Symmetric and asymmetric cryptographic key exchange protocols in the octonion algebra

The development on non-commutative cryptography has its origin in the solutions of the three famous problems in combinatorial group theory proposed by Dehn [1] and Miller [2] . In 1954 Novikov constructed a finitely presented group for which the conjugacy problem is unsolvable, [3]. In 1955, Novikov and Boone independently showed that there are finite group presentations whose word problem is undecidable, [4‐8]. In [9] Wagner and Magyarik devised the first public-key protocol based on the unsolvability of the word problem for finitely presented groups. A non-deterministic public-key cryptosystem based on the conjugacy problem on braid group, similar to the Diffie–Hellman key exchange system, was proposed in [10]. The most interesting non-commutative key agreement cryptographic systems were proposed by Anshel, Anshel and Goldfeld (AAG) in [11, 12]. To construct a key agreement cryptographic system the authors used the braid groups for which the best known algorithm to solve the conjugacy problem requires at least exponential running time. A natural extension of the non-commutative cryptography is the cryptography on the non-associative algebraic structures. The earliest quasigroup-based public-key cryptosystem was proposed by Koscielny and Mullen, [13]. In [14] the AAG PKC was generalized to the non-associative algebraic structures, called the left self-distributive (LD) systems, [15, 16]. In [14] Kalka used the LD-systems to define the non-associative public-key cryptographic protocol.

In this article we propose three cryptographic key exchange protocols based on the octonion algebra, [17]. The first protocol is the generalization of the RSA algorithm to the octonion arithmetic, [18]. The another two, symmetric cryptographic key exchange protocols, are based on the automorphism and the derivation of the octonion algebra.

We denote by \(\{e_i\}_{i=0}^{7}\) the basis of the octonion algebra \(\mathrm {O}\). The multiplication of the octonions can be described using the set of directed linesin the Fano plane, [19]. Each line \(ijk \in \mathrm {L}\) contains three points i, j, k which represents three octonions with the multiplication \(e_ie_j=e_k\). For the octonion unit \(e_{7}=1\) the multiplication in \(\mathrm {O}\) can be defined by the following relationswhere \(\epsilon _{ijk}\) is an antisymmetric tensor such, that \(\epsilon _{ijk} = 1\) if \(ijk \in \mathrm {L}\) and \(\delta _{i,j}\) is the Kronecker delta. The octonions \(\mathrm {O}\) form the non-associative, normed division algebra, [17]. The non-associativity of three elements x, y, z from \(\mathrm {O}\) can be expressed by an associator \((x,y,z) = (xy)z - x(yz)\). It is linear in each of its three variables and vanishes whenever two of its variables are equal, i.e., it is an alternating function, [20]. By linearizing the alternative laws one can show that the associator is skew symmetric, i.e., it changes the sign whenever two of its variables are interchanged.

Any element \(x\in \mathrm {O}\) satisfies the minimal polynomialwhere \(\mathrm {N}(x)=\sum _{i=0}^{7} x_i^2\) is the norm of the octonion x and \(\mathrm {Re}(x)=x_7\). The octonion is integer when the trace \(\mathrm {tr}(x) = 2 \mathrm {Re}(x) \in \mathbf{Z}\) and \(\mathrm {N}(x)\in \mathbf{Z}\). We denote by \(e_{ijkl}\) the octonion \(\frac{1}{2}(e_{i}+e_{j}+e_{k}+e_{l})\). On can easily check that the product of the two integral octonions \(e_{0235}\) and \(e_{7235}\) is non-integral, i.e., \(\mathrm {tr}(e_{0235} \;e_{7235}) = -\frac{3}{2}\). From this follows, that the set of octonion integers does not form a ring, and it is necessary to consider subrings of integers, called the orders, [21, 22]. There are sixteen orders of integral octonions containing \(\mathrm {O}(\mathbf{Z})\), [17]. Among them there are seven isomorphic maximal orders (called the octonion arithmetics). By a maximal order we mean an order which is not contained in any other order. To construct a maximal closed under multiplication set of integral octonions (the octionion arithmetic) we use two sets \(\mathrm {L}_{0}\) and \(\mathrm {Q}_{}\)where \(\mathrm {Q}\) is the complements of the lines \(\mathrm {L}\) on the Fano plane. If we interchange in \(\mathrm {L}_{0}\) and \(\mathrm {Q}\) the elements 0 and 7 we obtain the Coxeter–Dickson 0-sets (0-integers). The 0-integers are spanned by the following halving-sets of octonions, [17].where \(\varOmega \) is the set of Kleinian octonions generated by the element \(\frac{1}{2}\sum _{i=0}^{7} e_i\), and the empty set \(\emptyset \) generated by \(\sum _{i=0}^{7} e_i\), called the Graves integers, i.e., the octonions of the form \(x=\sum _{i=0}^{7} x_i e_i\), \(x_i\in \mathbf{Z}\). The underlined octonions are the generators of the 0-sets over the Gravesian integers. The octonion arithmetic generated by the 0-sets we denote by \(\mathbf{O}\) and call the integral octonions. Two octonions are congruent \(\; \mathrm{mod}\; m\) provided that their difference is m times an octonion integer [22, 23].The integral octonion x is invertible \(\; \mathrm{mod}\; m\) if its norm \(\mathrm {N}(x)\) is coprime to m, i.e., \(\gcd (\mathrm {N}(x), m)=1\). We denote by \(\mathbf{O}^{I}_{m}\) all invertible octonions \(\; \mathrm{mod}\; m\). The totient function \(\lambda (x,m)\) for an (invertible) integral octonion \(x \in \mathbf{O}^{I}_{m}\) we define asThe totient function \(\lambda (x,m)\) can be defined equivalently by means of the \({\widetilde{\lambda }}(x, m)\) function over arbitrary octonions from \(\mathbf{O}^{}_{m}\)For invertible octonions \(x\in \mathbf{O}^{I}_{m}\) we have \(\lambda (x,m) = {\widetilde{\lambda }}(x,m) - 1\). The orbit of an element \(a\in \mathrm {O}\) under the adjoint action of the algebra \(\mathrm {O}\) is the setIn the following lemma we prove, an important for further applications, property of \(\lambda (x,m)\).

In the next section, based on the property (2) of the totient function we define the public-key agrement cryptographic protocol in the octonion arithmetic \(\mathbf{O}\).

By k we denote an integral octonion \(\mathbf{O}^{I}_{m}\) with the known totient function \(\lambda (k, m)\). A plain text for encryption we will represent by an integral octonion \(u=(u_0, \ldots , u_7) \in \mathbf{O}^{I}_{m}\). From Lemma 1 it follows, that any integral octonion of the form \(u k u^{-1}\), where \(u \in \mathbf{O}^{I}_{m}\), has the same totient function \(\lambda (u k u^{-1}, m) = \lambda (k, m)\). We use k to enocde the plain text u into the octonion \(u_{k}= u k u^{-1}\). Let e be a number from the interval \([1,\lambda (k, m))\) that is coprime to \(\lambda (k, m )\), i.e., \(\gcd (e,\lambda (k, m))=1 \; \mathrm{mod}\; m\). By d we denote the number inverse to \(e \; \mathrm{mod}\; \lambda (k, m)\), i.e., \(e\cdot d=1 \; \mathrm{mod}\; \lambda (k, m)\). To encrypt the encoded text in the octonion \(u_{k}\) we calculate the expression \(C(u_{k})=u_{k}^{e} \; \mathrm{mod}\; m\). The decryption is the operation of taking the cipher text octonion \(C(u_{k})\) to the power \(d \; \mathrm{mod}\; m\), i.e., \(u_{k} = C(u_{k})^{d} = u_{k}^{e\cdot d}\; \mathrm{mod}\; m\). To encode the plain text u from \(u_{k}\), the recipient has to solve the linear equation \(u k = u_{k} u \; \mathrm{mod}\; m\) in \(\mathbf{O}_{m}\). In general, a solution of this equation is not unique. To allow the recipient of the cipher \(C(u_{k})\) uniquely recover the encrypted text one can attached to the cipher a hash value of the encoded octonion or provide to the recipient three parameters which allow to solve the equation uniquely. The general equation \(x a = b x \; \mathrm{mod}\; m\) for the x variable, where \(x,a,b\in \mathbf{O}_{m}\) and \(m\in \mathbf{N}\) is equivalent toSolution of the homogeneous equationover the real octonion algebra \(\mathrm {O}\) exists when \(\mathrm {N}(a)=\mathrm {N}(b)\) and \(\mathrm {tr}(a)=\mathrm {tr}(b)\) (\(a_7=b_7\)). From the vanishing of the associator \((x a x^{-1}, x, a) = 0\) follows, that any solution \(x_0\) of (4) satisfies \((b, x_0, a) = 0\) and that \(x_0 a\) is also a solution of (4). Let us take as the solutions of (4) \(x_1= {\bar{b}} + {\bar{a}} - 2 a_7\) and \(x_1a\), then the general solution of (4) we can write aswhere \(x_2 =x_1 a = {\bar{b}} {\bar{a}} - \mathrm {N}(a)\). To solve the Eq. (4) we need to fix two parameters. To obtain a unique solution of the congruence equation (3) we need to know three parameters. The recipient should obtain these three parameters from the sender. For example, the first can be the parameter in u which is prescribed to ensure that \(\gcd (N(u), m)=1\) and it is not a part of the encryption text. The next two parameters, can be obtained by the recipient from the decrypted block of data from the previous encryption.

Below we give the exact definition of the octonion public-key cryptosystem (O-PKC).The security of the octonionic public-key cryptosystem is based on the computational difficulty of factorization of the modulus m and difficulty of finding the values of the totient function \(\lambda (k,p)\) for a large prime numbers. Let us assume that, the modulus m is a product of two prime numbers p, q and the norm \(\mathrm {N}(k)\) of the octonion k is coprime to \(m=pq\), then the following formula is satisfiedIf the product \(\lambda (k,p) \lambda (k,q)\) has the lowest value, among all numbers satisfying (6), then it is equal to the totient \(\lambda (k,pq)\). In general, the function \(\lambda (k,pq)\) satisfies the inequalitieswhere \(\mathrm{lcm}\) means the least common multiple. The above formula allows in a relatively easy way to calculate \(\lambda (k,pq)\) having \(\lambda (k,p)\) and \(\lambda (k,q)\). Unfortunately, an effective algorithm for determining the octonion totient function for a large prime modulus is currently unknown. Partly, the problem can be solved by adopting to the octonion algebra the quantum algorithm for finding the orders of a finite cyclic subgroups of noncommutative group proposed by Mosca and Ekert in [24].

As an example of application of the O-PKC algorithm we encrypt and decrypt a plain text represented by the Gravesian octonion \(u = (26, 27, 28, 29,\) \(30, 31, 32, 3) \in \mathbf{O}^{I}_{35}\) with the norm \(\mathrm {N}(u)=9 \; \mathrm{mod}\; 35\). The octonion \(k = \frac{1}{2}(e_0 + e_1 + e_3 + e_7) + (e_2 + 2 e_4 + 3 e_5 + 4 e_6)\) we will use to encode the text u before encryption. The minimal polynomial of k is \(k^2 = k - 31\) which means, that k is an integer octonion with the norm \(N(k)=31\). As the modulus we take \(m=35\). The totient function for k in \(\mathbf{O}^{I}_{35}\) is \(\lambda (k,35) = 48\). As the pair of public-private keys we select \(\{k, e=5, m=35\}\) and \(\{k, d=29, m=35\}\). The encoded plain text is \(u_k= u k u^{-1} \; \mathrm{mod}\; 35 = ( 31, 20, 34, 8, 19, 3, 26, \frac{1}{2})\). The cipher text \(C(u_k)\) is \((u_k)^{5} \; \mathrm{mod}\; 35 = (24, 20, 6, 22, 26, 17, 19, 33)\). After the decryption \(C(u_k)^{29} \; \mathrm{mod}\; 35\) the recipient obtains \(u_k\). For a given three fixed parameters in u the recipient is able uniquely to recover the rest of them.

To determine the totient for the integral octonion we can use the ‘matrix representation’ of the octonion algebra. For the vector \({\overline{e}} = (e_0, e_1, \ldots , e_7)\) we define the matrix \(M(e_i)\equiv M_i\) as the linear transformation of \({\overline{e}}\) under the left action of \(e_i\), \(i\in [0,7]\), \(M_i {\overline{e}} = e_i {\overline{e}}\). The \(M_i\) matrices can be deduce from the following equationsThe multiplicationwheredefines the ‘matrix representation’ of the octonion algebra. The octonion algebra is power associative which means, that to determine the totient for a given element \(x\in \mathbf{O}_{m}\) we only need to calculate the \(M(x)^{\lambda } \; \mathrm{mod}\; m\), where \(M(x)=\sum _{i=0}^{7} x_i M_i\) and \(M(x)^{\lambda }\) is an ordinary matrix multiplication.

From the minimal polynomial equation (1) follows that arbitrary power of an octonion \(x\in \mathrm {O}\) is proportional to x, i.e.,where\(x_7 = \mathrm {Re}(x)\) and \(U_{-n} = \frac{1}{\mathrm {N}(x)^{n-1}} U_n\), \(V_{-n} = \frac{1}{\mathrm {N}(x)^{n}} V_n\). The coefficients \(U_n\) and \(U_n\) we obtained by solving the following recurrence equationOne of the possible attacks on the totient function \(\lambda (k, m )\) there is an attempt to solve the congruence equations \(k^{\lambda } = U_{\lambda } k + V_{\lambda } =1 \; \mathrm{mod}\; m\) or equivalentlywhere \(U_{\lambda }\) and \(V_{\lambda }\) are given in (7). To solve the equation (8) it is necessary to expand the functions \(U_{\lambda }\) and \(V_{\lambda }\) in \(x_7\) and N(x) variables which makes such attack impractical.

The positive definite bilinear form \((x,y) = \frac{1}{2}\; tr(x{\bar{y}})\) allows to define the orthogonality in the octonion algebra \(\mathrm {O}\). Two octonions x, y are said to be orthogonal if \((x, y) = 0\). The natural orthogonal decomposition of octonion algebra can be defined using the Fano lines. The generators of the octonion algebra which lie on the Fano line form a quaternion subalgebra D of \(\mathrm {O}\). The generators which lie in the completion of the Fano line in the Fano plane form the orthogonal completion \(D^\perp \) of D. If we select an element \(\alpha \) from \(D^\perp \), then \( \forall x\in D \;\; (x, \alpha ) = 0\) and any octonion can be written in the form \(x + y \alpha \), where \(x,y\in D\) and \(\alpha \in D^\perp \equiv D \alpha \). A bijective mapping T of \(\mathrm {O}\) onto itself is defined to be an automorphism iffor any \(a,b \in \mathrm {O}\) and u, v units in \(\mathrm {O}\). Let T be an automorphism of octonion algebra leaving the quaternion subalgebra D invariant, i.e., \(T(D)=D\) and \(T(D^{\perp })=D^{\perp }\). For \(x+y \alpha \in D \bigoplus D \alpha \) and \(u = T|D\), \(w = T|D^{\perp }\) we define T in the following wayFor \(u(x) = c x c^{-1}\) and \(w(\alpha ) = d \alpha d^{-1}\), \(x,c,d \in D\) we obtainwhich is an automorphism of the octonion algebra, [20]. The transformation \(T_{c,p} = c x c^{-1} + (p c y c^{-1}) \alpha \), where \(N(p)=1\), satisfies the equationand has the multiplication property \(T_{c_{1}, p_{1}} T_{c_{2}, p_{2}} = T_{c_{1}k_{1}, p_{1} c_1 p_{2} c_1^{-1} }\). We use the splitting \(D \bigoplus D \alpha \) of the octonion algebra to construct a symmetric cryptographic key on the quaternion subalgebra D and then we extend the key to the completion \(D^{\perp }\).

The construction of the symmetric cryptographic key on the quaternion algebra D is motivated by the AAG symmetric key exchange protocol, [25], in which instead of the formula \(K = a b a^{-1} b^{-1}\) for the cryptographic key, where a, b are elements of a given non-abelian group G, we use the formula \(K = a_0 b_N a_N^{-1} b_0^{-1}\), where \(a_0, b_N, a_N, b_0 \in D\). To explain the main idea of the construction we begin with a trivial example. Let the user \(\mathrm {A}\) selects two sets of quaternions \(S_a=\{a_0, a_1, a_2\}\), \(S_v=\{v_1, v_2\}\) such, that \(a_2= v_1 v_2\). Similarly, the user \(\mathrm {B}\) selects \(S_b=\{b_0, b_1, b_2\}\) and \(S_u=\{u_1, u_2\}\) such, that \(b_2= u_1 u_2\). The users exchange the sets \(S_v\) and \(S_u\). The user \(\mathrm {A}\) calculates the set \(S_{aua^{-1}} = \{ a_0 u_1 a_1^{-1}, a_1 u_2 a_2^{-1} \}\) and sends it to \(\mathrm {B}\). Similarly, the user \(\mathrm {B}\) calculates \(S_{bvb^{-1}} = \{ b_0 v_1 b_1^{-1}, b_1 v_2 b_2^{-1} \}\) and sends the set \(S_{bvb^{-1}}\) to \(\mathrm {A}\). Both users are able to calculate the common key \(K = a_0 b_2 a_2^{-1} b_0^{-1}\). In this example, the man-in-the-middle attack can easily recover the cryptographic key K because for a given quaternions \(w_1= a_0 u_1 a_1^{-1}\), \(w_2= a_1 u_2 a_2^{-1}\) from \(S_{aua^{-1}}\) to recover the unknown variable \(a_0\) it’s enough to solve the equationFor a known expression \(a_2 = v_1 v_2\) this equation can be trivially solved. In the proposed algorithm, we hide the variable \(a_2\) in order to make it difficult to find the element \(a_0\) and the key K. To do this, we introduce a graph G in the quaternion algebra and for encryption we use paths between two fixed nodes (quaternions) that allow uniquely define the shared cryptographic key.

By \(G=\{E, V_{x,y}\}\) we denote the graph with the set of directed edges E and the set of nodeswhere \(x_i, y_j \in D\). We define a directed path \(p_{a,v}\) with the set of nodessuch, that the product of subsequent nodes on the path satisfies the equationwhich means, that \(a_N= v_{i_1}\cdots v_{i_{N'}}\). The paths \(p_{a,v}\subset G\) with the property (10) we will use for definition of the cryptographic key exchange algorithm in the quaternion subalgebra D.To recover the cryptographic key \(k_{a,b}\) the man in the middle can try to find the quaternions \(a_0, a_N\) by solving the system of linear equations obtained from the set \(S_{aua^{-1}}\), i.e., \(\{ a_{i} u_j = w_j a_{k} \}_{j=1}^{N'}\), or recover the quaternion \(a_N\) from the formula (10) by searching the correct encryption path in the graph G. After the reduction, the man in the middle can obtain the set of two equationsThe unique solution of these equations can be obtained from the formula (5) after fixing two parameters in \(a_i\). Also, the attack on the cryptographic key by searching the correct cryptographic path in a sufficiently complex graph G is not very effective. It means that the quaternions \(a_N\), \(b_N\) can be regarded as unknown variables.

For the two keys \(k_{a,b}= a_0 b_{N} a_{N}^{-1}b_{0}^{-1}\), \(k_{c,d}= c_0 d_{N'} c_{N'}^{-1} d_{0}^{-1}\) generated by the quaternion symmetric key exchange algorithm we define the symmetric octonion cryptographic key as the automorphismwhere \(p_{c,d}=\frac{1}{\mathrm {N}(k_{c,d})} k_{c,d}^2\) (\(N(p_{c,d})=1\)) and \(\alpha \in D^\perp \). The key \(K_{k_{a,b},p_{c,d}}\) can be applied to encrypt a product of octonions by means of the formula (9). The multiplication property of \(K_{k_{a,b},p_{c,d}}\) allows to compose the keys from several others keys.

Below, we apply defined the quaternion key exchange algorithm to generate the cryptographic key using the graph G given on Fig. 1. In the graph there are four paths between the root node \( x_0 y_1 x_1^{-1}\) and the leaf node \(x_4 y_7 x_5^{-1}\) which means that there are four possible ways to choose the cryptographic key \(k_{a,b}\).

The security of the cryptographic key \(k_{a,b}\) depends on the difficulty of finding the path \(p_{A}(b,v)\) or \(p_{B}(b,u)\) in G. In the example there are four ways to choose the path. In general, for increasing number of nodes in the graph the number of paths grows exponentially.

A derivation is transformation with the propertyIn an associative algebra any element x defines an inner derivation \(\text {ad}_x(y)=xy - yx\). In a non-associative algebra this formula usually does not satisfy (11). We define two operations in octonion algebra \(L_{x}(a)=ax\) and \(R_{x}(a)=xa\), \(a,x\in \mathrm {O}\). We note, that these operations for a non-associative algebra have the following composition rules \(L_{x}L_{y}(a) = x(ya)\) and similarly for \(R_{x}R_{y}(a) = (ay)x\). The transformation \(D_{x,y} : \mathrm {O} \rightarrow \mathrm {O}\) defined asis a derivation in the octonion algebra, [26]. The derivation \(D_{x,y}\) we write in the standard formwhere (x, y, z) denotes the associator \((xy)z - x(yz)\) and \([x,y]=xy-yx\). To construct the symmetric key exchange algorithm on the octonion algebra we use the following property of the derivation (12)The basic idea that lies behind the construction of the algorithm is that for a given monomial \(p(u) = u_{1} \cdots u_{N}\) in octonion algebra its derivative \(D_{x,y}(p(u))\) can be expressed by the elements \(u_{i}\) and \(D_{x,y}(u_{i})\). Let us assume that, the user \(\mathrm {A}\) generates two polynomials \(\{ p_{A,1}({\overline{v}}), p_{A,2}({\overline{v}}) \}\) of \({\overline{v}}=(v_{1}, \ldots , v_{N'})\) variables and the user \(\mathrm {B}\) two polynomials \(\{ p_{B,1}({\overline{u}}), p_{B,2}({\overline{u}})\}\) of \({\overline{u}}=(u_{1}, \ldots , u_{N})\) variables. For a selected values of \({\overline{v}}\), \(a_i=p_{A,i}({\overline{v}}_{0})\), \(i=1,2\), the user \(\mathrm {A}\) calculates the derivative \(D_{a_1,a_2}(u_i)\) of each octonion in the tuple \({\overline{u}}\) and sends it to the user \(\mathrm {B}\). Using the derivatives \(D_{a_1,a_2}(u_i)\) the user \(\mathrm {B}\) is able to calculate \(D_{a_1,a_2}(p_{B,1}({\overline{u}}_{0}))\) and \(D_{a_1,a_2}(p_{B,2}({\overline{u}}_{0}))\). The key \(K^{B}_{(a_1,a_2),(p_{B,1},p_{B,2})}=[D_{a_1,a_2}, D_{p_{B,1},p_{B,2}}]\) is determined by the user \(\mathrm {B}\) using the formulaIn a similar way, the user \(\mathrm {A}\) using the derivatives \(D_{b_1,b_2}(v_i)\), where \(b_i=p_{B,i}({\overline{u}}_{0})\), \(i=1,2\), is able to calculate \(D_{b_1,b_2}(p_{A,1}({\overline{v}}_{0}))\), \(D_{b_1,b_2}(p_{A,2}({\overline{v}}_{0}))\) and the keyBecause both expressions differ by the sign the common cryptographic key isBelow, we give the exact definition of the symmetric key exchange cryptographic algorithm based on the octonion derivation.Let us show an example how this algorithms works. To recover the secret octonions \(a_1\) and \(a_2\) (\(b_1\), \(b_2\)) based on the knowledge of \(u_1, u_2\) and \(w_1, w_2\) it is necessary to solve the set of equations \(D_{a_1, a_2}(u_i)=w_i\), \(i=1,2\). For imaginary octonions this set of equations can be written in the formIt consists of 12 equations with 14 unknown variables. Because, the key K(w) depends also on the real parts of the octonions \(v_i\) and \(u_i\), which are kept secret, to recover the octonions \(a_1\) and \(a_2\) the man in middle should determine 16 parameters having only the system of twelve equations (16).

We discussed three key exchange cryptographic protocols in the octonion algebra. The proposed octonionic public-key cryptosystem is the generalization of the RSA algorithm to the octonion arithmetics. We defined a totient function for an invertible, integral octonion k as the order of a multiplicative cyclic group \(\; \mathrm{mod}\; m\) generated by the element k. We proved, that any octonion \(u_k\) which lies in the orbit of the element k under the adjoint action of the octonion algebra has the same totient function. This property of the totient function allows to encrypted and decrypted the elements from the orbit by the same pair of the cryptographic keys \(\{k,e,m\}\) and \(\{k,d,m\}\). The disadvantage of proposed algorithm is that the recipient, to recover the cipher text, must solve the congruence equation \(xu = wx \; \mathrm{mod}\; m\), which unique solution requires knowledge of a three parameter of x. We also proposed two symmetric cryptographic key exchange protocols based on the automorphism and the derivation of the octonion algebra. We apply the quaternion symmetric key exchange algorithm to generate two quaternionic cryptographic keys and used them to define the shared octonionic key as an automorphism of the octonion algebra which leaves the quaternion subalgebra invariant. To generate a cryptographic key by mens of the quaternion key exchange algorithm it is necessary to select a path in a graph defined over the quaternion algebra. Security of the proposed quaternion key exchange algorithm is based on the complexity of the graph. The second symmetric key exchange protocol we defined using the derivation mapping in the octonion algebra. By calculating the commutator of two derivatives both sides of the data exchange can generate a common cryptographic key. The future work will include detailed analysis of security aspects of the proposed algorithms and creating models of attacks on the cryptographic keys defined in the octonion algebra and in any non-associative algebraic structures.