Papers
Topics
Authors
Recent
Search
2000 character limit reached

Primitive Vector Cipher (PVC)

Updated 2 July 2026
  • Primitive Vector Cipher (PVC) is a hybrid encryption scheme combining matrix cryptography with the V-CDH assumption for secure key exchange and encryption.
  • The scheme uses independent 3×3 submatrices with session-derived masking to enable parallel processing and mitigate linear and algebraic attacks.
  • Integrated with the STS protocol, PVC achieves provable IND-CPA and IND-CCA security while offering scalable performance for diverse applications.

The Primitive Vector Cipher (PVC) is a hybrid encryption scheme uniting matrix-based cryptography with advanced key exchange mechanisms, notably the Vector Computational Diffie–Hellman (V-CDH) problem. PVC achieves provable IND-CPA security under V-CDH and, when integrated with the Station-to-Station (STS) protocol, attains strong authenticated encryption. Its architecture departs from classical matrix ciphers and conventional hybrid schemes by leveraging session-derived, block-local masking and miniaturized block operations, facilitating substantial parallelism and offering robust protection against linear and algebraic cryptanalytic techniques (BİLİR, 3 Dec 2025).

1. Theoretical Foundations and Motivation

PVC addresses structural vulnerabilities inherent to traditional matrix ciphers, such as the Hill cipher, which are susceptible to known-plaintext and linear cryptanalysis due to their deterministic algebraic structure. Instead of employing a single large invertible matrix per block, PVC operates on numerous independent 3×33\times3 submatrices, each masked and processed in isolation. This significantly reduces exposure to linear attacks.

The design is driven by the following objectives:

  • Elimination of deterministic repetitions and algebraic artifacts exploitables in classical schemes.
  • Forward secrecy and strong authentication, enabled by integrating STS-authenticated Diffie–Hellman key exchange.
  • Exploitation of data-level parallelism by encrypting multiple small matrix blocks concurrently.

2. Vector Computational Diffie–Hellman (V-CDH) Hardness Assumption

PVC’s asymmetric underpinnings are based on the V-CDH problem, defined over the multiplicative group $\FF_p^*$, where pp is a large prime. A primitive vector $\bg=(g_1, g_2, g_3)$, with each gig_i being a distinct generator of $\FF_p^*$, provides the group action base. V-CDH asks: given $\bg^a=(g_1^a,g_2^a,g_3^a)$ and $\bg^b=(g_1^b,g_2^b,g_3^b)$ for unknown exponents a,ba, b, compute $\BG=\bg^{ab}=(g_1^{ab},g_2^{ab},g_3^{ab})$.

The assumption asserts that no probabilistic polynomial-time adversary has a non-negligible advantage, i.e.,

$\FF_p^*$0

with $\FF_p^*$1 the security parameter. Notably, V-CDH is equivalent to three parallel classical CDH instances; security thus inherits the strength of underlying group operations.

3. Architecture and Cryptographic Components

PVC operates via a layered structure, blending asymmetric and symmetric primitives:

  • Global Public Parameters: $\FF_p^*$2, and master-matrix dimensions $\FF_p^*$3.
  • Cryptographic Primitives:
    • HKDF-Extract/Expand, typically with HMAC–SHA-256, for key derivation.
    • CTR-DRBG or HMAC–SHA-256 in counter mode for pseudorandom mask generation.
    • Signature schemes for protocol authentication.
  • Session Key Derivation: From $\FF_p^*$4, two main session keys are extracted:
    • $\FF_p^*$5 for a global mask matrix.
    • $\FF_p^*$6 for per-column random offsets.
  • Block Key Matrices: Two secret $\FF_p^*$7 matrices:

$\FF_p^*$8

These matrices are integral to block-wise affine encryption processes.

4. Key Exchange and Encryption/Decryption Workflow

Key Exchange

PVC employs the STS protocol for authenticated ephemeral key exchange over $\FF_p^*$9:

  1. Each party generates a random exponent (pp0, pp1), computes pp2, pp3, and exchanges commitments with appropriate signatures/MACs.
  2. Both parties compute the shared primitive vector pp4.
  3. Two HKDF seeds, pp5, yield pp6 and pp7.

Encryption

  1. The plaintext pp8 is embedded as an pp9 ASCII matrix $\bg=(g_1, g_2, g_3)$0 (padding as necessary).
  2. A mask matrix $\bg=(g_1, g_2, g_3)$1 is generated; $\bg=(g_1, g_2, g_3)$2.
  3. Index sets $\bg=(g_1, g_2, g_3)$3 define block positions; each $\bg=(g_1, g_2, g_3)$4 yields a shifting $\bg=(g_1, g_2, g_3)$5 submatrix $\bg=(g_1, g_2, g_3)$6.
  4. Affine encryption per block:

$\bg=(g_1, g_2, g_3)$7

with $\bg=(g_1, g_2, g_3)$8 if $\bg=(g_1, g_2, g_3)$9, else 0.

  1. Ciphertext blocks are further masked by a keystream vector gig_i0, derived from gig_i1 using HMAC–SHA-256.
  2. Output consists of all masked ciphertext columns gig_i2 and the protocol header containing all necessary group and session information.

Decryption

  1. The recipient performs the STS protocol, recovers gig_i3, and re-derives the secrets.
  2. Mask gig_i4 is regenerated, and the inverse mask applied.
  3. Ciphertext columns are unmasked by subtracting gig_i5.
  4. Block matrices gig_i6 are obtained and decrypted via:

gig_i7

  1. The original plaintext matrix is reconstructed, verified, and decoded.

5. Security Properties and Guarantees

PVC achieves rigorous security guarantees as follows:

  • IND-CPA under V-CDH: The hybrid encryption model ensures indistinguishability under chosen-plaintext attack, with the adversary's advantage bounded by the hardness of V-CDH and the PRG:

gig_i8

  • IND-CCA with STS Integration: The authenticated key exchange phase prevents chosen-ciphertext modification—any CCA attempt altering gig_i9 or $\FF_p^*$0 is detected, enforcing message integrity and decryptability only on valid transcripts.
  • Resistance to Known-Plaintext and Linear Attacks: Dual masking layers (mask matrix $\FF_p^*$1 and per-column offsets $\FF_p^*$2) prevent adversaries from recovering block matrix relations, mitigating classical and algebraic attacks. Even with known plaintext masks, extracting secret matrix material $\FF_p^*$3 is as hard as resolving the underlying three-CDH V-CDH instance.

6. Performance, Scalability, and Implementation

PVC’s encryption and decryption are characterized by high throughput and linear scalability, owing to the independence of all block encryption operations.

Table: Representative Operation Counts per Matrix Size

Matrix Size Field mults Field adds HMAC calls Peak mem
$\FF_p^*$4 216 216 54 140 B
$\FF_p^*$5 432 432 108 320 B
$\FF_p^*$6 1152 1152 288 1.1 KB
  • For $\FF_p^*$7 blocks, the total computational cost is $\FF_p^*$8, with each block requiring one $\FF_p^*$9 multiplication (9 mults, 6 adds), a matrix addition, and an HMAC.
  • Massive parallelism is trivially obtained: block operations are entirely independent and highly amenable to vectorized or GPU-based execution, resulting in near-constant latency as $\bg^a=(g_1^a,g_2^a,g_3^a)$0 grows.

7. Comparison with Established Schemes and Parameter Selection

PVC differs from related ciphers in the following respects:

  • Hill and Variants: These employ large, static matrices, leaving linear patterns. PVC’s use of numerous masked, interspersed $\bg^a=(g_1^a,g_2^a,g_3^a)$1 submatrices limits algebraic exposure per block.
  • DH+AES Hybrids: Standard hybrids extract one AES key from the shared secret. PVC entangles the DH-derived primitive vector across multiple derived keys and matrices ($\bg^a=(g_1^a,g_2^a,g_3^a)$2), as well as per-column offsets, increasing cryptanalytic resistance.
  • Non-commutative/Batch DH: Approaches using large non-commutative matrices face vulnerability to algebraic manipulation, whereas PVC’s small block size and layered masking neutralize such attacks.

Parameter Recommendations:

Security Level Prime Size (bits) Group
128-bit (standard DH) 3072 $\bg^a=(g_1^a,g_2^a,g_3^a)$3
192-bit 7936 $\bg^a=(g_1^a,g_2^a,g_3^a)$4
256-bit 15360 $\bg^a=(g_1^a,g_2^a,g_3^a)$5

A 256-bit elliptic curve group (e.g., secp256r1) achieves comparable 128-bit classical security with reduced parameter sizes. Larger $\bg^a=(g_1^a,g_2^a,g_3^a)$6 strengthens V-CDH security at the expense of arithmetic overhead; larger matrices and block counts ($\bg^a=(g_1^a,g_2^a,g_3^a)$7) increase throughput but also memory and PRG demands.

PVC thus offers a provably secure, highly parallelizable, and robust alternative to conventional hybrid and matrix-based ciphers, grounding its security in the relatively unexplored V-CDH problem and session-specific, locally-masked block architectures (BİLİR, 3 Dec 2025).

Definition Search Book Streamline Icon: https://streamlinehq.com
References (1)

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Primitive Vector Cipher (PVC).