Why you cannot even hope to use Gr\uf6bner bases in cryptography: an eternal golden braid of failures

In 1994, Moss Sweedler\u2019s dog proposed a cryptosystem, known as Barkee\u2019s Cryptosystem, and the related cryptanalysis. Its explicit aim was to dispel the proposal of using the urban legend that \u201cGr\uf6bner bases are hard to compute\u201d, in order to devise a public key cryptography scheme. Therefore he claimed that \u201cno scheme using Gr\uf6bner bases will ever work\u201d. Later, further variations of Barkee\u2019s Cryptosystem were proposed on the basis of another urban legend, related to the infiniteness (and consequent uncomputability) of non-commutative Gr\uf6bner bases; unfortunately Pritchard\u2019s algorithm for computing (finite) non-commutative Gr\uf6bner bases was already available at that time and was sufficient to crash the system proposed by Ackermann and Kreuzer. The proposal by Rai, where the private key is a principal ideal and the public key is a bunch of polynomials within this principal ideal, is surely immune to Pritchard\u2019s attack but not to Davenport\u2019s factorization algorithm. It was recently adapted specializing and extending Stickel\u2019s Diffie\u2013Hellman protocols in the setting of Ore extension. We here propose a further generalization and show that such protocols can be broken simply via polynomial division and Buchberger reduction

On effective computations in special subsemigroups of polynomial transformations and protocol based multivariate cryptosystems

Large semigroups and groups of transformations of finite affine space of dimension n with the option of computability of the composition of n arbitrarily chosen elements in polynomial time are described in the paper. Constructions of such families are given together with effectively computed homomorphisms between members of the family. These algebraic platforms allow us to define protocols for several generators of subsemigroup of affine Cremona semigroups with several outputs. Security of these protocols rests on the complexity of the word decomposition problem, It allows to introduce algebraic protocols expanded to cryptosystems of El Gamal type which are not a public key system. In particular symbiotic combination of these protocol of Noncommutative cryptography with one time pad encryption is given. Some of these nonclassical multivariate cryptosystems are implemented with platforms of cubical transformations

On Multivariate Algorithms of Digital Signatures on Secure El Gamal Type Mode.

The intersection of Non-commutative and Multivariate cryptography contains studies of cryptographic applications of subsemigroups and subgroups of affine Cremona semigroups defined over finite commutative ring K with the unit. We consider special subsemigroups (platforms) in a semigroup of all endomorphisms of K[x_1, x_2, …, x_n]. Efficiently computed homomorphisms between such platforms can be used in Post Quantum key exchange protocols when correspondents elaborate common transformation of (K*)^n. The security of these schemes is based on a complexity of decomposition problem for an element of a semigroup into a product of given generators. We suggest three such protocols (with a group and with two semigroups as platforms) for their usage with multivariate digital signatures systems. The usage of protocols allows to convert public maps of these systems into private mode, i.e. one correspondent uses the collision map for safe transfer of selected multivariate rule to his/her partner. The ‘’ privatisation’’ of former publicly given map allows the usage of digital signature system for which some of cryptanalytic instruments were found ( estimation of different attacks on rainbow oil and vinegar system, cryptanalytic studies LUOV) with the essentially smaller size of hashed messages. Transition of basic multivariate map to safe El Gamal type mode does not allow the usage of cryptanalytic algorithms for already broken Imai - Matsumoto cryptosystem or Original Oil and Vinegar signature schemes proposed by J.Patarin. So even broken digital signatures schemes can be used in the combination with protocol execution during some restricted ‘’trust interval’’ of polynomial size. Minimal trust interval can be chosen as a dimension n of the space of hashed messages, i. e. transported safely multivariate map has to be used at most n times. Before the end of this interval correspondents have to start the session of multivariate protocol with modified multivariate map. The security of such algorithms rests not on properties of quadratic multivariate maps but on the security of the protocol for the map delivery and corresponding NP hard problem

Characterizing NTRU-Variants Using Group Ring and Evaluating their Lattice Security

The encryption scheme NTRU is designed over a quotient ring of a polynomial ring. Basically, if the ring is changed to any other ring, NTRU-like cryptosystem is constructible. In this paper, we propose a variant of NTRU using group ring, which is called GR-NTRU. GR-NTRU includes NTRU as a special case. Moreover, we analyze and compare the security of GR-NTRU for several concrete groups. It is easy to investigate the algebraic structure of group ring by using group representation theory. We apply this fact to the security analysis of GR-NTRU. We show that the original NTRU and multivariate NTRU are most secure among several GR-NTRUs which we investigated

Homomorphic encryption in algebraic settings

PhD ThesisCryptography methods have been around for a long time to protect sensitive data. With data sets becoming increasingly large we wish to not only store sensitive data in public clouds but in fact, analyse and compute there too. The idea behind homomorphic encryption is that encryption preserves the structure and allows us to perform the same operations on ciphertext as we would on the plaintext. A lot of the work so far restricts the operations that can be performed correctly on ciphertexts. The goal of this thesis is to explore methods for encryption which should greatly increase the amount of analysis and computation that can be performed on ciphertexts. First of all, we will consider the implications of quantum computers on cryptography. There has already been research conducted into quantum-resistant encryption methods. The particular method we will be interested in is still classical. We are assuming these schemes are going to be used in a post-quantum world anyway, we look at how we can use the quantum properties to improve the cryptosystem. More speci cally, we aim to remove a restriction that naturally comes with the scheme restricting how many operations we can perform on ciphertexts. Secondly, we propose a key exchange protocol that works in a polynomial ideal setting. We do this so that the key can be used for a homomorphic cryptography protocol. The advantage of using key exchange over a public key system is that a large proportion of the process needs to be carried out only once instead of needing a more complicated encryption function to use for each piece of data. Polynomial rings are an appropriate choice of structure for this particular type of scheme as they allow us to do everything we need. We will examine how we can perform computation correctly on ciphertexts and address some of the potential weaknesses of such a process. Finally after establishing a fully homomorphic encryption system we will take a more in-depth look at complexity. Measuring the complexity of mathematical problems is, of course, crucial in cryptography, but the choice of measure is something we need to consider seriously. In the nal chapter we will look at generic complexity as its gives us a good feel for how di cult the typical instances of a problem are to solve.Engineering and Physical Sciences Research Council, Centre for Doctoral Training in Cloud Computing for Big Dat

Computational Approaches to Problems in Noncommutative Algebra -- Theory, Applications and Implementations

Noncommutative rings appear in several areas of mathematics. Most prominently, they can be used to model operator equations, such as differential or difference equations. In the Ph.D. studies leading to this thesis, the focus was mainly on two areas: Factorization in certain noncommutative domains and matrix normal forms over noncommutative principal ideal domains. Regarding the area of factorization, we initialize in this thesis a classification of noncommutative domains with respect to the factorization properties of their elements. Such a classification is well established in the area of commutative integral domains. Specifically, we define conditions to identify so-called finite factorization domains, and discover that the ubiquitous G-algebras are finite factorization domains. We furthermore realize a practical factorization algorithm applicable to G-algebras, with minor assumptions on the underlying field. Since the generality of our algorithm comes with the price of performance, we also study how it can be optimized for specific domains. Moreover, all of these factorization algorithms are implemented. However, it turns out that factorization is difficult for many types of noncommutative rings. This observation leads to the adjunct examination of noncommutative rings in the context of cryptography. In particular, we develop a Diffie-Hellman-like key exchange protocol based on certain noncommutative rings. Regarding the matrix normal forms, we present a polynomial-time algorithm of Las Vegas type to compute the Jacobson normal form of matrices over specific domains. We will study the flexibility, as well as the limitations of our proposal. Another core contribution of this thesis consists of various implementations to assist future researchers working with noncommutative algebras. Detailed reports on all these programs and software-libraries are provided. We furthermore develop a benchmarking tool called SDEval, tailored to the needs of the computer algebra community. A description of this tool is also included in this thesis

NTRU in Quaternion Algebras of Bounded Discriminant

The NTRU assumption provides one of the most prominent problems on which to base post-quantum cryptography. Because of the efficiency and security of NTRU-style schemes, structured variants have been proposed, using modules. In this work, we create a structured form of NTRU using lattices obtained from orders in cyclic division algebras of index 2, that is, from quaternion algebras. We present a public-key encryption scheme, and show that its public keys are statistically close to uniform. We then prove IND-CPA security of a variant of our scheme when the discriminant of the quaternion algebra is not too large, assuming the hardness of Learning with Errors in cyclic division algebras

Sur l'algorithme de décodage en liste de Guruswami-Sudan sur les anneaux finis

This thesis studies the algorithmic techniques of list decoding, first proposed by Guruswami and Sudan in 1998, in the context of Reed-Solomon codes over finite rings. Two approaches are considered. First we adapt the Guruswami-Sudan (GS) list decoding algorithm to generalized Reed-Solomon (GRS) codes over finite rings with identity. We study in details the complexities of the algorithms for GRS codes over Galois rings and truncated power series rings. Then we explore more deeply a lifting technique for list decoding. We show that the latter technique is able to correct more error patterns than the original GS list decoding algorithm. We apply the technique to GRS code over Galois rings and truncated power series rings and show that the algorithms coming from this technique have a lower complexity than the original GS algorithm. We show that it can be easily adapted for interleaved Reed-Solomon codes. Finally we present the complete implementation in C and C++ of the list decoding algorithms studied in this thesis. All the needed subroutines, such as univariate polynomial root finding algorithms, finite fields and rings arithmetic, are also presented. Independently, this manuscript contains other work produced during the thesis. We study quasi cyclic codes in details and show that they are in one-to-one correspondence with left principal ideal of a certain matrix ring. Then we adapt the GS framework for ideal based codes to number fields codes and provide a list decoding algorithm for the latter.Cette thèse porte sur l'algorithmique des techniques de décodage en liste, initiée par Guruswami et Sudan en 1998, dans le contexte des codes de Reed-Solomon sur les anneaux finis. Deux approches sont considérées. Dans un premier temps, nous adaptons l'algorithme de décodage en liste de Guruswami-Sudan aux codes de Reed-Solomon généralisés sur les anneaux finis. Nous étudions en détails les complexités de l'algorithme pour les anneaux de Galois et les anneaux de séries tronquées. Dans un deuxième temps nous approfondissons l'étude d'une technique de remontée pour le décodage en liste. Nous montrons que cette derni're permet de corriger davantage de motifs d'erreurs que la technique de Guruswami-Sudan originale. Nous appliquons ensuite cette même technique aux codes de Reed-Solomon généralisés sur les anneaux de Galois et les anneaux de séries tronquées et obtenons de meilleures bornes de complexités. Enfin nous présentons l'implantation des algorithmes en C et C++ des algorithmes de décodage en liste étudiés au cours de cette thèse. Tous les sous-algorithmes nécessaires au décodage en liste, comme la recherche de racines pour les polynômes univariés, l'arithmétique des corps et anneaux finis sont aussi présentés. Indépendamment, ce manuscrit contient d'autres travaux sur les codes quasi-cycliques. Nous prouvons qu'ils sont en correspondance biunivoque avec les idéaux à gauche d'un certain anneaux de matrices. Enfin nous adaptons le cadre proposé par Guruswami et Sudan pour les codes à base d'ideaux aux codes construits à l'aide des corps de nombres. Nous fournissons un algorithme de décodage en liste dans ce contexte