Cryptanalysis of McEliece Cryptosystem Based on Algebraic Geometry Codes and their subcodes

We give polynomial time attacks on the McEliece public key cryptosystem based either on algebraic geometry (AG) codes or on small codimensional subcodes of AG codes. These attacks consist in the blind reconstruction either of an Error Correcting Pair (ECP), or an Error Correcting Array (ECA) from the single data of an arbitrary generator matrix of a code. An ECP provides a decoding algorithm that corrects up to $\frac{d^*-1-g}{2}$ errors, where $d^*$ denotes the designed distance and $g$ denotes the genus of the corresponding curve, while with an ECA the decoding algorithm corrects up to $\frac{d^*-1}{2}$ errors. Roughly speaking, for a public code of length $n$ over $\mathbb F_q$, these attacks run in $O(n^4\log (n))$ operations in $\mathbb F_q$ for the reconstruction of an ECP and $O(n^5)$ operations for the reconstruction of an ECA. A probabilistic shortcut allows to reduce the complexities respectively to $O(n^{3+\varepsilon} \log (n))$ and $O(n^{4+\varepsilon})$. Compared to the previous known attack due to Faure and Minder, our attack is efficient on codes from curves of arbitrary genus. Furthermore, we investigate how far these methods apply to subcodes of AG codes.Comment: A part of the material of this article has been published at the conferences ISIT 2014 with title "A polynomial time attack against AG code based PKC" and 4ICMCTA with title "Crypt. of PKC that use subcodes of AG codes". This long version includes detailed proofs and new results: the proceedings articles only considered the reconstruction of ECP while we discuss here the reconstruction of EC

New Directions in Multivariate Public Key Cryptography

Most public key cryptosystems used in practice are based on integer factorization or discrete logarithms (in finite fields or elliptic curves). However, these systems suffer from two potential drawbacks. First, they must use large keys to maintain security, resulting in decreased efficiency. Second, if large enough quantum computers can be built, Shor\u27s algorithm will render them completely insecure. Multivariate public key cryptosystems (MPKC) are one possible alternative. MPKC makes use of the fact that solving multivariate polynomial systems over a finite field is an NP-complete problem, for which it is not known whether there is a polynomial algorithm on quantum computers. The main goal of this work is to show how to use new mathematical structures, specifically polynomial identities from algebraic geometry, to construct new multivariate public key cryptosystems. We begin with a basic overview of MPKC and present several significant cryptosystems that have been proposed. We also examine in detail some of the most powerful attacks against MPKCs. We propose a new framework for constructing multivariate public key cryptosystems and consider several strategies for constructing polynomial identities that can be utilized by the framework. In particular, we have discovered several new families of polynomial identities. Finally, we propose our new cryptosystem and give parameters for which it is secure against known attacks on MPKCs

A Like ELGAMAL Cryptosystem But Resistant To Post-Quantum Attacks

The Modulo 1 Factoring Problem (M1FP) is an elegant mathematical problem which could be exploited to design safe cryptographic protocols and encryption schemes that resist to post quantum attacks. The ELGAMAL encryption scheme is a well-known and efficient public key algorithm designed by Taher ELGAMAL from discrete logarithm problem. It is always highly used in Internet security and many other applications after a large number of years. However, the imminent arrival of quantum computing threatens the security of ELGAMAL cryptosystem and impose to cryptologists to prepare a resilient algorithm to quantum computer-based attacks. In this paper we will present a like-ELGAMAL cryptosystem based on the M1FP NP-hard problem. This encryption scheme is very simple but efficient and supposed to be resistant to post quantum attacks

On the Complexity of Solving Quadratic Boolean Systems

A fundamental problem in computer science is to find all the common zeroes of $m$ quadratic polynomials in $n$ unknowns over $\mathbb{F}_2$. The cryptanalysis of several modern ciphers reduces to this problem. Up to now, the best complexity bound was reached by an exhaustive search in $4\log_2 n\,2^n$ operations. We give an algorithm that reduces the problem to a combination of exhaustive search and sparse linear algebra. This algorithm has several variants depending on the method used for the linear algebra step. Under precise algebraic assumptions on the input system, we show that the deterministic variant of our algorithm has complexity bounded by $O(2^{0.841n})$ when $m=n$, while a probabilistic variant of the Las Vegas type has expected complexity $O(2^{0.792n})$. Experiments on random systems show that the algebraic assumptions are satisfied with probability very close to~1. We also give a rough estimate for the actual threshold between our method and exhaustive search, which is as low as~200, and thus very relevant for cryptographic applications.Comment: 25 page

[[alternative]]Computing and Crypto Applications of Discrete Algebraic Structures

計畫編號：NSC93-2115-M032-008研究期間：200408~200507研究經費：398,000[[sponsorship]]行政院國家科學委員

Application of Quasigroups in Cryptography and Data Communications

In the past decade, quasigroup theory has proven to be a fruitfull field for production of new cryptographic primitives and error-corecting codes. Examples include several finalists in the flagship competitions for new symmetric ciphers, as well as several assimetric proposals and cryptcodes. Since the importance of cryptography and coding theory for secure and reliable data communication can only grow within our modern society, investigating further the power of quasigroups in these fields is highly promising research direction. Our team of researchers has defined several research objectives, which can be devided into four main groups: 1. Design of new cryptosystems or their building blocks based on quasigroups - we plan to make a classification of small quasigroups based on new criteria, as well as to identify new optimal 8–bit S-boxes produced by small quasigroups. The results will be used to design new stream and block ciphers. 2. Cryptanalysis of some cryptosystems based on quasigroups - we will modify and improve the existing automated tools for differential cryptanalysis, so that they can be used for prove the resistance to differential cryptanalysis of several existing ciphers based on quasigroups. This will increase the confidence in these ciphers. 3. Codes based on quasigroups - we will designs new and improve the existing error correcting codes based on combinatorial structures and quasigroups. 4. Algebraic curves over finite fields with their cryptographic applications - using some known and new tools, we will investigate the rational points on algebraic curves over finite fields, and explore the possibilities of applying the results in cryptography

Proposal of a Signature Scheme based on STS Trapdoor

A New digital signature scheme based on Stepwise Triangular Scheme (STS) is proposed. The proposed trapdoor has resolved the vulnerability of STS and secure against both Gröbner Bases and Rank Attacks. In addition, as a basic trapdoor, it is more efficient than the existing systems. With the efficient implementation, the Multivariate Public Key Cryptosystems (MPKC) signature public key has the signature longer than the message by less than 25 %, for example

New cryptanalysis of LFSR-based stream ciphers and decoders for p-ary QC-MDPC codes

The security of modern cryptography is based on the hardness of solving certain problems. In this context, a problem is considered hard if there is no known polynomial time algorithm to solve it. Initially, the security assessment of cryptographic systems only considered adversaries with classical computational resources, i.e., digital computers. It is now known that there exist polynomial-time quantum algorithms that would render certain cryptosystems insecure if large-scale quantum computers were available. Thus, adversaries with access to such computers should also be considered. In particular, cryptosystems based on the hardness of integer factorisation or the discrete logarithm problem would be broken. For some others such as symmetric-key cryptosystems, the impact seems not to be as serious; it is recommended to at least double the key size of currently used systems to preserve their security level. The potential threat posed by sufficiently powerful quantum computers motivates the continued study and development of post-quantum cryptography, that is, cryptographic systems that are secure against adversaries with access to quantum computations. It is believed that symmetric-key cryptosystems should be secure from quantum attacks. In this manuscript, we study the security of one such family of systems; namely, stream ciphers. They are mainly used in applications where high throughput is required in software or low resource usage is required in hardware. Our focus is on the cryptanalysis of stream ciphers employing linear feedback shift registers (LFSRs). This is modelled as the problem of finding solutions to systems of linear equations with associated probability distributions on the set of right hand sides. To solve this problem, we first present a multivariate version of the correlation attack introduced by Siegenthaler. Building on the ideas of the multivariate attack, we propose a new cryptanalytic method with lower time complexity. Alongside this, we introduce the notion of relations modulo a matrix B, which may be seen as a generalisation of parity-checks used in fast correlation attacks. The latter are among the most important class of attacks against LFSR-based stream ciphers. Our new method is successfully applied to hard instances of the filter generator and requires a lower amount of keystream compared to other attacks in the literature. We also perform a theoretical attack against the Grain-v1 cipher and an experimental attack against a toy Grain-like cipher. Compared to the best previous attack, our technique requires less keystream bits but also has a higher time complexity. This is the result of joint work with Semaev. Public-key cryptosystems based on error-correcting codes are also believed to be secure against quantum attacks. To this end, we develop a new technique in code-based cryptography. Specifically, we propose new decoders for quasi-cyclic moderate density parity-check (QC-MDPC) codes. These codes were proposed by Misoczki et al.\ for use in the McEliece scheme. The use of QC-MDPC codes avoids attacks applicable when using low-density parity-check (LDPC) codes and also allows for keys with short size. Although we focus on decoding for a particular instance of the p-ary QC-MDPC scheme, our new decoding algorithm is also a general decoding method for p-ary MDPC-like schemes. This algorithm is a bit-flipping decoder, and its performance is improved by varying thresholds for the different iterations. Experimental results demonstrate that our decoders enjoy a very low decoding failure rate for the chosen p-ary QC-MDPC instance. This is the result of joint work with Guo and Johansson.Doktorgradsavhandlin