On the algebraic structure of $E_p^{(m)}$ and applications to cryptography

TL;DR

This paper reveals the algebraic structure of the ring $E_p^{(m)}$, enabling efficient solutions to linear systems over it and breaking certain cryptographic protocols based on this ring.

Contribution

It establishes an isomorphism between $E_p^{(m)}$ and a submodule of matrix rings, facilitating cryptanalysis of protocols using $E_p^{(m)}$.

Findings

Linear systems over $E_p^{(m)}$ can be solved efficiently.

Cryptographic protocols based on $E_p^{(m)}$ are vulnerable.

The algorithm runs in $O(m^{6})$ time.

Abstract

In this paper we show that the $\mathbb Z/p^{m}\mathbb Z$-module structure of the ring $E_p^{(m)}$ is isomorphic to a $\mathbb Z/p^{m}\mathbb Z$-submodule of the matrix ring over $\mathbb Z/p^{m}\mathbb Z$. Using this intrinsic structure of $E_p^{(m)}$, solving a linear system over $E_p^{(m)}$ becomes computationally equivalent to solving a linear system over $\mathbb Z/p^{m}\mathbb Z$. As an application we break the protocol based on the Diffie-Hellman Decomposition problem and ElGamal Decomposition problem over $E_p^{(m)}$. Our algorithm terminates in a provable running time of $O(m^{6})$ $\mathbb Z/p^{m}\mathbb Z$-operations.