Abstract
We show that the new TTM implementation schemes have a defect. There exist linearization equations
which are satisfied by the components y3 (x1 … xn) of the ciphers of the TTM schemes. The inventor of TTM used two versions of the paper [2] to refute a claim in [3]. When we do a linear substitution with the linear equations derived from the linearization equations for a given ciphertext,we can find the plaintext by an iteration of the procedure of first search for linear equations by linear combinations and then linear substitution. The computational complexity of the attack on these two schemes is less than 235 over a finite field of size 28.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chou, G., Guan, J., Chen, J. A systematic construction of a Q2k -model in TTM, Comm in Algebra, 30(2), 551–562, (2002).
Chen, J., Moh, T. On the Goubin-Courtois attack on TTM, Cryptology ePrint Archive (2001/72).
Goubin, L., Courtois, N. Cryptanalysis of the TTM cryptosystem Asiacrypt2000, LNCS 1976, 44–57.
Dickerson, M. The inverse of an automorphism in polynomial time, J. Symbolic Comput. 13 (1992), no. 2, 209–220.
Ding, J., Hodges, T. Cryptanalysis of an implementation scheme of TTM Department of Mathematical Sciences, University of Cincinnati, Preprint 2002.
Matsumoto, T., Imai, H., Public quadratic polynomial-tuples for efficient signature-verification and message-encryption, Advances in Cryptology — EUROCRYPT ‘88 (Davos, 1988), 419–453, Lecture Notes in Comput. Sci., 330, Springer, Berlin, 1988.
Moh, T. T., A fast public key system with signature and master key functions Communications in Algebra, 27(5), pp. 2207–2222 (1999) & Lecture Notes at EE Department of Stanford University. (May 1999) &http://www.usdsi.com/ttm.html
Patarin, J. Cryptanalysis of the Matsumoto and Imai public key scheme of Eurocrypt’88. Des. Codes Cryptogr. 20 (2000), no. 2, 175–209.
Patarin, J. Hidden field equations (HFE) and isomorphism of polynomials (IP): Two new families of asymmetric algorithms, EuroCrypt’96, Lecture Notes in Comput. Sci., (1996) Ueli Maurer ed., 33–48.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Basel AG
About this paper
Cite this paper
Ding, J., Schmidt, D. (2004). The New Implementation Schemes of the TTM Cryptosystem Are Not Secure. In: Feng, K., Niederreiter, H., Xing, C. (eds) Coding, Cryptography and Combinatorics. Progress in Computer Science and Applied Logic, vol 23. Birkhäuser, Basel. https://doi.org/10.1007/978-3-0348-7865-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-0348-7865-4_6
Publisher Name: Birkhäuser, Basel
Print ISBN: 978-3-0348-9602-3
Online ISBN: 978-3-0348-7865-4
eBook Packages: Springer Book Archive