604 research outputs found
A Public-key Encryption Scheme Based on Non-linear Indeterminate Equations (Giophantus)
In this paper, we propose a post-quantum public-key encryption scheme whose security depends on a problem arising from a multivariate non-linear indeterminate equation. The security of lattice cryptosystems, which are considered to be the most promising candidate for a post-quantum cryptosystem, is based on the shortest vector problem or the closest vector problem in the discrete linear solution spaces of simultaneous equations. However, several improved attacks for the underlying problems have recently been developed by using approximation methods, which result in requiring longer key sizes. As a scheme to avoid such attacks, we propose a public-key encryption scheme based on the smallest solution problem in the non-linear solution spaces of multivariate indeterminate equations that was developed from the algebraic surface cryptosystem. Since no efficient algorithm to find such a smallest solution is currently known, we introduce a new computational assumption under which proposed scheme is proven to be secure in the sense of IND-CPA. Then, we perform computational experiments based on known attack methods and evaluate that the key size of our scheme under the linear condition. This paper is a revised version of SAC2017
Practical Cryptanalysis of a Public-key Encryption Scheme Based on Non-linear Indeterminate Equations at SAC 2017
We investigate the security of a public-key encryption scheme, the Indeterminate Equation Cryptosystem (IEC), introduced by Akiyama, Goto, Okumura, Takagi, Nuida, and Hanaoka at SAC 2017 as postquantum cryptography. They gave two parameter sets PS1 (n,p,deg X,q) = (80,3,1,921601) and PS2 (n,p,deg X,q) = (80,3,2,58982400019).
The paper gives practical key-recovery and message-recovery attacks against those parameter sets of IEC through lattice basis-reduction algorithms. We exploit the fact that n = 80 is composite and adopt the idea of Gentry\u27s attack against NTRU-Composite (EUROCRYPT2001) to this setting. The summary of our attacks follows:
* On PS1, we recover 84 private keys from 100 public keys in 30–40 seconds per key.
* On PS1, we recover partial information of all message from 100 ciphertexts in a second per ciphertext.
* On PS2, we recover partial information of all message from 100 ciphertexts in 30 seconds per ciphertext.
Moreover, we also give message-recovery and distinguishing attacks against the parameter sets with prime n, say, n = 83. We exploit another subring to reduce the dimension of lattices in our lattice-based attacks and our attack succeeds in the case of deg X = 2.
* For PS2’ (n,p,deg X,q) = (83,3,2,68339982247), we recover 7 messages from 10 random ciphertexts within 61,000 seconds \approx 17 hours per ciphertext.
* Even for larger n, we can fnd short vector from lattices to break the underlying assumption of IEC. In our experiment, we can found such vector within 330,000 seconds \approx 4 days for n = 113
A Distinguisher-Based Attack of a Homomorphic Encryption Scheme Relying on Reed-Solomon Codes
Bogdanov and Lee suggested a homomorphic public-key encryption scheme based
on error correcting codes. The underlying public code is a modified
Reed-Solomon code obtained from inserting a zero submatrix in the Vandermonde
generating matrix defining it. The columns that define this submatrix are kept
secret and form a set . We give here a distinguisher that detects if one or
several columns belong to or not. This distinguisher is obtained by
considering the code generated by component-wise products of codewords of the
public code (the so called "square code"). This operation is applied to
punctured versions of this square code obtained by picking a subset
of the whole set of columns. It turns out that the dimension of the
punctured square code is directly related to the cardinality of the
intersection of with . This allows an attack which recovers the full set
and which can then decrypt any ciphertext.Comment: 11 page
Ring Learning With Errors: A crossroads between postquantum cryptography, machine learning and number theory
The present survey reports on the state of the art of the different
cryptographic functionalities built upon the ring learning with errors problem
and its interplay with several classical problems in algebraic number theory.
The survey is based to a certain extent on an invited course given by the
author at the Basque Center for Applied Mathematics in September 2018.Comment: arXiv admin note: text overlap with arXiv:1508.01375 by other
authors/ comment of the author: quotation has been added to Theorem 5.
Private Computation of Polynomials over Networks
This study concentrates on preserving privacy in a network of agents where
each agent seeks to evaluate a general polynomial function over the private
values of her immediate neighbors. We provide an algorithm for the exact
evaluation of such functions while preserving privacy of the involved agents.
The solution is based on a reformulation of polynomials and adoption of two
cryptographic primitives: Paillier as a Partially Homomorphic Encryption scheme
and multiplicative-additive secret sharing. The provided algorithm is fully
distributed, lightweight in communication, robust to dropout of agents, and can
accommodate a wide class of functions. Moreover, system theoretic and secure
multi-party conditions guaranteeing the privacy preservation of an agent's
private values against a set of colluding agents are established. The
theoretical developments are complemented by numerical investigations
illustrating the accuracy of the algorithm and the resulting computational
cost.Comment: 11 pages, 2 figure
Private Computation of Polynomials over Networks
This study concentrates on preserving privacy in a network of agents where
each agent seeks to evaluate a general polynomial function over the private
values of her immediate neighbors. We provide an algorithm for the exact
evaluation of such functions while preserving privacy of the involved agents.
The solution is based on a reformulation of polynomials and adoption of two
cryptographic primitives: Paillier as a Partially Homomorphic Encryption scheme
and multiplicative-additive secret sharing. The provided algorithm is fully
distributed, lightweight in communication, robust to dropout of agents, and can
accommodate a wide class of functions. Moreover, system theoretic and secure
multi-party conditions guaranteeing the privacy preservation of an agent's
private values against a set of colluding agents are established. The
theoretical developments are complemented by numerical investigations
illustrating the accuracy of the algorithm and the resulting computational
cost.Comment: 11 pages, 2 figure
Solving multivariate polynomial systems and an invariant from commutative algebra
The complexity of computing the solutions of a system of multivariate
polynomial equations by means of Gr\"obner bases computations is upper bounded
by a function of the solving degree. In this paper, we discuss how to
rigorously estimate the solving degree of a system, focusing on systems arising
within public-key cryptography. In particular, we show that it is upper bounded
by, and often equal to, the Castelnuovo Mumford regularity of the ideal
generated by the homogenization of the equations of the system, or by the
equations themselves in case they are homogeneous. We discuss the underlying
commutative algebra and clarify under which assumptions the commonly used
results hold. In particular, we discuss the assumption of being in generic
coordinates (often required for bounds obtained following this type of
approach) and prove that systems that contain the field equations or their fake
Weil descent are in generic coordinates. We also compare the notion of solving
degree with that of degree of regularity, which is commonly used in the
literature. We complement the paper with some examples of bounds obtained
following the strategy that we describe
New lattice-based protocols for proving correctness of a shuffle
In an electronic voting procedure, mixing networks are used to ensure anonymity of the casted votes. Each node of the network re-encrypts the input and randomly permutes it in a process named shuffle, and must prove that the process was applied honestly. State-of-the-art classical proofs achieve logarithmic communication complexity on N (the number of votes to be shuffled) but they are based on assumptions which are weak against quantum computers. To maintain security in a post-quantum scenario, new proofs are based on different mathematical assumptions, such as lattice-based problems. Nonetheless, the best lattice-based protocols to ensure verifiable shuffling have linear communication complexity on N. In this thesis we propose the first sub-linear post-quantum proof for the correctness of a shuffe, for which we have mainly used two ideas: arithmetic circuit satisfiability and Benes networks to model a permutation of N elements
Developments in multivariate post quantum cryptography.
Ever since Shor\u27s algorithm was introduced in 1994, cryptographers have been working to develop cryptosystems that can resist known quantum computer attacks. This push for quantum attack resistant schemes is known as post quantum cryptography. Specifically, my contributions to post quantum cryptography has been to the family of schemes known as Multivariate Public Key Cryptography (MPKC), which is a very attractive candidate for digital signature standardization in the post quantum collective for a wide variety of applications. In this document I will be providing all necessary background to fully understand MPKC and post quantum cryptography as a whole. Then, I will walk through the contributions I provided in my publications relating to differential security proofs for HFEv and HFEv−, key recovery attack for all parameters of HFEm, and my newly proposed multivariate encryption scheme, HFERP
- …