Rank Analysis of Cubic Multivariate Cryptosystems

In this work we analyze the security of cubic cryptographic constructions with respect to rank weakness. We detail how to extend the big field idea from quadratic to cubic, and show that the same rank defect occurs. We extend the min-rank problem and propose an algorithm to solve it in this setting. We show that for fixed small rank, the complexity is even lower than for the quadratic case. However, the rank of a cubic polynomial in $n$ variables can be larger than $n$, and in this case the algorithm is very inefficient. We show that the rank of the differential is not necessarily smaller, rendering this line of attack useless if the rank is large enough. Similarly, the algebraic attack is exponential in the rank, thus useless for high rank

A Polynomial-Time Key-Recovery Attack on MQQ Cryptosystems

International audienceWe investigate the security of the family of MQQ public key cryptosystems using multivariate quadratic quasigroups (MQQ). These cryptosystems show especially good performance properties. In particular, the MQQ-SIG signature scheme is the fastest scheme in the ECRYPT benchmarking of cryptographic systems (eBACS). We show that both the signature scheme MQQ-SIG and the encryption scheme MQQ-ENC, although using different types of MQQs, share a common algebraic structure that introduces a weakness in both schemes. We use this weakness to mount a successful polynomial time key-recovery attack. Our key-recovery attack finds an equivalent key using the idea of so-called {\it good keys} that reveals the structure gradually. In the process we need to solve a MinRank problem that, because of the structure, can be solved in polynomial-time assuming some mild algebraic assumptions. We highlight that our theoretical results work in characteristic $2$ which is known to be the most difficult case to address in theory for MinRank attacks. Also, we emphasize that our attack works without any restriction on the number of polynomials removed from the public-key, that is, using the minus modifier. This was not the case for previous MinRank like-attacks against \MQ\ schemes. From a practical point of view, we are able to break an MQQ-SIG instance of $80$ bits security in less than $2$ days, and one of the more conservative MQQ-ENC instances of $128$ bits security in little bit over $9$ days. Altogether, our attack shows that it is very hard to design a secure public key scheme based on an easily invertible MQQ structure

MQQ-SIG -- An Ultra-Fast and Provably CMA Resistant Digital Signature Scheme

We present MQQ-SIG, a signature scheme based on “Multivariate Quadratic Quasigroups”. The MQQ-SIG signature scheme has a public key consisting of n quadratic polynomials in n variables where 2 n = 160, 192, 224 or 256. Under the assumption that solving systems of n MQQ’s equations in n variablesisashardassolvingsystemsofran-2 dom quadratic equations, we prove that in the random oracle model our signature scheme is CMA (Chosen-Message Attack) resistant. From efficiency point of view, the signing and verification processes of MQQ-SIG are three orders of magnitude faster than RSA or ECDSA. Compared with other MQ signing schemes, MQQ-SIG has both advantages and disadvantages. Advantages are that it has more than three time

Selecting parameters for the Rainbow signature scheme

Abstract. Multivariate public key cryptography is one of the main approaches to guarantee the security of communication in a post-quantum world. One of the most promising candidates in this area is the Rainbow signature scheme, which was first proposed by J. Ding and D. Schmidt in 2005. In this paper we develop a model of security for the Rainbow signature scheme. We use this model to find parameters for Rainbow over GF(16), GF(31) and GF(256) which, under certain assumptions, guarantee the security of the scheme for now and the near future

Electronic conductivity of Ce(0.8)Gd(0.2-x)Pr(x)O(2-delta) and influence of added CoO

Doped ceria and ceria based solid oxide solutions show a unique combination of oxygen ion mobility, electronic conductivity, and high catalytic activity for redox reactions. In this work, the minority conductivity of electrons has been measured directly as a function of the composition of ceria-praseodymia based solid solutions in order to maximize the electronic conductivity without depressing the oxygen ion mobility. The influence of Co as well as the Gd/Pr dopant ratio on the electronic conductivity of ceria-praseodymia pellets was studied for the compositions Ce0.8Gd0.2-xPrxO2-delta (0.05 <= x <= 0.15) with and without an additional Co content of 0.02 with respect to the formula. The Hebb-Wagner polarization technique was used with ion-blocking microcontacts. In the temperature range 700-800 degrees C, the presence of high amounts of praseodymium increases the p-type conductivity by a factor of more than 10 for oxygen partial pressures higher than 10(-10) bar. Co-doped ceria-gadolinia-praseodyinia solid solutions showed a further increase of the electronic conductivities in a partial pressure range where the Co-free materials showed the minimum of the electronic conductivities. It is assumed that the effect of the additional cobalt doping is due to electronic short circuits along the grain boundaries via segregated CoO. (C) 2011 WILEY-VCH Verlag GmbH & Co. KGaA, Weinhei

[[alternative]]Building secure tame-like multivariate public-key cryptosystems

[[journaltype]]國