Cryptanalysis of Cryptosystems Based on Noncommutative Skew Polynomials

vivien.dubois (at) m4x.org jean-gabriel.kammerer (at) m4x.org Abstract. We describe an attack on the family of Diffie-Hellman and El-Gamal like cryptosystems recently presented at PQ Crypto 2010. We show that the reference hard problem is not hard. 1 Description of the Cryptosystems Skew polynomials are polynomials with a particular noncommutative inner product. Let Fq denote the finite field with q elements, and p be the characteristic of the field. Automorphisms of Fq are the so-called Frobenius maps which are powering to a power of p. Let θ be such an automorphism. We denote by ⋆ the inner product of skew polynomials. It is defined inductively for all a ∈ Fq by X ⋆ a = θ(a)X. The ring of skew polynomials is still a left and right Euclidean domain, that is, there are both a left and a right Euclidean division algorithm. Using the Euclidean algorithms we can thus compute left and right greates