Advertisement

On the Complexity of “Superdetermined” Minrank Instances

  • Javier VerbelEmail author
  • John Baena
  • Daniel Cabarcas
  • Ray Perlner
  • Daniel Smith-Tone
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11505)

Abstract

The Minrank (MR) problem is a computational problem closely related to attacks on code- and multivariate-based schemes. In this paper we revisit the so-called Kipnis-Shamir (KS) approach to this problem. We extend previous complexity analysis by exposing non-trivial syzygies through the analysis of the Jacobian of the resulting system, with respect to a group of variables. We focus on a particular set of instances that yield a very overdetermined system which we refer to as “superdetermined”. We provide a tighter complexity estimate for such instances and discuss its implications for the key recovery attack on some multivariate schemes. For example, in HFE the speedup is roughly a square root.

Keywords

Minrank problem Multivariate Cryptanalysis HFE 

Notes

Acknowledgements

We would like to thank Daniel Escudero, Albrecht Petzoldt, Rusydi Makarim, and Karan Khathuria for useful discussions. The author Javier Verbel is supported by “Fondo Nacional de Financiamiento para la Ciencia, la Tecnología y la Innovación Francisco José de Caldas” , Colciencias (Colombia). Some of the experiments were conducted on the Gauss Server, financed by “Proyecto Plan 150x150 Fomento de la cultura de evaluación continua a través del apoyo a planes de mejoramiento de los programas curriculares”.

References

  1. 1.
    Bettale, L., Faugère, J.C., Perret, L.: Cryptanalysis of HFE, multi-HFE and variants for odd and even characteristic. Des. Codes Crypt. 69(1), 1–52 (2013)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Buchberger, B.: A theoretical basis for the reduction of polynomials to canonical forms. SIGSAM Bull. 10(3), 19–29 (1976)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Buss, J.F., Frandsen, G.S., Shallit, J.O.: The computational complexity of some problems of linear algebra. J. Comput. Syst. Sci. 58(3), 572–596 (1999)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Cabarcas, D., Smith-Tone, D., Verbel, J.A.: Key recovery attack for ZHFE. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 289–308. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-59879-6_17CrossRefGoogle Scholar
  5. 5.
    Casanova, A., Faugère, J.C., Macario-Rat, G., Patarin, J., Perret, L., Ryckeghem, J.: GeMSS: a great multivariate short signature. NIST CSRC (2017). https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/GeMSS.zip
  6. 6.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-45539-6_27CrossRefGoogle Scholar
  7. 7.
    Courtois, N.T.: Efficient zero-knowledge authentication based on a linear algebra problem MinRank. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 402–421. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45682-1_24CrossRefGoogle Scholar
  8. 8.
    Ding, J., Chen, M.S., Petzoldt, A., Schmidt, D., Yang, B.Y.: Rainbow. NIST CSRC (2017). https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/Rainbow.zip
  9. 9.
    Ding, J., Hodges, T.J.: Inverting HFE systems is quasi-polynomial for all fields. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 724–742. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22792-9_41CrossRefGoogle Scholar
  10. 10.
    Ding, J., Kleinjung, T.: Degree of regularity for HFE-. Cryptology ePrint Archive, Report 2011/570 (2011). https://eprint.iacr.org/2011/570
  11. 11.
    Ding, J., Schmidt, D.: Solving degree and degree of regularity for polynomial systems over a finite fields. In: Fischlin, M., Katzenbeisser, S. (eds.) Number Theory and Cryptography. LNCS, vol. 8260, pp. 34–49. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-42001-6_4CrossRefGoogle Scholar
  12. 12.
    Ding, J., Yang, B.-Y.: Degree of regularity for HFEv and HFEv-. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 52–66. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38616-9_4CrossRefGoogle Scholar
  13. 13.
    Dubois, V., Gama, N.: The degree of regularity of HFE systems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 557–576. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17373-8_32CrossRefGoogle Scholar
  14. 14.
    Faugere, J.C.: A new efficient algorithm for computing Grobner bases (F4). J. Pure Appl. Algebra 139, 61–88 (1999)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Faugere, J.C.: A new efficient algorithm for computing Grobner bases without reduction to zero (F5). In: ISSAC 2002, pp. 75–83. ACM Press (2002)Google Scholar
  16. 16.
    Faugère, J.-C., El Din, M.S., Spaenlehauer, P.J.: Computing loci of rank defects of linear matrices using Gröbner bases and applications to cryptology. In: Proceedings of Symbolic and Algebraic Computation, International Symposium, ISSAC 2010, 25–28 July 2010, Munich, Germany, pp. 257–264 (2010)Google Scholar
  17. 17.
    Faugère, J.-C., El Din, M.S., Spaenlehauer, P.J.: Groebner bases of bihomogeneous ideals generated by polynomials of bidegree (1, 1): algorithms and complexity. J. Symb. Comput. 46(4), 406–437 (2011)CrossRefGoogle Scholar
  18. 18.
    Faugère, J.-C., Levy-dit-Vehel, F., Perret, L.: Cryptanalysis of MinRank. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 280–296. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85174-5_16CrossRefGoogle Scholar
  19. 19.
    Gaborit, P., Ruatta, O., Schrek, J.: On the complexity of the rank syndrome decoding problem. IEEE Trans. Inf. Theory 62(2), 1006–1019 (2016)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Goubin, L., Courtois, N.T.: Cryptanalysis of the TTM cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 44–57. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-44448-3_4CrossRefGoogle Scholar
  21. 21.
    Kipnis, A., Shamir, A.: Cryptanalysis of the HFE public key cryptosystem by relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_2CrossRefGoogle Scholar
  22. 22.
    Lazard, D.: Gröbner bases, Gaussian elimination and resolution of systems of algebraic equations. In: van Hulzen, J.A. (ed.) EUROCAL 1983. LNCS, vol. 162, pp. 146–156. Springer, Heidelberg (1983).  https://doi.org/10.1007/3-540-12868-9_99CrossRefGoogle Scholar
  23. 23.
    Petzoldt, A., Chen, M.-S., Yang, B.-Y., Tao, C., Ding, J.: Design principles for HFEv- based multivariate signature schemes. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 311–334. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_14CrossRefGoogle Scholar
  24. 24.
    Porras, J., Baena, J., Ding, J.: ZHFE, a new multivariate public key encryption scheme. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 229–245. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-11659-4_14CrossRefGoogle Scholar
  25. 25.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Vates, J., Smith-Tone, D.: Key recovery attack for all parameters of HFE-. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 272–288. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-59879-6_16CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Javier Verbel
    • 1
    Email author
  • John Baena
    • 1
  • Daniel Cabarcas
    • 1
  • Ray Perlner
    • 2
  • Daniel Smith-Tone
    • 2
    • 3
  1. 1.Universidad Nacional de Colombia, Sede MedellínMedellínColombia
  2. 2.National Institute of Standards and TechnologyGaithersburgUSA
  3. 3.University of LouisvilleLouisvilleUSA

Personalised recommendations