Conference Paper
Polly Cracker, Revisited
DOI: 10.1007/9783642253850_10 Conference: Advances in Cryptology  ASIACRYPT 2011  17th International Conference on the Theory and Application of Cryptology and Information Security, Seoul, South Korea, December 48, 2011. Proceedings
Source: DBLP
Fulltext
Ludovic Perret, Available from: Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.

 "In cryptology, the hardness of PoSSo q is now a subject of major interest, e.g. [30] [23] [24] [16] [18] [14] [17] [25] [1] [29] [15] [34] [36] [21]. In one hand, this problem is used as a trapdoor to design many cryptographic primitives, mostly in multivariate cryptography [32] [33] [37]. "
Conference Paper: Solving Polynomial Systems over Finite Fields: Improved Analysis of the Hybrid Approach
[Show abstract] [Hide abstract]
ABSTRACT: The Polynomial System Solving (PoSSo) problem is a fundamental NPHard problem in computer algebra. Among others, PoSSo have applications in area such as coding theory and cryptology. Typically, the security of multivariate publickey schemes (MPKC) such as the UOV cryptosystem of Kipnis, Shamir and Patarin is directly related to the hardness of PoSSo over finite fields. The goal of this paper is to further understand the influence of finite fields on the hardness of PoSSo. To this end, we consider the socalled hybrid approach. This is a polynomial system solving method dedicated to finite fields proposed by Bettale, Faugère and Perret (Journal of Mathematical Cryptography, 2009). The idea is to combine exhaustive search with Gröbner bases. The efficiency of the hybrid approach is related to the choice of a tradeoff between the two methods. We propose here an improved complexity analysis dedicated to quadratic systems. Whilst the principle of the hybrid approach is simple, its careful analysis leads to rather surprising and somehow unexpected results. We prove that the optimal tradeoff (i.e. number of variables to be fixed) allowing to minimize the complexity is achieved by fixing a number of variables proportional to the number of variables of the system considered, denoted n. Under some natural algebraic assumption, we show that the asymptotic complexity of the hybrid approach is 2(3.313.62 log2(q)1)n, where q is the size of the field (under the condition in particular that log(q) ≪ n). This is to date, the best complexity for solving PoSSo over finite fields (when q > 2). We have been able to quantify the gain provided by the hybrid approach compared to a direct Gröbner basis method. For quadratic systems, we show (assuming a natural algebraic assumption) that this gain is exponential in the number of variables. Asymptotically, the gain is 21.49n when both n and q grow to infinity and log(q) ≪ n.Proceedings of the 37th International Symposium on Symbolic and Algebraic Computation; 07/2012 
 "In some cases, systems of special types have to be solved, but recent proposals like the new Polly Cracker type cryptosystem [1] rely on the hardness of solving random systems of equations. This motivates the study of the complexity of generic polynomial systems. "
[Show abstract] [Hide abstract]
ABSTRACT: A fundamental problem in computer science is to find all the common zeroes of $m$ quadratic polynomials in $n$ unknowns over $\mathbb{F}_2$. The cryptanalysis of several modern ciphers reduces to this problem. Up to now, the best complexity bound was reached by an exhaustive search in $4\log_2 n\,2^n$ operations. We give an algorithm that reduces the problem to a combination of exhaustive search and sparse linear algebra. This algorithm has several variants depending on the method used for the linear algebra step. Under precise algebraic assumptions on the input system, we show that the deterministic variant of our algorithm has complexity bounded by $O(2^{0.841n})$ when $m=n$, while a probabilistic variant of the Las Vegas type has expected complexity $O(2^{0.792n})$. Experiments on random systems show that the algebraic assumptions are satisfied with probability very close to~1. We also give a rough estimate for the actual threshold between our method and exhaustive search, which is as low as~200, and thus very relevant for cryptographic applications.Journal of Complexity 12/2011; 29(1). DOI:10.1016/j.jco.2012.07.001 · 1.50 Impact Factor 
Article: Lattice Signatures Without Trapdoors
[Show abstract] [Hide abstract]
ABSTRACT: We provide an alternative method for constructing latticebased digital signatures which does not use the "hashandsign" methodology of Gentry, Peikert, and Vaikuntanathan (STOC 2008). Our resulting signature scheme is secure, in the random oracle model, based on the worstcase hardness of the Õ(n1.5)SIVP problem in general lattices. The secret key, public key, and the signature size of our scheme are smaller than in all previous instantiations of the hashandsign signature, and our signing algorithm is also quite simple, requiring just a few matrixvector multiplications and rejection samplings. We then also show that by slightly changing the parameters, one can get even more efficient signatures that are based on the hardness of the Learning With Errors problem. Our construction naturally transfers to the ring setting, where the size of the public and secret keys can be significantly shrunk, which results in the most practical todate provably secure signature scheme based on lattices.