35 research outputs found
On the Complexity of the Generalized MinRank Problem
We study the complexity of solving the \emph{generalized MinRank problem},
i.e. computing the set of points where the evaluation of a polynomial matrix
has rank at most . A natural algebraic representation of this problem gives
rise to a \emph{determinantal ideal}: the ideal generated by all minors of size
of the matrix. We give new complexity bounds for solving this problem
using Gr\"obner bases algorithms under genericity assumptions on the input
matrix. In particular, these complexity bounds allow us to identify families of
generalized MinRank problems for which the arithmetic complexity of the solving
process is polynomial in the number of solutions. We also provide an algorithm
to compute a rational parametrization of the variety of a 0-dimensional and
radical system of bi-degree . We show that its complexity can be bounded
by using the complexity bounds for the generalized MinRank problem.Comment: 29 page
Smaller public keys for MinRank-based schemes
MinRank is an NP-complete problem in linear algebra whose characteristics
make it attractive to build post-quantum cryptographic primitives. Several
MinRank-based digital signature schemes have been proposed. In particular, two
of them, MIRA and MiRitH, have been submitted to the NIST Post-Quantum
Cryptography Standardization Process. In this paper, we propose a
key-generation algorithm for MinRank-based schemes that reduces the size of the
public key to about 50% of the size of the public key generated by the previous
best (in terms of public-key size) algorithm. Precisely, the size of the public
key generated by our algorithm sits in the range of 328-676 bits for security
levels of 128-256 bits. We also prove that our algorithm is as secure as the
previous ones
An algebraic approach to the Rank Support Learning problem
Rank-metric code-based cryptography relies on the hardness of decoding a
random linear code in the rank metric. The Rank Support Learning problem (RSL)
is a variant where an attacker has access to N decoding instances whose errors
have the same support and wants to solve one of them. This problem is for
instance used in the Durandal signature scheme. In this paper, we propose an
algebraic attack on RSL which clearly outperforms the previous attacks to solve
this problem. We build upon Bardet et al., Asiacrypt 2020, where similar
techniques are used to solve MinRank and RD. However, our analysis is simpler
and overall our attack relies on very elementary assumptions compared to
standard Gr{\"o}bner bases attacks. In particular, our results show that key
recovery attacks on Durandal are more efficient than was previously thought
Algebraic Relation of Three MinRank Algebraic Modelings
We give algebraic relations among equations of three algebraic modelings for MinRank problem: support minors modeling, KipnisâShamir modeling and minors modeling
A Polynomial-Time Key-Recovery Attack on MQQ Cryptosystems
International audienceWe investigate the security of the family of MQQ public key cryptosystems using multivariate quadratic quasigroups (MQQ). These cryptosystems show especially good performance properties. In particular, the MQQ-SIG signature scheme is the fastest scheme in the ECRYPT benchmarking of cryptographic systems (eBACS). We show that both the signature scheme MQQ-SIG and the encryption scheme MQQ-ENC, although using different types of MQQs, share a common algebraic structure that introduces a weakness in both schemes. We use this weakness to mount a successful polynomial time key-recovery attack. Our key-recovery attack finds an equivalent key using the idea of so-called {\it good keys} that reveals the structure gradually. In the process we need to solve a MinRank problem that, because of the structure, can be solved in polynomial-time assuming some mild algebraic assumptions. We highlight that our theoretical results work in characteristic which is known to be the most difficult case to address in theory for MinRank attacks. Also, we emphasize that our attack works without any restriction on the number of polynomials removed from the public-key, that is, using the minus modifier. This was not the case for previous MinRank like-attacks against \MQ\ schemes. From a practical point of view, we are able to break an MQQ-SIG instance of bits security in less than days, and one of the more conservative MQQ-ENC instances of bits security in little bit over days. Altogether, our attack shows that it is very hard to design a secure public key scheme based on an easily invertible MQQ structure
A New Scheme for Zero Knowledge Proof based on Multivariate Quadratic Problem and Quaternion Algebra
This paper introduces a new intractable security problem whose
intractability is due to the NP completeness of multivariate quadratic problem. This novel problem uses quaternion algebra in conjunction with MQ. Starting with the simultaneous multivariate equations, we transform these equations into simultaneous
quaternion based multivariate quadratic equations. A new scheme for computational zero knowledge proof based on this problem is proposed. It is proved that according to black box definition of zero knowledge proof (ZKP) system, the proposed scheme is ZKP. Our proof has two lemmas. The proof is done through two lemmas. In the first
lemma it is shown that expected polynomial time machine V * M halts in a polynomial time. In the second lemma, it is showed that the probability ensembles V x L M x * and x L P x , V * x are polynomially indistinguishable. The scheme has low computational overhead and is particularly useful in cryptographic applications such
as digital signature and key agreement
MiRitH: Efficient Post-Quantum Signatures from MinRank in the Head
Since 2016âs NIST call for standardization of post-quantum cryptographic primitives, developing efficient post-quantum secure digital signature schemes has become a highly active area of research. The difficulty in constructing such schemes is evidenced by NIST reopening the call in 2022 for digital signature schemes, because of missing diversity in existing proposals. In this work, we introduce the new post-quantum digital signature scheme MiRitH. As direct successor of a scheme recently developed by Adj, Rivera-Zamarripa and Verbel (Africacrypt â23), it is based on the hardness of the MinRank problem and follows the MPC-in-the-Head paradigm. We revisit the initial proposal, incorporate design-level improvements and provide more efficient parameter sets. We also provide the missing justification for the quantum security of all parameter sets following NIST metrics. In this context we design a novel Grover-amplified quantum search algorithm for solving the MinRank problem that outperforms a naive quantum brute-force search for the solution.
MiRitH obtains signatures of size 5.7 kB for NIST category I security and therefore competes for the smallest signatures among any post-quantum signature following the MPCitH paradigm. At the same time MiRitH offers competitive signing and verification timings compared to the state of the art. To substantiate those claims we provide extensive implementations. This includes a reference implementation as well as optimized constant-time implementations for Intel processors (AVX2), and for the ARM (NEON) architecture. The speed-up of our optimized AVX2 implementation relies mostly on a redesign of the finite field arithmetic, improving over existing implementations as well as an improved memory management
An algebraic approach to the Rank Support Learning problem
Rank-metric code-based cryptography relies on the hardness of decoding a random linear code in the rank metric. The Rank Support Learning problem (RSL) is a variant where an attacker has access to N decoding instances whose errors have the same support and wants to solve one of them. This problem is for instance used in the Durandal signature scheme. In this paper, we propose an algebraic attack on RSL which clearly outperforms the previous attacks to solve this problem. We build upon Bardet et al., Asiacrypt 2020, where similar techniques are used to solve MinRank and RD. However, our analysis is simpler and overall our attack relies on very elementary assumptions compared to standard Gröbner bases attacks. In particular, our results show that key recovery attacks on Durandal are more efficient than was previously thought