On the security of biquadratic C∗ public-key cryptosystems and its generalizations

Public key cryptosystems based on multivariate polynomials have been studied since the eighties. One of them, called C ∗ , was introduced in 1988 by Imai and Matsumoto, and broken in 1993 by Dobbertin in classified work he did for the German Federal Office for Information Security and later by Patar...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Cryptography and communications Ročník 11; číslo 3; s. 427 - 442
Hlavný autor: Felke, Patrick
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: New York Springer US 15.05.2019
Springer Nature B.V
Predmet:
Algorithms
Circuits
Coding and Information Theory
Communications Engineering
Complexity
Computer Science
Computer systems
Cybersecurity
Data encryption
Data Structures and Information Theory
Information and Communication
Lower bounds
Mapping
Mathematics of Computing
Networks
Polynomials
Quantum cryptography
Special Issue: Mathematical Methods for Cryptography
C
Secondary 11Y16
13P10
Degree of regularity
First fall degree
13D02
Post-quantum cryptography
Gröbner basis attacks
Dobbertin
Multivariate cryptography
Imai-Matsumoto
12Y05
biquadratic C
13P15
Solving equations
Primary 11T71
94A60
11T55
ISSN:1936-2447, 1936-2455
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:Public key cryptosystems based on multivariate polynomials have been studied since the eighties. One of them, called C ∗ , was introduced in 1988 by Imai and Matsumoto, and broken in 1993 by Dobbertin in classified work he did for the German Federal Office for Information Security and later by Patarin (see Dobbertin et al. 2005 , Patarin 1995 ). Since then, the construction of multivariate systems sharing a great deal of the C ∗ properties have become of particular interest. Dobbertin introduced in a series of classified papers and later in a challenge of the MysteryTwister-Competition hosted by the Horst-Görtz-Institute in 2005, (see Dobbertin et al. 2005 ) together with the author, a system where the central mapping is a power mapping of degree 4 and shares almost all the properties of C ∗ . It was therefore called biquadratic C ∗ . The challenge remained unbroken and the security of these systems an open problem. As its key size is rather large, the interest in such systems became low during the last years. Due to the initiative of the European Telecommunications Standards Institute and the National Institute for Standards and Technology in creating standards for post-quantum cryptography, systems with bigger key sizes have become of interest for practical applications. In this paper we will consider biquadratic C ∗ and more general systems based on hidden monomials of degree k called k -ary C ∗ . We will prove a lower bound for the running time of attacks based on Gröbner basis algorithms like F 4 or F 5 . We will compute the first fall degree for k -ary C ∗ and give a counterexample to the first fall degree assumption. We will derive an estimate for the complexity of breaking the above mentioned cryptochallenge and give parameter sizes for secure systems by taking into account all known types of attacks. It will turn out that the security requirements yield systems with impractical key sizes even for applications in post-quantum cryptography. Although k -ary C ∗ is not of practical interest the results presented here give some insight in understanding the complexity of attacks on multivariate cryptosystems, especially based on Gröbner basis algorithms, and show that these systems are very promising objects for conducting further research in this direction.
Bibliografia:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1936-2447
1936-2455
DOI:10.1007/s12095-018-0337-y