Cryptology ePrint Archive: Report 2004/237

Efficient Cryptanalysis of RSE(2)PKC and RSSE(2)PKC

Christopher Wolf and An Braeken and Bart Preneel

Abstract: In this paper, we study the new class step-wise Triangular Schemes (STS) of public key cryptosystems (PKC) based on multivariate quadratic polynomials. In these schemes, we have $m$ the number of equations, $n$ the number of variables, $L$ the number of steps/layers, $r$ the number of equations/variables per step, and $q$ the size of the underlying field. We present two attacks on the STS class by exploiting the chain of the kernels of the private key polynomials. The first attack is an inversion attack which computes the message/signature for given ciphertext/message in $O(mn^3Lq^r + n^2Lrq^r)$, the second is a structural attack which recovers an equivalent version of the secret key in $O(mn^3Lq^r + mn^4)$ operations. Since the legitimate user has workload $q^r$ for decrypting/computing a signature, the attacks presented in this paper are very efficient. As an application, we show that two special instances of STS, namely RSE(2)PKC and RSSE(2)PKC, recently proposed by Kasahara and Sakai, are insecure.

Category / Keywords: public-key cryptography / multivariate cryptography, cryptanalysis, rank attack, Tame

Publication Info: This is the extended version of an article published in Conference on Security in Communication Networks --- SCN 2004, volume 3352 of Lecture Notes in Computer Science, pages 294--309. Springer, September 8--10 2004.

Date: received 14 Sep 2004, last revised 6 Aug 2005

Contact author: Christopher Wolf at esat kuleuven ac be

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20050806:153740 (All versions of this report)

Short URL: ia.cr/2004/237

Discussion forum: Show discussion | Start new discussion