Top

Cryptography and Communications

Published in:

15-10-2018

On the security of biquadratic C^∗ public-key cryptosystems and its generalizations

Author: Patrick Felke

Published in: Cryptography and Communications | Issue 3/2019

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Public key cryptosystems based on multivariate polynomials have been studied since the eighties. One of them, called C^∗, was introduced in 1988 by Imai and Matsumoto, and broken in 1993 by Dobbertin in classified work he did for the German Federal Office for Information Security and later by Patarin (see Dobbertin et al. 2005, Patarin 1995). Since then, the construction of multivariate systems sharing a great deal of the C^∗ properties have become of particular interest. Dobbertin introduced in a series of classified papers and later in a challenge of the MysteryTwister-Competition hosted by the Horst-Görtz-Institute in 2005, (see Dobbertin et al. 2005) together with the author, a system where the central mapping is a power mapping of degree 4 and shares almost all the properties of C^∗. It was therefore called biquadratic C^∗. The challenge remained unbroken and the security of these systems an open problem. As its key size is rather large, the interest in such systems became low during the last years. Due to the initiative of the European Telecommunications Standards Institute and the National Institute for Standards and Technology in creating standards for post-quantum cryptography, systems with bigger key sizes have become of interest for practical applications. In this paper we will consider biquadratic C^∗ and more general systems based on hidden monomials of degree k called k-ary C^∗. We will prove a lower bound for the running time of attacks based on Gröbner basis algorithms like F₄ or F₅. We will compute the first fall degree for k-ary C^∗ and give a counterexample to the first fall degree assumption. We will derive an estimate for the complexity of breaking the above mentioned cryptochallenge and give parameter sizes for secure systems by taking into account all known types of attacks. It will turn out that the security requirements yield systems with impractical key sizes even for applications in post-quantum cryptography. Although k-ary C^∗ is not of practical interest the results presented here give some insight in understanding the complexity of attacks on multivariate cryptosystems, especially based on Gröbner basis algorithms, and show that these systems are very promising objects for conducting further research in this direction.

previous article Error analysis of weak Poly-LWE instances

next article Factorization using binary decision diagrams

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Baena, J., Cabarcas, D., Escudero, D.E., Khathuria, K., Verbel, J.: Rank Analysis of Cubic Multivariate Cryptosystems. In: Lange T., Steinwandt R. (eds.) Post-Quantum Cryptography. PQCrypto 2018, LNCS, vol. 10786, pp. 355–374. Springer (2018)

Bouillaguet, C., Fouque, P.A., Macario-Rat, G.: Practical Key-Recovery for All Possible Parameters of SFLASH. In: Lee, D.H., Wang, X (eds.) Advances in Cryptology, ASIACRYPT 2011.LNCS, vol. 7073, pp. 667–685. Springer, Berlin (2011)

Daniels, T., Smith-Tone, D.: Differential Properties of the HFE Cryptosystem. In: Mosca, M (ed.) Post-Quantum Cryptography. PQCrypto 2014. LNCS, p 8772. Springer, Cham (2014)

Ding J., Hodges, T.J.: Inverting HFE Systems Is Quasi-Polynomial for All Fields. In: Rogaway P. (ed.) Advances in Cryptology, CRYPTO 2011, LNCS, vol. 6841, pp. 724–742. Springer, Berlin (2011)

Dobbertin, H., Faugère, J., Felke, P.: Mystery Twister CryptoCHallenge 11, https://www-polsys.lip6.fr/~jcf/Papers/CC11_twister.pdf (2005)

Faugère, J. C.: Comparison of XL and gröbner Basis Algorithms over Finite Fields. In: Lee, P.J. (ed.) ASIACRYPT 2004, LNCS, vol. 3329, pp. 338–353 (2004)

Faugère, J.C.: A new efficient algorithm for computing gröbner bases (F ₄). J. Pure Appl. Algebra 139, 61–88 (1999)MathSciNetCrossRefMATH

Faugère, J. C.: A new effcient algorithm for computing gröbner basis without reduction to zero (F ₅). In: Mora, T. (ed.) Proceeding of ISSAC, pp. 75–83. ACM Press (2002)

Faugère, J., Joux, A.: Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases. In: Boneh, D. (ed.) CRYPTO 2003, LNCS, vol. 2729, pp. 44–60 (2003)

10.

Felke, P.: On the Affine Transformations of HFE-cryptosystems and Systems with Branches. In: Ytrehus, Ø. (ed.) WCC 2005, LNCS, vol. 3696, pp. 229–241 (2005)

11.

Hodges, T.J., Petit, C., Schlather, J.: First fall degree and Weil descent. Finite Fields Their Appl. 30, 155–177 (2014)MathSciNetCrossRefMATH

12.

Matsumoto, T., Imai, H., et al.: Public Quadratic Polynomial-Tuples for Efficient Signature-Verification and Message-Encryption. In: Barstow, D. (ed.) Advances in Cryptology, EUROCRYPT ’88, LNCS, vol. 330, pp. 419–453. Springer, Berlin, Heidelberg (1988)

13.

Kipnis, A., Shamir, A.: Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization. In: Wiener, M (ed.) Advances in Cryptology, CRYPTO ’99, LNCS, vol. 1666, pp. 19–30. Springer, Berlin (1999)

14.

Koblitz, N.: Algebraic Aspects of Cryptography, Algorithms and Computation in Mathematics, pp. 53–79. Springer, Berlin (1998)

15.

Huang, M.D.A., Kosters, M., Yeo, S.L.: Last Fall Degree, HFE, and Weil Descent Attacks on ECDLP. In: Gennaro, R., Robshaw, M. (eds.) Advances in Cryptology, CRYPTO 2015, LNCS, vol. 9215, pp. 581–600. Springer, Berlin (2015)

16.

Lidl, R., Niederreiter, H.: Finite fields. Cambridge University Press, Cambridge (1997)MATH

17.

Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt ’88. In: Coppersmith, D. (ed.) Advances in Cryptology, CRYPT0 ’95, LNCS, vol. 963, pp. 248–261. Springer, Berlin (1995)

18.

Patarin, J.: Asymmetric Cryptography with a Hidden Monomial. In: Koblitz, N. (ed.) Advances in Cryptology, Crypto ’96, LNCS, vol. 1109, pp. 45–60. Springer, Berlin (1996)

19.

Patarin, J., Goubin, L.: Asymmetric Cryptography with S-Boxes. Is It Easier than Expected to Design Efficient Asymmetric Cryptosystems?. In: Han, Y., Okamoto, T., Qing, S. (eds.) Information and Communications Security, ICICS 1997, LNCS, vol. 1334, pp. 369–380. Springer, Berlin (1997)

20.

Petit, C., Quisquater, J.: On Polynomial Systems Arising from a Weil Descent. In: Wang, X., Sako, K (eds.) Advances in Cryptology - ASIACRYPT 2012, LNCS, vol. 7658, pp. 451–466. Springer, Berlin (2012)

Title: On the security of biquadratic C∗ public-key cryptosystems and its generalizations
Author: Patrick Felke
Publication date: 15-10-2018
Publisher: Springer US
Published in: Cryptography and Communications / Issue 3/2019
Print ISSN: 1936-2447
Electronic ISSN: 1936-2455
DOI: https://doi.org/10.1007/s12095-018-0337-y

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2019

Factorization using binary decision diagrams

Secret sharing on large girth graphs

A survey on the applications of Niho exponents

Codes of length two correcting single errors of limited size

On classical Kloosterman sums

Decomposition of permutations in a finite field

Premium Partner