Results 1 
4 of
4
PublicKey Cryptography from New Multivariate Quadratic Assumptions
, 2012
"... In this work, we study a new multivariate quadratic (MQ) assumption that can be used to construct publickey encryptions. In particular, we research in the following two directions: • We establish a precise asymptotic formulation of a family of hard MQ problems, and provide empirical evidence to con ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
In this work, we study a new multivariate quadratic (MQ) assumption that can be used to construct publickey encryptions. In particular, we research in the following two directions: • We establish a precise asymptotic formulation of a family of hard MQ problems, and provide empirical evidence to confirm the hardness. • We construct publickey encryption schemes, and prove their security under the hardness assumption of this family. Also, we provide a new perspective to look at MQ systems that plays a key role to our design and proof of security. As a consequence, we construct the first publickey encryption scheme that is provably secure under the MQ assumption. Moreover, our publickey encryption scheme is efficient in the sense that it only needs a ciphertext length L + poly(k) to encrypt a message M ∈ {0, 1} L for any unprespecified polynomial L, where k is the security parameter. This is essentially optimal since an additive overhead is the best we can hope for. 1
Secure PRNGs from Specialized Polynomial Maps over Any Fq
, 2007
"... We prove that a random map drawn from any class C of polynomial maps from (Fq) n to (Fq) n+r that is (i) totally random in the a ne terms, and (ii) has a negligible chance of being not strongly oneway, provides a secure PRNG (hence a secure stream cipher) for any q. Plausible choices for C are semi ..."
Abstract
 Add to MetaCart
We prove that a random map drawn from any class C of polynomial maps from (Fq) n to (Fq) n+r that is (i) totally random in the a ne terms, and (ii) has a negligible chance of being not strongly oneway, provides a secure PRNG (hence a secure stream cipher) for any q. Plausible choices for C are semisparse (i.e., the a ne terms are truly random) systems and other systems that are easy to evaluate from a small (compared to a generic map) number of parameters. To our knowledge, there are no other positive results for provable security of specialized polynomial systems, in particular sparse ones (which are natural candidates to investigate for speed). We can build a family of provably secure stream ciphers a rough implementation of which at the same security level can be more than twice faster than an optimized QUAD (and any other provably secure stream ciphers proposed so far), and uses much less storage. This may also help build faster provably secure hashes. We also examine the e ects of recent results on specialization on security, e.g., AumassonMeier (ICISC 2007), which precludes MerkleDamgård compression using polynomials systems uniformly very sparse in every degree from being universally collisionfree. We conclude that our ideas are consistent with and complements these new results. We think that we can build secure primitives based on specialized (versus generic) polynomial maps which are more e cient.
Partitioning Multivariate Polynomial Equations via Vertex Separators for Algebraic Cryptanalysis and Mathematical Applications
"... Abstract. We present a novel approach for solving systems of polynomial equations via graph partitioning. The concept of a variablesharing graph of a system of polynomial equations is defined. If such graph is disconnected, then the system of equations is actually two separate systems that can be s ..."
Abstract
 Add to MetaCart
Abstract. We present a novel approach for solving systems of polynomial equations via graph partitioning. The concept of a variablesharing graph of a system of polynomial equations is defined. If such graph is disconnected, then the system of equations is actually two separate systems that can be solved individually. This can provide a significant speedup in computing the solution to the system, but is unlikely to occur either randomly or in applications. However, by deleting a small number of vertices on the graph, the variablesharing graph could be disconnected in a balanced fashion, and in turn the system of polynomial equations are separated into smaller ones of similar sizes. In graph theory terms, this process is equivalent to finding balanced vertex partitions with minimumweight vertex separators. The techniques of finding these vertex partitions are discussed, and experiments are performed to evaluate its practicality for general graphs and systems of polynomial equations. Applications of this approach to the QUAD family of stream ciphers, algebraic cryptanalysis of the stream cipher Trivium and its variants, as well as some mathematical problems in game theory and computational algebraic geometry are presented. In each of these cases, the systems of polynomial equations involved are wellsuited to our graph partitioning method, and constructive results are discussed.