Abstract. This paper shows that a $390 mass-market quad-core 2.4GHz Intel Westmere (Xeon E5620) CPU can create 108000 signatures per second and verify 71000 signatures per second on an elliptic curve at a 2 128 security level. Public keys are 32 bytes, and signatures are 64 bytes. These performance figures include strong defenses against software sidechannel attacks: there is no data flow from secret keys to array indices, and there is no data flow from secret keys to branch conditions.
Abstract. Multivariate public-key cryptosystems (sometimes polynomial-based PKC's or just multivariates) handle polynomials of many variables over relatively small fields instead of elements of a large ring or group. The "tame-like" or "sparse" class of multivariates are distinguished by the relatively few terms that they have per central equation. We explain how they differ from the "big-field" type of multivariates, represented by derivatives of C * and HFE, how they are better, and give basic security criteria for them. The last is shown to be satisfied by efficient schemes called "Enhanced TTS" which is built on a combination of the Oil-and-Vinegar and Triangular ideas. Their security levels are estimated. In this process we summarize and in some cases, improve rank-based attacks, which seek linear combinations of certain matrices at given ranks. These attacks are responsible for breaking many prior multivariate designs.
We analyze how fast we can solve general systems of multivariate equations of various low degrees over F2; this is a well known hard problem which is important both in itself and as part of many types of algebraic cryptanalysis. Compared to the standard exhaustive search technique, our improved approach is more efficient both asymptotically and practically. We implemented several optimized versions of our techniques on CPUs and GPUs. Our technique runs more than 10 times faster on modern graphic cards than on the most powerful CPU available. Today, we can solve 48+ quadratic equations in 48 binary variables on a 500-dollar NVIDIA GTX 295 graphics card in 21 minutes. With this level of performance, solving systems of equations supposed to ensure a security level of 64 bits turns out to be feasible in practice with a modest budget. This is a clear demonstration of the computational power of GPUs in solving many types of combinatorial and cryptanalytic problems.
The sum of distances between all vertex pairs in a connected graph is known as the Wiener index. It is an early index which correlates well with many physico-chemical properties of organic compounds and as such has been well studied over the last quarter of a century. A q-analogue of this index, termed the Wiener polynomial by Hosoya but also known today as the Hosoya polynomial, extends this concept by trying to capture the complete distribution of distances in the graph.Mathematicians have studied several operators on a connected graph in which we see a subdivision of the edges. In this work, we show how the Wiener index of a graph changes with these operations, and extend the results to Wiener polynomials.
Abstract. A recently proposed class of multivariate Public-Key Cryptosystems, the Rainbow-Like Digital Signature Schemes, in which successive sets of central variables are obtained from previous ones by solving linear equations, seem to lead to e cient schemes (TTS, TRMS, and Rainbow) that perform well on systems of low computational resources. Recently SFLASH (C * − ) was broken by Dubois, Fouque, Shamir, and Stern via a di erential attack. In this paper, we exhibit similar algebraic and di ential attacks, that will reduce published Rainbow-like schemes below their security levels. We will also discuss how parameters for Rainbow and TTS schemes should be chosen for practical applications. Keywords: rank, di erential attack, algebraic attack, oil-and-vinegar Note: This is an update to the paper to appear at ACNS 2008, New York 1 Outline Multivariate Public-Key Cryptosystems (MPKCs, or trapdoor MQ schemes) are cryptosystems for which the public key is a set of polynomials P = (p 1 , . . . , p m ) in variables x = (x 1 , . . . , x n ) where all variables and coe cients are in K = GF(q). In practice this is always accomplished viaIn any given scheme, the central map Q belongs to a certain class of quadratic maps whose inverse can be computed relatively easily. The maps S, T are a ne. The polynomials giving y i in x are called the central polynomials, and the x j are called the central variables.In 1999, the Unbalanced Oil-and-Vinegar multivariate structure is proposed by Patarin et al [16]. Lately the Rainbow class of signatures [7,20,25], based on repeated applications of the Unbalanced Oil-and-Vinegar principle, shows some promise on systems of low computational resources.Given that the well-known C * − class of signature schemes including SFLASH was broken by di erential attacks [8], we examine similar attacks on Rainbow, with the following conclusions:Di erentials improve on the High-Rank attacks on Rainbow-like systems.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.