Skip to main content
Springer Nature Link
Log in

Complexity Estimates for the F 4 Attack on the Perturbed Matsumoto-Imai Cryptosystem

  • Conference paper
Cryptography and Coding (Cryptography and Coding 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3796))

Included in the following conference series:

  • 1352 Accesses

Abstract

Though the Perturbed Matsumoto-Imai (PMI) cryptosystem is considered insecure due to the recent differential attack of Fouque, Granboulan, and Stern, even more recently Ding and Gower showed that PMI can be repaired with the Plus (+) method of externally adding as few as 10 randomly chosen quadratic polynomials. Since relatively few extra polynomials are added, the attack complexity of a Gröbner basis attack on PMI+ will be roughly equal to that of PMI. Using Magma’s implementation of the F 4 Gröbner basis algorithm, we attack PMI with parameters q = 2, 0 ≤ r ≤ 10, and 14 ≤ n ≤ 59. Here, q is the number of field elements, n the number of equations/variables, and r the perturbation dimension. Based on our experimental results, we give estimates for the running time for such an attack. We use these estimates to judge the security of some proposed schemes, and we suggest more efficient schemes. In particular, we estimate that an attack using F 4 against the parameters q = 2, r = 5, n = 96 (suggested in [7]) has a time complexity of less than 250 3-DES computations, which would be considered insecure for practical applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Akkar, M.-L., Courtois, N.T., Duteuil, R., Goubin, L.: A Fast and Secure Implementation of Sflash. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 267–278. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  2. Ars, G., Faugère, J.-C., Imai, H., Kawazoe, M., Sugita, M.: Comparison Between XL and Gröbner Basis Algorithms. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 338–353. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  3. University of Sydney Computational Algebra Group. The MAGMA computational algebra system for algebra, number theory and geometry, http://magma.maths.usyd.edu.au/magma

  4. Courtois, N., Daum, M., Felke, P.: On the Security of HFE, HFEv- and Quartz. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 337–350. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  5. Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  6. Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  7. Ding, J.: A New Variant of the Matsumoto-Imai Cryptosystem Through Perturbation. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 305–318. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  8. Ding, J., Gower, J.E.: Inoculating Multivariate Schemes Against Differential Attacks. Pre-print, p. 12, http://math.uc.edu/~aac/pub/pmi+.pdf

  9. Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner Bases (F 4). Journal of Applied and Pure Algebra 139, 61–88 (1999)

    Article  MATH  Google Scholar 

  10. Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner Bases Without Reduction to Zero (F 5). In: ISSAC 2002, pp. 75–83. ACM Press, New York (2002)

    Chapter  Google Scholar 

  11. Faugère, J.-C.: Algebraic Cryptanalysis of (HFE) Using Gröbner Bases. Technical report, Institut National de Recherche en Informatique et en Automatique, p. 19 (February 2003), http://www.inria.fr/rrrt/rr-4738.html

  12. Faugère, J.-C., Joux, A.: Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  13. Fouque, P.-A., Granboulan, L., Stern, J.: Differential Cryptanalysis for Multivariate Schemes. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 341–353. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  14. Geiselmann, W., Steinwandt, R., Beth, T.: Attacking the Affine Parts of SFlash. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 355–359. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  15. Gilbert, H., Minie, M.: Cryptanalysis of SFLASH. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 288–298. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  16. Matsumoto, T., Imai, H.: Public Quadratic Polynomial-Tuples for Efficient Signature-Verification and Message-Encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)

    Google Scholar 

  17. NESSIE. European project IST-1999-12324 on New European Schemes for Signature, Integrity and Encryption, http://www.cryptonessie.org

  18. Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt 1988. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)

    Google Scholar 

  19. Patarin, J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): Two new families of asymmetric algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996), Extended version: http://www.minrank.org/hfe.pdf

  20. Patarin, J., Goubin, L., Courtois, N.: C *_ + and HM: Variations Around Two Schemes. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 35–50. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  21. Patarin, J., Goubin, L., Courtois, N.: QUARTZ, 128-Bit Long Digital Signatures. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 298–307. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  22. Sidorenko, A.V., Gabidulin, E.M.: The Weak Keys for HFE. In: Proceedings of ISCTA 2003, p. 6 (2003)

    Google Scholar 

  23. Steel, A.: Allan Steel’s Gröbner Basis Timings Page, http://magma.maths.usyd.edu.au/users/allan/gb

  24. Wolf, C., Preneel, B.: Asymmetric Cryptography: Hidden Field Equations. In: European Congress on Computational Methods in Applied Sciences and Engineering 2004, p. 20 (2004), Extended version: http://eprint.iacr.org/2004/072

  25. Wolf, C., Preneel, B.: Taxonomy of public key schemes based on the problem of multivariate quadratic equations. Cryptology ePrint Archive, Report 2005/077, 12th of May 2005, p. 64, http://eprint.iacr.org/2005/077/

  26. Yang, B.-Y., Chen, J.-M., Courtois, N.: On Asymptotic Security Estimates in XL and Gröbner Bases-Related Algebraic Cryptanalysis. In: López, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 401–413. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematical Sciences, University of Cincinnati, Cincinnati, OH, 45211-0025, USA

    J. Ding, J. E. Gower & Z. Yin

  2. Department of Electrical & Computer Engineering and Computer Science, University of Cincinnati, Cincinnati, OH, 45211-0030, USA

    D. Schmidt

  3. K.U. Leuven ESAT-COSIC, Kasteelpark Arenberg 10, B-3001, Leuven-Heverlee, Belgium

    C. Wolf

Authors
  1. J. Ding
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. J. E. Gower
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. D. Schmidt
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. C. Wolf
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Z. Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. Computer Science, University of Bristol, Woodland Road, BS8 1UB, Bristol, United Kingdom

    Nigel P. Smart

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ding, J., Gower, J.E., Schmidt, D., Wolf, C., Yin, Z. (2005). Complexity Estimates for the F 4 Attack on the Perturbed Matsumoto-Imai Cryptosystem. In: Smart, N.P. (eds) Cryptography and Coding. Cryptography and Coding 2005. Lecture Notes in Computer Science, vol 3796. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11586821_18

Download citation

  • DOI: https://doi.org/10.1007/11586821_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30276-6

  • Online ISBN: 978-3-540-32418-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics