Cryptanalysis of the Tractable Rational Map Cryptosystem

Joux, Antoine; Kunz-Jacques, Sébastien; Muller, Frédéric; Ricordel, Pierre-Michel

doi:10.1007/978-3-540-30580-4_18

Cited by 10 publications

(4 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When F is public, then recovering the secret-key precisely means solving an instance of the IP problem. Several cryptosystems have been built on this idea [182], [183], [184], but they have all been broken [185], [186], [187], [188], [185], [189], [190], [191]. The main reason behind this fiasco is that the specific instances of the IP problem exposed by these schemes were weak because F was too special, so that polynomial-time and/or efficient algorithms to crack them have eventually been designed [192], [193].…”

Section: Pkcs Based On Multivariate Quadratic Equationsmentioning

confidence: 99%

A Survey of Public-Key Cryptographic Primitives in Wireless Sensor Networks

Shim

2016

IEEE Commun. Surv. Tutorials

106

View full text Add to dashboard Cite

Cryptographic primitives are fundamental building blocks for designing security protocols to achieve confidentiality, authentication, integrity and non-repudiation. It is not too much to say that the selection and integration of appropriate cryptographic primitives into the security protocols determines the largest part of the efficiency and energy consumption of the Wireless sensor network (WSN). There are a number of surveys on security issues on WSNs, which, however, didn't focus on public-key cryptographic primitives in WSNs. In this survey, we provide a deeper understanding of public-key cryptographic primitives in WSNs including identity-based cryptography, and discuss their main directions and some open research issues that can be further pursued. We investigate state-of-the-art software implementation results of public-key cryptographic primitives in terms of execution time, energy consumption and resource occupation on constrained wireless devices choosing popular IEEE 802.15.4-compliant WSN hardware platforms, used in reallife deployments. This survey provides invaluable insights on public-key cryptographic primitives on WSN platforms, and solutions to find tradeoffs between cost, performance and security for designing security protocols in WSNs.

show abstract

Section: Pkcs Based On Multivariate Quadratic Equationsmentioning

confidence: 99%

A Survey of Public-Key Cryptographic Primitives in Wireless Sensor Networks

Shim

2016

IEEE Commun. Surv. Tutorials

106

View full text Add to dashboard Cite

show abstract

“…We can see a good example of what can go wrong in [15] if we try to construct an encryption scheme, where the initial vinegar variables is determined through an initial block of equations. Example 1. enTTS (20,28) of [25] has structure (8, 9, 1, 1, 9) and this central map: 27 .…”

Section: Rainbow-like Multivariate Signaturesmentioning

confidence: 99%

New Differential-Algebraic Attacks and Reparametrization of Rainbow

Ding

Yang

Chen

et al. 2008

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Abstract. A recently proposed class of multivariate Public-Key Cryptosystems, the Rainbow-Like Digital Signature Schemes, in which successive sets of central variables are obtained from previous ones by solving linear equations, seem to lead to e cient schemes (TTS, TRMS, and Rainbow) that perform well on systems of low computational resources. Recently SFLASH (C * − ) was broken by Dubois, Fouque, Shamir, and Stern via a di erential attack. In this paper, we exhibit similar algebraic and di ential attacks, that will reduce published Rainbow-like schemes below their security levels. We will also discuss how parameters for Rainbow and TTS schemes should be chosen for practical applications. Keywords: rank, di erential attack, algebraic attack, oil-and-vinegar Note: This is an update to the paper to appear at ACNS 2008, New York 1 Outline Multivariate Public-Key Cryptosystems (MPKCs, or trapdoor MQ schemes) are cryptosystems for which the public key is a set of polynomials P = (p 1 , . . . , p m ) in variables x = (x 1 , . . . , x n ) where all variables and coe cients are in K = GF(q). In practice this is always accomplished viaIn any given scheme, the central map Q belongs to a certain class of quadratic maps whose inverse can be computed relatively easily. The maps S, T are a ne. The polynomials giving y i in x are called the central polynomials, and the x j are called the central variables.In 1999, the Unbalanced Oil-and-Vinegar multivariate structure is proposed by Patarin et al [16]. Lately the Rainbow class of signatures [7,20,25], based on repeated applications of the Unbalanced Oil-and-Vinegar principle, shows some promise on systems of low computational resources.Given that the well-known C * − class of signature schemes including SFLASH was broken by di erential attacks [8], we examine similar attacks on Rainbow, with the following conclusions:Di erentials improve on the High-Rank attacks on Rainbow-like systems.

show abstract

“…The empirical approach in this case would be much faster than the theoretic in providing an insight on the cryptographic strength of a primitive. Furthermore, a theoretical approach continuously challenges the soundness of the formulations and the definitions of cryptographic tasks (see for example [14]), whereas the empirical approach is mainly concerned in offering practical security. It is therefore apparent from the above that a synergetic approach between theoretical and empirical analysis could contribute to a more effective research, as one analysis facilitates the other: the theoretical formulates and provides the necessary sound foundations for empirical research, whereas empirical analysis strengthens intuitiveness.…”

Section: Introductionmentioning

confidence: 99%