1.1. Our Contribution

1.2. Related Work

Most modern symmetric cryptographic algorithms are block-based, and this feature limits the functionality of their implementation. In particular, the key size must be equal to or larger than the block size, leading to the encryption algorithm’s multiple uses for a large message. This procedure reduces the cryptographic strength of the algorithm, increases the time complexity, and, at the same time, complicates the implementation. Many authors have studied symmetric encryption algorithms in the polynomial number system. For example, Lemaire [31] proposes an 8-bit encryption algorithm based on the ideas of well-known symmetric cryptoalgorithms. The authors use divergent polynomials with variable coefficients, bitwise data operations, and two-password identification when generating pseudorandom keys. The hardware implementation of the proposed approach and comparison of the time characteristics with the AES algorithm of the 8-bit architecture based on the Arduino Uno microcontroller (ATmega328) were carried out.

A work [32] is devoted to developing and studying hardware-implemented methods of fast polynomial arithmetic for some homomorphic encryption operations based on the Karatsuba algorithm. In addition, Jayet-Griffon et al. [33] consider the possibilities of speeding up the polynomial multiplication operation for homomorphic encryption when implemented on an FPGA. In [34], a characterization of polynomial multiplication implementations for GPU-based homomorphic encryption is presented.

In [35], a highly efficient image encryption method based on permutation polynomials in finite fields was developed that is resistant to various types of attacks. In addition, the proposed encryption algorithm has no rounding errors, so encryption is lossless.

In the work [36], our effort was dedicated to developing a multifunctional architecture for the polynomial RNS within the context of cryptography. Detailed comparisons with contemporary implementations have indicated the potential utility of polynomial residue arithmetic in modular multiplication. Article [37] presents a schematic diagram of a modular pipeline multiplier, which allows for high-speed data encryption and decryption based on nonpositional polynomial RNS. The authors substantiate the efficiency of the proposed hardware design through a timing diagram. The developed pipeline device can find application in digital computing devices, particularly for high-speed data encryption based on nonpositional polynomial RNS.

In [38], a new method for constructing S-blocks of the AES algorithm is proposed based on replacing the irreducible polynomial and affine mapping. The cryptographic strength of the created S-block is evaluated by several standard tests (bijectivity, nonlinearity, strict avalanche criterion (SAC), and bit-independence criterion). It surpasses the cryptographic strength of the known S-boxes.

An article [39] proposes a method for constructing the S-block of the AES algorithm based on the smallest number of selected irreducible polynomials that meet specific criteria. There are 17 such polynomials, and their use simplifies the hardware implementation of the S-block. The SAC is studied, and it is noted that the polynomial p(x) = x⁸ + x⁷ + x⁶ + x + 1 is the best, with an outstanding value of SAC = 0.5, which indicates the cryptographic strength and reliability of the constructed S-block.

A paper [40] proposes improving the symmetric AES encryption algorithm using dynamic S-blocks whose parameters depend on the key, dynamic irreducible polynomials, and affine constants.

A paper [41] presents the most commonly used symmetric cryptosystem AES in the ring of polynomials today. The main idea is to choose an irreducible polynomial on the basis of which the encryption algorithm is built. The proposed approach was implemented in MATLAB for 30 different irreducible polynomials. As a result of the numerical experiments, it was possible to establish a negligible effect of changing irreducible polynomials on the level of the avalanche.

The authors in [42] proposed a novel method to enhance AES security against fault attacks using the polynomial RNS. The authors parallelize byte-level AES operations over GF(2⁸) by utilizing residues over smaller fields, introducing extended functionalities into AES for side-channel vulnerability analysis.

Polynomial arithmetic has also been used for asymmetric cryptosystems. In particular, in [43], modified arithmetic was developed for the RSA cryptosystem with Gauss integers and polynomials over finite fields. The analysis of the described computational procedures made it possible to determine their advantages over the classical ones. In [44], algorithmic support for the Rabin cryptosystem in the polynomial number system was proposed.

The analysis of the literary sources shows the relevance and importance of polynomial algorithms for protecting information flows. Accordingly, the development of new methods that are resistant to attacks of various types is an important direction in the development of modern cryptosystems. In particular, the combination of polynomial arithmetic and RNS in a ring of polynomials will allow parallelizing the process of performing basic operations in a ring of polynomials, which, in turn, will increase the speed of software implementation and reduce the time complexity of the algorithm, providing the required level of security.

1.3. Organization

Section 2 of this article discusses in detail the theoretical foundations for constructing symmetric cryptographic algorithms based on a polynomial RNS. Subsequently, in Section 3, the cryptographic strength of a polynomial symmetric encryption algorithm in the system of residual classes was evaluated. Finally, in Section 4, the content of this article is summarized.

2.1. Theoretical Foundations of Polynomial RNS

2.2. Development of Polynomial Symmetric Encryption Methods in the RNS

The essence of one of the methods of polynomial symmetric encryption in RNS is that when recovering a polynomial from its residuals in the sum (2), the multiplication is not by the parameters $$, but by arbitrarily chosen polynomials k_i(x), mutually prime with p_i(x).

Therefore, to generate keys, both subscribers must choose module systems known only to them p_i(x) and the corresponding polynomials k_i(x), for which the following conditions are met: 1 < degk_i(x) < degp_i(x) and GCD(k_i(x), p_i(x)) = 1, where GCD denotes greatest common divisor. If p_i(x) is an irreducible polynomial, then the second condition is always met. Accordingly, both the sender and the receiver know the parameters M_i(x) and m_i(x).

The found polynomial is a ciphertext that is transmitted over an open communication channel from one subscriber to another.

Figure 1 shows a schematic of the proposed polynomial encryption method based on the RNS.

2.3. An Example of Symmetric Polynomial Encryption in RNS

Let us consider the plaintext PSMFSRD = (15181205181703), which corresponds to the polynomial N(x) = 15x⁶ + 18x⁵ + 12x⁴ + 5x³ + 18x² + 17x + 3. According to the developed polynomial symmetric cryptosystem for three modules (s = 3), p₁(x) = x² + x + 1, p₂(x) = x³ + x + 1, and p₃(x) = x² + 1 and the chosen coefficients k₁(x) = x² + 2x + 3, k₂(x) = x³ + x² + 1, and k₃(x) = x² + 3x + 2, all the parameters are calculated as follows: P(x) = p₁(x)p₂(x)p₃(x) = x⁷ + x⁶ + 3x⁵ + 3x⁴ + 4x³ + 3x² + 2x + 1, M₁(x) = P(x)/p₁(x) = (x⁷ + x⁶ + 3x⁵ + 3x⁴ + 4x³ + 3x² + 2x + 1)/(x² + x + 1) = x⁵ + 2x³ + x² + x + 1, M₂(x) = P(x)/p₂(x) = (x⁷ + x⁶ + 3x⁵ + 3x⁴ + 4x³ + 3x² + 2x + 1)/(x³ + x + 1) = x⁴ + x³ + 2x² + x + 1, and M₃(x) = P(x)/p₃(x) = (x⁷ + x⁶ + 3x⁵ + 3x⁴ + 4x³ + 3x² + 2x + 1)/(x² + 1) = x⁵ + x⁴ + 2x³ + 2x² + 2x + 1.

The search for $$ is performed using the method of undetermined coefficients. Firstly, we look for $$. To do this, we write the equation (x + 2)(Ax + B)mod(x² + x + 1) = 1, and after transformations, we obtain (Ax² + (2A + B)x + 2B)mod(x² + x + 1) = (A + B)x + 2B − A = 1. From the last equation, it follows that 2B − A = 1 and B + A = 0 and takes the form A = 1/3 and B = 2/3. So, the sought-after inverse polynomial takes the form m₁(x) = (x + 2)⁻¹mod(x² + x + 1) = (1/3)x + 2/3. Similarly, the search for $$ is carried out. We write (x² − x)(Ax² + Bx + C)mod(x³ + x + 1) = 1, where Ax² + Bx + C is the inverse polynomial modulo. We need to find the coefficients A, B, and C that satisfies the equation. After transformations (2Ax⁴ + 2Bx³ + (A + 2C)x² + Bx + C)mod(x³ + x + 1) = (C − A − B)x² + (−C − B)x + A − B = 1, we obtain 2C − A = 0, C − B − A = 0, −C − B = 0, and A − B = 1. From here, A = 2/3, B = −1/3, and C = 1/3. So, the inverse polynomial takes the following form: $$. Similarly, the value $$ is computed. By applying the method of undetermined coefficients, the following transformations can be performed: (x)(Ax + B)mod(x² + 1) = (Ax² + Bx)mod(x² + 1)⇒Bx − A = 1. The last equation leads to a system of equations that allows us to compute the coefficients’ values A = −1 and B = 0 and thereby find the inverse polynomial modulo m₃(x) = −x. Thus, b₁(x) = N(x)mod p₁(x) = (15x⁶ + 18x⁵ + 12x⁴ + 5x³ + 18x² + 17x + 3)mod(x² + x + 1) = −7x − 13, b₂(x) = N(x)mod p₂(x) = (15x⁶ + 18x⁵ + 12x⁴ + 5x³ + 18x² + 17x + 3)mod(x³ + x + 1) = 3x² + 48x + 31, and b₃(x) = N(x)mod p₃(x) = (15x⁶ + 18x⁵ + 12x⁴ + 5x³ + 18x² + 17x + 3)mod(x² + 1) = 30x − 18.

Therefore, according to expression (3), the ciphertext is given by $$.

The parameters $$ are computed using the method of undetermined coefficients. To find the inverse polynomial $$, we write (x + 2)(Ax + B)mod(x² + x + 1) = 1⇒(Ax² + (2A + B)x + 2B)mod(x² + x + 1) = (A + B)x + 2B − A = 1, where (Ax + B) is the desired value. To determine the coefficients A and B, we compute the remainder and equate the corresponding values: (A + B)x + 2B − A = 1; from here, A = −1/3, and B = 1/3. Thus, $$.

Similarly, we search for $$, where Ax² + Bx + C is the inverse polynomial modulo. After the transformation (2Ax⁴ + 2Bx³ + (A + 2C)x² + Bx + C)mod(x³ + x + 1) = (C − A − B)x² + (−C − B)x + A − B = 1, we obtain a system of three equations with three unknowns: C − B − A = 0, −C − B = 0, and A − B = 1. From here, A = 2/3, B = −1/3, and C = 1/3. Therefore, the sought inverse polynomial in Z[x] will take the following form: $$; similarly, we can obtain $$.

In the next step, the following quantities are computed: $$, $$, and $$.

Additionally, for decryption, the following parameters need to be found: $$, $$, and $$.

Then, according to Formula (6), the original message is recovered as the plaintext: $$.

For the same input parameters as in the previous example, according to Formulas (8) and (9), the following ciphertext is obtained: $$. To decrypt, it is necessary to compute additional parameters according to Formula (4): $$.

The decryption process is carried out according to Formula (9): $$.

This simplification reduces computational complexity by avoiding the operation of finding the parameters q_i(x) and $$.

2.4. Polynomial Symmetric Encryption Method Based on CRT

Another polynomial method of symmetric encryption based on the CRT involves breaking the plaintext N(x) into blocks—polynomials N_i(x) of lower order than the selected polynomial modules. These blocks will act as remainders b_i(x) modulo the chosen moduli, such that if degp_i(x) = n, then degN_i(x) ≤ n − 1; that is, N_i(x) = a_n−1xⁿ⁻¹ + a_n−2xⁿ⁻² + ⋯+a₀x⁰. After selecting the encryption parameters, the encryption is performed according to the expression (3). The ciphertext will be the value N^′(x).

Decryption is carried out using Formulas (4) and (5), which are used to find the parameters $$ and $$. Concatenating the coefficients a_n−1 of the polynomials N_i(x) forms the plaintext. It should be noted that in the case of requiring fast decryption, the ciphertext can also be represented by the parameters b_i(x).

Figure 2 depicts the scheme of the polynomial symmetric encryption method in the CRT-based encryption system.

To encrypt using the aforementioned method, the chosen plaintext PSMFSRND = 1518120518171303 is divided into four blocks of two characters each: PS = 1518, MF = 1205, SR = 1817, and ND = 1303. Then, the plaintexts are formed as polynomials, N₁(x) = 15x + 18, N₂(x) = 12x + 5, N₃(x) = 18x + 17, and N₄(x) = 13x + 3, which are remainders modulo the chosen moduli p₁(x) = x² + x + 1, p₂(x) = x³ + x + 1, and p₃(x) = x² + 1, and the corresponding coefficients k₁(x) = x² + 2x + 3, k₂(x) = x³ + x² + 1, and k₃(x) = x² + 3x + 2. The ciphertext for the first block is computed based on Formula (3): $$.

Upon decryption using Formulas (4) and (5), the following results are obtained: $$, $$, and $$. The message is reconstructed based on the relation (5): $$.

For the second block of the input message N₂(x) = 12x + 5, the following ciphertext value is obtained: $$.

According to Formula (4), the remainders obtained are $$, $$, and $$. The restoration of the second block of the input message is done using relation (5): $$.

The ciphertext for the third block of the input message N₃(x) = 18x + 17 will have the following form: $$.

Then, according to Formula (4), the remainders obtained are $$, $$, and $$. The restoration is done using relation (5): $$. Hence, $$.

Therefore, the encrypted message for the fourth block, N₄(x) = 13x + 3 according to (3), will be the following polynomial: $$.

Then, according to Formula (4), the obtained remainders are $$, $$, and $$. The restoration of the fourth block is done based on expression (5): $$ and $$.

The concatenation of the coefficients of the remainders $$ corresponds to the input text PSMFSRND = 1518120518171303. According to the agreements between the participants, the ciphertext can be either the parameter N_i(x), or the remainders $$, where j is the block number of the message.