Linearization equation attack on TTM public key cryptosystems

被引：0

作者：

Liu M.-J. ^{[1
]}

Nie X.-Y. ^{[1
,2
]}

Hu L. ^{[2
]}

Wu J. ^{[1
]}

机构：

[1] School of Computer Science and Engineering, University of Electronic Science and Technology of China

[2] State Key Laboratory of Information Security, Graduate University of Chinese Acad. of Sci.

来源：

Dianzi Keji Daxue Xuebao/Journal of the University of Electronic Science and Technology of China | 2010年 / 39卷 / 02期

关键词：

Algebraic attack; Linearization equation; Public key cryptography; Triangular cryptosystem; TTM;

D O I：

10.3969/j.issn.1001-0548.2010.02.030

中图分类号：

学科分类号：

摘要：

TTM is a type of Multivariate public key cryptosystem. By analyzing the instance of TTM proposed in 2004, it can be found that there are many first order linearization equations satisfied by the cipher in this scheme. For a given public key, all first order linearization equations can be found through precomputation. For any given ciphertext, the corresponding plaintext can be found in less than 219 operations over a finite field of size 28 by linearization equation attack. This attack reduced complexity of recovering plaintext from 231 to 219 compare to second order linearization equation attack. The results above are further confirmed by computer experiments.

引用

页码：293 / 297

页数：4

共 14 条

[1] Shor P., Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer, SIAM Journal on Computing, 26, 5, pp. 1484-1509, (1997)
[2] Moh T.T., A fast public key system with signature and master key functions, Comm in Algebra, 27, pp. 2207-2222, (1999)
[3] Wang L.-C., Yang B.-Y., Hu Y.-H., Et al., A Medium-field multivariate public key encryption scheme, CT-RSA 2006: Proceedings of the Cryptographers' Track at the RSA Conference 2006, LNCS 3860, pp. 132-149, (2006)
[4] Wang L.-C., Chang F.-H., Tractable rational map cryptosystem
[5] Goubin L., Courtois N.T., Cryptanalysis of the TTM cryptosystem, ASIACRYPT 2000: Proceedings of 6th International Conference on the Theory and Application of Cryptology and Information Security 2000, LNCS 1976, pp. 44-57, (2000)
[6] Chen J.-M., Moh T.T., On the goubin-courtois attack on TTM
[7] Ding J.-T., Schmidt D., The new TTM implementation is not secure, Progress in Computer Science and Applied Logic, 23, pp. 113-128, (2003)
[8] Moh T.T., Chen J.-M., Yang B.-Y., Building instances of TTM immune to the goubin-courtois attack and the ding-schmidt
[9] Nie X.-Y., Hu L., Li J.-Y., Et al., Breaking a new instance of ttm cryptosystem, ACNS 2006: Proceedings of Third International Conference Applied Cryptography and Network Security, LNCS 3989, pp. 210-225, (2006)
[10] Patarin J., Cryptanalysis of the Matsumoto and Imai public key scheme of Eurocrypt'88, Crypto'95: Proceedings of 15th Annual International Cryptology Conference, LNCS 963, pp. 248-261, (1995)

← 1 2 →