gr bner bases in public key cryptography
play

Grbner Bases in Public-Key Cryptography Ludovic Perret SPIRAL/SALSA - PowerPoint PPT Presentation

Jan 30, 2024 •214 likes •693 views

Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) The Functional Decomposition Problem Conclusion Grbner Bases in Public-Key Cryptography Ludovic Perret SPIRAL/SALSA LIP6, Universit Paris 6 INRIA ludovic.perret@lip6.fr

  1. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) The Functional Decomposition Problem Conclusion Gröbner Bases in Public-Key Cryptography Ludovic Perret SPIRAL/SALSA LIP6, Université Paris 6 INRIA ludovic.perret@lip6.fr ECRYPT PhD SUMMER SCHOOL Emerging Topics in Cryptographic Design and Cryptanalysis L. Perret Gröbner Bases in Public-Key Cryptography

  2. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) The Functional Decomposition Problem Conclusion Gröbner Bases in Cryptography ? C.E. Shannon “Breaking a good cipher should require as much work as solving a system of simultaneous equations in a large number of unknowns of a complex type.” Communication Theory of Secrecy Systems, 1949. L. Perret Gröbner Bases in Public-Key Cryptography

  3. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) The Functional Decomposition Problem Conclusion Algebraic Cryptanalysis Principle Convert a cryptosystem into an algebraic set of equations Try to solve this system ⇒ Gröbner bases L. Perret Gröbner Bases in Public-Key Cryptography

  4. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) The Functional Decomposition Problem Conclusion Why Using Gröbner Bases ? Based on an elegant and rich mathematical theory ⇒ Buchberger’s talk Most efficient method for solving algebraic systems Efficient implementations available Buchberger’s algorithm (Singular, Gb, . . . ) F 4 algorithm (Magma, Maple 10, Fgb, . . . ) L. Perret Gröbner Bases in Public-Key Cryptography

  5. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) The Functional Decomposition Problem Conclusion Efficient Algebraic Cryptanalysis ? Convert a cryptosystem into an algebraic set of equations a particular attention to the way of constructing the system exploit all the properties of the cryptosystem Try to solve the simplified system L. Perret Gröbner Bases in Public-Key Cryptography

  6. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) The Functional Decomposition Problem Conclusion Efficient Algebraic Cryptanalysis ? Convert a cryptosystem into an algebraic set of equations a particular attention to the way of constructing the system exploit all the properties of the cryptosystem Try to solve the simplified system ⇒ Minimize the number of variables/degree ⇒ Maximize the number of equations L. Perret Gröbner Bases in Public-Key Cryptography

  7. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) The Functional Decomposition Problem Conclusion Efficient Algebraic Cryptanalysis ? Convert a cryptosystem into an algebraic set of equations a particular attention to the way of constructing the system exploit all the properties of the cryptosystem Simplify the system Try to solve the simplified system ⇒ Minimize the number of variables/degree ⇒ Maximize the number of equations L. Perret Gröbner Bases in Public-Key Cryptography

  8. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) The Functional Decomposition Problem Conclusion Algebraic Cryptanalysis in Practice Block Ciphers ( ⇒ Cid’s talk) Stream Ciphers ( ⇒ Johansson/Canteaut ’s talk & Cid’s talk) . . . L. Perret Gröbner Bases in Public-Key Cryptography

  9. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) The Functional Decomposition Problem Conclusion Outline Algebraic Cryptanalysis of HFE 1 Isomorphism of Polynomials (IP) 2 Description of the Problem An Algorithm for Solving IP The Functional Decomposition Problem 3 2R/2R − and FDP Solving FDP Conclusion 4 L. Perret Gröbner Bases in Public-Key Cryptography

  10. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) The Functional Decomposition Problem Conclusion The HFE scheme [J. Patarin, Eurocrypt 1996] Secret key : ( S , U ) ∈ GL n ( K ) × GL n ( K ) θ ′ i , j ∈ K ′ [ X ] , with K ′ ⊃ K , q = Char ( K ) i , j β i , j X q θ i , j + q A = � � � ∈ K [ x 1 , . . . , x n ] u a = a 1 ( x 1 , . . . , x n ) , . . . , a n ( x 1 , . . . , x n ) Public key : � � � � b 1 ( x ) , . . . , b n ( x ) = a 1 ( x S ) , . . . , a n ( x S ) U , with x = ( x 1 , . . . , x n ) . � � Encryption : To enc. m ∈ K n , c = b 1 ( m ) , . . . , b n ( m ) . Signature : To sig. m ∈ K n , find s ∈ K n s.t. b ( s ) = m . L. Perret Gröbner Bases in Public-Key Cryptography

  11. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) The Functional Decomposition Problem Conclusion Message Recovery Attack – (I) � � ∈ K n . Find z ∈ K n , such that : Given c = b 1 ( m ) , . . . , b n ( m ) b 1 ( z ) − c 1 = 0 , . . . , b n ( z ) − c n = 0 . In Theory . . . PoSSo is NP-Hard � n ω · d reg � Complexity of F 5 for semi-reg. sys. : O , with : � � � − α + 1 2 + 1 � 2 α 2 − 10 α − 1 + 2 ( α + 2 ) d reg ∼ α ( α + 2 ) n , 2 ⇒ For a quadratic system of 80 variables : d reg = 11. ≈ 2 83 L. Perret Gröbner Bases in Public-Key Cryptography

  12. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) The Functional Decomposition Problem Conclusion Message Recovery Attack – (II) In Practice . . . Complexity of F 5 : 2 O ( log ( n ) 2 ) . J.-C. Faugère, A. Joux. Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems using Gröbner Bases. CRYPTO 2003. L. Granboulan, A. Joux, J. Stern. Inverting HFE is Quasipolynomial. CRYPTO 2006. L. Perret Gröbner Bases in Public-Key Cryptography

  13. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) Description of the Problem The Functional Decomposition Problem An Algorithm for Solving IP Conclusion Outline Algebraic Cryptanalysis of HFE 1 Isomorphism of Polynomials (IP) 2 Description of the Problem An Algorithm for Solving IP The Functional Decomposition Problem 3 2R/2R − and FDP Solving FDP Conclusion 4 L. Perret Gröbner Bases in Public-Key Cryptography

  14. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) Description of the Problem The Functional Decomposition Problem An Algorithm for Solving IP Conclusion “Key Recovery Attack" 2PLE Given : a = ( a 1 , . . . , a u ) , and b = ( b 1 , . . . , b u ) ∈ K [ x 1 , . . . , x n ] u . Question : Find ( S , U ) ∈ GL n ( K ) × GL u ( K ) , s. t. : � � � � b 1 ( x ) , . . . , b n ( x ) = a 1 ( x S ) , . . . , a n ( x S ) U , denoted by b ( x ) = a ( x S ) U , with x = ( x 1 , . . . , x n ) . J. Patarin. Hidden Fields Equations (HFE) and Isomorphism of Polynomials (IP): two new families of Asymmetric Algorithms. EUROCRYPT 1996. L. Perret Gröbner Bases in Public-Key Cryptography

  15. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) Description of the Problem The Functional Decomposition Problem An Algorithm for Solving IP Conclusion A Basic Problem – (I) HFE and related schemes ( C ∗ , SFLASH, ...) A = X 1 + q θ ∈ K ′ [ X ] , with K ′ ⊃ K , and q = Char ( K ) signature/authentication schemes J. Patarin. Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP) : two new families of Asymmetric Algorithms. EUROCRYPT 1996. Traitor Tracing schemes O. Billet, H. Gilbert. A Traceable Block Cipher. ASIACRYPT 2003. L. Perret Gröbner Bases in Public-Key Cryptography

  16. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) Description of the Problem The Functional Decomposition Problem An Algorithm for Solving IP Conclusion A Basic Problem – (II) Code Equivalence (CE) Given : two matrices G 1 , and G 2 ∈ M k , n ( F q ) . Find : – if any – S ∈ GL k ( F q ) , and a permutation σ ∈ S n , s.t. : G 2 = SG 1 P σ , where : � ( P σ ) i , j = 1 , if σ ( i ) = j , and ( P σ ) i , j = 0 , otherwise . L. Perret Gröbner Bases in Public-Key Cryptography

  17. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) Description of the Problem The Functional Decomposition Problem An Algorithm for Solving IP Conclusion A Basic Problem – cont’d McEliece’s Cryptosystem (1978) Secret key : S ∈ GL k ( F 2 ) , a permutation σ on { 1 , . . . , n } . Public data : G ∈ M k , n ( F 2 ) Public key : G ′ = SGP σ , where : � ( P σ ) i , j = 1 , if σ ( i ) = j , and ( P σ ) i , j = 0 , otherwise . Encryption : To encrypt m ∈ F k 2 , compute: c = mG ′ + e , with e ∈ F n 2 , s.t. w H ( e ) = t . L. Perret Gröbner Bases in Public-Key Cryptography

  18. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) Description of the Problem The Functional Decomposition Problem An Algorithm for Solving IP Conclusion A Basic Problem – cont’d Graph Isomorphism Problem Given : G 1 = ( V 1 , E 1 ) , G 2 = ( V 2 , E 2 ) Question : Find – if any – a bijection p : V 1 → V 2 , such that: � � ( i , j ) ∈ E 1 if, and only if, p ( i ) , p ( j ) ∈ E 2 . L. Perret Gröbner Bases in Public-Key Cryptography

  19. Algebraic Cryptanalysis of HFE Isomorphism of Polynomials (IP) Description of the Problem The Functional Decomposition Problem An Algorithm for Solving IP Conclusion Hard Problems ? N. Sendrier. Finding the permutation between equivalent codes: the Support Splitting Algorithm. IEEE Transactions on Information Theory, July 2000. L. Babai. Automorphism groups, isomorphism, reconstruction. Handbook of combinatorics. L. Perret Gröbner Bases in Public-Key Cryptography

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Gr obner Bases In Public Key Cryptography: Hope Never Dies M. Caboara, F.Caruso, C. Traverso

Gr obner Bases In Public Key Cryptography: Hope Never Dies M. Caboara, F.Caruso, C. Traverso

Gr obner Bases In Public Key Cryptography: Hope Never Dies M. Caboara, F.Caruso, C. Traverso Eurocrypt 2008 Rump session Istanbul, April 15, 2008 M. Caboara, F.Caruso, C. Traverso Gr obner Bases In Public Key Cryptography: Hope Never

649 views • 31 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in

Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in

Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in Practice (13) How Cryptography is Used in Applications The main drawback of public key cryptography is the inherent slow speed of the public key

442 views • 14 slides
Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Cryptography Public Key Cryptography Concepts of Public Key Cryptography Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 20 Feb 2020, public.tex, r1803 1

421 views • 7 slides
Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

810 views • 42 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption: with

445 views • 17 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

256 views • 22 slides
Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key Cryptography Lecture 8 Public-Key Encryption Diffie-Hellman Key-Exchange PKE scheme PKE scheme SKE: Syntax KeyGen outputs K K Enc: M K R

1.18k views • 104 slides
Outline CPSC 418/MATH 318 Introduction to Cryptography Public Key Cryptography, RSA Public-Key

Outline CPSC 418/MATH 318 Introduction to Cryptography Public Key Cryptography, RSA Public-Key

Outline CPSC 418/MATH 318 Introduction to Cryptography Public Key Cryptography, RSA Public-Key Cryptography 1 Renate Scheidler The RSA Cryptosystem 2 Department of Mathematics & Statistics Department of Computer Science University of

372 views • 7 slides
Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar

Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar

Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar (MIT) Public Key Encryption (PKE) [Diffie-Hellman76, Rivest-Shamir-Adelman78, Goldwasser-Micali82] pk sk Public Key Encryption Public Key Encryption

296 views • 25 slides
Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 15 November, 2012 Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography Diffie-Hellman Key

207 views • 8 slides
Public key cryptography: a practical Public key cryptography: a practical approach approach

Public key cryptography: a practical Public key cryptography: a practical approach approach

Public key cryptography: a practical Public key cryptography: a practical approach approach Israel Herraiz <isra@herraiz.org> <israel.herraiz@upm.es> KeyID FE0A7AF3 Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF3

996 views • 43 slides
Public Key Cryptography Diffie-Hellman Others CSS441: Security and Cryptography Sirindhorn

Public Key Cryptography Diffie-Hellman Others CSS441: Security and Cryptography Sirindhorn

CSS441 Public Key Crypto Principles RSA Public Key Cryptography Diffie-Hellman Others CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015

461 views • 29 slides
Cryptography Public-Key Cryptography Uwe Egly Vienna University of Technology Institute of

Cryptography Public-Key Cryptography Uwe Egly Vienna University of Technology Institute of

Cryptography Public-Key Cryptography Uwe Egly Vienna University of Technology Institute of Information Systems Knowledge-Based Systems Group 1 / 18 Overview Problem of symmetric procedures: Exchange of secret key Solution: public-key

884 views • 18 slides
Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in

Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in

Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Secure Communication Earlier we discussed the problems

202 views • 18 slides
C) Public Key Cryptography C.a) Fundamentals C.b) RSA with Applications C.c) DSA and Diffie

C) Public Key Cryptography C.a) Fundamentals C.b) RSA with Applications C.c) DSA and Diffie

1 C) Public Key Cryptography C.a) Fundamentals C.b) RSA with Applications C.c) DSA and Diffie Hellman W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 C.a) Fundamentals 3 C.1 Introducing Remark Public key cryptosystems are widely

621 views • 47 slides
Faster formulas for elliptic curves Hseyin H sl hisil.huseyin@gmail.com

Faster formulas for elliptic curves Hseyin H sl hisil.huseyin@gmail.com

Faster formulas for elliptic curves Hseyin H sl hisil.huseyin@gmail.com www.huseyinhisil.net ECC2010, Redmond Hseyin H sl () October 19, 2010 1 / 36 Faster formulas for elliptic curves (A roadmap for formula-hunters)

825 views • 55 slides
ACCC Public Forum on TransGrid and EnergyAustralia Revenue Cap Decisions Simon Bartlett, CE

ACCC Public Forum on TransGrid and EnergyAustralia Revenue Cap Decisions Simon Bartlett, CE

ACCC Public Forum on TransGrid and EnergyAustralia Revenue Cap Decisions Simon Bartlett, CE Powerlink Queensland 18 March 2005 Key Messages New framework does not provide the level of certainty and is not as efficient as ACCC described.

742 views • 9 slides
Two Attacks on a White-Box AES Implementation Tancrde Lepoint 1,2 , Matthieu Rivain 1 , Yoni De

Two Attacks on a White-Box AES Implementation Tancrde Lepoint 1,2 , Matthieu Rivain 1 , Yoni De

Two Attacks on a White-Box AES Implementation Tancrde Lepoint 1,2 , Matthieu Rivain 1 , Yoni De Mulder 3 , Peter Roelse 4 , and Bart Preneel 3 1 CryptoExperts, France { tancrede.lepoint,matthieu.rivain } @cryptoexperts.com 2 Ecole Normale

320 views • 28 slides
Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings Brecht Wyseur,

Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings Brecht Wyseur,

Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings Brecht Wyseur, Wil Michiels, Paul Gorissen, Bart Preneel COSIC K.U.Leuven and Philips Research March 27 2007 White-Box Attack Context key key ke y

555 views • 10 slides
3D Bipedal Walking including COM height variations St ephane Caron CRI Group Seminar Series

3D Bipedal Walking including COM height variations St ephane Caron CRI Group Seminar Series

3D Bipedal Walking including COM height variations St ephane Caron CRI Group Seminar Series May 14, 2018 What do we want? COMANOID project https://comanoid.cnrs.fr 2 What do we want? COMANOID project Aircraft entry plan (2017) 3

783 views • 25 slides
Robots With Legs Helge Wrede 27.11.2017 Outline Motivation Overview Properties Number of

Robots With Legs Helge Wrede 27.11.2017 Outline Motivation Overview Properties Number of

Robots With Legs Helge Wrede 27.11.2017 Outline Motivation Overview Properties Number of legs Balance Walking Basic Bipedal Implementation Dynamic Balancing Concepts 3D-LIPM 2 Motivation Figure: Side view of the Robot Cassie from

714 views • 27 slides
SIMULATION TO PROOFS IN C2E2 Parasara Sridhar Duggirala 1 A simple (often the only) strategy

SIMULATION TO PROOFS IN C2E2 Parasara Sridhar Duggirala 1 A simple (often the only) strategy

SIMULATION TO PROOFS IN C2E2 Parasara Sridhar Duggirala 1 A simple (often the only) strategy Given start and target S Compute finite cover of initial set Simulate from the center 0 of each cover Bloat

440 views • 22 slides
ROBOTICS 01PEEQW Basilio Bona DAUIN Politecnico di Torino What is Robotics? Robotics

ROBOTICS 01PEEQW Basilio Bona DAUIN Politecnico di Torino What is Robotics? Robotics

ROBOTICS 01PEEQW Basilio Bona DAUIN Politecnico di Torino What is Robotics? Robotics studies robots For history and definitions see the 2013 slides

702 views • 14 slides

More recommend