Cryptology ePrint Archive: Report 2021/583

Entropoid-based cryptography is group exponentiation in disguise

Lorenz Panny

Abstract: A recent preprint [ePrint 2021/469] suggests the use of exponentiation in a non-associative algebraic structure called "entropoid" to construct post-quantum analogues of DLP-based cryptosystems. In this note, we show a polynomial-time reduction from the entropoid version of DLP to the conventional DLP in the underlying finite field. The resulting attack takes less than 10 minutes on a laptop against parameters suggested in [ePrint 2021/469] for 128-bit post-quantum secure key exchange and runs in polynomial time on a quantum computer. We briefly discuss how to generalize the attack to the generic setting.

Category / Keywords: public-key cryptography / cryptanalysis, post-quantum cryptography, entropic quasigroup, non-associative exponentiation, finite field, discrete-logarithm problem

Date: received 3 May 2021

Contact author: lorenz at yx7 cc

Available format(s): PDF | BibTeX Citation

Version: 20210504:070047 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]