Public-key encryption from a trapdoor one-way embedding of $SL_2(\mathbb{N}$)
Robert Hines
TL;DR
The paper proposes a public-key encryption scheme built from a trapdoor one-way embedding of words into $SL_2(\mathbb{N})$, mapping $\lambda$-bit strings to words and obfuscating them via conjugation and higher-dimensional block embeddings. It formalizes a concrete instantiation using generators $L=(1011)$ and $R=(1101)$, randomized generators $G_0,G_1$, and a secret $S$ in $GL_{2n}(\mathbb{Z}/m\mathbb{Z})$, with public keys $P_0,S^{-1}\widetilde{G_0}S$ and $P_1,S^{-1}\widetilde{G_1}S$, and plaintexts encrypted by multiplying public-key matrices. Decryption inverts the embedding by conjugating back with $S$, then reduces to a factorization task in $SL_2^{(\lambda)}(\mathbb{N})$ to recover the message; the paper provides a reference Python implementation and discusses parameter regimes, practical timings, and significant open questions on security. Critical observations include explicit security gaps (notably potential trace leakage and lack of randomness), a discussion of parameter trade-offs (dimension $n$, word-length $l$, and modulus $m$), and proposed avenues for improvement and further cryptanalysis, especially for reliable IND-CPA or KEM deployment.
Abstract
We obfuscate words of a given length in a free monoid on two generators with a simple factorization algorithm (namely $SL_2(\mathbb{N})$) to create a public-key encryption scheme. We provide a reference implementation in Python and suggested parameters. The security analysis is between weak and non-existent, left to future work.