Cryptology ePrint Archive: Report 2020/984

On Multivariate Algorithms of Digital Signatures on Secure El Gamal Type Mode.

Vasyl Ustimenko

Abstract: The intersection of Non-commutative and Multivariate cryptography contains studies of cryptographic applications of subsemigroups and subgroups of affine Cremona semigroups defined over finite commutative ring K with the unit. We consider special subsemigroups (platforms) in a semigroup of all endomorphisms of K[x_1, x_2, …, x_n]. Efficiently computed homomorphisms between such platforms can be used in Post Quantum key exchange protocols when correspondents elaborate common transformation of (K*)^n. The security of these schemes is based on a complexity of decomposition problem for an element of a semigroup into a product of given generators. We suggest three such protocols (with a group and with two semigroups as platforms) for their usage with multivariate digital signatures systems. The usage of protocols allows to convert public maps of these systems into private mode, i.e. one correspondent uses the collision map for safe transfer of selected multivariate rule to his/her partner. The ‘’ privatisation’’ of former publicly given map allows the usage of digital signature system for which some of cryptanalytic instruments were found ( estimation of different attacks on rainbow oil and vinegar system, cryptanalytic studies LUOV) with the essentially smaller size of hashed messages. Transition of basic multivariate map to safe El Gamal type mode does not allow the usage of cryptanalytic algorithms for already broken Imai - Matsumoto cryptosystem or Original Oil and Vinegar signature schemes proposed by J.Patarin. So even broken digital signatures schemes can be used in the combination with protocol execution during some restricted ‘’trust interval’’ of polynomial size. Minimal trust interval can be chosen as a dimension n of the space of hashed messages, i. e. transported safely multivariate map has to be used at most n times. Before the end of this interval correspondents have to start the session of multivariate protocol with modified multivariate map. The security of such algorithms rests not on properties of quadratic multivariate maps but on the security of the protocol for the map delivery and corresponding NP hard problem.

Category / Keywords: cryptographic protocols / Noncommutative Cryptography, Multivariate Cryptography, key exchange protocols, semigroups of transformations, decomposition problem, multivariate digital signature

Date: received 15 Aug 2020

Contact author: vasyl at hektor umcs lublin pl

Available format(s): PDF | BibTeX Citation

Note: Dear Colleaques, This is the extension of my talk at the conference dedicated to the 60th anniversary of the algebra department of Kyiv which took place Taras Shevchenko National University of Kyiv, Ukraine from 14 to 17 of July 2020 in online form.

Version: 20200818:083649 (All versions of this report)

Short URL: ia.cr/2020/984


[ Cryptology ePrint archive ]