Improvements of Algebraic Attacks for solving the Rank Decoding and MinRank problems
Gespeichert in:
| Titel: | Improvements of Algebraic Attacks for solving the Rank Decoding and MinRank problems |
|---|---|
| Autoren: | Bardet, Magali, Bros, Maxime, Cabarcas, Daniel, Gaborit, Philippe, Perlner, Ray, Smith-Tone, Daniel, Tillich, Jean-Pierre, Verbel, Javier |
| Weitere Verfasser: | Equipe Combinatoire et algorithmes (CA - LITIS), Laboratoire d'Informatique, de Traitement de l'Information et des Systèmes (LITIS), Université Le Havre Normandie (ULH), Normandie Université (NU)-Normandie Université (NU)-Université de Rouen Normandie (UNIROUEN), Normandie Université (NU)-Institut national des sciences appliquées Rouen Normandie (INSA Rouen Normandie), Normandie Université (NU)-Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université Le Havre Normandie (ULH), Normandie Université (NU)-Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA), Security, Cryptology and Transmissions (SECRET), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Mathématiques & Sécurité de l'information (XLIM-MATHIS), XLIM (XLIM), Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)-Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS), Universidad Nacional de Colombia Sede Medellín, National Institute of Standards and Technology Gaithersburg (NIST), University of Louisville, This work has been supported by the French ANR projects CBCRYPT (ANR-17-CE39-0007) and the MOUSTIC project with the support from the European Regional Development Fund (ERDF) and the Regional Council of Normandie.Javier Verbel was supported for this work by Colciencias scholarship 757 forPhD studies and the University of Louisville facilities., ANR-17-CE39-0007,CBCRYPT,Cryptographie basée sur les codes(2017) |
| Quelle: | https://hal.archives-ouvertes.fr/hal-02475356 ; 2020. |
| Verlagsinformationen: | HAL CCSD |
| Publikationsjahr: | 2020 |
| Bestand: | Archive ouverte HAL (Hyper Article en Ligne, CCSD - Centre pour la Communication Scientifique Directe) |
| Schlagwörter: | Post-quantum cryptography, Algebraic attack, Rankmetric code-based cryptography, NIST-PQC candidates, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], [MATH.MATH-AG]Mathematics [math]/Algebraic Geometry [math.AG] |
| Beschreibung: | Rank Decoding (RD) is the main underlying problem in rank-based cryptography. Based on this problem and quasi-cyclic versions of it, very efficient schemes have been proposed recently, such as those in the ROLLO and RQC submissions, which have reached the second round of the NIST Post-Quantum competition. Two main approaches have been studied to solve RD: combinatorial ones and algebraic ones. While the former has been studied extensively, a better understanding of the latter was recently obtained by Bardet et al. (EUROCRYPT20) where it appeared that algebraic attacks can often be more efficient than combinatorial ones for cryptographic parameters. This paper gives substantial improvements upon this attack in terms both of complexity and of the assumptions required by the cryptanalysis. We present attacks for ROLLO-I-128, 192, and 256 with bit complexity respectively in 70, 86, and 158, to be compared to 117, 144, and 197 for the aforementionned previous attack. Moreover, unlike this previous attack, ours does not need generic Gr\"obner basis algorithms since it only requires to solve a linear system. For a case called overdetermined, this modeling allows us to avoid Gr\"obner basis computations by going directly to solving a linear system. For the other case, called underdetermined, we also improve the results from the previous attack by combining the Ourivski-Johansson modeling together with a new modeling for a generic MinRank instance; the latter modeling allows us to refine the analysis of MinRank's complexity given in the paper by Verbel et al. (PQC19). Finally, since the proposed parameters of ROLLO and RQC are completely broken by our new attack, we give examples of new parameters for ROLLO and RQC that make them resistant to our attacks. These new parameters show that these systems remain attractive, with a loss of only about 50\% in terms of key size for ROLLO-I. |
| Publikationsart: | report |
| Sprache: | English |
| Relation: | hal-02475356; https://hal.archives-ouvertes.fr/hal-02475356; https://hal.archives-ouvertes.fr/hal-02475356v3/document; https://hal.archives-ouvertes.fr/hal-02475356v3/file/article.pdf |
| Verfügbarkeit: | https://hal.archives-ouvertes.fr/hal-02475356 https://hal.archives-ouvertes.fr/hal-02475356v3/document https://hal.archives-ouvertes.fr/hal-02475356v3/file/article.pdf |
| Rights: | info:eu-repo/semantics/OpenAccess |
| Dokumentencode: | edsbas.88071DEC |
| Datenbank: | BASE |
Nájsť tento článok vo Web of Science | FullText | Text: Availability: 0 CustomLinks: – Url: https://hal.archives-ouvertes.fr/hal-02475356# Name: EDS - BASE (s4221598) Category: fullText Text: View record from BASE – Url: https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=EBSCO&SrcAuth=EBSCO&DestApp=WOS&ServiceName=TransferToWoS&DestLinkType=GeneralSearchSummary&Func=Links&author=Bardet%20M Name: ISI Category: fullText Text: Nájsť tento článok vo Web of Science Icon: https://imagesrvr.epnet.com/ls/20docs.gif MouseOverText: Nájsť tento článok vo Web of Science |
|---|---|
| Header | DbId: edsbas DbLabel: BASE An: edsbas.88071DEC RelevancyScore: 879 AccessLevel: 3 PubType: Report PubTypeId: report PreciseRelevancyScore: 878.994323730469 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: Improvements of Algebraic Attacks for solving the Rank Decoding and MinRank problems – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Bardet%2C+Magali%22">Bardet, Magali</searchLink><br /><searchLink fieldCode="AR" term="%22Bros%2C+Maxime%22">Bros, Maxime</searchLink><br /><searchLink fieldCode="AR" term="%22Cabarcas%2C+Daniel%22">Cabarcas, Daniel</searchLink><br /><searchLink fieldCode="AR" term="%22Gaborit%2C+Philippe%22">Gaborit, Philippe</searchLink><br /><searchLink fieldCode="AR" term="%22Perlner%2C+Ray%22">Perlner, Ray</searchLink><br /><searchLink fieldCode="AR" term="%22Smith-Tone%2C+Daniel%22">Smith-Tone, Daniel</searchLink><br /><searchLink fieldCode="AR" term="%22Tillich%2C+Jean-Pierre%22">Tillich, Jean-Pierre</searchLink><br /><searchLink fieldCode="AR" term="%22Verbel%2C+Javier%22">Verbel, Javier</searchLink> – Name: Author Label: Contributors Group: Au Data: Equipe Combinatoire et algorithmes (CA - LITIS)<br />Laboratoire d'Informatique, de Traitement de l'Information et des Systèmes (LITIS)<br />Université Le Havre Normandie (ULH)<br />Normandie Université (NU)-Normandie Université (NU)-Université de Rouen Normandie (UNIROUEN)<br />Normandie Université (NU)-Institut national des sciences appliquées Rouen Normandie (INSA Rouen Normandie)<br />Normandie Université (NU)-Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université Le Havre Normandie (ULH)<br />Normandie Université (NU)-Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)<br />Security, Cryptology and Transmissions (SECRET)<br />Inria de Paris<br />Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)<br />Mathématiques & Sécurité de l'information (XLIM-MATHIS)<br />XLIM (XLIM)<br />Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)-Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)<br />Universidad Nacional de Colombia Sede Medellín<br />National Institute of Standards and Technology Gaithersburg (NIST)<br />University of Louisville<br />This work has been supported by the French ANR projects CBCRYPT (ANR-17-CE39-0007) and the MOUSTIC project with the support from the European Regional Development Fund (ERDF) and the Regional Council of Normandie.Javier Verbel was supported for this work by Colciencias scholarship 757 forPhD studies and the University of Louisville facilities.<br />ANR-17-CE39-0007,CBCRYPT,Cryptographie basée sur les codes(2017) – Name: TitleSource Label: Source Group: Src Data: <i>https://hal.archives-ouvertes.fr/hal-02475356 ; 2020</i>. – Name: Publisher Label: Publisher Information Group: PubInfo Data: HAL CCSD – Name: DatePubCY Label: Publication Year Group: Date Data: 2020 – Name: Subset Label: Collection Group: HoldingsInfo Data: Archive ouverte HAL (Hyper Article en Ligne, CCSD - Centre pour la Communication Scientifique Directe) – Name: Subject Label: Subject Terms Group: Su Data: <searchLink fieldCode="DE" term="%22Post-quantum+cryptography%22">Post-quantum cryptography</searchLink><br /><searchLink fieldCode="DE" term="%22Algebraic+attack%22">Algebraic attack</searchLink><br /><searchLink fieldCode="DE" term="%22Rankmetric+code-based+cryptography%22">Rankmetric code-based cryptography</searchLink><br /><searchLink fieldCode="DE" term="%22NIST-PQC+candidates%22">NIST-PQC candidates</searchLink><br /><searchLink fieldCode="DE" term="%22[INFO%2EINFO-CR]Computer+Science+[cs]%2FCryptography+and+Security+[cs%2ECR]%22">[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]</searchLink><br /><searchLink fieldCode="DE" term="%22[MATH%2EMATH-AG]Mathematics+[math]%2FAlgebraic+Geometry+[math%2EAG]%22">[MATH.MATH-AG]Mathematics [math]/Algebraic Geometry [math.AG]</searchLink> – Name: Abstract Label: Description Group: Ab Data: Rank Decoding (RD) is the main underlying problem in rank-based cryptography. Based on this problem and quasi-cyclic versions of it, very efficient schemes have been proposed recently, such as those in the ROLLO and RQC submissions, which have reached the second round of the NIST Post-Quantum competition. Two main approaches have been studied to solve RD: combinatorial ones and algebraic ones. While the former has been studied extensively, a better understanding of the latter was recently obtained by Bardet et al. (EUROCRYPT20) where it appeared that algebraic attacks can often be more efficient than combinatorial ones for cryptographic parameters. This paper gives substantial improvements upon this attack in terms both of complexity and of the assumptions required by the cryptanalysis. We present attacks for ROLLO-I-128, 192, and 256 with bit complexity respectively in 70, 86, and 158, to be compared to 117, 144, and 197 for the aforementionned previous attack. Moreover, unlike this previous attack, ours does not need generic Gr\"obner basis algorithms since it only requires to solve a linear system. For a case called overdetermined, this modeling allows us to avoid Gr\"obner basis computations by going directly to solving a linear system. For the other case, called underdetermined, we also improve the results from the previous attack by combining the Ourivski-Johansson modeling together with a new modeling for a generic MinRank instance; the latter modeling allows us to refine the analysis of MinRank's complexity given in the paper by Verbel et al. (PQC19). Finally, since the proposed parameters of ROLLO and RQC are completely broken by our new attack, we give examples of new parameters for ROLLO and RQC that make them resistant to our attacks. These new parameters show that these systems remain attractive, with a loss of only about 50\% in terms of key size for ROLLO-I. – Name: TypeDocument Label: Document Type Group: TypDoc Data: report – Name: Language Label: Language Group: Lang Data: English – Name: NoteTitleSource Label: Relation Group: SrcInfo Data: hal-02475356; https://hal.archives-ouvertes.fr/hal-02475356; https://hal.archives-ouvertes.fr/hal-02475356v3/document; https://hal.archives-ouvertes.fr/hal-02475356v3/file/article.pdf – Name: URL Label: Availability Group: URL Data: https://hal.archives-ouvertes.fr/hal-02475356<br />https://hal.archives-ouvertes.fr/hal-02475356v3/document<br />https://hal.archives-ouvertes.fr/hal-02475356v3/file/article.pdf – Name: Copyright Label: Rights Group: Cpyrght Data: info:eu-repo/semantics/OpenAccess – Name: AN Label: Accession Number Group: ID Data: edsbas.88071DEC |
| PLink | https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edsbas&AN=edsbas.88071DEC |
| RecordInfo | BibRecord: BibEntity: Languages: – Text: English Subjects: – SubjectFull: Post-quantum cryptography Type: general – SubjectFull: Algebraic attack Type: general – SubjectFull: Rankmetric code-based cryptography Type: general – SubjectFull: NIST-PQC candidates Type: general – SubjectFull: [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] Type: general – SubjectFull: [MATH.MATH-AG]Mathematics [math]/Algebraic Geometry [math.AG] Type: general Titles: – TitleFull: Improvements of Algebraic Attacks for solving the Rank Decoding and MinRank problems Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Bardet, Magali – PersonEntity: Name: NameFull: Bros, Maxime – PersonEntity: Name: NameFull: Cabarcas, Daniel – PersonEntity: Name: NameFull: Gaborit, Philippe – PersonEntity: Name: NameFull: Perlner, Ray – PersonEntity: Name: NameFull: Smith-Tone, Daniel – PersonEntity: Name: NameFull: Tillich, Jean-Pierre – PersonEntity: Name: NameFull: Verbel, Javier – PersonEntity: Name: NameFull: Equipe Combinatoire et algorithmes (CA - LITIS) – PersonEntity: Name: NameFull: Laboratoire d'Informatique, de Traitement de l'Information et des Systèmes (LITIS) – PersonEntity: Name: NameFull: Université Le Havre Normandie (ULH) – PersonEntity: Name: NameFull: Normandie Université (NU)-Normandie Université (NU)-Université de Rouen Normandie (UNIROUEN) – PersonEntity: Name: NameFull: Normandie Université (NU)-Institut national des sciences appliquées Rouen Normandie (INSA Rouen Normandie) – PersonEntity: Name: NameFull: Normandie Université (NU)-Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université Le Havre Normandie (ULH) – PersonEntity: Name: NameFull: Normandie Université (NU)-Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA) – PersonEntity: Name: NameFull: Security, Cryptology and Transmissions (SECRET) – PersonEntity: Name: NameFull: Inria de Paris – PersonEntity: Name: NameFull: Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria) – PersonEntity: Name: NameFull: Mathématiques & Sécurité de l'information (XLIM-MATHIS) – PersonEntity: Name: NameFull: XLIM (XLIM) – PersonEntity: Name: NameFull: Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)-Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS) – PersonEntity: Name: NameFull: Universidad Nacional de Colombia Sede Medellín – PersonEntity: Name: NameFull: National Institute of Standards and Technology Gaithersburg (NIST) – PersonEntity: Name: NameFull: University of Louisville – PersonEntity: Name: NameFull: This work has been supported by the French ANR projects CBCRYPT (ANR-17-CE39-0007) and the MOUSTIC project with the support from the European Regional Development Fund (ERDF) and the Regional Council of Normandie.Javier Verbel was supported for this work by Colciencias scholarship 757 forPhD studies and the University of Louisville facilities. – PersonEntity: Name: NameFull: ANR-17-CE39-0007,CBCRYPT,Cryptographie basée sur les codes(2017) IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 01 Type: published Y: 2020 Identifiers: – Type: issn-locals Value: edsbas – Type: issn-locals Value: edsbas.oa Titles: – TitleFull: https://hal.archives-ouvertes.fr/hal-02475356 ; 2020 Type: main |
| ResultId | 1 |