & C & C & 7 \\ B & 3 & E & F \\ 1 & 4 & E & 9 \\ 4 & 1 & 2 & 1 \end{matrix}) \times (\begin{matrix} 2 & A & F & D \\ 8 & 8 & 9 & 9 \\ 4 & 3 & B & B \\ D & 8 & 0 & 8 \end{matrix})

and

A

is then

where

B_{(4 \times 7)} \times A_{(7 \times 4)} = I_{4}

G F (2^{4})

(\begin{matrix} 2 & 1 & 3 & 8 & 5 & A & 8 \\ D & 2 & E & C & 3 & 1 & 6 \\ C & 1 & 1 & 4 & 8 & 6 & F \\ E & 7 & 0 & 2 & E & 0 & C \end{matrix}) \times (\begin{matrix} B & 5 & 5 & 9 \\ 5 & 4 & 5 & 2 \\ 4 & 9 & 3 & 7 \\ 6 & 9 & 5 & 3 \\ F & 9 & B & 9 \\ 0 & 9 & D & 5 \\ 5 & 8 & 5 & 5 \end{matrix}) = I_{4}

Prime field random inverse

In a prime field $G F (p)$ , the elements are the integers less than $p$ with addition and multiplication modulo $p$ . For example, in $G F (7)$ , the elements are $(0, 1, 2, 3, 4, 5, 6)$ , and arithmetic is done modulo $7$ so $3 + 5 = 1$ in $G F (7)$ as $3 + 5 mod 7 = 1$ .

From (16) to (19)

\sum_{i = 1}^{x} B_{i} A_{i} + B_{b} A_{a} = I_{m}

and modulo

p

B_{b} A_{a} = I_{m} - \sum_{i = 1}^{x} (B_{i} A_{i}) mod p

(21)

A_{a} = (B_{b})^{- 1} (I_{m} - \sum_{i = 1}^{x} (B_{i} A_{i})) mod p .

(22)

Consider

G F (7)

and the matrix

B

given by

= (\begin{matrix} B_{1} & b_{2} & b_{3} & b_{4} & B_{4} \end{matrix})

with

Randomly selecting matrices

A_{1}

and

A_{4}

A_{1} = (\begin{matrix} 1 & 6 & 6 \\ 1 & 6 & 2 \end{matrix}), A_{4} = (\begin{matrix} 1 & 6 & 1 \end{matrix})

gives

A_{a} = (B_{b})^{- 1} (I_{3} - B_{1} A_{1} - B_{4} A_{4})

which yields

A_{a} = (\begin{matrix} 2 & 5 & 3 \\ 1 & 0 & 4 \\ 0 & 4 & 6 \end{matrix}) \times ((\begin{matrix} 1 & 0 & 0 \\ 0 & 1 & 0 \\ 0 & 0 & 1 \end{matrix}) - (\begin{matrix} 1 & 6 & 0 \\ 3 & 4 & 3 \\ 0 & 0 & 2 \end{matrix}) - (\begin{matrix} 2 & 5 & 2 \\ 6 & 1 & 6 \\ 5 & 2 & 5 \end{matrix}))

A_{a} = (\begin{matrix} 2 & 5 & 3 \\ 1 & 0 & 4 \\ 0 & 4 & 6 \end{matrix}) \times (\begin{matrix} - 2 & - 11 & - 2 \\ - 9 & - 4 & - 9 \\ - 5 & - 2 & - 6 \end{matrix}) m o d (7)

A_{a} = (\begin{matrix} 2 & 5 & 3 \\ 1 & 0 & 4 \\ 0 & 4 & 6 \end{matrix}) \times (\begin{matrix} 5 & 3 & 5 \\ 5 & 3 & 5 \\ 2 & 5 & 1 \end{matrix})

resulting in

A

can constructed as

where

B_{(3 \times 6)} \times A_{(6 \times 3)} = I_{3}

G F (7)

PKC application

The proposed method for constructing random inverse matrices can be employed with the PKC by Haidary Makoui et al.²⁵ This involves the generation of public and private keys for encryption, decryption, digital signatures, and verification.

Public Key Infrustructure

(p k, p r)

\leftarrow

G e n (λ)

generates a public key

p k

and a private key

p r

where

λ

is the key generation scheme.

The proposed algorithm uses the following matrices²⁵:

∙

Matrix

G

of size

k \times n

∙

Matrix

H

of size

(n - k) \times n

∙

Non-singular scrambling matrix

S

of size

k \times k

∙

Permutation matrix

P

of size

n \times n

∙

Non-singular matrix

L

of size

(n - k) \times (n - k)

Key Generation Algorithm

G e n (λ)

1. Obtain

G

and

H

for the block code

C (n, k)

2. Select a random inverse of the parity check matrix using a randomly generated matrix

A_{1}

and constructing the corresponding matrix

A_{2}

H^{- 1} = (\frac{A_{1}}{A_{2}}) .

3. Conceal the generator matrix

G

in a similar manner to the McEliece cryptosystem

p_{1} = G^{^{'}} = S G P .

4. Apply matrices

L

and

P

to conceal

H^{- 1}

p_{2} = L^{- 1} (H^{- 1})^{T} P .

5. Digital signature verification requires

p_{3} = P^{- 1} (H^{- 1} H)^{T} P .

6. Construct a parity check matrix

H^{'}

corresponding to

G^{^{'}}

H^{'} = L^{T} H (P^{- 1})^{T} where Q = H^{^{'} T} = P^{- 1} H^{T} L .

7. Public key:

p k

\leftarrow

(p_{1}, p_{2}, p_{3})

8. Private key:

p r

\leftarrow

(S^{- 1}, P^{- 1}, G, Q)

The public key $p k = (p_{1}, p_{2}, p_{3})$ satisfies the following relationships. The algorithms for signing, verification, and integrity check in the code-based digital signature scheme have the following relationships. The public key $p k = (p_{1}, p_{2}, p_{3})$ satisfies

(p_{1}) (p_{3}) = 0, (p_{2}) (p_{3}) = p_{2}, (p_{3}) (p_{3}) = p_{3}

(23)

The public key

p k = (p_{1}, p_{2}, p_{3})

and

Q

are related as follows

(p_{1}) (Q) = 0, (p_{2}) (Q) = I, (p_{3}) (Q) = Q

(24)

There are

2^{k \times (n - k)}

possible inverse matrices so the probability of an adversary constructing a private key from the public key is

2^{- (k \times (n - k))}

.²⁵ Thus, the probability of successful forgery by discovering the secret key is negligible for reasonable values of

n

and

k

P r [(A d v, γ) = 1] < \frac{1}{2^{k \times (n - k)}}

PKC based on a dual inverse matrix uses a generalized non-square inverse matrix as in the code-based cryptosystem by Haidary Makoui et al.²⁷ where the dual inverse matrix serves as both the transpose and inverse of the parity check matrix.

The probability of a ciphertext distinguishability attack against the McEliece code-based cryptosystem is $(\begin{matrix} n - t \\ k \end{matrix}) / (\begin{matrix} n \\ k \end{matrix})$ .²⁶ For the algorithm by Haidary Makoui et al.²⁷ this is

\frac{1}{2^{k \times (n - k)}} << (\begin{matrix} n - t \\ k \end{matrix}) / (\begin{matrix} n \\ k \end{matrix}) .

Therefore, it provides greater security compared to the McEliece cryptosystem so smaller key sizes can be employed without compromising the security.

Conclusion

This article considered the construction of inverse matrices for a non-square matrix $H$ . The proposed approach involves column sets $Z_{i}$ with column $i$ of $H^{- 1}$ corresponding to a subset of $Z_{i}$ . This facilitates the construction of all possible inverse matrices. An algorithm was given to construct an inverse matrix from matrices $A_{1}$ and $A_{2}$ , where $A_{1}$ has $n - k$ random binary vectors and $A_{2}$ is obtained based on $A_{1}$ . The computational complexity of the proposed approach was shown to be lower than the MP and GJ methods. The extension to arbitary fields including finite fields was demonstrated. Finally, the application to PKC was illustrated.

Footnotes

Declaration of conflicting interests

The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) received no financial support for the research, authorship and/or publication of this article.

ORCID iD

Farshid Haidary Makoui

Notes

References

Shannon

. A mathematical theory of communication. Bell Syst Tech J Jul 1948; 27(3): 379–423.

Acharya

. Understanding Satellite Navigation. London, UK: Academic Press, 2014.

Thomasian

. Storage Systems: Organization, Performance, Coding, Reliability, and Their Data Processing. London, UK: Academic Press, 2011.

Saraf

Dhingra

Pinheiro

. Parallel algorithm for finding inverse of a matrix and its application in message sharing (coding theory). Int J Comput Applic Feb 2016; 136(9): 24–28.

Stanimirović

Petković

. Gauss–Jordan elimination method for computing outer inverses. Appl Math Comput Jan 2013; 219(9): 4667–4679.

Barata

JCA

Hussein

. The Moore-Penrose pseudoinverse: A tutorial review of the theory. Braz J Phys Apr 2012; 42(1-2): 146–165.

Chen

Wang

. A family of higher-order convergent iterative methods for computing the Moore–Penrose inverse. Appl Math Comput Dec 2011; 218(8): 4012–4016.

Guglielmi

Overton

Stewart

. An efficient algorithm for computing the generalized null space decomposition. SIAM J Matrix Anal Appl Jan 2015; 36(1): 38–54.

Tapson

van Schaik

. Learning the pseudoinverse solution to network weights. Neural Netw Sep 2013; 45: 94–100.

10.

McEliece

. A public-key cryptosystem based on algebraic coding theory. Jet Propulsion Lab Jan-Feb 1978; DSN Tech Rep 42-44: 114–116.

11.

Niederreiter

. Knapsack-type cryptosystems and algebraic coding theory. Probl Control Inf Theory 1986; 15(2): 159–166.

12.

McEliece

. Finite Fields for Computer Scientists and Engineers. Berlin, Germany: Springer-Verlag, 1987.

13.

Lidl

Niederreiter

. Finite Fields: Encyclopedia of Mathematics and Its Applications, vol. 20. Cambridge, UK: Cambridge University Press 1997.

14.

Lie

Zhang

et al. A novel and high-performance modular square scheme for elliptic curve cryptography over GF(p). IEEE Trans Circuits Syst II Express Briefs 2019; 66(4): 647–651.

15.

Paar

Pelzl

. The Advanced Encryption Standard (AES). Understanding Cryptography, Berlin, Germany: Springer, pp. 87–121, 2015.

16.

Daemen

Rijmen

. The Design of Rijndael. New York, NY, USA: Springer-Verlag, 2002.

17.

Gao

Yue

Huang

et al. Hulls of generalized Reed-Solomon codes via Goppa codes and their applications to quantum codes. IEEE Trans Inf Theory, Oct 2021; 67(10): 6619–6626.

18.

Wicker

Vijay

. Reed-Solomon Codes and Their Applications. Wiley-IEEE Press, 1994.

19.

Justesen

Hoholdt

. A Course In Error-Correcting Codes. Helsinki, Finland: European Mathematical Society Publishing House, second edition, 2017.

20.

Broumandnia

. Image encryption algorithm based on the finite fields in chaotic maps. J Inf Secur Applic 2020; 54: article 102553.

21.

Tiplea

Dragoi

. Generalized inverse based decoding. IEEE International Symposium on Information Theory, pp. 2791-2796, Jul 2022.

22.

Xin

George

. On the worst-case complexity of integer Gaussian elimination. International Conference on Symbolic and Algebraic Computation, pp 28–31, Jul 1997.

23.

Esmaeili

. Application of Linear Block Codes in Cryptography. PhD Dissertation Department of Electrical and Computer Engineering, University of Victoria, Victoria, BC, Canada, 2019.

24.

Farebrother

. Linear Least Squares Computations. Statistics Textbooks and Monographs, vol 91, London, UK: Taylor and Francis, 1988.

25.

Haidary Makoui

Gulliver

Dakhilaian

. A new code-based digital signature based on the McEliece cryptosystem. IET Commun Jun 2023; 17(10): 1199–1207.

26.

Menezes

van Oorschot

Vanstone

. Public-key Encryption. ch. 8, Handbook of Applied Cryptography, Boca Raton, FL, USA: CRC Press, 1997.

27.

Haidary Makoui

Gulliver

Dakhilaian

. Post Quantum code-based cryptosystems with dual inverse matrix. International Conference on Information Technology in Asia, pp.43–47, Oct 2023.

$\times$	1	2	3	4	5	6	7	8	9	A	B	C	D	E	F
0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
1	1	2	3	4	5	6	7	8	9	A	B	C	D	E	F
2	2	4	6	8	A	C	E	3	1	7	5	B	9	F	D
3	3	6	5	C	F	A	9	B	8	D	E	7	4	1	2
4	4	8	C	3	7	B	F	6	2	E	A	5	1	D	9
5	5	A	F	7	2	D	8	E	B	4	1	9	C	3	6
6	6	C	A	B	D	7	1	5	3	9	F	E	8	2	4
7	7	E	9	F	8	1	6	D	A	3	4	2	5	C	B
8	8	3	B	6	E	5	D	C	4	F	7	A	2	9	1
9	9	1	8	2	B	3	A	4	D	5	C	6	F	7	E
A	A	7	D	E	4	9	3	F	5	8	2	1	B	6	C
B	B	5	E	A	1	F	4	7	C	2	9	D	6	8	3
C	C	B	7	5	9	E	2	A	6	1	D	F	3	4	8
D	D	9	4	1	C	8	5	2	F	B	6	3	E	A	7
E	E	F	1	D	3	2	C	9	7	6	8	4	A	B	5
F	F	D	2	9	6	4	B	1	E	C	3	8	7	5	A

$\times$	1	2	3	4	5	6	7	8	9	A	B	C	D	E	F
0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
1	1	2	3	4	5	6	7	8	9	A	B	C	D	E	F
2	2	4	6	8	A	C	E	3	1	7	5	B	9	F	D
3	3	6	5	C	F	A	9	B	8	D	E	7	4	1	2
4	4	8	C	3	7	B	F	6	2	E	A	5	1	D	9
5	5	A	F	7	2	D	8	E	B	4	1	9	C	3	6
6	6	C	A	B	D	7	1	5	3	9	F	E	8	2	4
7	7	E	9	F	8	1	6	D	A	3	4	2	5	C	B
8	8	3	B	6	E	5	D	C	4	F	7	A	2	9	1
9	9	1	8	2	B	3	A	4	D	5	C	6	F	7	E
A	A	7	D	E	4	9	3	F	5	8	2	1	B	6	C
B	B	5	E	A	1	F	4	7	C	2	9	D	6	8	3
C	C	B	7	5	9	E	2	A	6	1	D	F	3	4	8
D	D	9	4	1	C	8	5	2	F	B	6	3	E	A	7
E	E	F	1	D	3	2	C	9	7	6	8	4	A	B	5
F	F	D	2	9	6	4	B	1	E	C	3	8	7	5	A

$\times$	1	2	3	4	5	6	7	8	9	A	B	C	D	E	F
0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
1	1	2	3	4	5	6	7	8	9	A	B	C	D	E	F
2	2	4	6	8	A	C	E	3	1	7	5	B	9	F	D
3	3	6	5	C	F	A	9	B	8	D	E	7	4	1	2
4	4	8	C	3	7	B	F	6	2	E	A	5	1	D	9
5	5	A	F	7	2	D	8	E	B	4	1	9	C	3	6
6	6	C	A	B	D	7	1	5	3	9	F	E	8	2	4
7	7	E	9	F	8	1	6	D	A	3	4	2	5	C	B
8	8	3	B	6	E	5	D	C	4	F	7	A	2	9	1
9	9	1	8	2	B	3	A	4	D	5	C	6	F	7	E
A	A	7	D	E	4	9	3	F	5	8	2	1	B	6	C
B	B	5	E	A	1	F	4	7	C	2	9	D	6	8	3
C	C	B	7	5	9	E	2	A	6	1	D	F	3	4	8
D	D	9	4	1	C	8	5	2	F	B	6	3	E	A	7
E	E	F	1	D	3	2	C	9	7	6	8	4	A	B	5
F	F	D	2	9	6	4	B	1	E	C	3	8	7	5	A