Polynomial-Time Algorithms for Quadratic Isomorphism of Polynomials: The Regular Case

Let $\mathbf{f}=(f\_1,\ldots,f\_m)$ and $\mathbf{g}=(g\_1,\ldots,g\_m)$ be two sets of $m\geq 1$ nonlinear polynomials over $\mathbb{K}[x\_1,\ldots,x\_n]$ ($\mathbb{K}$ being a field). We consider the computational problem of finding -- if any -- an invertible transformation on the variables mapping $\mathbf{f}$ to $\mathbf{g}$. The corresponding equivalence problem is known as {\tt Isomorphism of Polynomials with one Secret} ({\tt IP1S}) and is a fundamental problem in multivariate cryptography. The main result is a randomized polynomial-time algorithm for solving {\tt IP1S} for quadratic instances, a particular case of importance in cryptography and somewhat justifying {\it a posteriori} the fact that {\it Graph Isomorphism} reduces to only cubic instances of {\tt IP1S} (Agrawal and Saxena). To this end, we show that {\tt IP1S} for quadratic polynomials can be reduced to a variant of the classical module isomorphism problem in representation theory, which involves to test the orthogonal simultaneous conjugacy of symmetric matrices. We show that we can essentially {\it linearize} the problem by reducing quadratic-{\tt IP1S} to test the orthogonal simultaneous similarity of symmetric matrices; this latter problem was shown by Chistov, Ivanyos and Karpinski to be equivalent to finding an invertible matrix in the linear space $\mathbb{K}^{n \times n}$ of $n \times n$ matrices over $\mathbb{K}$ and to compute the square root in a matrix algebra. While computing square roots of matrices can be done efficiently using numerical methods, it seems difficult to control the bit complexity of such methods. However, we present exact and polynomial-time algorithms for computing the square root in $\mathbb{K}^{n \times n}$ for various fields (including finite fields). We then consider \\#{\tt IP1S}, the counting version of {\tt IP1S} for quadratic instances. In particular, we provide a (complete) characterization of the automorphism group of homogeneous quadratic polynomials. Finally, we also consider the more general {\it Isomorphism of Polynomials} ({\tt IP}) problem where we allow an invertible linear transformation on the variables \emph{and} on the set of polynomials. A randomized polynomial-time algorithm for solving {\tt IP} when $\mathbf{f}=(x\_1^d,\ldots,x\_n^d)$ is presented. From an algorithmic point of view, the problem boils down to factoring the determinant of a linear matrix (\emph{i.e.}\ a matrix whose components are linear polynomials). This extends to {\tt IP} a result of Kayal obtained for {\tt PolyProj}.Comment: Published in Journal of Complexity, Elsevier, 2015, pp.3

Implicit White-Box Implementations: White-Boxing ARX Ciphers

Since the first white-box implementation of AES published twenty years ago, no significant progress has been made in the design of secure implementations against an attacker with full control of the device. Designing white-box implementations of existing block ciphers is a challenging problem, as all proposals have been broken. Only two white-box design strategies have been published this far: the CEJO framework, which can only be applied to ciphers with small S-boxes, and self-equivalence encodings, which were only applied to AES. In this work we propose implicit implementations, a new design of white-box implementations based on implicit functions, and we show that current generic attacks that break CEJO or self-equivalence implementations are not successful against implicit implementations. The generation and the security of implicit implementations are related to the self-equivalences of the non-linear layer of the cipher, and we propose a new method to obtain self-equivalences based on the CCZ-equivalence. We implemented this method and many other functionalities in a new open-source tool BoolCrypt, which we used to obtain for the first time affine, linear, and even quadratic self-equivalences of the permuted modular addition. Using the implicit framework and these self-equivalences, we describe for the first time a practical white-box implementation of a generic Addition-Rotation-XOR (ARX) cipher, and we provide an open-source tool to easily generate implicit implementations of ARX ciphers

International Symposium on Mathematics, Quantum Theory, and Cryptography

This open access book presents selected papers from International Symposium on Mathematics, Quantum Theory, and Cryptography (MQC), which was held on September 25-27, 2019 in Fukuoka, Japan. The international symposium MQC addresses the mathematics and quantum theory underlying secure modeling of the post quantum cryptography including e.g. mathematical study of the light-matter interaction models as well as quantum computing. The security of the most widely used RSA cryptosystem is based on the difficulty of factoring large integers. However, in 1994 Shor proposed a quantum polynomial time algorithm for factoring integers, and the RSA cryptosystem is no longer secure in the quantum computing model. This vulnerability has prompted research into post-quantum cryptography using alternative mathematical problems that are secure in the era of quantum computers. In this regard, the National Institute of Standards and Technology (NIST) began to standardize post-quantum cryptography in 2016. This book is suitable for postgraduate students in mathematics and computer science, as well as for experts in industry working on post-quantum cryptography

International Symposium on Mathematics, Quantum Theory, and Cryptography

This open access book presents selected papers from International Symposium on Mathematics, Quantum Theory, and Cryptography (MQC), which was held on September 25-27, 2019 in Fukuoka, Japan. The international symposium MQC addresses the mathematics and quantum theory underlying secure modeling of the post quantum cryptography including e.g. mathematical study of the light-matter interaction models as well as quantum computing. The security of the most widely used RSA cryptosystem is based on the difficulty of factoring large integers. However, in 1994 Shor proposed a quantum polynomial time algorithm for factoring integers, and the RSA cryptosystem is no longer secure in the quantum computing model. This vulnerability has prompted research into post-quantum cryptography using alternative mathematical problems that are secure in the era of quantum computers. In this regard, the National Institute of Standards and Technology (NIST) began to standardize post-quantum cryptography in 2016. This book is suitable for postgraduate students in mathematics and computer science, as well as for experts in industry working on post-quantum cryptography

What Controls the Controller: Structure and Function Characterizations of Transcription Factor PU.1 Uncover Its Regulatory Mechanism

The ETS family transcription factor PU.1/Spi-1 is a master regulator of the self-renewal of hematopoietic stem cells and their differentiation along both major lymphoid and myeloid branches. PU.1 activity is determined in a dosage-dependent manner as a function of both its expression and real-time regulation at the DNA level. While control of PU.1 expression is well established, the molecular mechanisms of its real-time regulation remain elusive. Our work is focused on discovering a complete regulatory mechanism that governs the molecular interactions of PU.1. Structurally, PU.1 exhibits a classic transcription factor architecture in which intrinsically disordered regions (IDR), consisting of 66% of its primary structure, are tethered to a well-structured DNA binding domain. The transcriptionally active form of PU.1 is a monomer that binds target DNA sites as a 1:1 complex. Our investigations show that IDRs of PU.1 reciprocally control two separate inactive dimeric forms, with and without DNA. At high concentrations, PU.1 forms a non-canonical 2:1 complex at a single DNA specific site. In the absence of DNA, PU.1 also forms a dimer, but it is incompatible with DNA binding. The DNA-free PU.1 dimer is further promoted by phosphomimetic mutants of IDR residues that are phosphorylated in B-lymphocytic activation. These results lead us to postulate a model of real-time PU.1 regulation, unknown in the ETS family, where independent dimeric forms antagonize each other to control the dosage of active PU.1 monomer at its target DNA sites. To demonstrate the biological relevance of our model, cellular assays probing PU.1-specific reporters and native target genes show that PU.1 transactivation exhibits a distinct dose response consistent with negative feedback. In summary, we have established the first model for the general real-time regulation of PU.1 at the DNA/protein level, without the need for recruiting specific binding partners. These novel interactions present potential therapeutic targets for correcting de-regulated PU.1 dosage in hematologic disorders, including leukemia, lymphoma, and myeloma

on enumeration of polynomial equivalence classes and their application to mpkc

The Isomorphism of Polynomials (IP) is one of the most fundamental problems in multivariate public key cryptography (MPKC). In this paper, we introduce a new framework to study the counting problem associated to IP. Namely, we present tools of finite geometry allowing to investigate the counting problem associated to IP. Precisely, we focus on enumerating or estimating the number of isomorphism equivalence classes of homogeneous quadratic polynomial systems. These problems are equivalent to finding the scale of the key space of a multivariate cryptosystem and the total number of different multivariate cryptographic schemes respectively, which might impact the security and the potential capability of MPKC. We also consider their applications in the analysis of a specific multivariate public key cryptosystem. Our results not only answer how many cryptographic schemes can be derived from monomials and how big the key space is for a fixed scheme, but also show that quite many HFE cryptosystems are equivalent to a Matsumoto-Imai scheme. © 2011 Elsevier Inc. All rights reserved

On Enumeration of Polynomial Equivalence Classes and Their Application to MPKC

The Isomorphism of Polynomials (IP) is one of the most fundamental problems in multivariate public key cryptography (MPKC). In this paper, we introduce a new framework to study the counting problem associated to IP. Namely, we present tools of finite geometry allowing to investigate the counting problem associated to IP. Precisely, we focus on enumerating or estimating the number of isomorphism equivalence classes of homogeneous quadratic polynomial systems. These problems are equivalent to finding the scale of the key space of a multivariate cryptosystem and the total number of different multivariate cryptographic schemes respectively, which might impact the security and the potential capability of MPKC. We also consider their applications in the analysis of a specific multivariate public key cryptosystem. Our results not only answer how many cryptographic schemes can be derived from monomials and how big the key space is for a fixed scheme, but also show that quite many HFE cryptosystems are equivalent to a Matsumoto-Imai scheme