mathematical problems in multivariate public key
play

Mathematical Problems in Multivariate Public Key Cryptography - PowerPoint PPT Presentation

Oct 04, 2023 •345 likes •1.05k views

Mathematical Problems in Multivariate Public Key Cryptography Timothy Hodges University of Cincinnati January 15, 2015 Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 1 / 28 Overview Multivariate

  1. Mathematical Problems in Multivariate Public Key Cryptography Timothy Hodges University of Cincinnati January 15, 2015 Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 1 / 28

  2. Overview Multivariate Public Key Cryptosystems 1 Solving Systems of Polynomial Equations 2 First Fall Degree and HFE-systems 3 Semi-regular systems 4 Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 2 / 28

  3. Outline Multivariate Public Key Cryptosystems 1 Solving Systems of Polynomial Equations 2 First Fall Degree and HFE-systems 3 Semi-regular systems 4 Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 3 / 28

  4. Multivariate Public Key Cryptosystems F a finite field with | F | = q { p 1 ,..., p n } F n → F m − − − − − − p i ( x 1 , . . . , x n ) ∈ F [ x 1 , . . . , x n ] / � x q 1 − x 1 , . . . , x q n − x n � = Fun( F n , F ) Solving p 1 ( x 1 , . . . , x n ) = y 1 . . . . . . p m ( x 1 , . . . , x n ) = y m is a hard problem. Problem Design a trapdoor that retains this level of security. Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 4 / 28

  5. Multivariate Public Key Cryptosystems F a finite field with | F | = q { p 1 ,..., p n } F n → F m − − − − − − p i ( x 1 , . . . , x n ) ∈ F [ x 1 , . . . , x n ] / � x q 1 − x 1 , . . . , x q n − x n � = Fun( F n , F ) Solving p 1 ( x 1 , . . . , x n ) = y 1 . . . . . . p m ( x 1 , . . . , x n ) = y m is a hard problem. Problem Design a trapdoor that retains this level of security. Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 4 / 28

  6. Multivariate Public Key Cryptosystems F a finite field with | F | = q { p 1 ,..., p n } F n → F m − − − − − − p i ( x 1 , . . . , x n ) ∈ F [ x 1 , . . . , x n ] / � x q 1 − x 1 , . . . , x q n − x n � = Fun( F n , F ) Solving p 1 ( x 1 , . . . , x n ) = y 1 . . . . . . p m ( x 1 , . . . , x n ) = y m is a hard problem. Problem Design a trapdoor that retains this level of security. Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 4 / 28

  7. Multivariate Public Key Cryptosystems F a finite field with | F | = q { p 1 ,..., p n } F n → F m − − − − − − p i ( x 1 , . . . , x n ) ∈ F [ x 1 , . . . , x n ] / � x q 1 − x 1 , . . . , x q n − x n � = Fun( F n , F ) Solving p 1 ( x 1 , . . . , x n ) = y 1 . . . . . . p m ( x 1 , . . . , x n ) = y m is a hard problem. Problem Design a trapdoor that retains this level of security. Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 4 / 28

  8. Multivariate Public Key Cryptosystems F a finite field with | F | = q { p 1 ,..., p n } F n → F m − − − − − − p i ( x 1 , . . . , x n ) ∈ F [ x 1 , . . . , x n ] / � x q 1 − x 1 , . . . , x q n − x n � = Fun( F n , F ) Solving p 1 ( x 1 , . . . , x n ) = y 1 . . . . . . p m ( x 1 , . . . , x n ) = y m is a hard problem. Problem Design a trapdoor that retains this level of security. Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 4 / 28

  9. Hidden Field Systems: Matsumoto-Imai Identify (secretly) F n with an extension field K , where dim F K = n . So | K | = q n The map P : K → K , P ( X ) = X θ is invertible with inverse P − 1 ( X ) = X s if gcd( θ, q n − 1) = 1, For all 0 � = α ∈ K , α q n − 1 = 1 by Lagrange’s Theorem. Since gcd( θ, q n − 1) = 1, then there exist s , t ∈ Z such that θ s + ( q n − 1) t = 1 so ( α θ ) s = α − ( q n − 1) t +1 = α − ( q n − 1) t α = α Take q = 2 t and θ = 1 + q s , P ( X ) = X . X q s is quadratic P − − − − − → K K Private Key x ? σ ? τ ? ? y { p 1 ,..., p n } F n → F n − − − − − − Public Key σ, τ invertible affine linear maps Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 5 / 28

  10. Hidden Field Systems: Matsumoto-Imai Identify (secretly) F n with an extension field K , where dim F K = n . So | K | = q n The map P : K → K , P ( X ) = X θ is invertible with inverse P − 1 ( X ) = X s if gcd( θ, q n − 1) = 1, For all 0 � = α ∈ K , α q n − 1 = 1 by Lagrange’s Theorem. Since gcd( θ, q n − 1) = 1, then there exist s , t ∈ Z such that θ s + ( q n − 1) t = 1 so ( α θ ) s = α − ( q n − 1) t +1 = α − ( q n − 1) t α = α Take q = 2 t and θ = 1 + q s , P ( X ) = X . X q s is quadratic P − − − − − → K K Private Key x ? σ ? τ ? ? y { p 1 ,..., p n } F n → F n − − − − − − Public Key σ, τ invertible affine linear maps Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 5 / 28

  11. Hidden Field Systems: Matsumoto-Imai Identify (secretly) F n with an extension field K , where dim F K = n . So | K | = q n The map P : K → K , P ( X ) = X θ is invertible with inverse P − 1 ( X ) = X s if gcd( θ, q n − 1) = 1, For all 0 � = α ∈ K , α q n − 1 = 1 by Lagrange’s Theorem. Since gcd( θ, q n − 1) = 1, then there exist s , t ∈ Z such that θ s + ( q n − 1) t = 1 so ( α θ ) s = α − ( q n − 1) t +1 = α − ( q n − 1) t α = α Take q = 2 t and θ = 1 + q s , P ( X ) = X . X q s is quadratic P − − − − − → K K Private Key x ? σ ? τ ? ? y { p 1 ,..., p n } F n → F n − − − − − − Public Key σ, τ invertible affine linear maps Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 5 / 28

  12. Hidden Field Systems: Matsumoto-Imai Identify (secretly) F n with an extension field K , where dim F K = n . So | K | = q n The map P : K → K , P ( X ) = X θ is invertible with inverse P − 1 ( X ) = X s if gcd( θ, q n − 1) = 1, For all 0 � = α ∈ K , α q n − 1 = 1 by Lagrange’s Theorem. Since gcd( θ, q n − 1) = 1, then there exist s , t ∈ Z such that θ s + ( q n − 1) t = 1 so ( α θ ) s = α − ( q n − 1) t +1 = α − ( q n − 1) t α = α Take q = 2 t and θ = 1 + q s , P ( X ) = X . X q s is quadratic P − − − − − → K K Private Key x ? σ ? τ ? ? y { p 1 ,..., p n } F n → F n − − − − − − Public Key σ, τ invertible affine linear maps Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 5 / 28

  13. Hidden Field Systems: Matsumoto-Imai Identify (secretly) F n with an extension field K , where dim F K = n . So | K | = q n The map P : K → K , P ( X ) = X θ is invertible with inverse P − 1 ( X ) = X s if gcd( θ, q n − 1) = 1, For all 0 � = α ∈ K , α q n − 1 = 1 by Lagrange’s Theorem. Since gcd( θ, q n − 1) = 1, then there exist s , t ∈ Z such that θ s + ( q n − 1) t = 1 so ( α θ ) s = α − ( q n − 1) t +1 = α − ( q n − 1) t α = α Take q = 2 t and θ = 1 + q s , P ( X ) = X . X q s is quadratic P − − − − − → K K Private Key x ? σ ? τ ? ? y { p 1 ,..., p n } F n → F n − − − − − − Public Key σ, τ invertible affine linear maps Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 5 / 28

  14. Hidden Field Systems: Matsumoto-Imai Identify (secretly) F n with an extension field K , where dim F K = n . So | K | = q n The map P : K → K , P ( X ) = X θ is invertible with inverse P − 1 ( X ) = X s if gcd( θ, q n − 1) = 1, For all 0 � = α ∈ K , α q n − 1 = 1 by Lagrange’s Theorem. Since gcd( θ, q n − 1) = 1, then there exist s , t ∈ Z such that θ s + ( q n − 1) t = 1 so ( α θ ) s = α − ( q n − 1) t +1 = α − ( q n − 1) t α = α Take q = 2 t and θ = 1 + q s , P ( X ) = X . X q s is quadratic P − − − − − → K K Private Key x ? σ ? τ ? ? y { p 1 ,..., p n } F n → F n − − − − − − Public Key σ, τ invertible affine linear maps Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 5 / 28

  15. Patarin’s HFE System P ( X ) is P ( X ) K − − − − − → K x ? of low total degree, D (efficient σ ? τ ? ? y decryption). { p 1 ,..., p n } F n → F n − − − − − − quadratic over F so that p i ( x 1 , . . . , x n ) are quadratic (efficient encryption) a ij X q i + q j + b i X q i + c X X P ( X ) = q i + q j ≤ D q i ≤ D where a ij , b i , c ∈ K . Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 6 / 28

  16. Patarin’s HFE System P ( X ) is P ( X ) K − − − − − → K x ? of low total degree, D (efficient σ ? τ ? ? y decryption). { p 1 ,..., p n } F n → F n − − − − − − quadratic over F so that p i ( x 1 , . . . , x n ) are quadratic (efficient encryption) a ij X q i + q j + b i X q i + c X X P ( X ) = q i + q j ≤ D q i ≤ D where a ij , b i , c ∈ K . Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 6 / 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Multivariate random variables DS GA 1002 Statistical and Mathematical Models

Multivariate random variables DS GA 1002 Statistical and Mathematical Models

Multivariate random variables DS GA 1002 Statistical and Mathematical Models http://www.cims.nyu.edu/~cfgranda/pages/DSGA1002_fall16 Carlos Fernandez-Granda Joint distributions Tool to characterize several uncertain numerical quantities of

1.39k views • 121 slides
Supposedly Hard Problems In Multivariate Cryptography Charles Bouillaguet Universit de

Supposedly Hard Problems In Multivariate Cryptography Charles Bouillaguet Universit de

Introduction The MQ Problem Polynomial Equivalence Problems Supposedly Hard Problems In Multivariate Cryptography Charles Bouillaguet Universit de Versailles Saint-Quentin Versailles, France Sminaire CARAMEL 20 janvier 2012

721 views • 59 slides
Multivariate L evy driven Stochastic Volatility Models Robert Stelzer Chair of Mathematical

Multivariate L evy driven Stochastic Volatility Models Robert Stelzer Chair of Mathematical

1 September 22nd, 2008 Multivariate L evy driven Stochastic Volatility Models Robert Stelzer Chair of Mathematical Statistics Zentrum Mathematik Technische Universit at M unchen email: rstelzer@ma.tum.de http://www.ma.tum.de/stat/

467 views • 43 slides
A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials Kim

A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials Kim

A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials Kim Batselier KU Leuven Department of Electrical Engineering

1.19k views • 108 slides
A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials Kim

A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials Kim

A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials Kim Batselier KU Leuven Department of Electrical Engineering

1.14k views • 109 slides
MATHEMATICAL PROBLEMS ASSOCIATED WITH MATHEMATICAL PROBLEMS ASSOCIATED WITH ATMOSPHERIC DATA

MATHEMATICAL PROBLEMS ASSOCIATED WITH MATHEMATICAL PROBLEMS ASSOCIATED WITH ATMOSPHERIC DATA

MATHEMATICAL PROBLEMS ASSOCIATED WITH MATHEMATICAL PROBLEMS ASSOCIATED WITH ATMOSPHERIC DATA ASSIMILATION AND ATMOSPHERIC DATA ASSIMILATION AND WEATHER PREDICTION WEATHER PREDICTION Pierre Gauthier Department of Earth and Atmospheric Sciences

580 views • 13 slides
Hilberts problems and contemporary mathematical logic Jan Kraj cek MFF UK (KA)

Hilberts problems and contemporary mathematical logic Jan Kraj cek MFF UK (KA)

Hilberts problems and contemporary mathematical logic Jan Kraj cek MFF UK (KA) Are there BIG open problems in mathematical logic besides the P vs. NP problem? Ideals for the qualification big: The Riemann

715 views • 34 slides
Multivariate Public Key Cryptography Jintai Ding University of Cincinnati Technical University

Multivariate Public Key Cryptography Jintai Ding University of Cincinnati Technical University

Multivariate Public Key Cryptography Jintai Ding University of Cincinnati Technical University of Darmstadt 1 1. General Introduction 2. Multivariate public key cryptosystems 3. Challenges 2 1 General Introduction In June 2006, in Belgium,

1.06k views • 68 slides
Open Problems in Multivariate Cryptography Louis Goubin LGoubin@ slb.com Nicolas Courtois

Open Problems in Multivariate Cryptography Louis Goubin LGoubin@ slb.com Nicolas Courtois

Open Problems in Multivariate Cryptography Louis Goubin LGoubin@ slb.com Nicolas Courtois Ncourtois@ slb.com SchlumbergerSema Louveciennes France Bruges - 26/11/2002 STORK Cryptography Workshop 1 Design of Block Ciphers and Hash

429 views • 4 slides
Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in

Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in

Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Secure Communication Earlier we discussed the problems

202 views • 18 slides
Adaptive Approximation for Multivariate Linear Problems with Inputs Lying in a Cone Fred J.

Adaptive Approximation for Multivariate Linear Problems with Inputs Lying in a Cone Fred J.

Adaptive Approximation for Multivariate Linear Problems with Inputs Lying in a Cone Fred J. Hickernell Department of Applied Mathematics Center for Interdisciplinary Scientific Computation Illinois Institute of Technology hickernell@iit.edu

440 views • 30 slides
Outline Multivariate Data 1 Multivariate Parametric Methods Multivariate Normal Distribution 2

Outline Multivariate Data 1 Multivariate Parametric Methods Multivariate Normal Distribution 2

Multivariate Data Multivariate Normal Distribution Multivariate Classification Multivariate Regression Multivariate Data Multivariate Normal Distribution Multivariate Classification Multivariate Regression Outline Multivariate Data 1

319 views • 7 slides
Problems for Multivariate Data Analysis Censored data. Riffle: an R Package for Nonmetric

Problems for Multivariate Data Analysis Censored data. Riffle: an R Package for Nonmetric

Problems for Multivariate Data Analysis Censored data. Riffle: an R Package for Nonmetric Clustering Tied ranks and reduced variance when < 5 5. Geoffrey B. Matthews and Robin A. Matthews Systematic bias when

155 views • 4 slides
Pattern Selection Problems in Multivariate Time-Series using Equation Discovery Arne Koopman,

Pattern Selection Problems in Multivariate Time-Series using Equation Discovery Arne Koopman,

Pattern Selection Problems in Multivariate Time-Series using Equation Discovery Arne Koopman, Arno Knobbe, Marving Meeng Leiden University. The university to discover. InfraWatch Data Mining for Infrastructure Asset Management - Hollandse Brug

621 views • 11 slides
Principal Component Analysis Applied Multivariate Statistics Spring 2012 Overview

Principal Component Analysis Applied Multivariate Statistics Spring 2012 Overview

Principal Component Analysis Applied Multivariate Statistics Spring 2012 Overview Intuition Four definitions Practical examples Mathematical example Case study Appl. Multivariate Statistics - Spring 2012 2 PCA: Goals

418 views • 26 slides
Problems With Notation Mathematical notation is very precise. This contrasts with both oral

Problems With Notation Mathematical notation is very precise. This contrasts with both oral

Problems With Notation Mathematical notation is very precise. This contrasts with both oral communication and some written English. Alan H. SteinUniversity of Connecticut Problems With Notation Mathematical notation is very precise. This

252 views • 4 slides
Learning the Stress Patterns of the Worlds Languages Jeffrey Heinz heinz@udel.edu University

Learning the Stress Patterns of the Worlds Languages Jeffrey Heinz heinz@udel.edu University

Introduction Stress Patterns Formal Learning Theory Neighborhood-distinctness Learning Stress Patterns Discussion Learning the Stress Patterns of the Worlds Languages Jeffrey Heinz heinz@udel.edu University of Delaware The 321st

1.45k views • 93 slides
From Trees to Webs Uprooting Knowledge through Visualization @scott_bot Trees of knowledge

From Trees to Webs Uprooting Knowledge through Visualization @scott_bot Trees of knowledge

From Trees to Webs Uprooting Knowledge through Visualization @scott_bot Trees of knowledge through the ages | @scott_bot Porphyrian Tree in Augustinus de Ancona Manuscript, 1503 | @scott_bot Illustrations splitting practical knowledge &

559 views • 33 slides
Basic information Course Objectives: To learn about and discuss experimental and theoretical

Basic information Course Objectives: To learn about and discuss experimental and theoretical

Basic information Course Objectives: To learn about and discuss experimental and theoretical research into why speech is special, how linguistic elements are perceptually organized, and how this interacts with other grammatical modules

973 views • 70 slides
Wishart Distribution Max Turgeon STAT 7200Multivariate Statistics Objectives Understand

Wishart Distribution Max Turgeon STAT 7200Multivariate Statistics Objectives Understand

Wishart Distribution Max Turgeon STAT 7200Multivariate Statistics Objectives Understand the distribution of covariance matrices Understand the distribution of the MLEs for the multivariate normal distribution Understand the

1.78k views • 76 slides
LINGUISTIC RHYTHM 1 YU / LAMONT APRIL 05, 2018 2 KEEPING THE BEAT IN LANGUAGE LINGUIST

LINGUISTIC RHYTHM 1 YU / LAMONT APRIL 05, 2018 2 KEEPING THE BEAT IN LANGUAGE LINGUIST

LINGUIST 197M, SPRING 2018. CLASS 10.2 LINGUISTIC RHYTHM 1 YU / LAMONT APRIL 05, 2018 2 KEEPING THE BEAT IN LANGUAGE LINGUIST 197M, SPRING 2018. CLASS 10.2 3 METRICAL THEORY AND METRICS Bruce Hayes Russ Schuh

442 views • 25 slides
Linear Solvers for Singularly Perturbed Problems Numerical Analysis for Singularly Perturbed

Linear Solvers for Singularly Perturbed Problems Numerical Analysis for Singularly Perturbed

Linear Solvers for Singularly Perturbed Problems Numerical Analysis for Singularly Perturbed Problems (dedicated to the 60 th birthday of Martin Stynes) 16 th 18 th Nov, 2011 Niall Madden, NUI Galway Joint work with Scott MacLachlan, Tufts

661 views • 39 slides
Analysis by Synthesis of Speech Prosody: from Data to Models. Daniel Hirst Laboratoire Parole

Analysis by Synthesis of Speech Prosody: from Data to Models. Daniel Hirst Laboratoire Parole

Analysis by Synthesis of Speech Prosody: from Data to Models. Daniel Hirst Laboratoire Parole et Langage, CNRS & Universit de Provence, Aix en Provence, France With the past, present and future collaboration of: Caroline Bouzon

1.47k views • 110 slides
Artificial Intelligence George Konidaris gdk@cs.brown.edu Fall 2019 1410 Team Instructor :

Artificial Intelligence George Konidaris gdk@cs.brown.edu Fall 2019 1410 Team Instructor :

Artificial Intelligence George Konidaris gdk@cs.brown.edu Fall 2019 1410 Team Instructor : George Konidaris Hours : Wed 4-5pm, CIT 447 HTAs: Leon Lei and Aansh Shah TAs : Alex Liu Jesus Contreras Ariel

993 views • 66 slides

More recommend