Multivariate cryptography

Tato práce se zabývá multivariační kryptografii. Konkrétně obsahuje popis MQ problému a důkaz jeho NP-úplnosti. V části o MQ problému je i popis obecného schématu pro tvorbu veřejné části asymetrických kryptosystémů založeným na MQ problému. V této části také práce popisuje QMLE problém, který je důležitý pro tvar soukromého klíče kryptosystémů založených na MQ problému. Práce dále obsahuje popis vlivu struktury zobrazení, které se objevují v QMLE problému, na časovou složitost řešení QMLE problému. Vliv na časovou složitost byl zjištěn pomocí experimentálního měření na naprogramovaném algoritmu. Na konci práce je uveden popis vybraných multivariačních kryptosystémů založeným na MQ problému. U popsaných kryptosystémů je detailní popis šifrování a dešifrování pomocí vybraných kryptosystémů a časové odhady těchto operací. Práce také obsahuje odhady na paměťové nároky na uložení soukromého a veřejného klíče popsaných kryptosystémů. Powered by TCPDF (www.tcpdf.org)This thesis deals with multivariate cryptography. It includes specifically a description of the MQ problem and the proof of it's NP-completness. In the part of the MQ problem there is a description of a general pattern for the creation of the public part of asymetric cryptosystems based on the MQ problem. It this part the thesis describes the QMLE problem, which is important for the figure of the cryptosystem private key based on the MQ problem. Further, the thesis includes a description of the influence of the structure display, which appears in the QMLE problem, on time solution complexity of QMLE problem. The influence of time complexity has been detected by means of experimental measurement with programed algorithm. At the end of the thesis there is specified description of selected multivariety cryptosystems based on the MQ problem. Selected cryptosystems are provided with detailed description of encryption and decryption by means of selected cryptosystems and time estimations of these operations. The thesis includes estimations of memory requirements on saving of private and public key of the selected cryptosystems. Powered by TCPDF (www.tcpdf.org)Department of AlgebraKatedra algebryMatematicko-fyzikální fakultaFaculty of Mathematics and Physic

A study of big field multivariate cryptography.

As the world grapples with the possibility of widespread quantum computing, the cryptosystems of the day need to be up to date. Multivariate Public Key Cryptography is a leading option for security in a post quantum society. One goal of this work is to classify the security of multivariate schemes, especially C*variants. We begin by introducing Multivariate Public Key Cryptography and will then discuss different multivariate schemes and the main types of attacks that have been proven effective against multivariate schemes. Once we have developed an appropriate background, we analyze security of different schemes against particular attacks. Specifically, we will analyze differential security of HFEv- and PFLASH schemes. We then introduce a variant of C* that may be used as an encryption scheme, not just as a signature scheme. Finally, we will analyze the security and efficiency of a (n,d,s,a,p,t) scheme in general. This allows for individuals to generally discuss security and performance of any C* variant

The complexity of MinRank

In this note, we leverage some of our results from arXiv:1706.06319 to produce a concise and rigorous proof for the complexity of the generalized MinRank Problem in the under-defined and well-defined case. Our main theorem recovers and extends previous results by Faug\`ere, Safey El Din, Spaenlehauer (arXiv:1112.4411).Comment: Corrected a typo in the formula of the main theore

On new multivariate cryptosystems based on hidden Eulerian equations

We propose new multivariate cryptosystems over an n-dimensional free module over the arithmetical ring Zm based on the idea of hidden discrete logarithm for Z*m. These cryptosystems are based on the hidden Eulerian equations. If m is a “sufficiently large” product of at least two large primes, then the solution of the equation is hard without knowledge of the decomposition of m. In the Postquantum Era, one can solve the factorization problem for m and the discrete logarithm problem for Z*m. However, it does not lead to the straightforward break of such cryptosystem, because of the parameter is unknown. Some examples of such cryptosystems were already proposed. We define their modifications and generalizations based on the idea of Eulerian transformations, which allow us to use asymmetric algorithms based on families of nonlinear multiplicatively injective maps with prescribed polynomial density and degree bounded by constant.Подано нові криптосистеми від багатьох змінних, визначені на n-вимірному вільному модулі над арифметичним кільцем лишків Zm, що грунтується на ідеї прихованого дискретного логарифма. Такі криптосистеми базуються на прихованих рівняннях Ейлера x^α = a,(α, m) =1. Якщо m є достатньо великим добутком щонайменше двох великих простих чисел, то розв’язок рівняння являє собою важкорозв’язну задачу за умови, що розклад числа m на дільники невідомий. У постквантову епоху задача факторизації розв’язується за поліноміальний час. Цей факт не призводить до безпосереднього зламу такої криптосистеми, тому що параметр α невідомий. Деякі приклади таких криптосистем розглядалися раніше. Запропоновано їх модифікації та узагальнення, які дають можливість використовувати асиметричні алгоритми, що базуються на родинах мультиплікативно ін’єктивних відображень із наперед заданою поліноміальною щільністю та степенем, обмеженим сталою.Представлены новые криптосистемы от многих переменных, определенные на n-мерном свободном модуле над арифметическим кольцом вычетов Zm, основанном на идее скрытого дискретного логарифма. Эти криптосистемы основываются на скрытых уравнениях Эйлера x^α = a,(α, m) =1. Если m является достаточно большим произведением двух или более больших простых чисел, то решение уравнения составляет труднорешаемую задачу при условии, что разложение числа m на делители неизвестно. В постквантовую эру задачу факторизации можно решить за полиномиальное время. Этот факт не приводит к непосредственному взлому такой криптосистемы, так как параметр α неизвестен. Некоторые примеры таких криптосистем рассматривались раньше. Предложены их модификации и обобщения, которые позволяют использовать асимметричные алгоритмы, базирующиеся на семьях мультипликативно инъективных отображений с наперед заданной полиномиальной плотностью и степенью, ограниченной константой

Shorter secret keys in multivariate cryptography through optimal subspace representations

La criptografia multivariant (MVQC) és, actualment, una de les famílies d'esquemes criptogràfics més prometedores en l'àmbit postquàntic. Tanmateix, amb freqüència pateix de claus d'una mida excessiva o suposicions de seguretat fetes a mida. En aquesta tesi, tractarem un esquema de MVQC, el "Unbalanced Oil and Vinegar" (UOV), emprant una reformulació d'aquest donada recentment per Beullens, amb l'objectiu d'explorar fins a quin punt és possible reduir la mida de les claus privades sense afectar a la practicalitat. També ens centrem en dues simplificacions freqüentment aplicades a UOV --- habitualment aquestes es justifiquen veient que un pot aplicar-hi les suposicions de seguretat que formen la base de UOV. Demostrem que (amb algunes concessions), es pot demostrar directament que la seva seguretat segueix de la seguretat de UOV tradicional

Fuzzy matching template attacks on multivariate cryptography : a case study

Multivariate cryptography is one of the most promising candidates for post-quantum cryptography. Applying machine learning techniques in this paper, we experimentally investigate the side-channel security of the multivariate cryptosystems, which seriously threatens the hardware implementations of cryptographic systems. Generally, registers are required to store values of monomials and polynomials during the encryption of multivariate cryptosystems. Based on maximum-likelihood and fuzzy matching techniques, we propose a template-based least-square technique to efficiently exploit the side-channel leakage of registers. Using QUAD for a case study, which is a typical multivariate cryptosystem with provable security, we perform our attack against both serial and parallel QUAD implementations on field programmable gate array (FPGA). Experimental results show that our attacks on both serial and parallel implementations require only about 30 and 150 power traces, respectively, to successfully reveal the secret key with a success rate close to 100%. Finally, efficient and low-cost strategies are proposed to resist side-channel attacks

Hybrid Approach for the Fast Verification for Improved Versions of the UOV and Rainbow Signature Schemes

Multivariate cryptography is one of the main candidates to guarantee the security of communication in the post-quantum era. Especially in the area of digital signatures, multivariate cryptography offers a wide range of practical schemes. In \cite{PB12} and \cite{PB13} Petzoldt et al. showed a way to speed up the verification process of improved variants of the UOV and Rainbow signature schemes. In this paper we show how we can do even better by a slight variation of their algorithms

Fast Quantum Algorithm for Solving Multivariate Quadratic Equations

In August 2015 the cryptographic world was shaken by a sudden and surprising announcement by the US National Security Agency NSA concerning plans to transition to post-quantum algorithms. Since this announcement post-quantum cryptography has become a topic of primary interest for several standardization bodies. The transition from the currently deployed public-key algorithms to post-quantum algorithms has been found to be challenging in many aspects. In particular the problem of evaluating the quantum-bit security of such post-quantum cryptosystems remains vastly open. Of course this question is of primarily concern in the process of standardizing the post-quantum cryptosystems. In this paper we consider the quantum security of the problem of solving a system of {\it $m$ Boolean multivariate quadratic equations in $n$ variables} (\MQb); a central problem in post-quantum cryptography. When $n=m$, under a natural algebraic assumption, we present a Las-Vegas quantum algorithm solving \MQb{} that requires the evaluation of, on average, $O(2^{0.462n})$ quantum gates. To our knowledge this is the fastest algorithm for solving \MQb{}

Cryptanalysis of the multivariate encryption scheme EFLASH

Post-Quantum Cryptography studies cryptographic algorithms that quantum computers cannot break. Recent advances in quantum computing have made this kind of cryptography necessary, and research in the field has surged over the last years as a result. One of the main families of post-quantum cryptographic schemes is based on finding solutions of a polynomial system over finite fields. This family, known as multivariate cryptography, includes both public key encryption and signature schemes. The majority of the research contribution of this thesis is devoted to understanding the security of multivariate cryptography. We mainly focus on big field schemes, i.e., constructions that utilize the structure of a large extension field. One essential contribution is an increased understanding of how Gröbner basis algorithms can exploit this structure. The increased knowledge furthermore allows us to design new attacks in this setting. In particular, the methods are applied to two encryption schemes suggested in the literature: EFLASH and Dob. We show that the recommended parameters for these schemes will not achieve the proposed 80-bit security. Moreover, it seems unlikely that there can be secure and efficient variants based on these ideas. Another contribution is the study of the effectiveness and limitations of a recently proposed rank attack. Finally, we analyze some of the algebraic properties of MiMC, a block cipher designed to minimize its multiplicative complexity.Doktorgradsavhandlin