Attacks on the AJPS Mersenne-Based Cryptosystem

  • Koen de Boer
  • Léo Ducas
  • Stacey Jeffery
  • Ronald de Wolf
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10786)

Abstract

Aggarwal, Joux, Prakash and Santha recently introduced a new potentially quantum-safe public-key cryptosystem, and suggested that a brute-force attack is essentially optimal against it. They consider but then dismiss both Meet-in-the-Middle attacks and LLL-based attacks. Very soon after their paper appeared, Beunardeau et al. proposed a practical LLL-based technique that seemed to significantly reduce the security of the AJPS system. In this paper we do two things. First, we show that a Meet-in-the-Middle attack can also be made to work against the AJPS system, using locality-sensitive hashing to overcome the difficulty that Aggarwal et al. saw for such attacks. We also present a quantum version of this attack. Second, we give a more precise analysis of the attack of Beunardeau et al., confirming and refining their results.

Notes

Acknowledgments

The authors wish to thank David Naccache, Antoine Joux and Marc Beunardeau for helpful discussions, and the anonymous PQCrypto reviewers for useful feedback. LD is supported by a NWO Veni Innovational Research Grant under project number 639.021.645. SJ is supported by an NWO WISE Grant and an NWO Veni Innovational Research Grant under project number 639.021.752. RdW is partially supported by ERC Consolidator Grant 61530-QPROGRESS.

References

  1. 1.
    Aggarwal, D., Joux, A., Prakash, A., Santha, M.: A new public-key cryptosystem via Mersenne numbers. Cryptology ePrint Archive, Report 2017/481 (2017). http://eprint.iacr.org/2017/481
  2. 2.
    Albrecht, M.R., Göpfert, F., Virdia, F., Wunderer, T.: Revisiting the expected cost of solving uSVP and applications to LWE. Cryptology ePrint Archive, Report 2017/815 (2017). https://eprint.iacr.org/2017/815
  3. 3.
    Ambainis, A.: Quantum search with variable times. Theory Comput. Syst. 47(3), 786–807 (2010)MathSciNetCrossRefMATHGoogle Scholar
  4. 4.
    Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. In: Proceedings of 27th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA 2016), pp. 10–24 (2016)Google Scholar
  5. 5.
    Bernstein, D.J., Jeffery, S., Lange, T., Meurer, A.: Quantum algorithms for the subset sum problem. In: Proceedings of 5th International Conference on Post-Quantum Cryptography (PQCrypto 2013), pp. 16–33 (2013)Google Scholar
  6. 6.
    Beunardeau, M., Connolly, A., Géraud, R., Naccache, D.: On the hardness of the Mersenne low Hamming ratio assumption. In: Progress in Cryptology - LATINCRYPT 2017 (2017). http://eprint.iacr.org/2017/522
  7. 7.
    Boyer, M., Brassard, G., Høyer, P., Tapp, A.: Tight bounds on quantum searching. Fortschr. Phys. 46(4–5), 493–505 (1998)CrossRefGoogle Scholar
  8. 8.
    Brassard, G., Høyer, P., Mosca, M., Tapp, A.: Quantum amplitude amplification and estimation. In: Quantum Computation and Quantum Information: A Millennium. AMS Contemporary Mathematics Series Millennium, vol. 305, pp. 53–74. AMS (2002)Google Scholar
  9. 9.
    Brassard, G., Høyer, P., Tapp, A.: Quantum algorithm for the collision problem. ACM SIGACT News 28, 14–19 (1997). arXiv:quant-ph/9705002CrossRefGoogle Scholar
  10. 10.
    Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78967-3_3CrossRefGoogle Scholar
  11. 11.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of 28th Annual ACM Symposium on the Theory of Computing (STOC 1996), pp. 212–219 (1996)Google Scholar
  12. 12.
    Hellman, M.: A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theory 26(4), 401–406 (1980)MathSciNetCrossRefMATHGoogle Scholar
  13. 13.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998).  https://doi.org/10.1007/BFb0054868CrossRefGoogle Scholar
  14. 14.
    Howgrave-Graham, N.: A hybrid lattice-reduction and meet-in-the-middle attack against NTRU. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 150–169. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74143-5_9CrossRefGoogle Scholar
  15. 15.
    Howgrave-Graham, N., Silverman, J.H., Whyte, W.: A meet-in-the-middle attack on an NTRU private key. Technical report, NTRU Cryptosystems, June 2003Google Scholar
  16. 16.
    Indyk, P., Motwani, R.: Approximate nearest neighbors: towards removing the curse of dimensionality. In: Proceedings of 30th Symposium on Theory of Computing (STOC 1998) (1998)Google Scholar
  17. 17.
    Laarhoven, T.: Search problems in cryptography. Ph.D. thesis, Eindhoven University of Technology (2015). http://www.thijs.com/docs/phd-final.pdf
  18. 18.
    Laarhoven, T.: Sieving for shortest vectors in lattices using angular locality-sensitive hashing. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 3–22. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_1CrossRefGoogle Scholar
  19. 19.
    Laarhoven, T., Mosca, M., van de Pol, J.: Finding shortest lattice vectors faster using quantum search. Des. Codes Crypt. 77(2–3), 375–400 (2015)MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Lenstra, A.K., Lenstra, H.W., Lovasz, L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 515–534 (1982)MathSciNetCrossRefMATHGoogle Scholar
  21. 21.
    Nguyen, P.Q.: Hermite’s constant and lattice algorithms. In: Nguyen, P., Vallée, B. (eds.) The LLL Algorithm. ISC, pp. 19–69. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-02295-1_2CrossRefGoogle Scholar
  22. 22.
    Nguyen, P.Q., Stehlé, D.: LLL on the average. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 238–256. Springer, Heidelberg (2006).  https://doi.org/10.1007/11792086_18CrossRefGoogle Scholar
  23. 23.
    Wang, H., Ma, Z., Ma, C.: An efficient quantum meet-in-the-middle attack against NTRU-2005. Chin. Sci. Bull. 58, 3514–3518 (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Koen de Boer
    • 1
  • Léo Ducas
    • 1
  • Stacey Jeffery
    • 1
    • 2
  • Ronald de Wolf
    • 1
    • 2
    • 3
  1. 1.CWIAmsterdamThe Netherlands
  2. 2.QuSoftAmsterdamThe Netherlands
  3. 3.University of AmsterdamAmsterdamThe Netherlands

Personalised recommendations