Gro¨bner bases: a computational approach to commutative algebra
Gro¨bner bases: a computational approach to commutative algebra
On lattices, learning with errors, random linear codes, and cryptography
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Ideals, Varieties, and Algorithms: An Introduction to Computational Algebraic Geometry and Commutative Algebra, 3/e (Undergraduate Texts in Mathematics)
A Framework for Efficient and Composable Oblivious Transfer
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
A fully homomorphic encryption scheme
A fully homomorphic encryption scheme
The Learning with Errors Problem (Invited Survey)
CCC '10 Proceedings of the 2010 IEEE 25th Annual Conference on Computational Complexity
Homomorphic encryption: from private-key to public-key
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Efficient Fully Homomorphic Encryption from (Standard) LWE
FOCS '11 Proceedings of the 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science
On ideal lattices and learning with errors over rings
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
A fully homomorphic cryptosystem with approximate perfect secrecy
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Hi-index | 0.00 |
In this paper, we consider the Polly Cracker with Noise (PCN) cryptosystem by Albrecht, Farshim, Faugère, and Perret (Asiacrypt 2011), which is a public-key cryptosystem based on the hardness of computing Gröbner bases for noisy random systems of multivariate equations. We examine four settings, covering all possible parameter ranges of PCN with zero-degree noise. In the first setting, the PCN cryptosystem is known to be equivalent to Regev's LWE-based scheme. In the second, it is known to be at most as secure as Regev's scheme. We show that for one other settings it is equivalent to a variants of Regev's with less efficiency and in the last setting it is completely insecure and we give an efficient key-recovery attack. Unrelated to the attack, we also fix some flaws in the security proofs of PCN.