24 research outputs found
[[alternative]]Computing and Crypto Applications of Discrete Algebraic Structures
計畫編號:NSC93-2115-M032-008研究期間:200408~200507研究經費:398,000[[sponsorship]]行政院國家科學委員
Under Quantum Computer Attack: Is Rainbow a Replacement of RSA and Elliptic Curves on Hardware?
Among cryptographic systems, multivariate signature is one of the most popular candidates since it has the potential to resist quantum computer attacks. Rainbow belongs to the multivariate signature, which can be viewed as a multilayer unbalanced Oil-Vinegar system. In this paper, we present techniques to exploit Rainbow signature on hardware meeting the requirements of efficient high-performance applications. We propose a general architecture for efficient hardware implementations of Rainbow and enhance our design in three directions. First, we present a fast inversion based on binary trees. Second, we present an efficient multiplication based on compact construction in composite fields. Third, we present a parallel solving system of linear equations based on Gauss-Jordan elimination. Via further other minor optimizations and by integrating the major improvement above, we implement our design in composite fields on standard cell CMOS Application Specific Integrated Circuits (ASICs). The experimental results show that our implementation takes 4.9 us and 242 clock cycles to generate a Rainbow signature with the frequency of 50 MHz. Comparison results show that our design is more efficient than the RSA and ECC implementations
Hash-based Multivariate Public Key Cryptosystems
Many efficient attacks have appeared in recent years, which have led
to serious blow for the traditional multivariate public key
cryptosystems. For example, the signature scheme SFLASH was broken
by Dubois et al. at CRYPTO\u2707, and the Square signature (or
encryption) scheme by Billet et al. at ASIACRYPTO\u2709. Most
multivariate schemes known so far are insecure, except maybe the
sigature schemes UOV and HFEv-. Following these new developments, it
seems that the general design principle of multivariate schemes has
been seriously questioned, and there is a rather pressing desire to
find new trapdoor construction or mathematical tools and ideal. In
this paper, we introduce the hash authentication techniques and
combine with the traditional MQ-trapdoors to propose a novel
hash-based multivariate public key cryptosystems. The resulting
scheme, called EMC (Extended Multivariate Cryptosystem), can
also be seen as a novel hash-based cryptosystems like Merkle tree
signature. And it offers the double security protection for signing
or encrypting. By the our analysis, we can construct the secure and
efficient not only signature scheme but also encryption scheme by
using the EMC scheme combined some modification methods summarized
by Wolf. And thus we present two new schems: EMC signature scheme
(with the Minus method ``- ) and EMC encryption scheme (with the
Plus method ``+ ). In addition, we also propose a reduced scheme of
the EMC signature scheme (a light-weight signature scheme). Precise
complexity estimates for these schemes are provided, but their
security proofs in the random oracle model are still an open
problem
Small Odd Prime Field Multivariate PKCs
We show that Multivariate Public Key Cryptosystems (MPKCs)
over fields of small odd prime characteristic, say 31, can be highly
efficient. Indeed, at the same design security of under
the best known attacks, odd-char MPKC is generally
faster than prior MPKCs over \GF{2^k}, which are in turn faster than
``traditional\u27\u27 alternatives.
This seemingly counter-intuitive feat is accomplished by exploiting
the comparative over-abundance of small integer arithmetic resources
in commodity hardware, here embodied by SSE2 or more advanced
special multimedia instructions on modern x86-compatible CPUs.
We explain our implementation techniques and design choices in
implementing our chosen MPKC instances modulo small a odd prime.
The same techniques are also applicable in modern FPGAs which often
contains a large number of multipliers
New Directions in Multivariate Public Key Cryptography
Most public key cryptosystems used in practice are based on integer factorization or discrete logarithms (in finite fields or elliptic curves). However, these systems suffer from two potential drawbacks. First, they must use large keys to maintain security, resulting in decreased efficiency. Second, if large enough quantum computers can be built, Shor\u27s algorithm will render them completely insecure. Multivariate public key cryptosystems (MPKC) are one possible alternative. MPKC makes use of the fact that solving multivariate polynomial systems over a finite field is an NP-complete problem, for which it is not known whether there is a polynomial algorithm on quantum computers. The main goal of this work is to show how to use new mathematical structures, specifically polynomial identities from algebraic geometry, to construct new multivariate public key cryptosystems. We begin with a basic overview of MPKC and present several significant cryptosystems that have been proposed. We also examine in detail some of the most powerful attacks against MPKCs. We propose a new framework for constructing multivariate public key cryptosystems and consider several strategies for constructing polynomial identities that can be utilized by the framework. In particular, we have discovered several new families of polynomial identities. Finally, we propose our new cryptosystem and give parameters for which it is secure against known attacks on MPKCs
A Polynomial-Time Key-Recovery Attack on MQQ Cryptosystems
International audienceWe investigate the security of the family of MQQ public key cryptosystems using multivariate quadratic quasigroups (MQQ). These cryptosystems show especially good performance properties. In particular, the MQQ-SIG signature scheme is the fastest scheme in the ECRYPT benchmarking of cryptographic systems (eBACS). We show that both the signature scheme MQQ-SIG and the encryption scheme MQQ-ENC, although using different types of MQQs, share a common algebraic structure that introduces a weakness in both schemes. We use this weakness to mount a successful polynomial time key-recovery attack. Our key-recovery attack finds an equivalent key using the idea of so-called {\it good keys} that reveals the structure gradually. In the process we need to solve a MinRank problem that, because of the structure, can be solved in polynomial-time assuming some mild algebraic assumptions. We highlight that our theoretical results work in characteristic which is known to be the most difficult case to address in theory for MinRank attacks. Also, we emphasize that our attack works without any restriction on the number of polynomials removed from the public-key, that is, using the minus modifier. This was not the case for previous MinRank like-attacks against \MQ\ schemes. From a practical point of view, we are able to break an MQQ-SIG instance of bits security in less than days, and one of the more conservative MQQ-ENC instances of bits security in little bit over days. Altogether, our attack shows that it is very hard to design a secure public key scheme based on an easily invertible MQQ structure
Selecting Parameters for the Rainbow Signature Scheme - Extended Version -
Multivariate public key cryptography is one of the main approaches
to guarantee the security of communication in a post-quantum
world. One of the most promising candidates in this area is the
Rainbow signature scheme, which was first proposed by J. Ding and
D. Schmidt in 2005. In this paper we develop a model of security for
the Rainbow signature scheme. We use this model to find
parameters for Rainbow over GF(16), GF(31) and GF(256) which, under certain assumptions, guarantee the security of
the scheme for now and the near future
The Shortest Signatures Ever
Multivariate Cryptography is one of the main candidates for creating post quantum public key cryptosystems. Especially in the area of digital signatures, there exist many practical and secure multivariate schemes. In this paper we present a general technique to reduce the signature size of multivariate schemes. Our technique enables us to reduce the signature size of nearly all multivariate signature schemes by 10 to 15 % without slowing down the scheme significantly. We can prove that the security of the underlying scheme is not weakened by this modification. Furthermore, the technique enables a further reduction of the signature size when accepting a slightly more costly verification process. This trade off between signature size and complexity of the verification process can not be observed for any other class of digital signature schemes. By applying our technique to the Gui signature scheme, we obtain the shortest signatures of all existing digital signature schemes
SoK: Security Evaluation of SBox-Based Block Ciphers
Cryptanalysis of block ciphers is an active and important research area with an extensive volume of literature. For this work, we focus on SBox-based ciphers, as they are widely used and cover a large class of block ciphers. While there have been prior works that have consolidated attacks on block ciphers, they usually focus on describing and listing the attacks. Moreover, the methods for evaluating a cipher\u27s security are often ad hoc, differing from cipher to cipher, as attacks and evaluation techniques are developed along the way. As such, we aim to organise the attack literature, as well as the work on security evaluation.
In this work, we present a systematization of cryptanalysis of SBox-based block ciphers focusing on three main areas: (1) Evaluation of block ciphers against standard cryptanalytic attacks; (2) Organisation and relationships between various attacks; (3) Comparison of the evaluation and attacks on existing ciphers
Implementation Attacks on Post-Quantum Cryptographic Schemes
Post-quantum cryptographic schemes have been developed in the last decade in response to the rise of quantum computers. Fortunately, several schemes have been developed with quantum resistance. However, there is very little effort in evaluating and comparing these schemes in the embedded settings. Low cost embedded devices represents a highly-constraint environment that challenges all post-quantum cryptographic schemes. Moreover, there are even fewer efforts in evaluating the security of these schemes against implementation attacks including side-channel and fault attacks. It is commonly accepted that, any embedded cryptographic module that is built without a sound countermeasure, can be easily broken. Therefore, we investigate the question: Are we ready to implement post-quantum cryptographic schemes on embedded systems? We present an exhaustive survey of research efforts in designing embedded modules of post-quantum cryptographic schemes and the efforts in securing these modules against implementation attacks. Unfortunately, the study shows that: we are not ready yet to implement any post-quantum cryptographic scheme in practical embedded systems. There is still a considerable amount of research that needs to be conducted before reaching a satisfactory level of security