Skip to main content
SpringerLink
Log in

Cryptanalysis of the Binary Permuted Kernel Problem

  • Conference paper
  • First Online:
Applied Cryptography and Network Security (ACNS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12727))

Included in the following conference series:

Abstract

In 1989, Shamir presented an efficient identification scheme (IDS) based on the permuted kernel problem (PKP). After 21 years, PKP was generalized by Lampe and Patarin, who were able to build an IDS similar to Shamir’s one, but using the binary field. This binary variant presented some interesting advantages over Shamir’s original IDS, such as reduced number of operations and inherently resistance against side-channel attacks. In the security analysis, considering the best attacks against the original PKP, the authors concluded that none of these existing attacks appeared to have a significant advantage when attacking the binary variant. In this paper, we propose the first attack that targets the binary PKP. The attack is analyzed in detail, and its practical performance is compared with our theoretical models. For the proposed parameters originally targeting 79 and 98 bits of security, our attack can recover about 100% of all keys using less than \(2^{63}\) and \(2^{77}\) operations, respectively.

T. B. Paiva is supported by CAPES. R. Terada is supported by CNPq grant number 442014/2014-7.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The reason why it is interesting to sort the indexes in this way is explained in the last paragraph of this section.

  2. 2.

    Recall, from Sect. 2, that binomials are defined over non-negative real numbers to allow our approximations.

  3. 3.

    Recall that \({\left( \mathbf {X} \right) }^{i}\) denotes the i–th column of matrix \(\mathbf {X}.\)

  4. 4.

    Even though the analytic approach is useful to estimate the number of nodes in each level, the errors would accumulate exponentially in the product necessary to compute the work factor of the search.

References

  1. Baritaud, T., Campana, M., Chauvaud, P., Gilbert, H.: On the security of the permuted kernel identification scheme. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 305–311. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_21

    Chapter  Google Scholar 

  2. Bernstein, D.J., Lange, T., Peters, C.: Smaller decoding exponents: ball-collision decoding. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 743–760. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_42

    Chapter  Google Scholar 

  3. Beullens, W., Faugère, J.-C., Koussa, E., Macario-Rat, G., Patarin, J., Perret, L.: PKP-based signature scheme. In: Hao, F., Ruj, S., Sen Gupta, S. (eds.) INDOCRYPT 2019. LNCS, vol. 11898, pp. 3–22. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35423-7_1

    Chapter  Google Scholar 

  4. Chen, L., et al.: Report on post-quantum cryptography. US Department of Commerce, National Institute of Standards and Technology (2016)

    Google Scholar 

  5. Cordella, L.P., Foggia, P., Sansone, C., Vento, M.: A (sub)graph isomorphism algorithm for matching large graphs. IEEE Trans. Pattern Anal. Mach. Intell. 26(10), 1367–1372 (2004)

    Article  Google Scholar 

  6. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    Chapter  Google Scholar 

  7. Finiasz, M., Sendrier, N.: Security bounds for the design of code-based cryptosystems. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 88–105. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_6

    Chapter  Google Scholar 

  8. Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman and Company, New York (1979)

    MATH  Google Scholar 

  9. Georgiades, J.: Some remarks on the security of the identification scheme based on permuted kernels. J. Cryptol. 5(2), 133–137 (1992). https://doi.org/10.1007/BF00193565

    Article  MathSciNet  MATH  Google Scholar 

  10. Jaulmes, É., Joux, A.: Cryptanalysis of PKP: a new approach. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 165–172. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44586-2_12

    Chapter  Google Scholar 

  11. Joux, A., Lercier, R.: “Chinese & Match”, an alternative to Atkin’s “Match and Sort” method used in the SEA algorithm. Math. Comput. 70(234), 827–836 (2001)

    Article  MathSciNet  Google Scholar 

  12. Koussa, E., Macario-Rat, G., Patarin, J.: On the complexity of the Permuted Kernel Problem. IACR Cryptology ePrint Archive 2019, 412 (2019)

    Google Scholar 

  13. Lampe., R., Patarin., J.: Analysis of some natural variants of the PKP algorithm. In: Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012), pp. 209–214. INSTICC, SciTePress (2012). https://doi.org/10.5220/0004012202090214

  14. Albrecht, M., Bard, G.: The M4RI Library - Version 20121224. The M4RI Team (2012)

    Google Scholar 

  15. McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Deep Space Network Progress Report 44, pp. 114–116 (1978)

    Google Scholar 

  16. Misoczki, R., Tillich, J.P., Sendrier, N., Barreto, P.S.: MDPC-McEliece: New McEliece variants from moderate density parity-check codes. In: 2013 IEEE International Symposium on Information Theory Proceedings (ISIT), pp. 2069–2073. IEEE (2013)

    Google Scholar 

  17. Patarin, J., Chauvaud, P.: Improved algorithms for the permuted kernel problem. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 391–402. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_33

    Chapter  Google Scholar 

  18. Poupard, G.: A realistic security analysis of identification schemes based on combinatorial problems. Eur. Trans. Telecommun. 8(5), 471–480 (1997)

    Article  Google Scholar 

  19. Sansone, P.F.C., Vento, M.: An improved algorithm for matching large graphs. In: Proceedings of the 3rd IAPR-TC-15 International Workshop on Graph-Based Representations (2001)

    Google Scholar 

  20. Shamir, A.: An efficient identification scheme based on permuted kernels (extended abstract). In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 606–609. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_54

    Chapter  Google Scholar 

  21. Spencer, J.: Asymptopia, vol. 71. American Mathematical Society, Providence (2014)

    MATH  Google Scholar 

  22. Stern, J.: A method for finding codewords of small weight. In: Cohen, G., Wolfmann, J. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989). https://doi.org/10.1007/BFb0019850

    Chapter  Google Scholar 

  23. Ullmann, J.R.: An algorithm for subgraph isomorphism. J. ACM (JACM) 23(1), 31–42 (1976)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgments

The authors would like to thank Augusto C. Ferrari for his helpful comments on earlier drafts of this paper. This study was financed in part by the Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - Brasil (CAPES) - Finance Code 001. This research is part of the INCT of the Future Internet for Smart Cities funded by CNPq proc. 465446/2014-0, Coordenação de Aperfeiçoamento de Pessoal de Nível Superior – Brasil (CAPES) – Finance Code 001, FAPESP proc. 14/50937-1, and FAPESP proc. 15/24485-9.

Author information

Authors and Affiliations

  1. Universidade de São Paulo, São Paulo, Brazil

    Thales Bandiera Paiva & Routo Terada

Authors
  1. Thales Bandiera Paiva
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Routo Terada
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thales Bandiera Paiva .

Editor information

Editors and Affiliations

  1. Waseda University, Tokyo, Japan

    Kazue Sako

  2. CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

    Nils Ole Tippenhauer

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Paiva, T.B., Terada, R. (2021). Cryptanalysis of the Binary Permuted Kernel Problem. In: Sako, K., Tippenhauer, N.O. (eds) Applied Cryptography and Network Security. ACNS 2021. Lecture Notes in Computer Science(), vol 12727. Springer, Cham. https://doi.org/10.1007/978-3-030-78375-4_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-78375-4_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-78374-7

  • Online ISBN: 978-3-030-78375-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation