Abstract
We investigate the security of a public-key encryption scheme, the Indeterminate Equation Cryptosystem (IEC), introduced by Akiyama, Goto, Okumura, Takagi, Nuida, and Hanaoka at SAC 2017 as post-quantum cryptography. They gave two parameter sets PS1 \((n,p,\deg X,q) = (80,3,1,921601)\) and PS2 \((n,p,\deg X,q) = (80,3,2,58982400019)\).
The paper gives practical key-recovery and message-recovery attacks against those parameter sets of IEC through lattice basis-reduction algorithms. We exploit the fact that \(n = 80\) is composite and adopt the idea of Gentry’s attack against NTRU-Composite (EUROCRYPT2001) to this setting. The summary of our attacks follows:
-
On PS1, we recover 84 private keys from 100 public keys in 30–40 s per key.
-
On PS1, we recover partial information of all message from 100 ciphertexts in a second per ciphertext.
-
On PS2, we recover partial information of all message from 100 ciphertexts in 30 s per ciphertext.
Moreover, we also give message-recovery and distinguishing attacks against the parameter sets with prime n, say, \(n = 83\). We exploit another subring to reduce the dimension of lattices in our lattice-based attacks and our attack succeeds in the case of \(\deg X = 2\).
-
For PS2’ \((n,p,\deg X,q) = (83,3,2,68339982247)\), we recover 7 messages from 10 random ciphertexts within 61,000 s \(\approx \) 17 h per ciphertext.
-
Even for larger n, we can find short vectors from lattices to break the underlying assumption of IEC. In our experiment, we can found such vector within 330,000 s \(\approx \) 4 days for \(n = 113\).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: Holz, T., Savage, S. (eds.) USENIX Security Symposium 2016, pp. 327–343. USENIX Association (2016). https://eprint.iacr.org/2015/1092
Akiyama, K., Goto, Y.: A public-key cryptosystem using algebraic surfaces. In: PQCrypto 2006, pp. 119–138 (2006). http://postquantum.cr.yp.to/
Akiyama, K., Goto, Y., Miyake, H.: An algebraic surface cryptosystem. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 425–442. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00468-1_24
Akiyama, K., Goto, Y., Okumura, S., Takagi, T., Nuida, K., Hanaoka, G., Shimizu, H., Ikematsu, Y.: Giophantus. Technical report, National Institute of Standards and Technology (2017). https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions
Akiyama, K., Goto, Y., Okumura, S., Takagi, T., Nuida, K., Hanaoka, G., Shimizu, H., Ikematsu, Y.: A public-key encryption scheme based on non-linear indeterminate equations (Giophantus). Cryptology ePrint Archive, Report 2017/1241 (2017). https://eprint.iacr.org/2017/1241
Akiyama, K., Goto, Y., Okumura, S., Takagi, T., Nuida, K., Hanaoka, G.: A public-key encryption scheme based on non-linear indeterminate equations. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 215–234. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72565-9_11
Albrecht, M.R., Göpfert, F., Virdia, F., Wunderer, T.: Revisiting the expected cost of solving uSVP and applications to LWE. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 297–322. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_11
Akiyama, K.: Private communication, 04 October 2017
Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. IACR Cryptology ePrint Archive 2015:1128 (2015)
Chen, Y.: Réduction de réseau et sécurité concrète du chiffrement complètement homomorphe. Ph.D. thesis, Thèse de doctorat dirigée par Nguyen, Phong-Quang Informatique Paris 7 (2013)
Coppersmith, D., Shamir, A.: Lattice attacks on NTRU. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 52–61. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_5
Gentry, C.: Key recovery and message attacks on NTRU-composite. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 182–194. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_12
Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Dwork, C. (ed.) STOC 2008, pp. 197–206. ACM (2008). https://eprint.iacr.org/2007/432
Silverman, J.H.: Wraps, gaps, and lattice constants. Technical report 11, version 2, NTRU Cryptosystems (2001)
Acknowledgment
The author would like to thank Akiyama, Goto, Okumura, Takagi, Nuida, and Hanaoka for their kindness and fruitful discussions. The author would like to thank anonymous reviewers of PQCrypto 2018 for their valuable comments. The author finally would like to thank the XFARM Team for providing their could.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Implementation
A Implementation
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Xagawa, K. (2018). Practical Cryptanalysis of a Public-Key Encryption Scheme Based on Non-linear Indeterminate Equations at SAC 2017. In: Lange, T., Steinwandt, R. (eds) Post-Quantum Cryptography. PQCrypto 2018. Lecture Notes in Computer Science(), vol 10786. Springer, Cham. https://doi.org/10.1007/978-3-319-79063-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-79063-3_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-79062-6
Online ISBN: 978-3-319-79063-3
eBook Packages: Computer ScienceComputer Science (R0)