Cryptology ePrint Archive: Report 2004/237
Efficient Cryptanalysis of RSE(2)PKC and RSSE(2)PKC
Christopher Wolf and An Braeken and Bart Preneel
Abstract: In this paper, we study the new class step-wise Triangular Schemes (STS) of public key cryptosystems (PKC) based on multivariate quadratic polynomials. In these schemes, we have $m$ the number of equations, $n$ the number of variables, $L$ the number of steps/layers, $r$ the number of equations/variables per step, and $q$
the size of the underlying field. We present two attacks on the STS class by exploiting the chain of the kernels of the private key polynomials. The first attack is an inversion attack which computes the message/signature for given ciphertext/message in $O(mn^3Lq^r + n^2Lrq^r)$, the second is a structural attack which recovers an equivalent version of the secret key in $O(mn^3Lq^r + mn^4)$ operations.
Since the legitimate user has workload $q^r$ for decrypting/computing a signature, the attacks presented in this paper are very efficient. As an application, we show that two special instances of STS, namely RSE(2)PKC and RSSE(2)PKC, recently proposed by Kasahara and Sakai, are insecure.
Category / Keywords: public-key cryptography / multivariate cryptography, cryptanalysis, rank attack, Tame
Publication Info: This is the extended version of an article published in Conference on Security in Communication Networks --- SCN 2004, volume 3352 of Lecture Notes in Computer Science, pages 294--309. Springer, September 8--10 2004.
Date: received 14 Sep 2004, last revised 6 Aug 2005
Contact author: Christopher Wolf at esat kuleuven ac be
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Version: 20050806:153740 (All versions of this report)
Short URL: ia.cr/2004/237
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]