Rank-Deficient Matrix Power Function (RDMPF)

• RDMPF is an algebraic primitive that generalizes traditional matrix power functions to include singular and rectangular matrices.
• It employs bilinear mixing of exponents and NP-hard inversion to ensure robust post-quantum security and non-interactive key agreements.
• RDMPF underpins advanced privacy protocols like ICPP, balancing computational tractability with high cryptographic resilience.

The Rank-Deficient Matrix Power Function (RDMPF) is a novel algebraic primitive constructed to enable post-quantum secure key agreement protocols and privacy-preserving cryptographic encapsulation systems over finite fields. RDMPF generalizes the traditional matrix power function to operate over rectangular and singular matrices, introducing essential properties such as NP-hard inversion, two-sided associativity, and cryptographically relevant bilinear mixing of exponents. Its design underpins advanced privacy protocols (notably productionized as ICPP) on platforms like the Internet Computer (ICP), and offers a distinct route to post-quantum security independent of lattice or code-based constructions (Salazar, 29 Dec 2025, Hecht et al., 4 Jan 2025).

1. Algebraic Structure and Formal Definition

RDMPF operates on the semiring of singular random integer matrices. For a large prime $p$, and integer dimension $n > 1$, the semiring $S_r$ comprises $n \times n$ matrices $A$ over $\mathbb{Z}_p$ with rank at most $r < n$. Addition follows entry-wise modular reduction: $(A \oplus B)_{ij} = A_{ij} + B_{ij} \bmod p$. Multiplication is not ordinary matrix product; instead, the operator $\star$ denotes the RDMPF action:

• Fix a "nucleus" matrix $W \in S_r \subset \mathbb{Z}_p^{n \times n}$.
• Let $X, Y \in \mathbb{Z}_p^{n \times n}$ as (potentially rank-deficient) exponent matrices.
• The RDMPF output $Q = RDMPF(X, W, Y) \in \mathbb{Z}_p^{n \times n}$ is given element-wise:

$$Q_{ij} = \prod_{k=1}^n \prod_{\ell=1}^n W_{k\ell}^{(X_{i,k} \cdot Y_{\ell,j} \bmod (p-1))} \bmod p$$

This construction raises each entry of $W$ to exponents formed by bilinear mixing of rows of $X$ and columns of $Y$, then multiplies all results per output element. The exponentiation is performed modulo $p-1$, and the final product modulo $p$.

A key distinction from traditional MPF is that RDMPF mixes two exponent matrices (rather than one), and is well-defined for rank-deficient or rectangular matrices. This enables cryptographically meaningful one-wayness even when direct matrix powering is undefined (Hecht et al., 4 Jan 2025).

2. Transition from Conventional MPF to Rank-Deficient Variants

Standard Matrix Power Functions (MPF) are limited to square matrices and rely on powers such as $W^X$ with exponents taken entrywise or in auxiliary semigroup constructions. MPF one-wayness and DH-style protocols exploit the complexity of inverting this operation.

RDMPF extends MPF principles in two critical ways:

• Replaces matrix multiplication with exponentiate-and-product rules over all pairs of indices.
• Mixes exponents from $X$ and $Y$ so that output remains square ($n \times n$), even if $X, Y$ are singular or non-square.

The double-index product structure not only restores output regularity but also increases cryptographic complexity, embedding candidate hard problems such as discrete-log and subset-product within its structure (Hecht et al., 4 Jan 2025).

3. Hardness Assumptions and Cryptographic Security

The cryptographic efficacy of RDMPF is rooted in NP-hardness results for its inversion problem:

• Given $W \in \mathbb{Z}_p^{n \times n}$ and $Q = RDMPF(X, W, Y)$, recovering $X, Y$ is NP-hard under random reductions.
• Proofs relate to known NP-complete semigroup exponentiation and 3D-matching reductions (Hecht et al., 4 Jan 2025). For certain settings of $W$, computational search for $(X, Y)$ reduces to solving coupled discrete-log equations.

This cryptographically relevant one-wayness underlies both hardness-of-computation (post-quantum) and the inability for adversaries to reconstruct secrets from public RDMPF outputs. Related security assumptions in protocol deployments include:

• cRDMPF: Computing RDMPF($P, W, Q$) without trapdoor exponents is infeasible.
• dRDMPF: Deciding membership (distinguishing output from uniform) is infeasible.
• Extractor-suitability: Output keys yield high min-entropy and serve as secure sources for HKDF and AEAD primitives (Salazar, 29 Dec 2025).

4. Computational Algorithms and Complexity

RDMPF evaluation is computationally intensive but tractable for practical dimensions. The standard pseudocode iterates over all matrix indices:

def RDMPF(X, W, Y, n, p): Q = [[0]*n for _ in range(n)] for i in range(n): for j in range(n): pr = 1 for k in range(n): for l in range(n): e = (X[i][k] * Y[l][j]) % (p-1) z = pow(W[k][l], e, p) pr = (pr * z) % p Q[i][j] = pr return Q

• Time Complexity: $O(n^4 \cdot (\log p)^3)$ bit operations (for $n$-dimensional matrices, $p$ prime modulus).
• Space Complexity: $O(n^2)$ words for matrices, negligible for counters.

Optimizations via table precomputation can reduce exponentiation cost to $O(n^3)$ (Salazar, 29 Dec 2025). Typical production parameters involve $d \in [8, 24]$ and $p \approx 2^{192}$, resulting in 3--4 KB tokens for $d=12$.

5. Key Algebraic Properties

RDMPF satisfies several properties essential for cryptographic protocol design:

• Closure: For any $(X, W, Y) \in \mathbb{Z}_p^{n \times n}$, RDMPF output $Q \in \mathbb{Z}_p^{n \times n}$.
• Two-sided associativity: RDMPF operations associate:

$$RDMPF(X, W, RDMPF(Y, W, Z)) = RDMPF(RDMPF(X, W, Y), W, Z)$$

This supports non-interactive, DH-style key agreement, enabling both parties to independently compute a shared key matrix.

• Non-commutativity: Generally, RDMPF($X, W, Y$) does not equal RDMPF($Y, W, X$) except in symmetric constructions.
• Non-invertibility: The mixing of exponents renders brute-force extraction infeasible.

No known homomorphic or linear algebraic shortcut exists to accelerate inversion—this property is critical for the security reductions in both pre- and post-quantum settings (Hecht et al., 4 Jan 2025).

6. Cryptographic Protocol Applications

RDMPF is central to both privacy encapsulation and post-quantum key exchange protocols.

• ICP Privacy Protocol (ICPP): RDMPF enables ephemeral key derivation, sender anonymity, content confidentiality, and authorized retrieval without identity leaks. Non-interactive key agreement is realized via composition laws on RDMPF outputs, allowing sender and recipient to independently compute identical session keys:

$$\text{key}_{S \rightarrow R} := T_1 \triangleleft T_2 = RDMPF(P_S, RDMPF(P_R, W, Q_R), Q_S)$$

Keys are extracted robustly by SHA3 and HKDF, yielding IND-CPA-secure encapsulation and AEAD envelopes (Salazar, 29 Dec 2025).

• Post-Quantum Key Agreement: RDMPF’s NP-hard inversion ensures resilience against quantum attacks:
  • Each party produces tokens: Alice $RDMPF(X,W,Y)$, Bob $RDMPF(U,W,V)$.
  • Shared key by associativity: KeyA $= RDMPF(X,$ Token$_B, Y)$, KeyB $= RDMPF(U,$ Token$_A, V)$.
  • The shared matrix is hashed to produce a session key (SHA3-512).

Protocol flexibility, modest computational cost, and absence of quantum vulnerabilities distinguish RDMPF from lattice, code-based, and isogeny constructions (Hecht et al., 4 Jan 2025).

7. Parameter Selection, Performance, and Security Recommendations

A summary of practical implementation parameters:

Parameter	Recommended Value	Context
Prime $p$	$\approx 2^{192}$ (112-bit)	Classical security baseline (Salazar, 29 Dec 2025)
Matrix dim $d$	$12$	Typical for production, [8,24] range
Base matrices	Rank $d-1$ ($\text{BaseX}$, $\text{BaseY}$); $W$ full rank	Ensures nullspace for secret mixing
Nonce	$256$ bits	Uniqueness for encapsulation
AEAD/Hash/HMAC	ChaCha20-Poly1305, SHA3-256	Strong PRF and ciphertext integrity

System security relies on the hardness of cRDMPF/dRDMPF and standard extractor/PRF/AEAD assumptions. The protocols have been subject to exhaustive testing and have been deployed in production settings for privacy-preserving token transfer (Salazar, 29 Dec 2025).

A plausible implication is that RDMPF can serve as a foundational primitive in environments where forward secrecy, anonymity, and unlinkability are paramount, especially considering its epistemic decoupling of sender and recipient keys via ephemeral structures and non-interactive encapsulation algorithms.

8. Representative Example and Implementation Notes

A concrete worked example for $2 \times 2$ matrices over $\mathbb{Z}_{11}$, with rank-deficient exponent matrices $X$, $Y$ and full-rank $W$:

• $X = [[1, 2], [2, 4]]$, $Y = [[2, 3], [4, 6]]$, $W = [[2, 3], [5, 7]]$.
• Compute $Q_{1,1}$ by iterating all $(k, \ell)$, raising $W_{k\ell}$ to $(X_{1,k} \cdot Y_{\ell,1} \bmod 10)$, accumulating and reducing mod $11$, yielding $Q_{1,1} = 9$.
• Complete output: $Q = [[9, 6], [9, 3]]$ (Hecht et al., 4 Jan 2025).

Implementation notes highlight the importance of constant-time modular arithmetic to thwart timing attacks and recommend re-running rounds if tokens are zero matrices.

---

RDMPF is now established as a cryptographically fundamental operation supporting both advanced privacy protocols (ICPP) and post-quantum-secure key agreements, with provable IND-CPA security, strong entropy extraction, forward secrecy, and resilience against known quantum attacks (Salazar, 29 Dec 2025, Hecht et al., 4 Jan 2025).