Johannes Buchmann,Stanislav Bulygin,Jintai Ding,Wael Said Abd Elmageed Mohamed,Fabian Werner

DOI: https://doi.org/10.1007/978-3-642-17619-7_11

2010-01-01

Abstract:Recently, the Little Dragon Two and Poly-Dragon multivariate based public-key cryptosystems were proposed as efficient and secure schemes. In particular, the inventors of the two schemes claim that Little Dragon Two and Poly-Dragon resist algebraic cryptanalysis. In this paper, we show that MXL2, an algebraic attack method based on the XL algorithm and Ding's concept of Mutants, is able to break Little Dragon Two with keys of length up to 229 bits and Poly-Dragon with keys of length up to 299. This contradicts the security claim for the proposed schemes and demonstrates the strength of MXL2 and the Mutant concept. This strength is further supported by experiments that show that in attacks on both schemes the MXL2 algorithm outperforms the Magma's implementation of F4.

Xiaoqiang Zhang,Guiliang Zhu,Weiping Wang,Mengmeng Wang,Shilong Ma

DOI: https://doi.org/10.4304/jcp.7.1.169-178

2012-01-01

Journal of Computers

Abstract:The asymmetric cryptosystem plays an important role in the cryptology nowadays. It is widely used in the fields of data encryption, digital watermarking, digital signature, secure network protocol, etc. However, with the improvement of computing capability, longer and longer the key length is required to ensure the security of interaction information. To shorten the key length and improve the encryption efficiency, by defining the two-dimension discrete logarithm problem (DLP), a new public-key cryptosystem is proposed. This new cryptosystem generalizes the public-key cryptosystem from one dimension to two dimensions. The core algorithms of the proposed cryptosystem are also designed, including the fast algorithm, computing the inverse matrix modulo p and finding the period. To verify the correctness and rationality of the new cryptosystem, two examples are carried out. Meanwhile, the efficiency and security are analyzed in detail. Experimental results and theoretical analyses show that the new cryptosystem possesses the advantages of the outstanding robustness, short key length, high security and encrypting many data once.

Jintai Ding,Dieter Schmidt

DOI: https://doi.org/10.1007/978-1-0716-0987-3

2020-01-01

Abstract:Although RSA is a very successful public key cryptosystem, efforts are under way to find alternative systems, which are computationally more efficient, and which would remain secure even when a big enough quantum computer becomes operational. Multivariable polynomials over a finite field have been used to build new public key cryptosystems. Some of these constructions are not as secure as was claimed initially, but others are still viable. The paper gives on overview over this field and discusses the status of many systems, which have been proposed in the last 20 years.

Chengdong Tao,Hong Xiang,Albrecht Petzoldt,Jintai Ding

DOI: https://doi.org/10.1016/j.ffa.2015.06.001

IF: 1.655

2015-01-01

Finite Fields and Their Applications

Abstract:Multivariate cryptography is one of the main candidates to guarantee the security of communication in the presence of quantum computers. While there exist a large number of secure and efficient multivariate signature schemes, the number of practical multivariate encryption schemes is somewhat limited. In this paper we present our results on creating a new multivariate encryption scheme, which is an extension of the original Simple Matrix encryption scheme of PQCrypto 2013. Our scheme allows fast en- and decryption and resists all known attacks against multivariate cryptosystems. Furthermore, we present a new idea to solve the decryption failure problem of the original Simple Matrix encryption scheme. (C) 2015 Elsevier Inc. All rights reserved.

LU Gang,NIE Xu-yun,QIN Zhi-guang,HOU Chuan-yong

DOI: https://doi.org/10.3969/j.issn.1001-0548.2018.02.013

2018-01-01

Abstract:In 2014, Yuan et al. proposed a new multivariate public key cryptosystem by combining "small field-big field" and "stepwise triangular" methods. The authors claimed that their scheme can be secure against rank attack, linearization equation attack and differential attack. Through analysis, we found that there are a lot of linearization equations satisfied by this scheme. We can transform it to an equivalent square encryption scheme by linearization equation method and then recover corresponding plaintext for any given cipheretext by differential attack. As to two recommended parameters, for given public key, the complexities of recovering plaintext are 233 and 235, respectively. The results above are further confirmed by computer experiments.

NIE Xu-yun,LIU Bo,LU Gang,ZHONG Ting

DOI: https://doi.org/10.11959/j.issn.1000-436x.2015182

2015-01-01

Abstract:The novel extended multivariate public key cryptosystem is a new security enhancement method on multivariate public key cryptosystems,which is proposed by Qiao,et al.A nonlinear invertible transformation was used,named“tame transformation”,on the original multivariate public key cryptosystem to hide its weakness such as linearization equation.However,it is found that if there are many linearization equations satisfied by the original MPKC,there would be many quadratization equations (QE) satisfied by the improved scheme.Given a public key,after finding all QE,a valid cipheretext can be substituted into the QE to derive a set of quadratic equations on the plaintext variable.This exactly reduce the degree of the system wanted to solve.Then the corresponding plaintext can be recovered for a given valid ciphertext combining with Groebner basis method.

Jintai Ding,Momonari Kudo,Shinya Okumura,Tsuyoshi Takagi,Chengdong Tao

DOI: https://doi.org/10.1007/s13160-018-0316-x

2018-01-01

Japan Journal of Industrial and Applied Mathematics

Abstract:Researching post-quantum cryptography is now an important task in cryptography. Although various candidates of post-quantum cryptosystems (PQC) have been constructed, sizes of their public keys are large. Okumura constructed a candidate of PQC whose security is expected to be based on certain Diophantine equations (DEC). Okumura analysis suggests that DEC achieves the high security with small public key sizes. This paper proposes a polynomial time-attack on the one-way property of DEC. We reduce the security of DEC to finding special short lattice points of some low-rank lattices derived from public data. The usual LLL algorithm could not find the most important lattice point in our experiments because of certain properties of the lattice point. Our heuristic analysis leads us to using a variant of the LLL algorithm, called a weighted LLL algorithm by us. Our experiments suggest that DEC with 128 bit security becomes insecure by our attack.

SF Sun,Udaya Parampalli,TH Yuen,Yong Yu,Dawu Gu

2016-01-01

Abstract:© Springer International Publishing Switzerland 2016.Motivated by tampering attacks in practice, two different but related security notions, termed complete non-malleability and relatedkey attack security, have been proposed recently. In this work, we study their relations and present the first public key encryption scheme that is secure in both notions under standard assumptions. Moreover, by exploiting the technique for achieving complete non-malleability, we give a practical scheme for the related-key attack security. Precisely, the scheme is proven secure against polynomial functions of bounded degree d under a newly introduced hardness assumption called dmodified extended decisional bilinear Diffie-Hellman assumption. Since the schemes are constructed in a direct way instead of relying on the noninteractive zero knowledge proof or signature techniques, they not only achieve the strong security notions but also have better performances.

Jiahui Chen,Jianting Ning,Jie Ling,Terry Shue Chien Lau,Yacheng Wang

DOI: https://doi.org/10.1016/j.tcs.2019.12.032

IF: 1.002

2020-01-01

Theoretical Computer Science

Abstract:It is regarded as a difficult task to design a secure MPKC fundamental schemes such as an encryption scheme. In this paper we introduce a new central trapdoor for multivariate quadratic (MQ) public-key cryptosystems that allows for encryption, in contrast to time-tested MQ primitives such as Unbalanced Oil and Vinegar or Rainbow which only allow for signatures. The same as UOV or Rainbow, our construction is single field scheme where the central polynomial system is chosen to have a particular structure that enables efficient inversion. After applying this transformation, the plaintext can be recovered by solving a linear system. Our new central trapdoor can use to replace the broken extension field calculation trapdoor and simple matrix encryption trapdoor, thereafter, we use the minus and plus modifiers to inoculate our scheme against known attacks. It is highlight that our encryption scheme is a good explore in the area of multivariate cryptography. Finally, a straightforward Magma implementation confirms the efficient operation of the public key algorithms.

Zhe Sun,Jincheng Zhuang,Zimeng Zhou,Fang-Wei Fu

DOI: https://doi.org/10.1016/j.tcs.2024.114480

IF: 1.002

2024-02-01

Theoretical Computer Science

Abstract:This paper presents a new McEliece-type cryptosystem using Gabidulin-Kronecker product codes in the rank metric. The contributions of this paper are as follows. Firstly, we propose a new Gabidulin-Kronecker product code which is a kind of block circulant code, and give an efficient decoding algorithm. Secondly, we design a one-way secure public key encryption scheme based on the Gabidulin-Kronecker product codes. Thirdly, we obtain an IND-CCA2 secure public key encryption scheme by converting our one-way secure public key encryption scheme under the hardness assumption of the RSD Dual Problem. In terms of efficiency, our scheme has a smaller public key size by taking advantage of the block circulant structure. For 128-bit security, the public key size of our proposal is 13% of Lau-Tan's cryptosystem (in the rank metric), and 19% of BIKE (in the Hamming metric). In terms of security, our scheme can resist Overbeck attack, Coggia-Couvreur attack and Sendrier attack.

computer science, theory & methods

Shenghui Su,Jianhua Zheng,Shuwang Lu

DOI: https://doi.org/10.48550/arXiv.1709.01669

2017-09-06

Cryptography and Security

Abstract:This paper gives the definitions of an extra superincreasing sequence and an anomalous subset sum, and proposes a fast quantum-safe asymmetric cryptosystem called JUOAN2. The new cryptosystem is based on an additive multivariate permutation problem (AMPP) and an anomalous subset sum problem (ASSP) which parallel a multivariate polynomial problem and a shortest vector problem respectively, and composed of a key generator, an encryption algorithm, and a decryption algorithm. The authors analyze the security of the new cryptosystem against the Shamir minima accumulation point attack and the LLL lattice basis reduction attack, and prove it to be semantically secure (namely IND-CPA) on the assumption that AMPP and ASSP have no subexponential time solutions. Particularly, the analysis shows that the new cryptosystem has the potential to be resistant to quantum computing attack, and is especially suitable to the secret communication between two mobile terminals in maneuvering field operations under any weather. At last, an example explaining the correctness of the new cryptosystem is given.

Bo Lv,Zhiniang Peng,Shaohua Tang

DOI: https://doi.org/10.1007/978-3-319-72359-4_9

2017-01-01

Abstract:The study of multivariate encryption algorithm is an important topic of multivariate public key cryptography research. However, quite few secure and practical multivariate encryption algorithms have been found up to now. The SRP encryption scheme is a multivariate encryption scheme that combines Square, Rainbow and the Plus method technique, which is of high efficiency and resistant to existing known attacks against multivariate schemes. In this paper, an improved SRP scheme with shorter private key and higher decryption efficiency is proposed. We introduce rotation relations into parts of the private key, which enables us to reduce the private key size by about 61%. And the decryption speed is 2.1 times faster than that of the original SRP. In terms of theory and experiment, we analyze the security of the improved SRP for several attacks against SRP. The results show that our modifications do not weaken the security of the original schemes.

R. L. Rivest,A. Shamir,L. Adleman

DOI: https://doi.org/10.1145/359340.359342

IF: 22.7

1978-02-01

Communications of the ACM

Abstract:An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n , of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n .

computer science, theory & methods, software engineering, hardware & architecture

Wenshuo Guo,Fangwei Fu

DOI: https://doi.org/10.48550/arXiv.2104.02254

2021-04-06

Abstract:This paper presents two modifications for Loidreau's code-based cryptosystem. Loidreau's cryptosystem is a rank metric code-based cryptosystem constructed by using Gabidulin codes in the McEliece setting. Recently a polynomial-time key recovery attack was proposed to break Loidreau's cryptosystem in some cases. To prevent this attack, we propose the use of subcodes to disguise the secret codes in Modification \Rmnum{1}. In Modification \Rmnum{2}, we choose a random matrix of low column rank over $\mathbb{F}_q$ to mix with the secret matrix. According to our analysis, these two modifications can both resist the existing structural attacks. Additionally, we adopt the systematic generator matrix of the public code to make a reduction in the public-key size. In additon to stronger resistance against structural attacks and more compact representation of public keys, our modifications also have larger information transmission rates.

Information Theory

Jintai Ding,Bo-Yin Yang

DOI: https://doi.org/10.1007/978-3-540-88702-7_6

2009-01-01

Abstract:A multivariate public key cryptosystem (MPKCs for short) have a set of (usually) quadratic polynomials over a finite field as its public map. Its main security assumption is backed by the NP-hardness of the problem to solve nonlinear equations over a finite field. This family is considered as one of the major families of PKCs that could resist potentially even the powerful quantum computers of the future. There has been fast and intensive development in Multivariate Public Key Cryptography in the last two decades. Some constructions are not as secure as was claimed initially, but others are still viable. The paper gives an overview of multivariate public key cryptography and discusses the current status of the research in this area.

Chengdong Tao,Adama Diene,Shaohua Tang,Jintai Ding

DOI: https://doi.org/10.1007/978-3-642-38616-9_16

2013-01-01

Abstract:There are several attempts to build asymmetric pubic key encryption schemes based on multivariate polynomials of degree two over a finite field. However, most of them are insecure. The common defect in many of them comes from the fact that certain quadratic forms associated with their central maps have low rank, which makes them vulnerable to the MinRank attack. We propose a new simple and efficient multivariate pubic key encryption scheme based on matrix multiplication, which does not have such a low rank property. The new scheme will be called Simple Matrix Scheme or ABC in short. We also propose some parameters for practical and secure implementation.

Arnab Roy,Matthias Johann Steiner

DOI: https://doi.org/10.48550/arXiv.2204.01802

2023-05-28

Abstract:In recent years a new class of symmetric-key primitives over $\mathbb{F}_p$ that are essential to Multi-Party Computation and Zero-Knowledge Proofs based protocols have emerged. Towards improving the efficiency of such primitives, a number of new block ciphers and hash functions over $\mathbb{F}_p$ were proposed. These new primitives also showed that following alternative design strategies to the classical Substitution-Permutation Network (SPN) and Feistel Networks leads to more efficient cipher and hash function designs over $\mathbb{F}_p$ specifically for large odd primes $p$. In view of these efforts, in this work we build an \emph{algebraic framework} that allows the systematic exploration of viable and efficient design strategies for constructing symmetric-key (iterative) permutations over $\mathbb{F}_p$. We first identify iterative polynomial dynamical systems over finite fields as the central building block of almost all block cipher design strategies. We propose a generalized triangular polynomial dynamical system (GTDS), and based on the GTDS we provide a generic definition of an iterative (keyed) permutation over $\mathbb{F}_p^n$. Our GTDS-based generic definition is able to describe the three most well-known design strategies, namely SPNs, Feistel networks and Lai--Massey. Consequently, the block ciphers that are constructed following these design strategies can also be instantiated from our generic definition. Moreover, we find that the recently proposed \texttt{Griffin} design, which neither follows the Feistel nor the SPN design, can be described using the generic GTDS-based definition. We also show that a new generalized Lai--Massey construction can be instantiated from the GTDS-based definition. We further provide generic analysis of the GTDS including an upper bound on the differential uniformity and the correlation.

Cryptography and Security

Debiao He,Jianhua Chen

2013-01-01

The International Arab Journal of Information Technology

Abstract:To solve the key escrow problem in identity-based cryptosystem, Al-Riyami et al. introduced the CertificateLess Public Key Cryptography (CL-PKC). As an important cryptographic primitive, CertificateLess Designated Verifier Signature (CLDVS) scheme was studied widely. Following Al-Riyami et al. work, many certificateless Designated Verifier Signature (DVS) schemes using bilinear pairings have been proposed. But the relative computation cost of the pairing is approximately twenty times higher than that of the scalar multiplication over elliptic curve group. In order to improve the performance we propose a certificateless DVS scheme without bilinear pairings. With the running time of the signature being saved greatly, our scheme is more practical than the previous related schemes for practical application.

Yao Lu,Rui Zhang,Liqiang Peng,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-662-48797-6_9

2015-01-01

Abstract:We revisit the problem of finding small solutions to a collection of linear equations modulo an unknown divisor p for a known composite integer N. In CaLC 2001, Howgrave-Graham introduced an efficient algorithm for solving univariate linear equations; since then, two forms of multivariate generalizations have been considered in the context of cryptanalysis: modular multivariate linear equations by Herrmann and May (Asiacrypt' 08) and simultaneous modular univariate linear equations by Cohn and Heninger (ANTS' 12). Their algorithms have many important applications in cryptanalysis, such as factoring with known bits problem, fault attacks on RSA signatures, analysis of approximate GCD problem, etc.In this paper, by introducing multiple parameters, we propose several generalizations of the above equations. The motivation behind these extensions is that some attacks on RSA variants can be reduced to solving these generalized equations, and previous algorithms do not apply. We present new approaches to solve them, and compared with previous methods, our new algorithms are more flexible and especially suitable for some cases. Applying our algorithms, we obtain the best analytical/experimental results for some attacks on RSA and its variants, specifically,- We improve May's results (PKC' 04) on small secret exponent attack on RSA variant with moduli N = p(r) q (r >= 2).-We experimentally improve Boneh et al.'s algorithm (Crypto' 98) on factoring N = p(r) q (r >= 2) with known bits problem.-We significantly improve Jochemsz-May' attack (Asiacrypt' 06) on Common Prime RSA.-We extend Nitaj's result (Africacrypt' 12) on weak encryption exponents of RSA and CRT-RSA.

Mohamed Saied Emam Mohamed,Jintai Ding,Johannes Buchmann,Fabian Werner

DOI: https://doi.org/10.1007/978-3-642-10433-6_26

2009-01-01

Abstract:In this paper, we present an efficient attack on the multivariate Quadratic Quasigroups (MQQ) public key cryptosystem. Our cryptanalysis breaks the MQQ cryptosystem by solving a system of multivariate quadratic polynomial equations using both the MutantXL algorithm and the F4 algorithm. We present the experimental results that show that MQQ systems is broken up to size n equal to 300. Based on these results we show also that MutantXL solves MQQ systems with much less memory than the F4 algorithm implemented in Magma.