Results 1  10
of
15,741
A PolynomialTime KeyRecovery Attack on MQQ Cryptosystems
"... Abstract. We investigate the security of the family of MQQ public key cryptosystems using multivariate quadratic quasigroups (MQQ). These cryptosystems show especially good performance properties. In particular, the MQQSIG signature scheme is the fastest scheme in the ECRYPT benchmarking of crypto ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
of cryptographic systems (eBACS). We show that both the signature scheme MQQSIG and the encryption scheme MQQENC, although using different types of MQQs, share a common algebraic structure that introduces a weakness in both schemes. We use this weakness to mount a successful polynomial time keyrecovery attack
Analysis of the MQQ Public Key Cryptosystem
"... MQQ is a multivariate cryptosystem based on multivariate quadratic quasigroups and the Dobbertin transformation [18]. The cryptosystem was broken both by Gröbner bases computation and MutantXL [27]. The complexity of Gröbner bases computation is exponential in the degree of regularity, which is the ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
MQQ is a multivariate cryptosystem based on multivariate quadratic quasigroups and the Dobbertin transformation [18]. The cryptosystem was broken both by Gröbner bases computation and MutantXL [27]. The complexity of Gröbner bases computation is exponential in the degree of regularity, which
KeyRecovery Attacks on ASASA?
"... Abstract. The ASASA construction is a new design scheme introduced at Asiacrypt 2014 by Biryukov, Bouillaguet and Khovratovich. Its versatility was illustrated by building two publickey encryption schemes, a secretkey scheme, as well as super Sbox subcomponents of a whitebox scheme. However one ..."
Abstract
 Add to MetaCart
of the two publickey cryptosystems was recently broken at Crypto 2015 by Gilbert, Plût and Treger. As our main contribution, we propose a new algebraic keyrecovery attack able to break at once the secretkey scheme as well as the remaining publickey scheme, in time complexity 263 and 239 respectively (the
Threshold KeyRecovery Systems for RSA
, 1997
"... Although threshold keyrecovery systems for the discrete log based cryptosystems such as the ElGamal scheme have been proposed by Feldman and Pedersen [6, 11, 12], no (practical) threshold keyrecovery system for the factoring based cryptosystems such as the RSA scheme has been proposed. 1 This pa ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Although threshold keyrecovery systems for the discrete log based cryptosystems such as the ElGamal scheme have been proposed by Feldman and Pedersen [6, 11, 12], no (practical) threshold keyrecovery system for the factoring based cryptosystems such as the RSA scheme has been proposed. 1
Algebraic Attack on the MQQ Public Key Cryptosystem
"... In this paper, we present an efficient attack on the multivariate Quadratic Quasigroups (MQQ) public key cryptosystem. Our cryptanalysis breaks the MQQ cryptosystem by solving a system of multivariate quadratic polynomial equations using both the MutantXL algorithm and the F4 algorithm. We present t ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
In this paper, we present an efficient attack on the multivariate Quadratic Quasigroups (MQQ) public key cryptosystem. Our cryptanalysis breaks the MQQ cryptosystem by solving a system of multivariate quadratic polynomial equations using both the MutantXL algorithm and the F4 algorithm. We present
KeyRecovery Attack on the ASASA Cryptosystem With Expanding SBoxes
"... Abstract. We present a cryptanalysis of the ASASA public key cipher introduced at Asiacrypt 2014 [3]. This scheme alternates three layers of affine transformations A with two layers of quadratic substitutions S. We show that the partial derivatives of the public key polynomials contain information a ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
about the intermediate layer. This enables us to present a very simple distinguisher between an ASASA public key and random polynomials. We then expand upon the ideas of the distinguisher to achieve a full secret key recovery. This method uses only linear algebra and has a complexity dominated
A Family of Weak Keys in HFE (and the Corresponding Practical KeyRecovery)
"... The HFE (Hidden Field Equations) cryptosystem is one of the most interesting publickey multivariate scheme. It has been proposed more than 10 years ago by Patarin and seems to withstand the attacks that break many other multivariate schemes, since only subexponential ones have been proposed. The p ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
of the internal polynomial are defined in the ground field. In this case, we reduce the secret key recovery problem to an instance of the Isomorphism of Polynomials (IP) problem between the equations of the public key and themselves. Even though for schemes such as SFLASH or C ∗ the hardness of keyrecovery
A Family of Weak Keys in HFE (and the Corresponding Practical KeyRecovery)
"... The HFE (Hidden Field Equations) cryptosystem is one of the most interesting publickey multivariate scheme. It has been proposed more than 10 years ago by Patarin and seems to withstand the attacks that break many other multivariate schemes, since only subexponential ones have been proposed. The p ..."
Abstract
 Add to MetaCart
of the internal polynomial are defined in the ground field. In this case, we reduce the secret key recovery problem to an instance of the Isomorphism of Polynomials (IP) problem between the equations of the public key and themselves. Even though for schemes such as SFLASH or C∗ the hardness of keyrecovery relies
Deterministic Polynomial Time Equivalence between Factoring and KeyRecovery Attack on
 Takagi’s RSA”, Practice and Theory in Public Key Cryptography – PKC 2007, Lecture Notes in Computer Science
"... Abstract. For RSA, May showed a deterministic polynomial time equivalence of computing d to factoring N( = pq). On the other hand, Takagi showed a variant of RSA such that the decryption algorithm is faster than the standard RSA, where N = prq while ed = 1 mod (p−1)(q−1). In this paper, we show tha ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. For RSA, May showed a deterministic polynomial time equivalence of computing d to factoring N( = pq). On the other hand, Takagi showed a variant of RSA such that the decryption algorithm is faster than the standard RSA, where N = prq while ed = 1 mod (p−1)(q−1). In this paper, we show
The Multivariate Probabilistic Encryption Scheme MQQENC
"... Abstract. We propose a new multivariate probabilistic encryption scheme with decryption errors MQQENC that belongs to the family of MQQbased public key schemes. Similarly to MQQSIG, the trapdoor is constructed using quasigroup string transformations with multivariate quadratic quasigroups, and a ..."
Abstract
 Add to MetaCart
Abstract. We propose a new multivariate probabilistic encryption scheme with decryption errors MQQENC that belongs to the family of MQQbased public key schemes. Similarly to MQQSIG, the trapdoor is constructed using quasigroup string transformations with multivariate quadratic quasigroups, and a
Results 1  10
of
15,741