Primitive Vector Cipher (PVC)
- Primitive Vector Cipher (PVC) is a hybrid encryption scheme combining matrix cryptography with the V-CDH assumption for secure key exchange and encryption.
- The scheme uses independent 3×3 submatrices with session-derived masking to enable parallel processing and mitigate linear and algebraic attacks.
- Integrated with the STS protocol, PVC achieves provable IND-CPA and IND-CCA security while offering scalable performance for diverse applications.
The Primitive Vector Cipher (PVC) is a hybrid encryption scheme uniting matrix-based cryptography with advanced key exchange mechanisms, notably the Vector Computational Diffie–Hellman (V-CDH) problem. PVC achieves provable IND-CPA security under V-CDH and, when integrated with the Station-to-Station (STS) protocol, attains strong authenticated encryption. Its architecture departs from classical matrix ciphers and conventional hybrid schemes by leveraging session-derived, block-local masking and miniaturized block operations, facilitating substantial parallelism and offering robust protection against linear and algebraic cryptanalytic techniques (BİLİR, 3 Dec 2025).
1. Theoretical Foundations and Motivation
PVC addresses structural vulnerabilities inherent to traditional matrix ciphers, such as the Hill cipher, which are susceptible to known-plaintext and linear cryptanalysis due to their deterministic algebraic structure. Instead of employing a single large invertible matrix per block, PVC operates on numerous independent submatrices, each masked and processed in isolation. This significantly reduces exposure to linear attacks.
The design is driven by the following objectives:
- Elimination of deterministic repetitions and algebraic artifacts exploitables in classical schemes.
- Forward secrecy and strong authentication, enabled by integrating STS-authenticated Diffie–Hellman key exchange.
- Exploitation of data-level parallelism by encrypting multiple small matrix blocks concurrently.
2. Vector Computational Diffie–Hellman (V-CDH) Hardness Assumption
PVC’s asymmetric underpinnings are based on the V-CDH problem, defined over the multiplicative group $\FF_p^*$, where is a large prime. A primitive vector $\bg=(g_1, g_2, g_3)$, with each being a distinct generator of $\FF_p^*$, provides the group action base. V-CDH asks: given $\bg^a=(g_1^a,g_2^a,g_3^a)$ and $\bg^b=(g_1^b,g_2^b,g_3^b)$ for unknown exponents , compute $\BG=\bg^{ab}=(g_1^{ab},g_2^{ab},g_3^{ab})$.
The assumption asserts that no probabilistic polynomial-time adversary has a non-negligible advantage, i.e.,
$\FF_p^*$0
with $\FF_p^*$1 the security parameter. Notably, V-CDH is equivalent to three parallel classical CDH instances; security thus inherits the strength of underlying group operations.
3. Architecture and Cryptographic Components
PVC operates via a layered structure, blending asymmetric and symmetric primitives:
- Global Public Parameters: $\FF_p^*$2, and master-matrix dimensions $\FF_p^*$3.
- Cryptographic Primitives:
- HKDF-Extract/Expand, typically with HMAC–SHA-256, for key derivation.
- CTR-DRBG or HMAC–SHA-256 in counter mode for pseudorandom mask generation.
- Signature schemes for protocol authentication.
- Session Key Derivation: From $\FF_p^*$4, two main session keys are extracted:
- $\FF_p^*$5 for a global mask matrix.
- $\FF_p^*$6 for per-column random offsets.
- Block Key Matrices: Two secret $\FF_p^*$7 matrices:
$\FF_p^*$8
These matrices are integral to block-wise affine encryption processes.
4. Key Exchange and Encryption/Decryption Workflow
Key Exchange
PVC employs the STS protocol for authenticated ephemeral key exchange over $\FF_p^*$9:
- Each party generates a random exponent (0, 1), computes 2, 3, and exchanges commitments with appropriate signatures/MACs.
- Both parties compute the shared primitive vector 4.
- Two HKDF seeds, 5, yield 6 and 7.
Encryption
- The plaintext 8 is embedded as an 9 ASCII matrix $\bg=(g_1, g_2, g_3)$0 (padding as necessary).
- A mask matrix $\bg=(g_1, g_2, g_3)$1 is generated; $\bg=(g_1, g_2, g_3)$2.
- Index sets $\bg=(g_1, g_2, g_3)$3 define block positions; each $\bg=(g_1, g_2, g_3)$4 yields a shifting $\bg=(g_1, g_2, g_3)$5 submatrix $\bg=(g_1, g_2, g_3)$6.
- Affine encryption per block:
$\bg=(g_1, g_2, g_3)$7
with $\bg=(g_1, g_2, g_3)$8 if $\bg=(g_1, g_2, g_3)$9, else 0.
- Ciphertext blocks are further masked by a keystream vector 0, derived from 1 using HMAC–SHA-256.
- Output consists of all masked ciphertext columns 2 and the protocol header containing all necessary group and session information.
Decryption
- The recipient performs the STS protocol, recovers 3, and re-derives the secrets.
- Mask 4 is regenerated, and the inverse mask applied.
- Ciphertext columns are unmasked by subtracting 5.
- Block matrices 6 are obtained and decrypted via:
7
- The original plaintext matrix is reconstructed, verified, and decoded.
5. Security Properties and Guarantees
PVC achieves rigorous security guarantees as follows:
- IND-CPA under V-CDH: The hybrid encryption model ensures indistinguishability under chosen-plaintext attack, with the adversary's advantage bounded by the hardness of V-CDH and the PRG:
8
- IND-CCA with STS Integration: The authenticated key exchange phase prevents chosen-ciphertext modification—any CCA attempt altering 9 or $\FF_p^*$0 is detected, enforcing message integrity and decryptability only on valid transcripts.
- Resistance to Known-Plaintext and Linear Attacks: Dual masking layers (mask matrix $\FF_p^*$1 and per-column offsets $\FF_p^*$2) prevent adversaries from recovering block matrix relations, mitigating classical and algebraic attacks. Even with known plaintext masks, extracting secret matrix material $\FF_p^*$3 is as hard as resolving the underlying three-CDH V-CDH instance.
6. Performance, Scalability, and Implementation
PVC’s encryption and decryption are characterized by high throughput and linear scalability, owing to the independence of all block encryption operations.
Table: Representative Operation Counts per Matrix Size
| Matrix Size | Field mults | Field adds | HMAC calls | Peak mem |
|---|---|---|---|---|
| $\FF_p^*$4 | 216 | 216 | 54 | 140 B |
| $\FF_p^*$5 | 432 | 432 | 108 | 320 B |
| $\FF_p^*$6 | 1152 | 1152 | 288 | 1.1 KB |
- For $\FF_p^*$7 blocks, the total computational cost is $\FF_p^*$8, with each block requiring one $\FF_p^*$9 multiplication (9 mults, 6 adds), a matrix addition, and an HMAC.
- Massive parallelism is trivially obtained: block operations are entirely independent and highly amenable to vectorized or GPU-based execution, resulting in near-constant latency as $\bg^a=(g_1^a,g_2^a,g_3^a)$0 grows.
7. Comparison with Established Schemes and Parameter Selection
PVC differs from related ciphers in the following respects:
- Hill and Variants: These employ large, static matrices, leaving linear patterns. PVC’s use of numerous masked, interspersed $\bg^a=(g_1^a,g_2^a,g_3^a)$1 submatrices limits algebraic exposure per block.
- DH+AES Hybrids: Standard hybrids extract one AES key from the shared secret. PVC entangles the DH-derived primitive vector across multiple derived keys and matrices ($\bg^a=(g_1^a,g_2^a,g_3^a)$2), as well as per-column offsets, increasing cryptanalytic resistance.
- Non-commutative/Batch DH: Approaches using large non-commutative matrices face vulnerability to algebraic manipulation, whereas PVC’s small block size and layered masking neutralize such attacks.
Parameter Recommendations:
| Security Level | Prime Size (bits) | Group |
|---|---|---|
| 128-bit (standard DH) | 3072 | $\bg^a=(g_1^a,g_2^a,g_3^a)$3 |
| 192-bit | 7936 | $\bg^a=(g_1^a,g_2^a,g_3^a)$4 |
| 256-bit | 15360 | $\bg^a=(g_1^a,g_2^a,g_3^a)$5 |
A 256-bit elliptic curve group (e.g., secp256r1) achieves comparable 128-bit classical security with reduced parameter sizes. Larger $\bg^a=(g_1^a,g_2^a,g_3^a)$6 strengthens V-CDH security at the expense of arithmetic overhead; larger matrices and block counts ($\bg^a=(g_1^a,g_2^a,g_3^a)$7) increase throughput but also memory and PRG demands.
PVC thus offers a provably secure, highly parallelizable, and robust alternative to conventional hybrid and matrix-based ciphers, grounding its security in the relatively unexplored V-CDH problem and session-specific, locally-masked block architectures (BİLİR, 3 Dec 2025).