Efficient cryptanalysis of RSE(2)PKC and RSSE(2)PKC

Authors:
Christopher Wolf;An Braeken;Bart Preneel
Affiliations:
Department Electrical Engineering, ESAT/COSIC, Katholieke Universiteit Leuven, Heverlee-Leuven, Belgium;Department Electrical Engineering, ESAT/COSIC, Katholieke Universiteit Leuven, Heverlee-Leuven, Belgium;Department Electrical Engineering, ESAT/COSIC, Katholieke Universiteit Leuven, Heverlee-Leuven, Belgium
Venue:
SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
Year:
2004

Citing 14
Cited 13

Analysis of a public key approach based on polynomial substitution

Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Public quadratic polynomial-tuples for efficient signature-verification and message-encryption

Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Proceedings of the 13th annual international cryptology conference on Advances in cryptology

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Efficient signature schemes based on birational permutations

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Attacks on the birational permutation signature schemes

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Computers and Intractability: A Guide to the Theory of NP-Completeness

Computers and Intractability: A Guide to the Theory of NP-Completeness
The Security of Hidden Field Equations (HFE)

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Trapdoor one-way permutations and multivariate polynominals

ICICS '97 Proceedings of the First International Conference on Information and Communication Security
How to Break Shamir's Asymmetric Basis

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of the TTM Cryptosystem

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Solving Underdefined Systems of Multivariate Quadratic Equations

PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
Hidden fields equations (HFE) and isomorphisms of polynomials (IP): Two new families of asymmetric algorithms

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Unbalanced oil and vinegar signature schemes

EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques

Multivariate quadratic trapdoor functions based on multivariate quadratic quasigroups

MATH'08 Proceedings of the American Conference on Applied Mathematics
Nonlinear Piece In Hand Perturbation Vector Method for Enhancing Security of Multivariate Public Key Cryptosystems

PQCrypto '08 Proceedings of the 2nd International Workshop on Post-Quantum Cryptography
Remarks on the Attack of Fouque et al. against the l IC Scheme

IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
l-invertible cycles for multivariate quadratic (MQ) public key cryptography

PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
New differential-algebraic attacks and reparametrization of rainbow

ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Probabilistic multivariate cryptography

VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
Building secure tame-like multivariate public-key cryptosystems: the new TTS

ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
A "medium-field" multivariate public-key encryption scheme

CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
A study of the security of unbalanced oil and vinegar signature schemes

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Cryptanalysis of rainbow

SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Proposal of a signature scheme based on STS trapdoor

PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography
Roots of square: cryptanalysis of double-layer square and square+

PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
Cryptanalysis of enhanced TTS, STS and all its variants, or: why cross-terms are important

AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa

Quantified Score

Hi-index	0.01

Visualization

Abstract

In this paper, we study the new class step-wise Triangular Schemes (STS) of public key cryptosystems (PKC) based on multivariate quadratic polynomials. In these schemes, we have m the number of equations, n the number of variables, L the number of steps/layers, r the number of equations/variables per step, and q the size of the underlying field. We present two attacks on the STS class by exploiting the chain of the kernels of the private key polynomials. The first attack is an inversion attack which computes the message/signature for given ciphertext/message in O(mn3Lqr + n2Lrqr), the second is a structural attack which recovers an equivalent version of the secret key in O(mn3Lqr + mn4) operations. Since the legitimate user has workload qr for decrypting/computing a signature, the attacks presented in this paper are very efficient. As an application, we show that two special instances of STS, namely RSE(2)PKC and RSSE(2)PKC, recently proposed by Kasahara and Sakai, are insecure.