Abstract
In 2017, Aggarwal, Joux, Prakash, and Santha proposed an innovative NTRU-like public-key cryptosystem that was believed to be quantum resistant, based on Mersenne prime numbers \(q = 2^N-1\). After a successful attack designed by Beunardeau, Connolly, Géraud, and Naccache, the authors revised the protocol which was accepted for Round 1 of the Post-Quantum Cryptography Standardization Process organized by NIST. The security of this protocol is based on the assumption that a so-called Mersenne Low Hamming Combination Search Problem (MLHCombSP) is hard to solve. In this work, we present a reduction of MLHCombSP to an instance of Integer Linear Programming (ILP). This opens new research directions that are necessary to be investigated in order to assess the concrete robustness of such cryptosystem. We propose different approaches to perform such reduction. Moreover, we uncover a new family of weak keys, for whose our reduction leads to an attack consisting in solving \(<N^3\) ILP problems of dimension 3.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Aggarwal, D., Joux, A., Prakash, A., Santha, M.: A new public-key cryptosystem via mersenne numbers. Cryptology ePrint Archive, Report 2017/481, version:20170530.072202 (2017)
Aggarwal, D., Joux, A., Prakash, A., Santha, M.: A new public-key cryptosystem via mersenne numbers. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 459–482. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_16
Appelgren, L.: A column generation algorithm for a ship scheduling problem. Transp. Sci. 3, 53–68 (1969). https://doi.org/10.1287/trsc.3.1.53
Berry, K.J., Mielke Jr., P.W.: The negative hypergeometric probability distribution: sampling without replacement from a finite population. Percept. Motor Skills 86(1), 207–210 (1998). https://doi.org/10.2466/pms.1998.86.1.207
Bertsimas, D., Weismantel, R.: Optimization Over Integers. Dynamic Ideas, Belmont (2005)
Beunardeau, M., Connolly, A., Graud, R., Naccache, D.: On the hardness of the mersenne low hamming ratio assumption. Cryptology ePrint Archive, Report 2017/522 (2017)
de Boer, K., Ducas, L., Jeffery, S., de Wolf, R.: Attacks on the AJPS mersenne-based cryptosystem. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 101–120. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-79063-3_5
Casella, G., Berger, R.L.: Statistical inference, vol. 2. Duxbury Pacific Grove, CA (2002)
CPLEX Optimizer, I.: IBM ILOG CPLEX optimization studio (2018)
Fisher, M.L.: The lagrangian relaxation method for solving integer programming problems. Manag. Sci. 27(1), 1–18 (1981). https://doi.org/10.1287/mnsc.27.1.1
Gurobi Optimization, L.: Gurobi optimizer reference manual (2018)
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054868
Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261(4), 515–534 (1982). https://doi.org/10.1007/BF01457454
Lenstra Jr., H.W.: Integer programming with a fixed number of variables. Math. Oper. Res. 8(4), 538–548 (1983). https://doi.org/10.1287/moor.8.4.538
Marchand, H., Martin, A., Weismantel, R., Wolsey, L.: Cutting planes in integer and mixed integer programming. Discrete Appl. Math. 123(1–3), 397–446 (2002). https://doi.org/10.1016/S0166-218X(01)00348-1
Morrison, D.R., Jacobson, S.H., Sauppe, J.J., Sewell, E.C.: Branch and bound algorithms. Discret. Optim. 19(C), 79–102 (2016). https://doi.org/10.1016/j.disopt.2016.01.005
Papadimitriou, C.H.: On the complexity of integer programming. J. ACM 28(4), 765–768 (1981). https://doi.org/10.1145/322276.322287
Schrijver, A.: Theory of Linear and Integer Programming. Wiley, New York (1986). https://doi.org/10.1002/net.3230200608
Wang, P.S.: A p-adic algorithm for univariate partial fractions. In: Proceedings of the Fourth ACM Symposium on Symbolic and Algebraic Computation, SYMSAC 1981, pp. 212–217. ACM, New York (1981). https://doi.org/10.1145/800206.806398
Wolsey, L.: Integer Programming. Wiley Series in Discrete Mathematics and Optimization. Wiley, New York (1998)
Aknowledgments
The authors thank Igor Semeav and Qian Guo for useful suggestions in the early stages of this work, and greatly thank Phillippe Samer for insightful discussions on ILP. The authors are also grateful to anonymous reviewers for constructive comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Budroni, A., Tenti, A. (2019). The Mersenne Low Hamming Combination Search Problem Can Be Reduced to an ILP Problem. In: Buchmann, J., Nitaj, A., Rachidi, T. (eds) Progress in Cryptology – AFRICACRYPT 2019. AFRICACRYPT 2019. Lecture Notes in Computer Science(), vol 11627. Springer, Cham. https://doi.org/10.1007/978-3-030-23696-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-23696-0_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-23695-3
Online ISBN: 978-3-030-23696-0
eBook Packages: Computer ScienceComputer Science (R0)