Aleksejus Mihalkovich,Jokubas Zitkevicius,Eligijus Sakalauskas

DOI: https://doi.org/10.3934/math.20241312

2024-01-01

AIMS Mathematics

Abstract:In this paper, we revisited the previously proposed key exchange protocol based on the matrix power function. We prove that the entries of the public key matrices of both parties of the protocol are uniform. Using this result we defined a security game for our protocol and show that the malicious attacker cannot gain any significant advantage in winning this game by applying faithful representation or the linearization approaches. Moreover, we showed that the shared key is computationally indistinguishable from the imitation key if the security parameters are properly chosen.

mathematics, applied

Simran Tinani,Carlo Matteotti,Joachim Rosenthal

2023-10-08

Abstract:In the recently emerging field of nonabelian group-based cryptography, a prominently used one-way function is the Conjugacy Search Problem (CSP), and two important classes of platform groups are polycyclic and matrix groups. In this paper, we discuss the complexity of the conjugacy search problem (CSP) in these two classes of platform groups using the three protocols in [10], [26], and [29] as our starting point. We produce a polynomial time solution for the CSP in a finite polycyclic group with two generators, and show that a restricted CSP is reducible to a DLP. In matrix groups over finite fields, we usedthe Jordan decomposition of a matrix to produce a polynomial time reduction of an A-restricted CSP, where A is a cyclic subgroup of the general linear group, to a set of DLPs over an extension of Fq. We use these general methods and results to describe concrete cryptanalysis algorithms for these three systems. In particular, we show that in the group of invertible matrices over finite fields and in polycyclic groups with two generators, a CSP where conjugators are restricted to a cyclic subgroup is reducible to a set of O(n2) discrete logarithm problems. Using our general results, we demonstrate concrete cryptanalysis algorithms for each of these three schemes. We believe that our methods and findings are likely to allow for several other heuristic attacks in the general case.

Cryptography and Security,Computational Complexity

ZHAO Xin-jie,GUO Shi-ze,WANG Tao,ZHANG Fan,LIU Huiying,JI Ke-ke

DOI: https://doi.org/10.3969/j.issn.1671-1742.2012.04.001

2012-01-01

Abstract:The security of a lightweight block cipher KLEIN against the algebraic side-channel attack is evaluated by combining algebraic attack with side-channel attack under the Hamming weight leakage model.Firstly,the algebraic representation of KLEIN is given.Then,the Hamming weights of the intermediate states are deduced from analyzing the power leakages and converted into algebraic equations.Finally,the CryptoMinisat solver is applied to solve for the key.Based on three different error tolerant strategies,many physical experiments are conducted on KLEIN under an 8-bit microcontroller and the complexity of the attack is also evaluated.Experiment results show that: the unprotected software implementation of KLEIN is vulnerable to algebraic side-channel attack.Full 64-bit master key of KLEIN can be recovered by analyzing the Hamming weight leakages of the first round under know plaintext/ciphertext scenario and 2 rounds under unknown plaintext/ciphertext scenario.

A. Otero Sánchez,J. A. López Ramos,A. Otero Sanchez,J. A. Lopez Ramos

DOI: https://doi.org/10.1142/s0219498825502299

2024-02-28

Journal of Algebra and Its Applications

Abstract:We show that a previously introduced key exchange based on a congruence-simple semiring action is not secure by providing an attack that reveals the shared key from the distributed public information for any of such semirings.

mathematics, applied

Mohammad Eftekhari

DOI: https://doi.org/10.48550/arXiv.1503.04779

2015-03-17

Abstract:We address a cryptanalysis of two protocols based on the supposed difficulty of discrete logarithm problem on (semi) groups of matrices over a group ring. We can find the secret key and break entirely the protocols.

Cryptography and Security

Mariana Durcheva,Kiril Danilchenko

DOI: https://doi.org/10.3390/math12101429

IF: 2.4

2024-05-07

Mathematics

Abstract:In the quest for robust and efficient digital communication, this paper introduces cutting-edge key exchange protocols leveraging the computational prowess of tropical semirings and the structural resilience of block matrices. Moving away from the conventional use of finite fields, these protocols deliver markedly faster processing speeds and heightened security. We present two implementations of our concept, each utilizing a different platform for the set of commuting matrices: one employing tropical polynomials of matrices and the other employing Linde–de la Puente matrices. The inherent simplicity of tropical semirings leads to a decrease in operational complexity, while using block matrices enhances our protocols' security profile. The security of these protocols relies on the Matrix Decomposition Problem. In addition, we provide a comparative analysis of our protocols against existing matrix block-based protocols in finite fields. This research marks a significant shift in cryptographic protocol design, is specifically tailored for demanding engineering applications, and sets a new standard in secure and efficient digital communication.

mathematics

Jintai Ding,Kevin Schmitt,Zheng Zhang

DOI: https://doi.org/10.1007/978-3-030-16458-4_8

2019-01-01

Abstract:Short integer solution (SIS) and learning with errors (LWE) are two hard lattice problems. These two problems are believed having huge potential in application of cryptography. In 2012, Ding et al. [5] introduced the first provably secure key exchange based on LWE problem. On the other hand, we believe that it is very difficult to do key exchange on SIS problem only. In 2014, Wang et al. [6] did an attempt, but it was not successful. Mao et al. [7] broke the protocol by an attack based on CBi-SIS problem in 2016. However, their attack is not efficient. In this paper, we present a extremely straightforward and simple attack to Wang’s key exchange and then we will construct a key exchange based on SIS and LWE problems.

Otero Sanchez Alvaro,Lopez Ramos Juan Antonio

2024-02-13

Abstract:We show that a previously introduced key exchange based on a congruence-simple semiring action is not secure by providing an attack that reveals the shared key from the distributed public information for any of such semirings

Cryptography and Security

Xuyun Nie,Albrecht Petzoldt,Johannes Buchmann,Fagen Li

DOI: https://doi.org/10.1587/transfun.e97.a.1952

2014-01-01

Abstract:The Piece in Hand method is a security enhancement technique for Multivariate Public Key Cryptosystems (MPKCs). Since 2004, many types of this method have been proposed. In this paper, we consider the 2-layer nonlinear Piece in Hand method as proposed by Tsuji et al. in 2009. The key point of this method is to introduce an invertible quadratic polynomial map on the plaintext variables to add perturbation to the original MPKC. An additional quadratic map allows the owner of the secret key to remove this perturbation from the system. By our analysis, we find that the security of the enhanced scheme depends mainly on the structure of the quadratic polynomials of this auxiliary map. The two examples proposed by Tsuji et al. for this map can not resist the Linearization Equations attack. Given a valid ciphertext, we can easily get a public key which is equivalent to that of the underlying MPKC. If there exists an algorithm that can recover the plaintext corresponding to a valid ciphertext of the underlying MPKC, we can construct an algorithm that can recover the plaintext corresponding to a valid ciphertext of the enhanced MPKC.

Dorian Goldfeld,Paul E. Gunnells

DOI: https://doi.org/10.48550/arXiv.1202.0598

2012-02-03

Abstract:The Algebraic Eraser (AE) is a public key protocol for sharing information over an insecure channel using commutative and noncommutative groups; a concrete realization is given by Colored Burau Key Agreement Protocol (CBKAP). In this paper, we describe how to choose data in CBKAP to thwart an attack by Kalka--Teicher--Tsaban.

Cryptography and Security

Jintai Ding

2012-01-01

Abstract:We use the learning with errors (LWE) problem to build a new simple and provably secure key exchange scheme. The basic idea of the construction can be viewed as certain extension of DiffieHellman problem with errors. The mathematical structure behind comes from the commutativity of computing a bilinear form in two different ways due to the associativity of the matrix multiplications: (x ×A) × y = x × (A× y), where x,y are column vectors and A is a square matrix. We show that our new schemes are more efficient in terms of communication and computation complexity compared with key exchange schemes or key transport schemes via encryption schemes based on the LWE problem. Furthermore, we extend our scheme to the ring learning with errors (RLWE) problem, resulting in small key size and better efficiency.

Jorge Nakahara,Pouyan Sepehrdad,Bingsheng Zhang,Meiqin Wang

DOI: https://doi.org/10.1007/978-3-642-10433-6_5

2009-01-01

Abstract:The contributions of this paper include the first linear hull and a revisit of the algebraic cryptanalysis of reduced-round variants of the block cipher PRESENT, under known-plaintext and ciphertext-only settings. We introduce a pure algebraic cryptanalysis of 5-round PRESENT and in one of our attacks we recover half of the bits of the key in less than three minutes using an ordinary desktop PC. The PRESENT block cipher is a design by Bogdanov et al., announced in CHES 2007 and aimed at RFID tags and sensor networks. For our linear attacks, we can attack 25-round PRESENT with the whole code book, 296.68 25-round PRESENT encryptions, 240 blocks of memory and 0.61 success rate. Further we can extend the linear attack to 26-round with small success rate. As a further contribution of this paper we computed linear hulls in practice for the original PRESENT cipher, which corroborated and even improved on the predicted bias (and the corresponding attack complexities) of conventional linear relations based on a single linear trail.

Dylan Rudy,Chris Monico

DOI: https://doi.org/10.48550/arXiv.2005.04363

2020-09-22

Abstract:We consider a key-exchange protocol based on matrices over a tropical semiring which was recently proposed in \cite{grig19}. We show that a particular private parameter of that protocol can be recovered with a simple binary search, rendering it insecure.

Cryptography and Security

WU Zhi-ping,Jíntai Ding,Jason E. Gower,Dingfeng Ye

DOI: https://doi.org/10.1007/11424826_63

2005-01-01

Abstract:We apply internal perturbation [3] to the matrix-type cryptosystems [C n ] and HM constructed in [9]. Using small instances of these variants, we investigate the existence of linearization equations and degree 2 equations that could be used in a XL attack. Our results indicate that these new variants may be suitable for use in practical implementations. We propose a specific instance for practical implementation, and estimate its performance and security.

Houzhen Wang,Huanguo Zhang,Shaohua Tang

DOI: https://doi.org/10.1049/iet-ifs.2015.0183

2015-01-01

IET Information Security

Abstract:Eight years ago, Pei et al. described a matrix public-key encryption scheme based on the matrix factorisation over a finite field. Recently, Gu and Zheng also proposed a similar scheme based on the non-abelian factorisation assumption. The security of these schemes is essentially based on a two-side matrices exponentiation (TSME) problem. In this study, the authors show that the TSME problem is susceptible to a very efficient linearisation equations attack. Regardless of the public key parameters, the authors can easily find an equivalent key only in polynomial time O(2n(5)(log n +1)) from the public key alone, and thus it is very practical and can be implemented within less than 1/20 of a second on the recommended system parameters of the schemes.

Jintai Ding,Scott R. Fluhrer,Saraswathy RV

DOI: https://doi.org/10.1007/978-3-319-93638-3_27

2018-01-01

Abstract:Key Exchange (KE) from RLWE (Ring-Learning with Errors) is a potential alternative to Diffie-Hellman (DH) in a post quantum setting. Key leakage with RLWE key exchange protocols in the context of key reuse has already been pointed out in previous work. The initial attack described by Fluhrer is designed in such a way that it only works on Peikert's KE protocol and its variants that derives the shared secret from the most significant bits of the approximately equal keys computed by both parties. It does not work on Ding's key exchange that uses the least significant bits to derive a shared key. The Signal leakage attack relies on changes in the signal sent by the responder reusing his key, in a sequence of key exchange sessions initiated by an attacker with a malformed key. A possible defense against this attack would be to require the initiator of a key exchange to send the signal, which is the one pass case of the KE protocol. In this work, we describe a new attack on Ding's one pass case without relying on the signal function output but using only the information of whether the final key of both parties agree. We also use LLL reduction to create the adversary's keys in such a way that the party being compromised cannot identify the attack in trivial ways. This completes the series of attacks on RLWE key exchange with key reuse for all variants in both cases of the initiator and responder sending the signal. Moreover, we show that the previous Signal leakage attack can be made more efficient with fewer queries and how it can be extended to Peikert's key exchange, which was used in the BCNS implementation and integrated with TLS and a variant used in the New Hope implementation.

Yue Qin,Ruoyu Ding,Chi Cheng,Nina Bindel,Yanbin Pan,Jintai Ding

DOI: https://doi.org/10.1007/978-3-031-17140-6_33

2022-01-01

Abstract:Key exchange protocols from the learning with errors (LWE) problem share many similarities with the Diffie-Hellman-Merkle (DHM) protocol, which plays a central role in securing our Internet. Therefore, there has been a long time effort in designing authenticated key exchange directly from LWE to mirror the advantages of DHM-based protocols. In this paper, we revisit signal leakage attacks and show that the severity of these attacks against LWE-based (authenticated) key exchange is still underestimated. In particular, by converting the problem of launching a signal leakage attack into a coding problem, we can significantly reduce the needed number of queries to reveal the secret key. Specifically, for DXL-KE we reduce the queries from 1,266 to only 29, while for DBS-KE, we need only 748 queries, a great improvement over the previous 1,074,434 queries. Moreover, our new view of signals as binary codes enables recognizing vulnerable schemes more easily. As such we completely recover the secret key of a password-based authenticated key exchange scheme by Dabra et al. with only 757 queries and partially reveal the secret used in a two-factor authentication by Wang et al. with only one query. The experimental evaluation supports our theoretical analysis and demonstrates the efficiency and effectiveness of our attacks. Our results caution against underestimating the power of signal leakage attacks as they are applicable even in settings with a very restricted number of interactions between adversary and victim.

Yaqi Xu,Baofeng Wu,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-030-88052-1_12

2021-01-01

Abstract:In this paper, we formulate a new framework of cryptanalysis called rotational-linear attack on ARX ciphers. We firstly build an efficient distinguisher for the cipher E consisted of the rotational attack and the linear attack together with some intermediate variables. Then a key recovery technique is introduced with which we can recover some bits of the last whitening key in the related-key scenario. To decrease data complexity of our attack, we also apply a new method, called bit flipping, in the rotational cryptanalysis for the first time and the effective partitioning technique to the key-recovery part.

Sulaiman Alhussaini,Craig Collett,Sergeĭ Sergeev

DOI: https://doi.org/10.1080/00927872.2024.2341814

2024-04-25

Communications in Algebra

Abstract:Since the existing tropical cryptographic protocols are either susceptible to the Kotov-Ushakov attack and its generalization, or to attacks based on tropical matrix periodicity and predictive behavior, several attempts have been made to propose protocols that resist such attacks. Despite these attempts, many of the proposed protocols remain vulnerable to attacks targeting the underlying hidden problems, one of which we call the tropical two-sided discrete logarithm with shift. An illustrative case is the tropical Stickel protocol, which, when formulated with a single monomial instead of a polynomial, becomes susceptible to attacks based on solutions of the above mentioned tropical version of discrete logarithm. In this paper we will formally introduce the tropical two-sided discrete logarithm with shift, discuss how it is solved, and subsequently demonstrate an attack on a key exchange protocol based on the tropical semiring of pairs. This particular protocol is compromised due to the existence of efficient (albeit heuristic) solution of the tropical two-sided logarithm problem, and this highlights the ongoing challenges in search of a "good" key exchange protocol in tropical cryptography.

mathematics

Xiaoyan Zhang,Qichun Wang,Bin Wang,Haibin Kan

DOI: https://doi.org/10.1587/transfun.e94.a.2059

2011-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:In algebraic attack on stream ciphers based on LFSRs, the secret key is found by solving an overdefined system of multivariate equations. There are many known algorithms from different point of view to solve the problem, such as linearization, relinearization, XL and Grobner Basis. The simplest method, linearization, treats each monomial of different degrees as a new variable, and consists of $\\sum_{i=1}^{d}{n \\choose i}$ variables (the degree of the system of equations is denoted by d). Thus it needs at least $\\sum_{i=1}^{d}{n \\choose i}$ equations, i.e. keystream bits to recover the secret key by Gaussian reduction or other. In this paper we firstly propose a concept, called equivalence of LFSRs. On the basis of it, we present a constructive method that can solve an overdefined system of multivariate equations with less keystream bits by extending the primitive polynomial.