4,434 research outputs found
Equivalent Keys in Multivariate Quadratic Public Key Systems
Multivariate Quadratic public key schemes have been suggested back in 1985 by Matsumoto and Imai
as an alternative for the RSA scheme.
Since then, several other schemes have been proposed, for example Hidden Field Equations,
Unbalanced Oil and Vinegar schemes, and Stepwise Triangular Schemes.
All these schemes have a rather large key space for a secure choice of parameters.
Surprisingly, the question of equivalent keys has not been discussed in the open literature
until recently.
In this article, we show that for all basic classes mentioned above,
it is possible to reduce the private --- and hence the public ---
key space by several orders of magnitude. For the Matsumoto-Imai scheme, we are even able to show that
the reductions we found are the only ones possible, i.e., that these reductions are tight.
While the theorems developed in this article are of independent interest themselves
as they broaden our understanding of Multivariate Quadratic public key systems,
we see applications of our results both in cryptanalysis and in
memory efficient implementations of MQ-schemes
Polynomial-Time Algorithms for Quadratic Isomorphism of Polynomials: The Regular Case
Let and be
two sets of nonlinear polynomials over
( being a field). We consider the computational problem of finding
-- if any -- an invertible transformation on the variables mapping
to . The corresponding equivalence problem is known as {\tt
Isomorphism of Polynomials with one Secret} ({\tt IP1S}) and is a fundamental
problem in multivariate cryptography. The main result is a randomized
polynomial-time algorithm for solving {\tt IP1S} for quadratic instances, a
particular case of importance in cryptography and somewhat justifying {\it a
posteriori} the fact that {\it Graph Isomorphism} reduces to only cubic
instances of {\tt IP1S} (Agrawal and Saxena). To this end, we show that {\tt
IP1S} for quadratic polynomials can be reduced to a variant of the classical
module isomorphism problem in representation theory, which involves to test the
orthogonal simultaneous conjugacy of symmetric matrices. We show that we can
essentially {\it linearize} the problem by reducing quadratic-{\tt IP1S} to
test the orthogonal simultaneous similarity of symmetric matrices; this latter
problem was shown by Chistov, Ivanyos and Karpinski to be equivalent to finding
an invertible matrix in the linear space of matrices over and to compute the square root in a matrix
algebra. While computing square roots of matrices can be done efficiently using
numerical methods, it seems difficult to control the bit complexity of such
methods. However, we present exact and polynomial-time algorithms for computing
the square root in for various fields (including
finite fields). We then consider \\#{\tt IP1S}, the counting version of {\tt
IP1S} for quadratic instances. In particular, we provide a (complete)
characterization of the automorphism group of homogeneous quadratic
polynomials. Finally, we also consider the more general {\it Isomorphism of
Polynomials} ({\tt IP}) problem where we allow an invertible linear
transformation on the variables \emph{and} on the set of polynomials. A
randomized polynomial-time algorithm for solving {\tt IP} when
is presented. From an algorithmic point
of view, the problem boils down to factoring the determinant of a linear matrix
(\emph{i.e.}\ a matrix whose components are linear polynomials). This extends
to {\tt IP} a result of Kayal obtained for {\tt PolyProj}.Comment: Published in Journal of Complexity, Elsevier, 2015, pp.3
Stream cipher based on quasigroup string transformations in
In this paper we design a stream cipher that uses the algebraic structure of
the multiplicative group \bbbz_p^* (where p is a big prime number used in
ElGamal algorithm), by defining a quasigroup of order and by doing
quasigroup string transformations. The cryptographical strength of the proposed
stream cipher is based on the fact that breaking it would be at least as hard
as solving systems of multivariate polynomial equations modulo big prime number
which is NP-hard problem and there are no known fast randomized or
deterministic algorithms for solving it. Unlikely the speed of known ciphers
that work in \bbbz_p^* for big prime numbers , the speed of this stream
cipher both in encryption and decryption phase is comparable with the fastest
symmetric-key stream ciphers.Comment: Small revisions and added reference
Cryptography from tensor problems
We describe a new proposal for a trap-door one-way function. The new proposal belongs to the "multivariate quadratic" family but the trap-door is different from existing methods, and is simpler
Ring Learning With Errors: A crossroads between postquantum cryptography, machine learning and number theory
The present survey reports on the state of the art of the different
cryptographic functionalities built upon the ring learning with errors problem
and its interplay with several classical problems in algebraic number theory.
The survey is based to a certain extent on an invited course given by the
author at the Basque Center for Applied Mathematics in September 2018.Comment: arXiv admin note: text overlap with arXiv:1508.01375 by other
authors/ comment of the author: quotation has been added to Theorem 5.
Shorter secret keys in multivariate cryptography through optimal subspace representations
La criptografia multivariant (MVQC) és, actualment, una de les famílies d'esquemes criptogràfics més prometedores en l'àmbit postquàntic. Tanmateix, amb freqüència pateix de claus d'una mida excessiva o suposicions de seguretat fetes a mida. En aquesta tesi, tractarem un esquema de MVQC, el "Unbalanced Oil and Vinegar" (UOV), emprant una reformulació d'aquest donada recentment per Beullens, amb l'objectiu d'explorar fins a quin punt és possible reduir la mida de les claus privades sense afectar a la practicalitat. També ens centrem en dues simplificacions freqüentment aplicades a UOV --- habitualment aquestes es justifiquen veient que un pot aplicar-hi les suposicions de seguretat que formen la base de UOV. Demostrem que (amb algunes concessions), es pot demostrar directament que la seva seguretat segueix de la seguretat de UOV tradicional
Kryptowochenende 2006 - Workshop über Kryptographie
Das Kryptowochenende ist eine Aktivität der Fachgruppe Angewandte Kryptologie in der Gesellschaft für Informatik (GI) mit dem Ziel, Nachwuchswissenschaftlern, etablierten Forschern und Praktikern auf dem Gebiet der Kryptologie und Computersicherheit die Möglichkeit zu bieten, Kontakte über die eigene Universität hinaus zu knüpfen und sich mit Kollegen aus dem Fachgebiet auszutauschen. Die Vorträge decken ein breites Spektrum ab, von noch laufenden Projekten bis zu abgeschlossenen Forschungsarbeiten, die zeitnah auch auf Konferenzen publiziert wurden bzw. werden sollen. Das erste Kryptowochenende hat stattgefunden vom 01.-02. Juli 2006 im Tagungszentrum der Universität Mannheim im Kloster Bronnbach. Die Beiträge zu diesem Workshop sind im vorliegenden Tagungsband zusammengefasst
Fast Quantum Algorithm for Solving Multivariate Quadratic Equations
In August 2015 the cryptographic world was shaken by a sudden and surprising
announcement by the US National Security Agency NSA concerning plans to
transition to post-quantum algorithms. Since this announcement post-quantum
cryptography has become a topic of primary interest for several standardization
bodies. The transition from the currently deployed public-key algorithms to
post-quantum algorithms has been found to be challenging in many aspects. In
particular the problem of evaluating the quantum-bit security of such
post-quantum cryptosystems remains vastly open. Of course this question is of
primarily concern in the process of standardizing the post-quantum
cryptosystems. In this paper we consider the quantum security of the problem of
solving a system of {\it Boolean multivariate quadratic equations in
variables} (\MQb); a central problem in post-quantum cryptography. When ,
under a natural algebraic assumption, we present a Las-Vegas quantum algorithm
solving \MQb{} that requires the evaluation of, on average,
quantum gates. To our knowledge this is the fastest algorithm for solving
\MQb{}
- …