Breaking Rainbow Takes a Weekend on a Laptop

This work introduces new key recovery attacks against the Rainbow signature scheme, which is one of the three finalist signature schemes still in the NIST Post-Quantum Cryptography standardization project. The new attacks outperform previously known attacks for all the parameter sets submitted to NIST and make a key-recovery practical for the SL 1 parameters. Concretely, given a Rainbow public key for the SL 1 parameters of the second-round submission, our attack returns the corresponding secret key after on average 53 hours (one weekend) of computation time on a standard laptop

Password Cracking Based on Special Keyboard Patterns

[[abstract]]Passwords are still the most commonly used mechanism for user authentication. However, they are vulnerable to dictionary attacks. In order to guard against such attacks, administrative policies force the use of complex rules to create passwords. One commonly used "trick" is to use keyboard patterns, i.e., key patterns on a keyboard, to create passwords that conform to the complex rules. This paper proposes an efficient and effective method to attack passwords generated from some special keyboard patterns. We create a framework to formally describe the commonly used keyboard patterns of adjacent keys and parallel keys, called AP patterns, to generate password databases. Our simulation results show that the password space generated using AP patterns is about 244.47 times smaller than that generated for a brute-force attack. We also design a hybrid password cracking system consisting of different attacking methods to verify the effectiveness. Our results show that the number of passwords cracked increases up to 114% on average than without applying AP patterns.[[incitationindex]]SCI[[incitationindex]]EI[[booktype]]紙

Password Cracking Based on Learned Patterns From Disclosed Passwords

[[abstract]]Password-based authentication systems are still the most commonly used mechanism for protecting sensitive information despite being vulnerable to dictionary based attacks. To guard against such attacks, many organizations enforce complicated password-creation rules and require that passwords include numeric and special characters. This study demonstrates that as long as passwords are not difficult to remember, they remain vulnerable to “smart dictionary” attacks. In this study, a password analysis platform is developed to formally analyze commonly used passwords and identify frequently used password patterns and their associated probabilities. Based upon these patterns, we establish a model consisting of a Training set, a Dictionary set and a Testing set (TDT model) to generate probabilistic passwords sorted in decreasing order. The model can be used to dramatically reduce the size of the password space to be searched. Simulation results show that the number of passwords cracked using the TDT model is 1.43 and 2.5 times higher compared with the John-the-Ripper attack and Brute-force attack, respectively. We also design a hybrid password cracking system combining different attacks to verify the effectiveness of the proposed method. After applying the TDT model, the number of passwords cracked increased by up to 273%.[[journaltype]]國外[[incitationindex]]EI[[booktype]]紙本[[countrycodes]]JP

VDOO: A Short, Fast, Post-Quantum Multivariate Digital Signature Scheme

Hard lattice problems are predominant in constructing post-quantum cryptosystems. However, we need to continue developing post-quantum cryptosystems based on other quantum hard problems to prevent a complete collapse of post-quantum cryptography due to a sudden breakthrough in solving hard lattice problems. Solving large multivariate quadratic systems is one such quantum hard problem. Unbalanced Oil-Vinegar is a signature scheme based on the hardness of solving multivariate equations. In this work, we present a post-quantum digital signature algorithm VDOO (Vinegar-Diagonal-Oil-Oil) based on solving multivariate equations. We introduce a new layer called the diagonal layer over the oil-vinegar-based signature scheme Rainbow. This layer helps to improve the security of our scheme without increasing the parameters considerably. Due to this modification, the complexity of the main computational bottleneck of multivariate quadratic systems i.e. the Gaussian elimination reduces significantly. Thus making our scheme one of the fastest multivariate quadratic signature schemes. Further, we show that our carefully chosen parameters can resist all existing state-of-the-art attacks. The signature sizes of our scheme for the National Institute of Standards and Technology's security level of I, III, and V are 96, 226, and 316 bytes, respectively. This is the smallest signature size among all known post-quantum signature schemes of similar security

Reducing keys in Rainbow-like signature schemes

TCC (graduação) - Universidade Federal de Santa Catarina. Centro Tecnológico. Ciências da Computação.Os algoritmos clássicos de assinatura digital como RSA e ECDSA baseiam sua segurança na dificuldade da fatoração de inteiros, e no logaritmo discreto, respectivamente. Esses problemas já possuem algoritmos quânticos que os resolvem em tempo polinomial, ou seja, com computadores quânticos poderosos o suficiente, o uso dos algoritmos de assinatura digital mais difundidos tornará-se impraticável. Naturalmente, com o aumento do poder computacional quântico, o interesse por criptossistemas resistentes a ataques que utilizam-se de tais computadores também cresceu. A área que estuda esses criptossistemas é chamada de criptografia pós-quântica. Particularmente, esses algoritmos baseiam-se numa série de problemas que, por enquanto, permanecem difíceis, mesmo que computadores quânticos poderosos sejam utilizados, logo, despertam o interesse para substituir os criptossistemas clássicos. Este trabalho aborda criptossistemas baseados em sistemas de polinômios multivariados, que, baseiam-se em problemas como a solução de sistemas de polinômios e o isomorfismo de polinômios, os quais ainda são resistentes a algoritmos quânticos, e portanto, são candidatos para criptografia pós-quântica. Tais esquemas possuem tamanhos de chaves muito maiores que os algoritmos clássicos. Neste trabalho um novo método para redução de chaves privadas do esquema de assinatura digital Rainbow é proposto. Usando este método as chaves privadas podem ser reduzidas em até 84\%. Ainda, este método pode ser combinado com outros de forma a reduzir tanto a chave privada como a chave pública.Classic digital signature algorithms base their security upon the difficulty of the integer factorization problem, and the discrete logarithm problem, respectively. These problems already have quantum algorithms that solve them in polynomial time, consequently, with sufficiently powerful quantum computers, the use of the most common digital signature algorithms would become impractical. Naturally, with the rise in quantum computational power, the interest in cryptosystems resistant to attacks that make use of such computers has raised as well. The area that studies such cryptosystems is called post-quantum cryptography. Particularly, these algorithms are based upon a series of problems that, at this time, continue to be hard, even with quantum computers available, hence, provoke interest to substitute the classical schemes. This work approaches cryptosystems based on systems of multivariate polynomials. They base their security upon problems like the polynomial system solving and the isomorphism of polynomials, which are still resistant to quantum computers, henceforth are candidates to post-quantum cryptography. Such schemes have much larger keys than classical algorithms. In this work a new method that allows the reduction of private keys of the Rainbow digital signature scheme is proposed. Using this method, private keys can be reduced by up to 84\%. Still, this method can be combined with others to reduce the private key and the public key simultaneously

A Method to Reduce the Key Size of UOV Signature Scheme

Multivariate public key signature scheme has a good performance on speed and signature size. But most of them have a huge public key size. In this paper, we propose a new method to reduce the public key size of unbalance oil and vinegar (UOV) signature scheme. We can reduce the public key size of UOV scheme to about 4KB for 128 bits security level. This method can be used to reduce the public key sizes of other multivariate public key cryptosystems

Cryptanalysis of the Birational Permutation Signature Scheme over a Non-commutative Ring

In 2008, Hashimoto and Sakurai proposed a new efficient signature scheme, which is a non-commutative ring version of Shamir’s birational permutation signature scheme. Shamir’s scheme is a generalization of the OSS (Ong-Schnorr-Shamir) signature scheme and was broken by Coppersmith et al. using its linearity and commutativity. The HS (Hashimoto-Sakurai) scheme is expected to be secure against the attack of Coppersmith et al. since the scheme is based on the noncommutative structure. In this paper, we propose an attack against the HS scheme. Our proposed attack is practical under the condition that its step size and the number of steps are small. More precisely, we firstly show that the HS scheme is essentially a commutative scheme, that is, the HS scheme can be reduced to some commutative birational permutation signature scheme. Then we apply Patarin-like attack against the commutative birational permutation signature scheme. We discuss efficiency of our attack by using some experimental results. Furthermore the commutative scheme obtained from the HS scheme is the Rainbow-type signature scheme. We also discuss the security of the Rainbow-type signature scheme, and propose an efficient attack against some class of the Rainbow-type signature scheme

CyclicRainbow - A multivariate Signature Scheme with a Partially Cyclic Public Key based on Rainbow

Multivariate Cryptography is one of the alternatives to guarantee the security of communication in the post-quantum world. One major drawback of such schemes is the huge size of their keys. In \cite{PB10} Petzoldt et al. proposed a way how to reduce the public key size of the UOV scheme by a large factor. In this paper we extend this idea to the Rainbow signature scheme of Ding and Schmidt \cite{DS05}. By our construction it is possible to reduce he size of the public key by up to 62 \verb!%!

Time-Area Optimized Public-Key Engines: MQ-Cryptosystems as Replacement for Elliptic Curves?

In this paper ways to efficiently implement public-key schemes based onMultivariate Quadratic polynomials (MQ-schemes for short) are investigated. In particular, they are claimed to resist quantum computer attacks. It is shown that such schemes can have a much better time-area product than elliptic curve cryptosystems. For instance, an optimised FPGA implementation of amended TTS is estimated to be over 50 times more efficient with respect to this parameter. Moreover, a general framework for implementing small-field MQ-schemes in hardware is proposed which includes a systolic architecture performing Gaussian elimination over composite binary fields

New Complexity Estimation on the Rainbow-Band-Separation Attack

Multivariate public key cryptography is a candidate for post-quantum cryptography, and it allows generating particularly short signatures and fast verification. The Rainbow signature scheme proposed by J. Ding and D. Schmidt is such a multivariate cryptosystem and is considered secure against all known attacks. The Rainbow-Band-Separation attack recovers a secret key of Rainbow by solving certain systems of quadratic equations, and its complexity is estimated by the well-known indicator called the degree of regularity. However, the degree of regularity generally is larger than the solving degree in experiments, and an accurate estimation cannot be obtained. In this paper, we propose a new indicator for the complexity of the Rainbow-Band-Separation attack using the $F_4$ algorithm, which gives a more precise estimation compared to one using the degree of regularity. This indicator is deduced by the two-variable power series $$\frac{\prod _{i=1}^m(1-t_1^{d_{i1}}t_2^{d_{i2}})}{(1-t_1)^{n_1}(1-t_2)^{n_2}},$$ which coincides with the one-variable power series at $t_1=t_2$ deriving the degree of regularity. Moreover, we show a relation between the Rainbow-Band-Separation attack using the hybrid approach and the HighRank attack. By considering this relation and our indicator, we obtain a new complexity estimation for the Rainbow-Band-Separation attack. Consequently, we are able to understand the precise security of Rainbow against the Rainbow-Band-Separation attack using the $F_4$ algorithm