All exceptional groups of lie type have minimal logarithmic signatures

AAECC (2014) 25:287–296 DOI 10.1007/s00200-014-0226-3 ORIGINAL PAPER

All exceptional groups of lie type have minimal logarithmic signatures Haibo Hong · Licheng Wang · Yixian Yang · Haseeb Ahmad

Received: 3 July 2013 / Accepted: 27 May 2014 / Published online: 19 June 2014 © Springer-Verlag Berlin Heidelberg 2014

Abstract As a special type of factorization of finite groups, logarithmic signature (LS) is used as the main component of cryptographic keys for secret key cryptosystems such as PGM and public key cryptosystems like M ST1 , M ST2 and M ST3 . An LS with the shortest length is called a minimal logarithmic signature (MLS) that is highly favourable to be used for cryptographic constructions. The MLS conjecture states that every finite simple group has an MLS. Recently, Nikhil Singhi et al. proved the MLS conjecture to be true for some families of simple groups. In this paper, we firstly prove the existence of MLSs for the exceptional groups of Lie type. Keywords signature

Exceptional groups of Lie type · Simple groups · (Minimal) logarithmic

Mathematics Subject Classification (2010) 20E28 · 20E32 · 20D06 · 05E15 · 51A40

94A60 · 11T71 · 14G50 · 20G40 ·

H. Hong · L. Wang (B) · Y. Yang · H. Ahmad Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, People’s Republic of China e-mail: [email protected] H. Hong e-mail: [email protected] Y. Yang e-mail: [email protected] H. Ahmad e-mail: [email protected]

123

288

H. Hong et al.

1 Introduction Public Key Cryptography depends on hard mathematical problems that are often driven from number theory. In the early 1980s, several authors explored the possibility of using group theoretical problems for cryptography [7]. In particular owing to Magliveras et al., there are various proposals for cryptographic schemes such as M ST1 , M ST2 and M ST3 [5,6,9,10,13,14] which utilize special factorizations [called logarithmic signatures (LSs)] of finite groups [7,8]. In order to apply LSs in some practical cryptographic schemes effectively, the question of finding LSs with shortest length [called minimal logarithmic signatures (MLSs)] arises naturally. Such MLSs would be desirable for realizing the M ST public key cryptosystems. Besides, from the mathematical point of view, an MLS for a group allows us to store the group in an efficient way and helps us for understanding the structure of the group in a better way. However, the problem of existence of MLSs for finite groups should be taken into account first. In fact, an outstanding work has been done in searching MLSs for finite groups. In 2003, Vasco et al. [3] proved the existence of MLSs for all groups of order less than 175,560. In 2004, Holmes [4] presented MLSs for some sporadic groups. In 2005, Lempken et al. [6] proposed MLSs for some finite simple groups. Recently, Singhi et al. [11,12] have achieved some effective results. Meanwhile, they put forward the MLS conjecture that says every finite simple group has an MLS. However, the conjecture is still an open problem. So in this sense, it is meaningful for us to continue the work. Actually, exceptional groups of Lie type have permutation representations over appropriate subsets of isotopic 1-subspaces. Stabilizers [15] in such permutation representations are well understood. Thus we proposed a method of creating MLSs by utilizing stabilizers and linear transformations in corresponding algebraic systems (Octonion algebra, Albert algebra and Lie algebra) to factorize each group G into a product of “disjoint” subgroups with the property that each subgroup has an MLS. Therefore, we obtain a desired MLS for G by joining the MLSs of the subgroups together. For each of exceptional group of Lie type, the proposed MLS has the similar structure as [A, T1 , T2 , G w ] or [A, T, G w ], where G w is the stabilizer of corresponding exceptional group of Lie type G; T1 , T2 are the cyclic maximal tori of G [1]; T is the sharp cyclic torus of G [1]; A is a product of some cyclic subgroups of G (see Table 1). 2 Preliminaries 2.1 LS and MLS Definition 1 (LS) [6] Let G be a finite group, A ⊆ G. Let α = [A1 , . . . , As ] be a sequence of ordered subsets Ai of G such that Ai = [ai1 , . . . , airi ] with ai j ∈ G, (1 ≤ j ≤ ri ). Then α is called an LS for G (or A) if each g ∈ G (or A) is uniquely represented as a product g = a1 j1 . . . as js with ai ji ∈ Ai (1 ≤ i ≤ s).

123

∈

2 (q)

for x ∈

3D

6 (q)

E 8 (q)

E 7 (q)

2E

E 6 (q)

2 F (q) 4

=

q 2 −1 x2 ,a3

=

=

q 2 −1 x2 ,a3

=

q 3 −1 x3

q−1

,a2 = x2

q−1

,a2 = x2

,a3 = x3

q−1

,a2 = x2

,a3 = x3

q 9 −1

a1 =

q 6 −1 x1 ,a2

=

q 10 −1 x2 ,a3

=

q 12 −1 x3 ,a4

A = A1 A2 A3 A4 ,Ai = ai ,1 ≤ i ≤ 4

a1 = x 1

q 5 −1

A = A1 A2 A3 ,Ai = ai ,1 ≤ i ≤ 3

a1 = x 1

(q 3 −1)(q+1)

A = A1 A2 A3 ,Ai = ai ,1 ≤ i ≤ 3

a1 = x 1

q 4 −1

A = A1 A2 ,Ai = ai ,1 ≤ i ≤ 2

a1 =

q−1 x1 ,a2

q 4 −1 x4

=

q 6 −1

q 3 −1 x3 , a4

A = A1 A2 A3 ,Ai = ai ,1 ≤ i ≤ 3

a1 =

q−1 x1 ,a2

=

4 (q)

A = A1 A2 A3 A4 , Ai = ai ,1 ≤ i ≤ 4

a2 =

3 x q −1

F4 (q)

a1 =

2 x q −1 ,

A = A1 A2 , Ai = ai , 1 ≤ i ≤ 2

a=

2G

|A| = 1

4 (q)

3D

x q−1 , x

A = a

2 B (q) 2

2 (q)

|T |(q−1) x4

2q + 1 √ 2q + 1

√

|T2 | =

√

− q7

+ q5

− q4

+ q3

|T | = (q 8 − q 7 + q 5 − q 4 + q 3 − q + 1)/2 for q odd

|T | = q8

|T | = (q 7 + 1)/2 for q odd

|T | = q 7 + 1 for q even

|T2 | = (q 4 + 1)(q 2 − 1)

|T1 | = q 6 − q 3 + 1,

− q + 1 for q even

2q 3 + q + 2q + 1  √ − 2q 3 + q − 2q + 1

|T | = q 6 + q 3 + 1

q2

|T1 | = q 2 +



|T | = q 4 − q 2 + 1

|T2 | = q −

|T1 | = q +

|T | = q 4 − q 2 + 1

|T2 | = q 2 − q + 1 √ |T1 | = q + 3q + 1 √ |T1 | = q − 3q + 1

2G

|T1 | = q 2 + q + 1

A = a

a = x q−1 , x ∈ G 2 (q)

G 2 (q)

T or T1 , T2

A

G

Table 1 MLSs for exceptional groups of lie type

G w = q 1 · q 56 : 2 · (E 7 (q) × C(q−1)/2 ) · 2 for q odd

G w = q 1 · q 56 : (E 7 (q) × Cq−1 ) for q even

G w = q 27 : 2 · (E 6 (q) × C(q−1)/2 ) · 2 for q odd

G w = q 27 : (E 6 (q) × Cq−1 ) for q even

G w = q 21 : (SU6 (q) × Cq−1 )

G w = q 16 : (+ 10 (q) × C q−1 )

G w = q 1 · q 4 · q 1 · q 4 : (2 B2 (q) × Cq−1 )

G w = (q 6 × q 1+8 )Sp6 (q)· Cq−1 for q even

G w = q 7+8 : 2 · 7 (q)· Cq−1 for q odd,

G w = q 1+1 · Cq−1

G w = q 2+3+6 : S L 2 (q) · Cq2 −1

G w = q 1+1+1 : Cq−1

G w = q 2+1+2 : G L 2 (q)

Gw

All exceptional groups of lie type 289

123

290

H. Hong et al.

The  sequences Ai are called the blocks ofα, the length of α is defined to be  a a s ri . Let |G| = kj=1 p j j (or |A| = kj=1 p j j ) be the prime power decoml(α) = i=1 position of |G|(or  |A|) and α = [A1 , A2 , . . . , As ] be an LS for G(or A). From [2], we have l(α) ≥ kj=1 a j p j .  Definition 2 (MLS) [6] An LS α for a finite group G(or A) with l(α) = kj=1 a j p j is called an MLS for G(or A). Lemma 1 [11] Let A, B ≤ G, if A and B satisfy any one of the two conditions as follows: (i) G = AB and A ∩ B = {1} (ii) G = A : B is a semi-direct product of A and B, A ∩ B = {1} then, [A, B] is an LS for G. Lemma 2 [11,12] If G is solvable, then G has an MLS. Lemma 3 [12] Let G be a finite group and x ∈ G be an element of order t. For s ∈ N , s ≤ t, let S = {x i |0 ≤ i < s} = {1, x 1 , x 2 , . . . , x s−1 } be a cyclic set generated by x. Then S has an MLS β = [A1 , A2 , . . . , Ak ] satisfying the following condition: For any list [ ji , j2 , . . . , jk ], such that x ji ∈ Ai , 1 ≤ i ≤ k,

k 

ji < s.

i=1

Lemma 4 [12] Let G be a finite group and [A1 , . . . , Ar ] be an LS for G such that for each subset A j , 1 ≤ j ≤ r , an MLS exists. Then G has an MLS. 2.2 Ten families of exceptional groups of lie type From the Lie algebra point of view, the exceptional groups can be divided into three different types [15]. The first type consists of five families of Chevalley (untwisted) groups G 2 (q), F4 (q), E 6 (q), E 7 (q) and E 8 (q) with q a power of a prime. Next are the Steinberg-Tits-Hertzig twisted groups 3 D4 (q) and 2 E 6 (q) for any finite field Fq with q a power of a prime. Finally, there are three families of Suzuki and Ree groups 2 B (22n+1 ),2 G (32n+1 ) and 2 F (22n+1 ). 2 2 4 2.3 Some algebra systems The (real) Octonion algebra O [15], sometimes called the Cayley numbers, which can be built by taking 7 mutually orthogonal square roots of −1, labelled by i 0 , . . . , i 6 with the condition that for each t, the elements i t , i t+1 , i t+3 satisfy the same multiplication rules as i, j, k in the Quaternion algebra. So we observe that multiplication is nonassociative. For example, (i 0 i 1 )i 2 = i 3 i 2 = −i 5 but i 0 (i 1 i 2 ) = i 0 i 4 = i 5 . In order to accurately represent Octonion algebra over any field F of characteristic not only 2, we need to choose a suitable basis. Let a, b ∈ Fq such that b = 0 and a 2 + b2 = −1. Thus our new basis is {y1 , y2 , . . . , y8 } defined by Wilson [15]

123

All exceptional groups of lie type

291

2y1 = i 4 + ai 6 + bi 0 , 2y2 = i 2 + bi 3 + ai 5 , 2y3 = i 1 − bi 6 + ai 0 , 2y4 = 1 + ai 3 − bi 5 , 2y5 = 1 − ai 3 + bi 5 , 2y6 = i 1 + bi 6 − ai 0 , 2y7 = i 2 − bi 3 − ai 5 , 2y8 = i 4 − ai 6 − bi 0 . Then the general norm N (x) = x x, where “ ¯ ” called octonion conjugation is the F-linear map fixing 1 and negating i 0 , . . . , i 6 . Also the real part is denoted by Re(x) = 1 2 (x + x), so x = 2Re(x) − x. The norm N also represents a quadratic form which satisfy N (λu + v) = λ2 N (u) + λ f (u, v) + N (v) for all u, v ∈ V, λ ∈ F, and the associated bilinear form is presented as f (x, y) = N (x + y) − N (x) − N (y) = 2Re(x y). The algebra of n ×n matrices is defined by the well-known matrix product, which is associative but non-commutative when n > 1. Albert algebra [15] is a 27-dimensional non-associative real algebra of matrices. It is constructed as the algebra of 3 × 3 Hermitian matrices (i.e. matrices that x T = x) over the octonions. For brevity, we ⎛ x such ⎞ d F E define (d, e, f |D, E, F)=⎝ F e D ⎠ where d, e and f lie in the ground field, while E D f D, E and F are corresponding 8-dimensional subspaces generated by {1, i 0 , . . . , i 6 }. A Lie algebra is a non-associative algebra which is a vector space V over some field F together with a binary operation [·, ·] : V × V → V satisfies the corresponding Lie conditions [15]. A concrete example of Lie algebra is the algebra of n × n matrices which is denoted by the multiplication [A, B] = AB − B A. 3 Main results In this section, we will describe a construction of MLS concretely for each of the groups in the ten families of exceptional groups of Lie type. Firstly, we take advantage of Octonion algebra to construct MLSs for G 2 (q), 2 G 2 (q), 3 D4 (q) and 2 B2 (q); then we use Albert algebra to construct corresponding MLSs for F4 (q), 2 F4 (q), E 6 (q) and 2 E (q); finally, we utilize Lie algebra to construct MLSs for the last two groups E (q) 6 7 and E 8 (q). 3.1 MLSs for G 2 (q),2 G 2 (q),3 D4 (q) and 2 B2 (q) As described in Sect. 2, we choose the vector space V with basis B = {y1 , y2 , . . . , y8 }. The bilinear form f is defined by f (x, y) = 2Re(x y) for all x, y ∈ V . Quadratic form N can also be defined by N (x) = x x for all x ∈ V . We provide the proofs of following theorems.

123

292

H. Hong et al.

Theorem 1 G 2 (q) has an MLS. Proof Let q be a power of prime, and V a vector space with basis B. Then we can see that |G 2 (q)| = q 6 (q 6 − 1)(q 2 − 1). Let w = y1  be the isotopic 1-space of V , then from Wilson [15], the stabilizer G w which is the maximal parabolic subgroup of G 2 (q) has the shape of semi-direct product q 2+1+2 : G L 2 (q). Also from [1], there are two maximum cyclic tori T1 and T2 in G 2 (q) which satisfy T1 ∩ T2 = 1, |T1 | = q 2 + q + 1 and |T2 | = q 2 − q + 1. Let W = {y2 , y3 } be a 2-subspace of V . For s ∈ W , the linear transformation Ts : W → W is defined by Ts (v) = sv for all v ∈ W . Let α be a primitive element of the field Fq 2 and x ∈ G 2 (q) be the matrix corresponding to the linear transformation Tα . Then a = x q−1 is the matrix corresponding to the linear transformation Tαq−1 . Let A = a, so we can see that A is a cyclic group with order q + 1. Hence, from Lemma 1, we can see that [A, T1 , T2 , G w ] is an LS for G 2 (q). Besides, from Lemma 2 and Lemma 3 , A, T1 , T2 and G w have MLSs. Finally now it

follows using Lemma 4, that G 2 (q) has an MLS. Theorem 2 2 G 2 (q) has an MLS. Proof According to the definition of 2 G 2 (q), when q = 32m+1 , the basis B of V is given as follows [15]: v1 = i 3 + i 5 + i 6 , v2 = i 1 + i 2 + i 4 , v3 = i 0 − i 3 + i 6 , v4 = i 2 − i 1 , v5 = −i 0 + i 3 − i 6 , v6 = −i 1 = −i 2 + i 4 , v7 = −i 3 + i 5 − i 6 . Then from Wilson [15], |2 G 2 (q)| = q 3 (q 3 + 1)(q + 1). Let w = v1  be the isotopic 1-space of V , from Wilson [15], we can see that the stabilizer G w has the 2 type q 1+1+1 √ has two cyclic maximum tori T1 with √ : Cq−1 . Then from [1], G 2 (q) order q + 3q + 1 and T2 with order q − 3q + 1 which satisfy T1 ∩ T2 = 1. Let W = {v2 , v3 } be a 2-subspace of V . Let α be a primitive element of Fq 2 , x ∈ 2 G 2 (q) be a matrix corresponding to the linear transformation Tα . Therefore, a = x q−1 is a matrix q−1 corresponding to the linear transformation Tα . A = a with order q + 1 is also a cyclic subgroup of 2 G 2 (q) generated by a. Therefore, from Lemma 1, [A, T1 , T2 , G w ] is an LS for 2 G 2 (q). From Lemma 2 and Lemma 3, A, T1 , T2 and G w have MLSs.

Finally now it follows using Lemma 4, that 2 G 2 (q) has an MLS. Theorem 3

3D

4 (q)

has an MLS.

Proof When q is a power of a prime, the basis of 3 D4 (q) is the same as G 2 (q), but the Octonion algebra is defined over Fq 3 by the field automorphism x → x q of order 3. From Wilson [15], |3 D4 (q)| = q 12 (q 8 + q 4 + 1)(q 6 − 1)(q 2 − 1). The stabilizer

123

All exceptional groups of lie type

293

G w of the 1-space w = y1  which is the maximal parabolic subgroup of 3 D4 (q) has the shape q 2+3+6 : S L 2 (q) · Cq 2 −1 , the sharply cyclic torus T is of order q 4 − q 2 + 1. Let W = {y1 , y2 , . . . , y6 } be a 6-subspace of V , α be the primitive element of Fq 6 , q 2 −1

a1 = x 1

q 3 −1

and a2 = x2

be the matrices corresponding to the linear transformation

q 2 −1 q 3 −1 Tα and Tα , respectively. Then A1 of 3 D4 (q). Besides, A1 ∩ A2 = 1. From

= a1  and A2 = a2  are cyclic subgroups Lemma 2 and Lemma 3, A, T1 , T2 and G w have MLSs. Finally now it follows using Lemma 4, that 3 D4 (q) has an MLS. Theorem 4

2 B (q) 2

has an MLS.

Proof According to the definition of 2 B2 (q), q = 22m+1 . Being a little different from the basis above, we take the symplectic basis as the basis for 2 B2 (q). The basis B of V is presented as follows [15]: e1 = (1, 0, 0, 0, 0, 1), f 1 = (1, 1, 0, 0, 0, 0), e2 = (0, 0, 1, 1, 0, 0), f 2 = (0, 0, 0, 1, 1, 0). Also from Wilson [15], |2 B2 (q)| = q 2 (q 2 + 1)(q − 1). Let w = e1  be the isotopic 1-space of V , from Wilson [15], we can see that the stabilizer G w has the 1+1 · C shape q−1 . Then from [1], √ the two maximum cyclic tori are T1 of order √q q + 2q + 1 and T2 of order q − 2q + 1. Meanwhile, T1 ∩ T2 = 1. So from Lemma 1, [T1 , T2 , G w ] is an LS for 2 B2 (q). Then from Lemma 2 and Lemma 3, T1 , T2 and G w have MLSs. Finally now it follows using Lemma 4, that 2 B2 (q) has an MLS. 3.2 MLSs for F4 (q),2 F4 (q), E 6 (q) and 2 E 6 (q) As described as Sect. 2, the vector space V in the Albert algebra has basis B = {vi , vi , vi |0 ≤ i ≤ 8} which is defined by Wilson [15] v0 = (1, 0, 0|0, 0, 0) and vi = (0, 0, 0|xi , 0, 0)

for i > 0,

v0 v0

for i > 0, for i > 0.

= (0, 1, 0|0, 0, 0) and vi = (0, 0, 0|0, xi , 0) = (0, 0, 1|0, 0, 0) and vi = (0, 0, 0|0, 0, xi )

We provide the proofs of following theorems. Theorem 5 F4 (q) has an MLS. Proof  When q is a power of a prime, from Wilson [15], we can see that |F4 (q)| = q 24 i=2,6,8,12 (q i − 1). Let W = v1  be the isotopic 1-space of V , the stabilizer G w has the shape q 7+8 : 2 · 7 (q).Cq−1 for q odd and (q 6 × q 1+8 )Sp6 (q).Cq−1 for q even. The sharply cyclic torus T is of order q 4 − q 2 + 1. Let W1 = {v1 , v1 , v1 }, W2 = {v1 , v2 , v3 , v4 }, W3 = {v2 , v2 , v2 , v3 , v3 , v3 } and W4 = {v0 , v1 , . . . v7 } be the corresponding 3- subspace, 4- subspace, 6- subspace and 8- subspace of V, a1 = q−1

x1

q 2 −1

, a2 = x 2

q 3 −1

, a3 = x 3

q 4 −1

and a4 = x4

be the matrices corresponding to

123

294

H. Hong et al.

the linear transformation T α q−1 , T β q −1 , T γ q −1 and T τ q −1 , respectively. Then A1 = a1 , A2 = a2 , A3 = a3  and A4 = a4  are the corresponding cyclic subgroups of F4 (q). Lemma 1 implies that [A1 , A2 , A3 , A4 , T, G w ] is an LS for F4 (q). Also from Lemmas 2 and 3, we conclude that A1 , A2 , A3 , A4 , T, G w have MLSs.

Finally now it follows using Lemma 4, that F4 (q) has an MLS. 2

Theorem 6

2 F (q) 4

3

4

has an MLS.

Proof As described as the definition of 2 F4 (q), when q = 22m+1 , the basis B of V is almost the same as described aforementioned, but we replace v0 , v0 , v0 with v9 = v0 + 1, v9 = v0 + 1, v9 = v0 + 1. From Wilson [15], we have |2 F4 (q)| = q 12 (q 6 + 1)(q 4 − 1)(q 3 + 1)(q − 1). Meanwhile, the stabilizer G w = q 1 · q 4 · q 1 · q 4 : tori are T1 and T2 which (2 B2 (q) × Cq−1 ) with 1 . The two cyclic maximum  w = v√  √ satisfy |T1 | = q 2 + 2q 3 +q + 2q +1, |T2 | = q 2 − 2q 3 +q − 2q +1 and T1 ∩T2 = 1. Let W1 = {v1 , v1 }, W2 = {v2 , v2 , v3 , v3 }, W3 = {v8 , v8 , v8 , v9 , v9 , v9 }, A1 = a1 , A2 = a2  and A3 = a3  be the corresponding cyclic subgroups of 2 F4 (q). Then [A1 , A2 , A3 , T1 , T2 , G w ] is an LS for 2 F4 (q). From Theorem 4, 2 B2 (q) has an MLS. Hence, G w has an MLS. Finally now it follows using Lemma 2, Lemma 3 and Lemma 4, that 2 F4 (q) has an MLS. Theorem 7 E 6 (q) has an MLS. Proof  Let q be a power of a prime, the basis B same as F4 (q). |E 6 (q)| = q 36 i=2,5,6,8,9,12 (q i − 1). The stabilizer G w = q 16 : (+ 10 (q) × C q−1 ). Also, 6 3 the sharply cyclic torus T has order q + q + 1. Let W1 = {v1 , v1 , v1 }, W2 = {v2 , v2 , v2 , v3 , v3 , v3 , . . . , v5 , v5 , v5 } be the corresponding 3-subspace, 12-subspace of V . A1 = a1 , A2 = a2  are cyclic subgroups of E 6 (q). Finally now it follows using Lemma 2, Lemma 3 and Lemma 4, that E 6 (q) has an MLS. Theorem 8

2E

6 (q)

has an MLS.

Proof Let q be a power of a prime, and w = v1  the 1-space of V . Then the stabilizer G w has the shape q 21 : (SU6 (q) × Cq−1 ). The two cyclic maximum tori are T1 of order q 6 − q 3 + 1 and T2 of order (q 4 + 1)(q 2 − 1), respectively. In addition, we have that T1 ∩ T2 = 1. Now, let us construct three subspaces W1 = {v1 , v1 , v1 }, W2 = {v2 , v2 , v2 , v3 , v3 , v3 } and W3 = {v4 , v4 , v4 , v5 , v5 , v5 . . . , v7 , v7 , v7 }. Suppose that q−1

(q 3 −1)(q+1)

q 6 −1

and a3 = x3 are the matrices corresponding to the a1 = x 1 , a2 = x 2 3 −1)(q+1) 6 q−1 (q linear transformation T α , T β and T γ q −1 , respectively. Then A1 = a1 , A2 = a2  and A3 = a3  are cyclic subgroups of 2 E 6 (q). Finally now it follows using Lemma 2, Lemma 3 and Lemma 4, that 2 E 6 (q) has an MLS. 3.3 MLSs for E 7 (q) and E 8 (q) To construct the Lie algebra of dimension 248, we take 240 basis vectors er corresponding to the roots r and an 8-space H spanned by the E 8 lattice with coefficients in the desired field F [15]. We take this 8-space H called a Cartan subalgebra to be

123

All exceptional groups of lie type

295

spanned by vectors h r , where r is one of the eight fundamental roots [15]. So the basis B of vector space V is {e1 , e2 , . . . , e240 , h 1 , h 2 , . . . h 8 }. Then we have the following theorems: Theorem 9 E 7 (q) has an MLS. Proof  Fromi Wilson [15], when q is a power of an odd prime, then |E 7 (q)| = q 63 i∈I  (q − 1), while when q is a power of 2, we have that |E 7 (q)| = q 63 /2 i∈I (q i − 1), where I = {2, 6, 8, 10, 12, 14, 18}. For w = e1 , the stabilizer G w is of the shape q 27 : (E 6 (q)×Cq−1 ) with q even and q 27 : 2·(E 6 (q)×C(q−1)/2 )·2 with q odd. The sharply maximum torus T is q 7 + 1 with q even and (q 7 + 1)/2 with q odd. Let us construct three subspaces W1 = {e1 , e2 , . . . e7 }, W2 = {e8 , e9 , . . . e17 } q−1

q 5 −1

q 9 −1

and W3 = {e18 , e19 . . . , e35 }. Suppose that a1 = x1 , a2 = x2 , a3 = x3 are 3 −1)(q+1) q−1 (q the matrices corresponding to the linear transformation T α , T β and 6 T γ q −1 , respectively. Then, A1 = a1 , A2 = a2  and A3 = a3  are cyclic subgroups of E 7 (q). Finally now it follows using Lemmas 2, 3 and 4, that E 7 (q) has an MLS.

Theorem 10 E 8 (q) has an MLS. Proof Also when q is a power of a prime, let w = e1  be the 1-space of V , then the stabilizer G w has the shape q 1 · q 56 : (E 7 (q) × Cq−1 ) with q even and q 1 · q 56 : 2 · (E 7 (q) × C(q−1)/2 ) · 2 with q odd, the sharply maximum torus T is q 8 − q 7 +q 5 −q 4 +q 3 −q +1 with q even and (q 8 −q 7 +q 5 −q 4 +q 3 −q +1)/2 with q odd. Let W1 = {e1 , e2 , . . . e12 }, W2 = {e13 , e14 , . . . e32 }, W3 = {e33 , e34 . . . , e56 }, W4 = q 6 −1 q 10 −1 q 12 −1 {e57 , e58 . . . , e86 }. Suppose that a1 = x1 , a2 = x2 , a3 = x 3 and a4 = q 9 +q 7 +q 6 −2q 5 +2q 4 −q 3 −q 2 +2q−1

are the matrices corresponding to the linear transx4 6 −1 10 −1 12 9 7 6 5 4 3 2 q q q ,Tβ , T γ −1 and T τ q +q +q −2q +2q −q −q +2q−1 , respecformation T α tively. Then, A1 = a1 , A2 = a2 , A3 = a3  and A4 = a4  are cyclic subgroups of E 8 (q). From Theorem 9, we can see that E 7 (q) has an MLS. Finally now it follows

using Lemma 2, 3 and 4, that E 8 (q) has an MLS. 4 Conclusions We utilize stabilizers of isotopic 1-subspaces and linear transformations in corresponding algebraic systems to construct MLSs for all ten families of exceptional groups of Lie type. Our method has universal meanings. One can take advantage of these techniques to construct MLSs for other finite simple groups. Acknowledgments This work is partially supported by the National Natural Science Foundation of China (NSFC) (Nos. 61103198, 61121061 and 61370194) and the NSFC A3 Foresight Program (No. 61161140320).

References 1. Babai, L., Pálfy, P.P., Saxl, J.: On the number of p regular elements in finite simple groups. LMS J. Comput. Math. 12, 82–119 (2009)

123

296

H. Hong et al.

2. González Vasco, M.I., Steinwandt, R.: Obstacles in two public key cryptosystems based on group factorizations. Tatra Mt. Math. Publ. 25, 23–37 (2002) 3. González Vasco, M.I., Rötteler, M., Steinwandt, R.: On minimal length factorizations of finite groups. Exp. Math. 12, 1–12 (2003) 4. Holmes, P.E.: On minimal factorisations of sporadic groups. Exp. Math. 13, 435–440 (2004) 5. Lempken, W., van Trung, T., Magliveras, S.S., Wei, W.: A public key cryptosystem based on nonabelian finite groups. J. Cryptol. 22, 62–74 (2009) 6. Lempken, W., van Trung, T.: On minimal logarithmic signatures of finite groups. Exp. Math. 14, 257–269 (2005) 7. Magliveras, S.S.: A cryptosystem from logarithmic signatures of finite groups. In Proceedings of the 29th Midwest Symposium on Circuits and Systems, pp. 972–975. Elsevier Publishing Company, Amsterdam (1986) 8. Magliveras, S.S., Memon, N.D.: Algebraic properties of cryptosystem PGM. J. Cryptol. 5, 167–183 (1992) 9. Magliveras, S.S.: Secret and public-key cryptosystems from group factorizations. Tatra Mt. Math. Publ. 25, 11–22 (2002) 10. Magliveras, S.S., Stinson, D.R., van Trung, T.: New approaches to designing public key cryptosystems using one-way functions and trapdoors in finite groups. J. Cryptol. 15, 285–297 (2002) 11. Singhi, N., Singhi, N., Magliveras, S.S.: Minimal logarithmic signatures for finite groups of lie type. Des. Codes Cryptogr. 55, 243–260 (2010) 12. Singhi, N., Singhi, N.: Minimal logarithmic signatures for classical groups. Des. Codes Cryptogr. 60, 183–195 (2011) 13. Qu, M., Vanstone, S.A.: Factorizations of elementary abelian p-groups and their cryptographic significance. J. Cryptol. 7, 201–212 (1994) 14. Svaba, P., van Trung, T.: On generation of random covers for finite groups. Tatra Mt. Math. Publ. 37, 105–112 (2007) 15. Wilson, R.A.: The Finite Simple Groups. Graduate Texts in Mathematics, vol. 251. Springer, London (2009)

123