Paper 2024/196
Subfield attack: leveraging composite-degree extensions in the Quotient Ring transform
, Laboratoire de Recherche en Informatique de Paris 6, Thales (France)Abstract
In this note, we show that some of the parameters of the Quotient-Ring transform proposed for VOX are vulnerable. More precisely, they were chosen to defeat an attack in the field extension $\mathbb F_{q^l}$ obtained by quotienting $\mathbb F_q[X]$ by an irreducible polynomial of degree $l$. We observe that we may use a smaller extension $\mathbb F_{q^{l'}}$ for any $l'|l$, in which case the attacks apply again. We also introduce a simple algebraic attack without the use of the MinRank problem to attack the scheme. These attacks concern a subset of the parameter sets proposed for VOX: I, Ic, III, IIIa, V, Vb. We estimate the cost of our attack on these parameter sets and find costs of at most $2^{67}$ gates, and significantly lower in most cases. In practice, our attack requires $0.3s, 1.35s, 0.56s$ for parameter sets I,III,V for the initial VOX parameters, and $56.7s, 6.11s$ for parameter sets IIIa, Vb proposed after the rectangular MinRank attack.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Multivariate cryptography
- Contact author(s)
- pierre pebereau @ lip6 fr
- History
- 2024-02-12: approved
- 2024-02-09: received
- See all versions
- Short URL
- https://ia.cr/2024/196
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/196,
author = {Pierre Pébereau},
title = {Subfield attack: leveraging composite-degree extensions in the Quotient Ring transform},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/196},
year = {2024},
url = {https://eprint.iacr.org/2024/196}
}
