140 research outputs found
The complexity of MinRank
In this note, we leverage some of our results from arXiv:1706.06319 to
produce a concise and rigorous proof for the complexity of the generalized
MinRank Problem in the under-defined and well-defined case. Our main theorem
recovers and extends previous results by Faug\`ere, Safey El Din, Spaenlehauer
(arXiv:1112.4411).Comment: Corrected a typo in the formula of the main theore
Cryptography from tensor problems
We describe a new proposal for a trap-door one-way function. The new proposal belongs to the "multivariate quadratic" family but the trap-door is different from existing methods, and is simpler
On the Complexity of the Generalized MinRank Problem
We study the complexity of solving the \emph{generalized MinRank problem},
i.e. computing the set of points where the evaluation of a polynomial matrix
has rank at most . A natural algebraic representation of this problem gives
rise to a \emph{determinantal ideal}: the ideal generated by all minors of size
of the matrix. We give new complexity bounds for solving this problem
using Gr\"obner bases algorithms under genericity assumptions on the input
matrix. In particular, these complexity bounds allow us to identify families of
generalized MinRank problems for which the arithmetic complexity of the solving
process is polynomial in the number of solutions. We also provide an algorithm
to compute a rational parametrization of the variety of a 0-dimensional and
radical system of bi-degree . We show that its complexity can be bounded
by using the complexity bounds for the generalized MinRank problem.Comment: 29 page
Smaller public keys for MinRank-based schemes
MinRank is an NP-complete problem in linear algebra whose characteristics
make it attractive to build post-quantum cryptographic primitives. Several
MinRank-based digital signature schemes have been proposed. In particular, two
of them, MIRA and MiRitH, have been submitted to the NIST Post-Quantum
Cryptography Standardization Process. In this paper, we propose a
key-generation algorithm for MinRank-based schemes that reduces the size of the
public key to about 50% of the size of the public key generated by the previous
best (in terms of public-key size) algorithm. Precisely, the size of the public
key generated by our algorithm sits in the range of 328-676 bits for security
levels of 128-256 bits. We also prove that our algorithm is as secure as the
previous ones
Solving multivariate polynomial systems and an invariant from commutative algebra
The complexity of computing the solutions of a system of multivariate
polynomial equations by means of Gr\"obner bases computations is upper bounded
by a function of the solving degree. In this paper, we discuss how to
rigorously estimate the solving degree of a system, focusing on systems arising
within public-key cryptography. In particular, we show that it is upper bounded
by, and often equal to, the Castelnuovo Mumford regularity of the ideal
generated by the homogenization of the equations of the system, or by the
equations themselves in case they are homogeneous. We discuss the underlying
commutative algebra and clarify under which assumptions the commonly used
results hold. In particular, we discuss the assumption of being in generic
coordinates (often required for bounds obtained following this type of
approach) and prove that systems that contain the field equations or their fake
Weil descent are in generic coordinates. We also compare the notion of solving
degree with that of degree of regularity, which is commonly used in the
literature. We complement the paper with some examples of bounds obtained
following the strategy that we describe
Improvement of algebraic attacks for solving superdetermined MinRank instances
The MinRank (MR) problem is a computational problem that arises in many
cryptographic applications. In Verbel et al. (PQCrypto 2019), the authors
introduced a new way to solve superdetermined instances of the MinRank problem,
starting from the bilinear Kipnis-Shamir (KS) modeling. They use linear algebra
on specific Macaulay matrices, considering only multiples of the initial
equations by one block of variables, the so called ''kernel'' variables. Later,
Bardet et al. (Asiacrypt 2020) introduced a new Support Minors modeling (SM),
that consider the Pl{\"u}cker coordinates associated to the kernel variables,
i.e. the maximal minors of the Kernel matrix in the KS modeling. In this paper,
we give a complete algebraic explanation of the link between the (KS) and (SM)
modelings (for any instance). We then show that superdetermined MinRank
instances can be seen as easy instances of the SM modeling. In particular, we
show that performing computation at the smallest possible degree (the ''first
degree fall'') and the smallest possible number of variables is not always the
best strategy. We give complexity estimates of the attack for generic random
instances.We apply those results to the DAGS cryptosystem, that was submitted
to the first round of the NIST standardization process. We show that the
algebraic attack from Barelli and Couvreur (Asiacrypt 2018), improved in Bardet
et al. (CBC 2019), is a particular superdetermined MinRank instance.Here, the
instances are not generic, but we show that it is possible to analyse the
particular instances from DAGS and provide a way toselect the optimal
parameters (number of shortened positions) to solve a particular instance
Multivariate Public Key Cryptosystem from Sidon Spaces
A Sidon space is a subspace of an extension field over a base field in which
the product of any two elements can be factored uniquely, up to constants. This
paper proposes a new public-key cryptosystem of the multivariate type which is
based on Sidon spaces, and has the potential to remain secure even if quantum
supremacy is attained. This system, whose security relies on the hardness of
the well-known MinRank problem, is shown to be resilient to several
straightforward algebraic attacks. In particular, it is proved that the two
popular attacks on the MinRank problem, the kernel attack, and the minor
attack, succeed only with exponentially small probability. The system is
implemented in software, and its hardness is demonstrated experimentally.Comment: Appeared in Public-Key Cryptography - PKC 2021, 24th IACR
International Conference on Practice and Theory of Public Key Cryptograph
- …