Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities

The rise of quantum computers exposes vulnerabilities in current public key cryptographic protocols, necessitating the development of secure post-quantum (PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches, covering the constructional design, structural vulnerabilities, and offer security assessments, implementation evaluations, and a particular focus on side-channel attacks. We analyze global standardization processes, evaluate their metrics in relation to real-world applications, and primarily focus on standardized PQ schemes, selected additional signature competition candidates, and PQ-secure cutting-edge schemes beyond standardization. Finally, we present visions and potential future directions for a seamless transition to the PQ era

TOT, a Fast Multivariate Public Key Cryptosystem with Basic Secure Trapdoor

In this paper, we design a novel one-way trapdoor function, and then propose a new multivariate public key cryptosystem called $\rm TOT$, which can be used for encryption, signature and authentication. Through analysis, we declare that $\rm TOT$ is secure, because it can resist current known algebraic attacks if its parameters are properly chosen. Some practical implementations for $\rm TOT$ are also given, and whose security level is at least $2^{90}$. The comparison shows that $\rm TOT$ is more secure than $\rm HFE$, $\rm HFEv$ and $\rm Quartz$ (when $n \ge 81$ and $D_{HFE} \ge 129$, $\rm HFE$ is still secure), and it can reach almost the same speed of computing the secret map by $\rm C^\ast$ and $\rm Sflash^{v2}$ (even though $\rm C^\ast$ was broken, its high speed has been affirmed)

Selecting and Reducing Key Sizes for Multivariate Cryptography

Cryptographic techniques are essential for the security of communication in modern society. As more and more business processes are performed via the Internet, the need for efficient cryptographic solutions will further increase in the future. Today, nearly all cryptographic schemes used in practice are based on the two problems of factoring large integers and solving discrete logarithms. However, schemes based on these problems will become insecure when large enough quantum computers are built. The reason for this is Shor's algorithm, which solves number theoretic problems such as integer factorization and discrete logarithms in polynomial time on a quantum computer. Therefore one needs alternatives to those classical public key schemes. Besides lattice, code and hash based cryptosystems, multivariate cryptography seems to be a candidate for this. Additional to their (believed) resistance against quantum computer attacks, multivariate schemes are very fast and require only modest computational resources, which makes them attractive for the use on low cost devices such as RFID chips and smart cards. However, there remain some open problems to be solved, such as the unclear parameter choice of multivariate schemes, the large key sizes and the lack of more advanced multivariate schemes like signatures with special properties and key exchange protocols. In this dissertation we address two of these open questions in the area of multivariate cryptography. In the first part we consider the question of the parameter choice of multivariate schemes. We start with the security model of Lenstra and Verheul, which, on the basis of certain assumptions like the development of the computing environment and the budget of an attacker, proposes security levels for now and the near future. Based on this model we study the known attacks against multivariate schemes in general and the Rainbow signature scheme in particular and use this analysis to propose secure parameter sets for these schemes for the years 2012 - 2050. In the second part of this dissertation we present an approach to reduce the public key size of certain multivariate signature schemes such as UOV and Rainbow. We achieve the reduction by inserting a structured matrix into the coefficient matrix of the public key, which enables us to store the public key in an efficient way. We propose several improved versions of UOV and Rainbow which reduce the size of the public key by factors of 8 and 3 respectively. Using the results of the first part, we show that using structured public keys does not weaken the security of the underlying schemes against known attacks. Furthermore we show how the structure of the public key can be used to speed up the verification process of the schemes. Hereby we get a speed up of factors of 6 for UOV and 2 for Rainbow. Finally we show how to apply our techniques to the QUAD stream cipher. By doing so we can increase the data throughput of QUAD by a factor of 7

MQ Signature and Proxy Signature Schemes with Exact Security Based on UOV Signature

Multivariate public key cryptography which relies on MQ (Multivariate Quadratic) problems is one of the main approaches to guarantee the security of communication in the post-quantum world. In this paper, we propose a combined MQ signature scheme based on the yet unbroken UOV (Unbalanced Oil and Vinegar) signature if parameters are properly chosen. Our scheme can not only reduce the public key size of the UOV signature, but also provide more tighter bound of security against chosen-message attack in the random oracle model. On the other hand, we propose a proxy signature scheme based on our proposed combined signature scheme. Additionally, we give a strict security proof for our proxy signature scheme. Finally, we present experiments for all of our proposed schemes and the baseline schemes. Comparisons with related schemes show that our work has some advantages on performance along with more strict security

Developments in multivariate post quantum cryptography.

Ever since Shor\u27s algorithm was introduced in 1994, cryptographers have been working to develop cryptosystems that can resist known quantum computer attacks. This push for quantum attack resistant schemes is known as post quantum cryptography. Specifically, my contributions to post quantum cryptography has been to the family of schemes known as Multivariate Public Key Cryptography (MPKC), which is a very attractive candidate for digital signature standardization in the post quantum collective for a wide variety of applications. In this document I will be providing all necessary background to fully understand MPKC and post quantum cryptography as a whole. Then, I will walk through the contributions I provided in my publications relating to differential security proofs for HFEv and HFEv−, key recovery attack for all parameters of HFEm, and my newly proposed multivariate encryption scheme, HFERP

Probabilistic Hash-and-Sign with Retry in the Quantum Random Oracle Model

A hash-and-sign signature based on a preimage-sampleable function (PSF) (Gentry et al. [STOC 2008]) is secure in the Quantum Random Oracle Model (QROM) if the PSF is collision-resistant (Boneh et al. [ASIACRYPT 2011]) or one-way (Zhandry [CRYPTO 2012]). However, trapdoor functions (TDFs) in code-based and multivariate-quadratic-based (MQ-based) signatures are not PSFs; for example, underlying TDFs of the Courtois-Finiasz-Sendrier (CFS), Unbalanced Oil and Vinegar (UOV), and Hidden Field Equations (HFE) signatures are not surjections. Thus, such signature schemes adopt probabilistic hash-and-sign with retry. This paradigm is secure in the (classical) Random Oracle Model (ROM), assuming that the underlying TDF is non-invertible, that is, it is hard to find a preimage of a given random value in the range (e.g., Sakumoto et al. [PQCRYPTO 2011] for the modified UOV/HFE signatures). Unfortunately, there is currently no known security proof for the probabilistic hash-and-sign with retry in the QROM. We give the first security proof for the probabilistic hash-and-sign with retry in the QROM, assuming that the underlying non-PSF TDF is non-invertible. Our reduction from the non-invertibility assumption is tighter than the existing ones that apply only to signature schemes based on PSFs. We apply the security proof to code-based and MQ-based signatures. Additionally, we extend the proof into the multi-key setting and propose a generic method that provides security reduction without any security loss in the number of keys

Mul-IBS: A Multivariate Identity-Based Signature Scheme Compatible with IoT-based NDN Architecture

It has been forty years since the TCP/IP protocol blueprint, which is the core of modern worldwide Internet, was published. Over this long period, technology has made rapid progress. These advancements are slowly putting pressure and placing new demands on the underlying network architecture design. Therefore, there was a need for innovations that can handle the increasing demands of new technologies like IoT while ensuring secrecy and privacy. It is how Named Data Networking (NDN) came into the picture. NDN enables robust data distribution with interest-based content retrieval and leave-copy-everywhere caching policy. Even though NDN has surfaced as a future envisioned and decisive machinery for data distribution in IoT, it suffers from new data security challenges like content poisoning attacks. In this attack, an attacker attempts to introduce poisoned content with an invalid signature into the network. Given the circumstances, there is a need for a cost-effective signature scheme, requiring inexpensive computing resources and fast when implemented. An identity-based signature scheme (IBS) seems to be the natural choice to address this problem. Herein, we present an IBS, namely Mul-IBS relying on multivariate public key cryptography (MPKC), which leads the race among the post-quantum cryptography contenders. A 5-pass identification scheme accompanying a safe and secure signature scheme based on MPKC works as key ingredients of our design. Our Mul-IBS attains optimal master public key size, master secret key size, and user’s secret key size in the context of multivariate identity-based signatures. The proposed scheme Mul-IBS is proven to be secure in the model “existential unforgeability under chosen-message and chosen identity attack (uf-cma)” contingent upon the fact that Multivariate Quadratic (MQ) problem is NP-hard. The proposed design Mul-IBS can be utilized as a crucial cryptographic building block to build a robust and resilient IoT-based NDN architecture

Linearity Measures for MQ Cryptography

We propose a new general framework for the security of multivariate quadratic (\mathcal{MQ}) schemes with respect to attacks that exploit the existence of linear subspaces. We adopt linearity measures that have been used traditionally to estimate the security of symmetric cryptographic primitives, namely the nonlinearity measure for vectorial functions introduced by Nyberg at Eurocrypt \u2792, and the $(s, t)$--linearity measure introduced recently by Boura and Canteaut at FSE\u2713. We redefine some properties of \mathcal{MQ} cryptosystems in terms of these known symmetric cryptography notions, and show that our new framework is a compact generalization of several known attacks in \mathcal{MQ} cryptography against single field schemes. We use the framework to explain various pitfalls regarding the successfulness of these attacks. Finally, we argue that linearity can be used as a solid measure for the susceptibility of \mathcal{MQ} schemes to these attacks, and also as a necessary tool for prudent design practice in \mathcal{MQ} cryptography

Post quantum proxy signature scheme based on the multivariate public key cryptographic signature

Proxy signature is a very useful technique which allows the original signer to delegate the signing capability to a proxy signer to perform the signing operation. It finds wide applications especially in the distributed environment where the entities such as the wireless sensors are short of computational power and needed to be convinced to the authenticity of the server. Due to less proxy signature schemes in the post-quantum cryptography aspect, in this article, we investigate the proxy signature in the post-quantum setting so that it can resist against the potential attacks from the quantum adversaries. A general multivariate public key cryptographic proxy scheme based on a multivariate public key cryptographic signature scheme is proposed, and a heuristic security proof is given for our general construction. We show that the construction can reach Existential Unforgeability under an Adaptive Chosen Message Attack with Proxy Key Exposure assuming that the underlying signature is Existential Unforgeability under an Adaptive Chosen Message Attack. We then use our general scheme to construct practical proxy signature schemes for three well-known and promising multivariate public key cryptographic signature schemes. We implement our schemes and compare with several previous constructions to show our efficiency advantage, which further indicates the potential application prospect in the distributed network environment

Analysis of Intermediate Field Systems

We study a new generic trapdoor for public key multivariate cryptosystems, called IFS for Intermediate Field Systems, which can be seen as dual to HFE. This new trapdoor relies on the possibility to invert a system of quadratic multivariate equations with few (logarithmic with respect to the security parameter) unknowns on an intermediate field thanks to Groebner bases algorithms. We provide a comprehensive study of the security of this trapdoor and show that it is equivalent to the security provided by HFE. Therefore, while insecure in its basic form, this trapdoor may reveal quite attractive when used with, e.g., the minus modifier