Skip to main content
Article thumbnail
Location of Repository

Complexity Estimates for the F4 Attack on the Perturbed Matsumoto-Imai Cryptosystem

By J. Ding, J. E. Gower, D. Schmidt, C. Wolf and Z. Yin


Though the Perturbed Matsumoto-Imai (PMI) cryptosystem is considered insecure due to the recent differential attack of Fouque, Granboulan, and Stern, even more recently Ding and Gower showed that PMI can be repaired with the Plus (+) method of externally adding as few as 10 randomly chosen quadratic polynomials. Since relatively few extra polynomials are added, the attack complexity of a Gröbner basis attack on PMI+ will be roughly equal to that of PMI. Using Magma’s implementation of the F4 Gröbner basis algorithm, we attack PMI with parameters q =2,0 ≤ r ≤ 10, and 14 ≤ n ≤ 59. Here, q is the number of field elements, n the number of equations/variables, and r the perturbation dimension. Based on our experimental results, we give estimates for the running time for such an attack. We use these estimates to judge the security of some proposed schemes, and we suggest more efficient schemes. In particular, we estimate that an attack using F4 against the parameters q =2,r=5,n = 96 (suggested in [7]) has a time complexity of less than 2 50 3-DES computations, which would be considered insecure for practical applications

Topics: public-key, multivariate, quadratic polynomials, perturbation, Gröbner basis
Publisher: Springer
Year: 2005
OAI identifier: oai:CiteSeerX.psu:
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • (external link)
  • (external link)
  • Suggested articles

    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.