Skip to main content
SpringerLink
Log in

Cryptanalysis of Enhanced TTS, STS and All Its Variants, or: Why Cross-Terms Are Important

  • Conference paper
Progress in Cryptology - AFRICACRYPT 2012 (AFRICACRYPT 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7374))

Included in the following conference series:

Abstract

We show that the two multivariate signature schemes Enhanced STS, proposed at PQCrypto 2010, and Enhanced TTS, proposed at ACISP 2005, are vulnerable due to systematically missing cross-terms. To this aim, we generalize equivalent keys to so-called good keys for an improved algebraic key recovery attack. In particular, we demonstrate that it is impossible to choose both secure and efficient parameters for Enhanced STS and break all current parameters of both schemes.

Since 2010, many variants of Enhanced STS, such as Check Equations or Hidden Pair of Bijections were proposed. We break all these variants and show that making STS secure will either lead to a variant known as the Oil, Vinegar and Salt signature scheme or, if we also require the signing algorithm to be efficient, to the well-known Rainbow signature scheme. We show that our attack is more efficient than any previously known attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bardet, M., Faugère, J.-C., Salvy, B.: On the complexity of Gröbner basis computation of semi-regular overdetermined algebraic equations. In: Proceedings of the International Conference on Polynomial System Solving, pp. 71–74 (2004)

    Google Scholar 

  2. Bardet, M., Faugère, J.-C., Salvy, B., Yang, B.-Y.: Asymptotic expansion of the degree of regularity for semi-regular systems of equations. In: Gianni, P. (ed.) MEGA 2005, Sardinia, Italy (2005)

    Google Scholar 

  3. Bettale, L., Faugère, J.-C., Perret, L.: Hybrid approach for solving multivariate systems over finite fields. Journal of Mathematical Cryptology 3, 177–197 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  4. Billet, O., Gilbert, H.: Cryptanalysis of Rainbow. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 336–347. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  5. Computational Algebra Group, University of Sydney. The MAGMA Computational Algebra System for Algebra, Number Theory and Geometry, http://magma.maths.usyd.edu.au/magma/

  6. Ding, J., Yang, B.-Y., Chen, C.-H.O., Chen, M.-S., Cheng, C.-M.: New Differential-Algebraic Attacks and Reparametrization of Rainbow. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 242–257. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  7. Faugère, J.-C., Din, M.S.E., Spaenlehauer, P.-J.: Gröbner bases of bihomogeneous ideals generated by polynomials of bidegree (1, 1): Algorithms and Complexity. J. Symb. Comput. 46(4), 406–437 (2011)

    Article  MATH  Google Scholar 

  8. Faugère, J.-C., Levy-dit-Vehel, F., Perret, L.: Cryptanalysis of MinRank. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 280–296. Springer, Heidelberg (2008)

    Google Scholar 

  9. Garey, M.R., Johnson, D.S.: Computers and Intractability — A Guide to the Theory of NP-Completeness. W.H. Freeman and Company (1979) ISBN 0-7167-1044-7 or 0-7167-1045-5

    Google Scholar 

  10. Gotaishi, M., Tsujii, S.: Hidden Pair of Bijection signature scheme. IACR Cryptology ePrint Archive (2011), http://eprint.iacr.org/2011/353

  11. Kasahara, M., Sakai, R.: A construction of public-key cryptosystem based on singular simultaneous equations. In: Symposium on Cryptography and Information Security — SCIS 2004, Sendai, Japan, January 27-30. The Institute of Electronics, Information and Communication Engineers (2004)

    Google Scholar 

  12. Kipnis, A., Patarin, J., Goubin, L.: Unbalanced Oil and Vinegar signature schemes — extended version, 17 pages (2003)

    Google Scholar 

  13. Kipnis, A., Shamir, A.: Cryptanalysis of the Oil & Vinegar Signature Scheme. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 257–266. Springer, Heidelberg (1998)

    Google Scholar 

  14. Moh, T.: A public key system with signature and master key function. Communications in Algebra 27(5), 2207–2222 (1999), electronic version, http://citeseer/moh99public.html

    Article  MathSciNet  MATH  Google Scholar 

  15. Petzoldt, A., Thomae, E., Bulygin, S., Wolf, C.: Small Public Keys and Fast Verification for \(\mathcal{M}\)ultivariate \(\mathcal{Q}\)uadratic Public Key Systems. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 475–490. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  16. Shamir, A.: Efficient Signature Schemes Based on Birational Permutations. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 1–12. Springer, Heidelberg (1994)

    Google Scholar 

  17. Thomae, E.: A Generalization of the Rainbow Band Separation Attack and its Applications to Multivariate Schemes. IACR Cryptology ePrint Archive (2012)

    Google Scholar 

  18. Tsujii, S., Fujioka, A., Hirayama, Y.: Generalization of the public-key cryptosystem based on the difficulty of solving non-linear equations. Transactions of the Institute of Electronics and Communication Engineers of Japan (1989)

    Google Scholar 

  19. Tsujii, S., Gotaishi, M.: Enhanced STS using check equation - extended version of the signature scheme proposed in the PQCrypt 2010. IACR Cryptology ePrint Archive (2010), http://eprint.iacr.org/2010/480

  20. Tsujii, S., Gotaishi, M., Tadaki, K., Fujita, R.: Proposal of a Signature Scheme Based on STS Trapdoor. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 201–217. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  21. Tsujii, S., Kurosawa, K., Itho, T., Fujioka, A., Matsumoto, T.: A public-key cryptosystem based on the difficulty of solving a system of non-linear equations. Transactions of the Institute of Electronics and Communication Engineers of Japan (1986)

    Google Scholar 

  22. C. Wolf, A. Braeken, and B. Preneel. Efficient cryptanalysis of RSE(2)PKC and RSSE(2)PKC. In Conference on Security in Communication Networks — SCN 2004, volume 3352 of Lecture Notes in Computer Science, pages 294–309. Springer, Sept. 8–10 2004. Extended version: http://eprint.iacr.org/2004/237 .

    Chapter  Google Scholar 

  23. Wolf, C., Preneel, B.: Equivalent Keys in HFE, C*, and Variations. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 33–49. Springer, Heidelberg (2005), extended version, 15 pages, http://eprint.iacr.org/2004/360/

    Chapter  Google Scholar 

  24. Wolf, C., Preneel, B.: Equivalent keys in multivariate quadratic public key systems. Journal of Mathematical Cryptology 4(4), 375–415 (2011)

    Article  MathSciNet  Google Scholar 

  25. Yang, B.-Y., Chen, J.-M.: Building Secure Tame-like Multivariate Public-Key Cryptosystems: The New TTS. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 518–531. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT-security, Faculty of Mathematics, Ruhr-University of Bochum, 44780, Bochum, Germany

    Enrico Thomae & Christopher Wolf

Authors
  1. Enrico Thomae
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christopher Wolf
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Ecole Polytechnice Fédérale de Lausanne, IC - LASEC, Bâtiment INF 238, Station 14, 1015, Lausanne, Switzerland

    Aikaterini Mitrokotsa  & Serge Vaudenay  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Thomae, E., Wolf, C. (2012). Cryptanalysis of Enhanced TTS, STS and All Its Variants, or: Why Cross-Terms Are Important. In: Mitrokotsa, A., Vaudenay, S. (eds) Progress in Cryptology - AFRICACRYPT 2012. AFRICACRYPT 2012. Lecture Notes in Computer Science, vol 7374. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31410-0_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31410-0_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31409-4

  • Online ISBN: 978-3-642-31410-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation