65 research outputs found
Fast Quantum Algorithm for Solving Multivariate Quadratic Equations
In August 2015 the cryptographic world was shaken by a sudden and surprising
announcement by the US National Security Agency NSA concerning plans to
transition to post-quantum algorithms. Since this announcement post-quantum
cryptography has become a topic of primary interest for several standardization
bodies. The transition from the currently deployed public-key algorithms to
post-quantum algorithms has been found to be challenging in many aspects. In
particular the problem of evaluating the quantum-bit security of such
post-quantum cryptosystems remains vastly open. Of course this question is of
primarily concern in the process of standardizing the post-quantum
cryptosystems. In this paper we consider the quantum security of the problem of
solving a system of {\it Boolean multivariate quadratic equations in
variables} (\MQb); a central problem in post-quantum cryptography. When ,
under a natural algebraic assumption, we present a Las-Vegas quantum algorithm
solving \MQb{} that requires the evaluation of, on average,
quantum gates. To our knowledge this is the fastest algorithm for solving
\MQb{}
Developments in multivariate post quantum cryptography.
Ever since Shor\u27s algorithm was introduced in 1994, cryptographers have been working to develop cryptosystems that can resist known quantum computer attacks. This push for quantum attack resistant schemes is known as post quantum cryptography. Specifically, my contributions to post quantum cryptography has been to the family of schemes known as Multivariate Public Key Cryptography (MPKC), which is a very attractive candidate for digital signature standardization in the post quantum collective for a wide variety of applications. In this document I will be providing all necessary background to fully understand MPKC and post quantum cryptography as a whole. Then, I will walk through the contributions I provided in my publications relating to differential security proofs for HFEv and HFEv−, key recovery attack for all parameters of HFEm, and my newly proposed multivariate encryption scheme, HFERP
Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities
The rise of quantum computers exposes vulnerabilities in current public key
cryptographic protocols, necessitating the development of secure post-quantum
(PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches,
covering the constructional design, structural vulnerabilities, and offer
security assessments, implementation evaluations, and a particular focus on
side-channel attacks. We analyze global standardization processes, evaluate
their metrics in relation to real-world applications, and primarily focus on
standardized PQ schemes, selected additional signature competition candidates,
and PQ-secure cutting-edge schemes beyond standardization. Finally, we present
visions and potential future directions for a seamless transition to the PQ
era
Polynomial-Time Algorithms for Quadratic Isomorphism of Polynomials: The Regular Case
Let and be
two sets of nonlinear polynomials over
( being a field). We consider the computational problem of finding
-- if any -- an invertible transformation on the variables mapping
to . The corresponding equivalence problem is known as {\tt
Isomorphism of Polynomials with one Secret} ({\tt IP1S}) and is a fundamental
problem in multivariate cryptography. The main result is a randomized
polynomial-time algorithm for solving {\tt IP1S} for quadratic instances, a
particular case of importance in cryptography and somewhat justifying {\it a
posteriori} the fact that {\it Graph Isomorphism} reduces to only cubic
instances of {\tt IP1S} (Agrawal and Saxena). To this end, we show that {\tt
IP1S} for quadratic polynomials can be reduced to a variant of the classical
module isomorphism problem in representation theory, which involves to test the
orthogonal simultaneous conjugacy of symmetric matrices. We show that we can
essentially {\it linearize} the problem by reducing quadratic-{\tt IP1S} to
test the orthogonal simultaneous similarity of symmetric matrices; this latter
problem was shown by Chistov, Ivanyos and Karpinski to be equivalent to finding
an invertible matrix in the linear space of matrices over and to compute the square root in a matrix
algebra. While computing square roots of matrices can be done efficiently using
numerical methods, it seems difficult to control the bit complexity of such
methods. However, we present exact and polynomial-time algorithms for computing
the square root in for various fields (including
finite fields). We then consider \\#{\tt IP1S}, the counting version of {\tt
IP1S} for quadratic instances. In particular, we provide a (complete)
characterization of the automorphism group of homogeneous quadratic
polynomials. Finally, we also consider the more general {\it Isomorphism of
Polynomials} ({\tt IP}) problem where we allow an invertible linear
transformation on the variables \emph{and} on the set of polynomials. A
randomized polynomial-time algorithm for solving {\tt IP} when
is presented. From an algorithmic point
of view, the problem boils down to factoring the determinant of a linear matrix
(\emph{i.e.}\ a matrix whose components are linear polynomials). This extends
to {\tt IP} a result of Kayal obtained for {\tt PolyProj}.Comment: Published in Journal of Complexity, Elsevier, 2015, pp.3
Resisting Key-Extraction and Code-Compression: a Secure Implementation of the HFE Signature Scheme in the White-Box Model
Cryptography is increasingly deployed in applications running on open devices
in which the software is extremely vulnerable to attacks, since the attacker has complete control over the execution platform and the software implementation itself. This creates a challenge for cryptography: design implementations of cryptographic algorithms that are secure, not only in the black-box model, but also in this attack context that is referred to as the white-box adversary model. Moreover, emerging applications such as mobile payment, mobile contract signing or blockchain-based technologies have created a need for white-box implementations of public-key cryptography, and especially of signature algorithms.
However, while many attempts were made to construct white-box implementations of block-ciphers, almost no white-box implementations have been published for what concerns asymmetric schemes. We present here a concrete white-box implementation of the well-known HFE signature algorithm for a specific set of internal polynomials. For a security level , the public key size is approximately 62.5 MB and the white-box implementation of the signature algorithm has a size approximately 256 GB
New Techniques for Polynomial System Solving
Since any encryption map may be viewed as a polynomial map between finite dimensional vector spaces over finite fields, the security of a cryptosystem can be examined by studying the difficulty of solving large systems of multivariate polynomial equations. Therefore, algebraic attacks lead to the task of solving polynomial systems over finite fields. In this thesis, we study several new algebraic techniques for polynomial system solving over finite fields, especially over the finite field with two elements. Instead of using traditional Gröbner basis techniques we focus on highly developed methods from several other areas like linear algebra, discrete optimization, numerical analysis and number theory. We study some techniques from combinatorial optimization to transform a polynomial system solving problem into a (sparse) linear algebra problem. We highlight two new kinds of hybrid techniques. The first kind combines the concept of transforming combinatorial infeasibility proofs to large systems of linear equations and the concept of mutants (finding special lower degree polynomials). The second kind uses the concept of mutants to optimize the Border Basis Algorithm. We study recent suggestions of transferring a system of polynomial equations over the finite field with two elements into a system of polynomial equalities and inequalities over the set of integers (respectively over the set of reals). In particular, we develop several techniques and strategies for converting the polynomial system of equations over the field with two elements to a polynomial system of equalities and inequalities over the reals (respectively over the set of integers). This enables us to make use of several algorithms in the field of discrete optimization and number theory. Furthermore, this also enables us to investigate the use of numerical analysis techniques such as the homotopy continuation methods and Newton's method. In each case several conversion techniques have been developed, optimized and implemented. Finally, the efficiency of the developed techniques and strategies is examined using standard cryptographic examples such as CTC and HFE. Our experimental results show that most of the techniques developed are highly competitive to state-of-the-art algebraic techniques
Advanced Algebraic Attack on Trivium
This paper presents an algebraic attack against Trivium
that breaks 625 rounds using only bits of output
in an overall time complexity of Trivium computations.
While other attacks can do better in terms of rounds (), this is a practical attack with a very low data usage (down from output bits) and low computation time (down from ).
From another angle, our attack can be seen as a proof of concept:
how far can algebraic attacks can be pushed when several known
techniques are combined into one implementation?
All attacks have been fully implemented and tested; our figures
are therefore not the result of any potentially error-prone extrapolation, but results of practical experiments
- …