Fast cryptanalysis of the Matsumoto-Imai public key scheme
Proc. of the EUROCRYPT 84 workshop on Advances in cryptology: theory and application of cryptographic techniques
Public quadratic polynomial-tuples for efficient signature-verification and message-encryption
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Matrix multiplication via arithmetic progressions
Journal of Symbolic Computation - Special issue on computational algebraic complexity
An efficient identification scheme based on permuted kernels (extended abstract)
CRYPTO '89 Proceedings on Advances in cryptology
Computers and Intractability; A Guide to the Theory of NP-Completeness
Computers and Intractability; A Guide to the Theory of NP-Completeness
The Design and Analysis of Computer Algorithms
The Design and Analysis of Computer Algorithms
Asymmetric cryptography with S-Boxes
ICICS '97 Proceedings of the First International Conference on Information and Communication Security
A New Identification Scheme Based on Syndrome Decoding
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography
MQQ-SIG: an ultra-fast and provably CMA resistant digital signature scheme
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Hi-index | 0.00 |
In 1 Matsumoto and Imai developeda new public key scheme, called C^*, for encipheringor signing. (This scheme is completely different from and shouldnot be mistaken with another scheme of Matsumoto and Imai developedin 1983 in 7 and broken in 1984 in 8). No attacks have beenpublished as yet for this scheme. However, in this paper, wewill see that—for almost all keys—almost every cleartextcan be found from its ciphertext after only approximately m^{2}n^{4} \log n computations, where m is thedegree of the chosen field K and mnis the number of bits of text. Moreover, for absolutely all keysthat give a practical size for the messages, it will be possibleto find almost all cleartexts from the corresponding ciphertextsafter a feasible computation. Thus the algorithm of 1 is insecure.