Results 1 - 10 of 15,741

A Polynomial-Time Key-Recovery Attack on MQQ Cryptosystems

by Danilo Gligoroski, Ludovic Perret, Simona Samardjiska, Enrico Thomae
"... Abstract. We investigate the security of the family of MQQ public key cryptosystems using multivari-ate quadratic quasigroups (MQQ). These cryptosystems show especially good performance properties. In particular, the MQQ-SIG signature scheme is the fastest scheme in the ECRYPT benchmarking of crypto ..."
Abstract - Cited by 1 (0 self) - Add to MetaCart
of cryptographic systems (eBACS). We show that both the signature scheme MQQ-SIG and the encryption scheme MQQ-ENC, although using different types of MQQs, share a common algebraic structure that introduces a weakness in both schemes. We use this weakness to mount a successful polynomial time key-recovery attack

Analysis of the MQQ Public Key Cryptosystem

by Rune Ødegard, Ludovic Perret, Jean-Charles Faugère, Danilo Gligoroski
"... MQQ is a multivariate cryptosystem based on multivariate quadratic quasigroups and the Dobbertin transformation [18]. The cryptosystem was broken both by Gröbner bases computation and MutantXL [27]. The complexity of Gröbner bases computation is exponential in the degree of regularity, which is the ..."
Abstract - Cited by 4 (3 self) - Add to MetaCart
MQQ is a multivariate cryptosystem based on multivariate quadratic quasigroups and the Dobbertin transformation [18]. The cryptosystem was broken both by Gröbner bases computation and MutantXL [27]. The complexity of Gröbner bases computation is exponential in the degree of regularity, which

Key-Recovery Attacks on ASASA?

by Brice Minaud, Patrick Derbez, Pierre-alain Fouque, Pierre Karpman
"... Abstract. The ASASA construction is a new design scheme introduced at Asiacrypt 2014 by Biryukov, Bouillaguet and Khovratovich. Its versatility was illustrated by building two public-key encryption schemes, a secret-key scheme, as well as super S-box subcomponents of a white-box scheme. However one ..."
Abstract - Add to MetaCart
of the two public-key cryptosystems was recently broken at Crypto 2015 by Gilbert, Plût and Treger. As our main contribution, we propose a new algebraic key-recovery attack able to break at once the secret-key scheme as well as the remaining public-key scheme, in time complexity 263 and 239 respectively (the

Threshold Key-Recovery Systems for RSA

by Tatsuaki Okamoto , 1997
"... Although threshold key-recovery systems for the discrete log based cryptosystems such as the ElGamal scheme have been proposed by Feldman and Pedersen [6, 11, 12], no (practical) threshold key-recovery system for the factoring based cryptosystems such as the RSA scheme has been proposed. 1 This pa ..."
Abstract - Cited by 4 (0 self) - Add to MetaCart
Although threshold key-recovery systems for the discrete log based cryptosystems such as the ElGamal scheme have been proposed by Feldman and Pedersen [6, 11, 12], no (practical) threshold key-recovery system for the factoring based cryptosystems such as the RSA scheme has been proposed. 1

Algebraic Attack on the MQQ Public Key Cryptosystem

by Mohamed Saied Emam Mohamed, Jintai Ding, Johannes Buchmann, Fabian Werner
"... In this paper, we present an efficient attack on the multivariate Quadratic Quasigroups (MQQ) public key cryptosystem. Our cryptanalysis breaks the MQQ cryptosystem by solving a system of multivariate quadratic polynomial equations using both the MutantXL algorithm and the F4 algorithm. We present t ..."
Abstract - Cited by 5 (0 self) - Add to MetaCart
In this paper, we present an efficient attack on the multivariate Quadratic Quasigroups (MQQ) public key cryptosystem. Our cryptanalysis breaks the MQQ cryptosystem by solving a system of multivariate quadratic polynomial equations using both the MutantXL algorithm and the F4 algorithm. We present

Key-Recovery Attack on the ASASA Cryptosystem With Expanding S-Boxes

by Henri Gilbert, Jérôme Plût, Joana Treger
"... Abstract. We present a cryptanalysis of the ASASA public key cipher introduced at Asiacrypt 2014 [3]. This scheme alternates three layers of affine transformations A with two layers of quadratic substitutions S. We show that the partial derivatives of the public key polynomials contain information a ..."
Abstract - Cited by 2 (0 self) - Add to MetaCart
about the intermediate layer. This enables us to present a very simple distinguisher between an ASASA public key and random polynomials. We then expand upon the ideas of the distinguisher to achieve a full secret key recovery. This method uses only linear algebra and has a complexity dominated

A Family of Weak Keys in HFE (and the Corresponding Practical Key-Recovery)

by Charles Bouillaguet, Pierre-Alain Fouque, Antoine Joux, Joana Treger
"... The HFE (Hidden Field Equations) cryptosystem is one of the most interesting public-key multivariate scheme. It has been proposed more than 10 years ago by Patarin and seems to withstand the attacks that break many other multivariate schemes, since only subexponential ones have been proposed. The p ..."
Abstract - Cited by 4 (1 self) - Add to MetaCart
of the internal polynomial are defined in the ground field. In this case, we reduce the secret key recovery problem to an instance of the Isomorphism of Polynomials (IP) problem between the equations of the public key and themselves. Even though for schemes such as SFLASH or C ∗ the hardness of key-recovery

A Family of Weak Keys in HFE (and the Corresponding Practical Key-Recovery)

by Charles Bouillaguet, Pierre-Alain Fouque, Antoine Joux, Joana Treger
"... The HFE (Hidden Field Equations) cryptosystem is one of the most interesting public-key multivariate scheme. It has been proposed more than 10 years ago by Patarin and seems to withstand the attacks that break many other multivariate schemes, since only subexponential ones have been proposed. The p ..."
Abstract - Add to MetaCart
of the internal polynomial are defined in the ground field. In this case, we reduce the secret key recovery problem to an instance of the Isomorphism of Polynomials (IP) problem between the equations of the public key and themselves. Even though for schemes such as SFLASH or C∗ the hardness of key-recovery relies

Deterministic Polynomial Time Equivalence between Factoring and Key-Recovery Attack on

by Noboru Kunihiro, Kaoru Kurosawa - Takagi’s RSA”, Practice and Theory in Public Key Cryptography – PKC 2007, Lecture Notes in Computer Science
"... Abstract. For RSA, May showed a deterministic polynomial time equiv-alence of computing d to factoring N( = pq). On the other hand, Takagi showed a variant of RSA such that the decryption algorithm is faster than the standard RSA, where N = prq while ed = 1 mod (p−1)(q−1). In this paper, we show tha ..."
Abstract - Cited by 2 (1 self) - Add to MetaCart
Abstract. For RSA, May showed a deterministic polynomial time equiv-alence of computing d to factoring N( = pq). On the other hand, Takagi showed a variant of RSA such that the decryption algorithm is faster than the standard RSA, where N = prq while ed = 1 mod (p−1)(q−1). In this paper, we show

The Multivariate Probabilistic Encryption Scheme MQQ-ENC

by Danilo Gligoroski, Simona Samardjiska
"... Abstract. We propose a new multivariate probabilistic encryption scheme with decryption errors MQQ-ENC that belongs to the family of MQQ-based public key schemes. Similarly to MQQ-SIG, the trapdoor is constructed using quasigroup string transformations with multivariate quadratic quasigroups, and a ..."
Abstract - Add to MetaCart
Abstract. We propose a new multivariate probabilistic encryption scheme with decryption errors MQQ-ENC that belongs to the family of MQQ-based public key schemes. Similarly to MQQ-SIG, the trapdoor is constructed using quasigroup string transformations with multivariate quadratic quasigroups, and a
Results 1 - 10 of 15,741