1,139 research outputs found
The complexity of MinRank
In this note, we leverage some of our results from arXiv:1706.06319 to
produce a concise and rigorous proof for the complexity of the generalized
MinRank Problem in the under-defined and well-defined case. Our main theorem
recovers and extends previous results by Faug\`ere, Safey El Din, Spaenlehauer
(arXiv:1112.4411).Comment: Corrected a typo in the formula of the main theore
Developments in multivariate post quantum cryptography.
Ever since Shor\u27s algorithm was introduced in 1994, cryptographers have been working to develop cryptosystems that can resist known quantum computer attacks. This push for quantum attack resistant schemes is known as post quantum cryptography. Specifically, my contributions to post quantum cryptography has been to the family of schemes known as Multivariate Public Key Cryptography (MPKC), which is a very attractive candidate for digital signature standardization in the post quantum collective for a wide variety of applications. In this document I will be providing all necessary background to fully understand MPKC and post quantum cryptography as a whole. Then, I will walk through the contributions I provided in my publications relating to differential security proofs for HFEv and HFEv−, key recovery attack for all parameters of HFEm, and my newly proposed multivariate encryption scheme, HFERP
A study of big field multivariate cryptography.
As the world grapples with the possibility of widespread quantum computing, the cryptosystems of the day need to be up to date. Multivariate Public Key Cryptography is a leading option for security in a post quantum society. One goal of this work is to classify the security of multivariate schemes, especially C*variants. We begin by introducing Multivariate Public Key Cryptography and will then discuss different multivariate schemes and the main types of attacks that have been proven effective against multivariate schemes. Once we have developed an appropriate background, we analyze security of different schemes against particular attacks. Specifically, we will analyze differential security of HFEv- and PFLASH schemes. We then introduce a variant of C* that may be used as an encryption scheme, not just as a signature scheme. Finally, we will analyze the security and efficiency of a (n,d,s,a,p,t) scheme in general. This allows for individuals to generally discuss security and performance of any C* variant
Cryptanalysis of the multivariate encryption scheme EFLASH
Post-Quantum Cryptography studies cryptographic algorithms that quantum computers cannot break. Recent advances in quantum computing have made this kind of cryptography necessary, and research in the field has surged over the last years as a result. One of the main families of post-quantum cryptographic schemes is based on finding solutions of a polynomial system over finite fields. This family, known as multivariate cryptography, includes both public key encryption and signature schemes.
The majority of the research contribution of this thesis is devoted to understanding the security of multivariate cryptography. We mainly focus on big field schemes, i.e., constructions that utilize the structure of a large extension field. One essential contribution is an increased understanding of how Gröbner basis algorithms can exploit this structure. The increased knowledge furthermore allows us to design new attacks in this setting. In particular, the methods are applied to two encryption schemes suggested in the literature: EFLASH and Dob. We show that the recommended parameters for these schemes will not achieve the proposed 80-bit security. Moreover, it seems unlikely that there can be secure and efficient variants based on these ideas. Another contribution is the study of the effectiveness and limitations of a recently proposed rank attack. Finally, we analyze some of the algebraic properties of MiMC, a block cipher designed to minimize its multiplicative complexity.Doktorgradsavhandlin
New algorithms for decoding in the rank metric and an attack on the LRPC cryptosystem
We consider the decoding problem or the problem of finding low weight
codewords for rank metric codes. We show how additional information about the
codeword we want to find under the form of certain linear combinations of the
entries of the codeword leads to algorithms with a better complexity. This is
then used together with a folding technique for attacking a McEliece scheme
based on LRPC codes. It leads to a feasible attack on one of the parameters
suggested in \cite{GMRZ13}.Comment: A shortened version of this paper will be published in the
proceedings of the IEEE International Symposium on Information Theory 2015
(ISIT 2015
Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities
The rise of quantum computers exposes vulnerabilities in current public key
cryptographic protocols, necessitating the development of secure post-quantum
(PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches,
covering the constructional design, structural vulnerabilities, and offer
security assessments, implementation evaluations, and a particular focus on
side-channel attacks. We analyze global standardization processes, evaluate
their metrics in relation to real-world applications, and primarily focus on
standardized PQ schemes, selected additional signature competition candidates,
and PQ-secure cutting-edge schemes beyond standardization. Finally, we present
visions and potential future directions for a seamless transition to the PQ
era
Multivariate Public Key Cryptosystem from Sidon Spaces
A Sidon space is a subspace of an extension field over a base field in which
the product of any two elements can be factored uniquely, up to constants. This
paper proposes a new public-key cryptosystem of the multivariate type which is
based on Sidon spaces, and has the potential to remain secure even if quantum
supremacy is attained. This system, whose security relies on the hardness of
the well-known MinRank problem, is shown to be resilient to several
straightforward algebraic attacks. In particular, it is proved that the two
popular attacks on the MinRank problem, the kernel attack, and the minor
attack, succeed only with exponentially small probability. The system is
implemented in software, and its hardness is demonstrated experimentally.Comment: Appeared in Public-Key Cryptography - PKC 2021, 24th IACR
International Conference on Practice and Theory of Public Key Cryptograph
Resisting Key-Extraction and Code-Compression: a Secure Implementation of the HFE Signature Scheme in the White-Box Model
Cryptography is increasingly deployed in applications running on open devices
in which the software is extremely vulnerable to attacks, since the attacker has complete control over the execution platform and the software implementation itself. This creates a challenge for cryptography: design implementations of cryptographic algorithms that are secure, not only in the black-box model, but also in this attack context that is referred to as the white-box adversary model. Moreover, emerging applications such as mobile payment, mobile contract signing or blockchain-based technologies have created a need for white-box implementations of public-key cryptography, and especially of signature algorithms.
However, while many attempts were made to construct white-box implementations of block-ciphers, almost no white-box implementations have been published for what concerns asymmetric schemes. We present here a concrete white-box implementation of the well-known HFE signature algorithm for a specific set of internal polynomials. For a security level , the public key size is approximately 62.5 MB and the white-box implementation of the signature algorithm has a size approximately 256 GB
Ultra-Short Multivariate Public Key Signatures
In this paper, we study and construct multivariate schemes with “ultra-short” signatures. We focus on the classic case where the public key is a set of multivariate polynomials of degree 2. To design ultra-short signature schemes, we consider that signing a message and verifying a signature could require up to 1 minute of computation on a modern personal computer. Shorter time could be considered but at the cost of a few additional bits in the signatures, more generally, a trade-off may be found between computation time and signature size, depending on the applications one is targeting. Despite the fact that a time of 1 minute is far bigger than the time required by general purpose multivariate-based signature schemes, such as Rainbow, GeMMS, and Quartz, it enables us to reach ultra-short signature lengths; for instance, around 70 bit-long signatures for a security of 80 bits. In a first part, we describe generic and specific attacks against multivariate public key signature schemes and use them to derive the minimal parameters that an ultra-short signature scheme could have. In a second part, we give explicit ultra-short signature schemes with security in 80, 90 and 100 bits. In order to construct these signatures scheme, we use “nude HFE” (i.e. the classic HFE algorithm, without perturbations) and the new projection HFE algorithm described in [18]. Recent progress has been made on attacking the MinRank problem, which is strongly connected to HFE, in [2], and on attacking HFEv- ;in [24]. These potential threats against multivariate signature schemes have been taken into account in this paper
Improved Key Recovery of the HFEv- Signature Scheme
The HFEv- signature scheme is a twenty year old multivariate
public key signature scheme. It uses the Minus and the Vinegar modifier
on the original HFE scheme. An instance of the HFEv- signature scheme
called GeMSS is one of the alternative candidates for signature schemes
in the third round of the NIST Post Quantum Crypto (PQC) Standardization Project.
In this paper, we propose a new key recovery attack on
the HFEv- signature scheme. We show that the Minus modification does
not enhance the security of cryptosystems of the HFE family, while the
Vinegar modification increases the complexity of our attack only by a
polynomial factor. By doing so, we show that the proposed parameters
of the GeMSS scheme are not as secure as claimed. Our attack shows
that it is very difficult to build a secure and efficient signature scheme
on the basis of HFEv-
- …