Cybernetics and Systems Analysis, Vol. 41, No. 3, 2005 ASYMMETRIC CODE-THEORETICAL SCHEMES CONSTRUCTED WITH THE USE OF ALGEBRAIC GEOMETRIC CODES Yu. V. Stasev and A. A. Kuznetsov † UDC 621.391 Asymmetric coding schemes are developed that are constructed with the use of algebraic geometric codes. Basic analytical expressions are obtained that connect the parameters of algebraic geometric codes with the parameters of asymmetric coding schemes based on these codes. Keywords: algebraic geometric codes, asymmetric coding, coding schemes. INTRODUCTION The use of asymmetric cryptosystems that do not need the organization of a secure communication channel for transmission of key information is considered to be a promising direction of modern cryptography. Code-theoretical schemes based on algebraic codes [1–4] occupy a particular place among asymmetric cryptosystems. They have an essential merit, namely, a high rate of cryptographic transformation of information. However, as is shown in [3, 4], well-known schemes based on generalized Reed–Solomon codes can be broken by algorithms of polynomial complexity. A promising direction in developing code-theoretical schemes is considered to be the use of algebraic geometric codes. The objective of this article is the development of asymmetric code-theoretical schemes with the use of algebraic geometric codes and derivation of basic analytical expressions that connect the parameters of algebraic geometric codes with the parameters of asymmetric coding schemes constructed on their basis. ASYMMETRIC CODE-THEORETICAL SCHEMES BASED ON ALGEBRAIC CODES Code-theoretical schemes for cryptographic data protection were first proposed in [1, 2]. In these schemes, the stubborn problem of decoding a random code (a generally positioned code) is used for the realization of a one-sided cryptographic function. In fact, the decoding of any linear code (general position code) is a very complicated computational problem and the complexity of its solution increases exponentially [5]. For example, for correlation decoding of an arbitrary (, , ) nkd code over GF q ( ), it is necessary, in the general case, to compare an arrived sequence with all q k code words and to select the closest word (in the Hamming metric). Even for small nkd , , , and q, the problem of correlation decoding is rather labor-consuming. This principle underlies all the cryptosystems based on code-theoretical schemes. Masking a code with a fast decoding algorithm (of polynomial complexity) under an appearance of an arbitrary (random) block code, one can represent the decoding problem for an outside observer (a probable violator) as a computationally complicated problem (of exponential complexity). For an authorized user of a cryptosystem (who has the secret key), decoding is a polynomially solvable problem. Let G be the generating matrix of a linear ( , , ) nkd code over GF q ( ) with polynomial complexity of decoding. Let X be a nonsingular k k ´ matrix over GF q ( ), let D be a diagonal matrix with nonzero elements on its diagonal, and let P be a 354 1060-0396/05/4103-0354 © 2005 Springer Science+Business Media, Inc. Kharkov University of Air Forces, Kharkov, Ukraine, † kuznetsov_alex@rambler.ru. Translated from Kibernetika i Sistemnyi Analiz, No. 3, pp. 47-57, May-June 2005. Original article submitted November 15, 2004.