Skip to main content
SpringerLink
Log in

Implementing Joux-Vitse’s Crossbred Algorithm for Solving \({\mathcal M\mathcal Q}\) Systems over \({\mathbb F}_2\) on GPUs

  • Conference paper
  • First Online:
Post-Quantum Cryptography (PQCrypto 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10786))

Included in the following conference series:

Abstract

The hardness of solving multivariate quadratic (\(\mathcal {MQ}\)) systems is the underlying problem for multivariate-based schemes in the field of post-quantum cryptography. The concrete, practical hardness of this problem needs to be measured by state-of-the-art algorithms and high-performance implementations. We describe, implement, and evaluate an adaption of the Crossbred algorithm by Joux and Vitse from 2017 for solving \(\mathcal {MQ}\) systems over \(\mathbb {F}_{2}\). Our adapted algorithm is highly parallelizable and is suitable for solving \(\mathcal {MQ}\) systems on GPU architectures. Our implementation is able to solve an \(\mathcal {MQ}\) system of 134 equations in 67 variables in 98.39 hours using one single commercial Nvidia GTX 980 graphics card, while the original Joux-Vitse algorithm requires 6200 CPU-hours for the same problem size. We used our implementation to solve all the Fukuoka Type-I MQ challenges for \(n \in \{55, \dots , 74\}\). Based on our implementation, we estimate that the expected computation time for solving an \(\mathcal {MQ}\) system of 80 equations in 84 variables is about one year using a cluster of 3600 GTX 980 graphics cards. These parameters have been proposed for 80-bit security by, e.g., Sakumoto, Shirai, and Hiwatari at Crypto 2011.

This work is based on Kai-Chun Ning’s master thesis under the supervision of Ruben Niederhagen, Tanja Lange, and Daniel J. Bernstein. Date: 2018.01.23. Permanent ID of this document: f9066f7294db4f2b5fbdb3e791fed78e.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.mqchallenge.org/.

  2. 2.

    https://www.anandtech.com/show/8526/nvidia-geforce-gtx-980-review.

References

  1. Berbain, C., Gilbert, H., Patarin, J.: QUAD: a practical stream cipher with provable security. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 109–128. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  2. Bernstein, D.J.: The saber cluster. https://blog.cr.yp.to/20140602-saber.html

  3. Bouillaguet, C., Chen, H.-C., Cheng, C.-M., Chou, T., Niederhagen, R., Shamir, A., Yang, B.-Y.: Fast exhaustive search for polynomial systems in \({\mathbb{F}_2}\). In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 203–218. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  4. Bouillaguet, C., Cheng, C.-M., Chou, T., Niederhagen, R., Yang, B.-Y.: Fast exhaustive search for quadratic systems in \(\mathbb{F}_{2}\) on FPGAs. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 205–222. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  5. Clough, C., Baena, J., Ding, J., Yang, B.-Y., Chen, M.: Square, a new multivariate encryption scheme. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 252–264. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  6. Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  7. Faugère, J.C.: A new efficient algorithm for computing Gröbner bases (\(F_4\)). J. Pure Appl. Algebra 139, 61–88 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  8. Faugère, J.C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (\(F_5\)). In: International Symposium on Symbolic and Algebraic Computation – ISSAC 2002, pp. 75–83. ACM Press (2002)

    Google Scholar 

  9. Fusco, G., Bach, E.: Phase transition of multivariate polynomial systems. Math. Struct. Comput. Sci. 19, 9–23 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  10. Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): two new families of asymmetric algorithms. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)

    Google Scholar 

  11. Joux, A., Vitse, V.: A crossbred algorithm for solving boolean polynomial systems. IACR Cryptology ePrint Archive (2017). https://eprint.iacr.org/2017/372

  12. Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999)

    Google Scholar 

  13. Patarin, J., Courtois, N., Goubin, L.: QUARTZ, 128-bit long digital signatures. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 282–297. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  14. Porras, J., Baena, J., Ding, J.: ZHFE, a new multivariate public key encryption scheme. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 229–245. Springer, Cham (2014)

    Google Scholar 

  15. Sakumoto, K., Shirai, T., Hiwatari, H.: Public-key identification schemes based on multivariate quadratic polynomials. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 706–723. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  16. Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Foundations of Computer Science, pp. 124–134. IEEE (1994)

    Google Scholar 

  17. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Rev. 41(2), 303–332 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  18. Szepieniec, A., Ding, J., Preneel, B.: Extension field cancellation: a new central trapdoor for multivariate quadratic systems. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 182–196. Springer, Cham (2016)

    Chapter  Google Scholar 

  19. Yang, B.-Y., Chen, J.-M.: All in the XL family: theory and practice. In: Park, C., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 67–86. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  20. Yang, B.-Y., Chen, O.C.-H., Bernstein, D.J., Chen, J.-M.: Analysis of QUAD. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 290–308. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Acknowledgments

We would like to thank Daniel J. Bernstein for granting us access to his Saber GPU clusters at Eindhoven University of Technology and the University of Illinois at Chicago. This research was partially supported by the project MOST105-2923-E-001-003-MY3 of the Ministry of Science and Technology, Taiwan.

Author information

Authors and Affiliations

  1. Fraunhofer SIT, Darmstadt, Germany

    Ruben Niederhagen

  2. Eindhoven University of Technology, Eindhoven, The Netherlands

    Kai-Chun Ning

  3. IIS and CITI, Academia Sinica, Taipei, Taiwan

    Bo-Yin Yang

Authors
  1. Ruben Niederhagen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kai-Chun Ning
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bo-Yin Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Ruben Niederhagen , Kai-Chun Ning or Bo-Yin Yang .

Editor information

Editors and Affiliations

  1. Technische Universiteit Eindhoven, Eindhoven, The Netherlands

    Tanja Lange

  2. Florida Atlantic University, Boca Raton, Florida, USA

    Rainer Steinwandt

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Niederhagen, R., Ning, KC., Yang, BY. (2018). Implementing Joux-Vitse’s Crossbred Algorithm for Solving \({\mathcal M\mathcal Q}\) Systems over \({\mathbb F}_2\) on GPUs. In: Lange, T., Steinwandt, R. (eds) Post-Quantum Cryptography. PQCrypto 2018. Lecture Notes in Computer Science(), vol 10786. Springer, Cham. https://doi.org/10.1007/978-3-319-79063-3_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-79063-3_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-79062-6

  • Online ISBN: 978-3-319-79063-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation