### Practical Cryptanalysis of the Identification Scheme Based on the Isomorphism of Polynomial with One Secret Problem

Charles Bouillaguet, Jean-Charles Faugère, Pierre-Alain Fouque, and Ludovic Perret

##### Abstract

This paper presents a practical cryptanalysis of the Identification Scheme proposed by Patarin at Crypto 1996. This scheme relies on the hardness of the Isomorphism of Polynomial with One Secret (IP1S), and enjoys shorter key than many other schemes based on the hardness of a combinatorial problem (as opposed to number-theoretic problems). Patarin proposed concrete parameters that have not been broken faster than exhaustive search so far. On the theoretical side, IP1S has been shown to be harder than Graph Isomorphism, which makes it an interesting target. We present two new deterministic algorithms to attack the IP1S problem, and we rigorously analyze their complexity and success probability. We show that they can solve a (big) constant fraction of all the instances of degree two in polynomial time. We verified that our algorithms are very efficient in practice. All the parameters with degree two proposed by Patarin are now broken in a few seconds. The parameters with degree three can be broken in less than a CPU-month. The identification scheme is thus quite badly broken.

Available format(s)
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
identification protocolscryptanalysismultivariate crypto
Contact author(s)
charles bouillaguet @ ens fr
History
Short URL
https://ia.cr/2010/504

CC BY

BibTeX

@misc{cryptoeprint:2010/504,
author = {Charles Bouillaguet and Jean-Charles  Faugère and Pierre-Alain Fouque and Ludovic Perret},
title = {Practical Cryptanalysis of the Identification Scheme Based on the Isomorphism of Polynomial with One Secret Problem},
howpublished = {Cryptology ePrint Archive, Paper 2010/504},
year = {2010},
note = {\url{https://eprint.iacr.org/2010/504}},
url = {https://eprint.iacr.org/2010/504}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.