Subfield attack: leveraging composite-degree extensions in the Quotient Ring transform

Pierre Pébereau

Paper 2024/196

Subfield attack: leveraging composite-degree extensions in the Quotient Ring transform

Pierre Pébereau

, Laboratoire de Recherche en Informatique de Paris 6, Thales (France)

Abstract

In this note, we show that some of the parameters of the Quotient-Ring transform proposed for VOX are vulnerable. More precisely, they were chosen to defeat an attack in the field extension $F_{q^{l}}$ obtained by quotienting $F_{q} [X]$ by an irreducible polynomial of degree $l$ . We observe that we may use a smaller extension $F_{q^{l^{'}}}$ for any $l^{'} | l$ , in which case the attacks apply again. We also introduce a simple algebraic attack without the use of the MinRank problem to attack the scheme. These attacks concern a subset of the parameter sets proposed for VOX: I, Ic, III, IIIa, V, Vb. We estimate the cost of our attack on these parameter sets and find costs of at most gates, and significantly lower in most cases. In practice, our attack requires for parameter sets I,III,V for the initial VOX parameters, and for parameter sets IIIa, Vb proposed after the rectangular MinRank attack.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Preprint.
Keywords: Multivariate cryptography
Contact author(s): pierre pebereau @ lip6 fr
History: 2024-02-12: approved; 2024-02-09: received; See all versions
Short URL: https://ia.cr/2024/196
License: CC BY

BibTeX

@misc{cryptoeprint:2024/196,
      author = {Pierre Pébereau},
      title = {Subfield attack: leveraging composite-degree extensions in the Quotient Ring transform},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/196},
      year = {2024},
      url = {https://eprint.iacr.org/2024/196}
}