In 2006, Nie et al proposed an attack to break an instance of TTM cryptosystems. However, the inventor of TTM disputed this attack and he proposed two new instances of TTM to support his viewpoint. At this time, he did not give the detail of key construction — the construction of the lock polynomials in these instances which would be used in decryption. The two instances are claimed to achieve a security of 2 against Nie et al attack. In this paper, we show that these instances are both still insecure, and in fact, they do not achieve a better design in the sense that we can find a ciphertext-only attack utilizing the First Order Linearization Equations while for the previous version of TTM, only Second Order Linearization Equations can be used in the beginning stage of the previous attack. Different from previous attacks, we use an iterated linearization method to break these two instances. For any given valid ciphertext, we can find its corresponding plaintext within 2 F28 computations after performing once for any public key a computation of complexity less than 2. Our experiment result shows we have unlocked the lock polynomials after several iterations, though we do not know the detailed construction of lock polynomials. Keyword: multivariate public key cryptosystem, TTM, algebraic attack, linearization equation, triangular cryptosystem.
[1]
Lei Hu,et al.
Breaking a New Instance of TTM Cryptosystems
,
2006,
ACNS.
[2]
Louis Goubin,et al.
Cryptanalysis of the TTM Cryptosystem
,
2000,
ASIACRYPT.
[3]
Jacques Patarin,et al.
Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88
,
1995,
CRYPTO.
[4]
Lei Hu,et al.
Cryptanalysis of the TRMC-4 Public Key Cryptosystem
,
2007,
ACNS.
[5]
Bo-Yin Yang,et al.
Building Instances of TTM Immune to the Goubin-Courtois Attack and the Ding-Schmidt Attack
,
2004,
IACR Cryptol. ePrint Arch..
[6]
T. T. Moh,et al.
A public key system with signature and master key functions
,
1999
.
[7]
Lei Hu,et al.
High Order Linearization Equation (HOLE) Attack on Multivariate Public Key Cryptosystems
,
2007,
Public Key Cryptography.
[8]
T. Moh,et al.
On the Goubin-Courtois Attack on TTM
,
2001,
IACR Cryptol. ePrint Arch..
[9]
T. Moh.
The Recent Attack of Nie et al On TTM is Faulty
,
2006,
IACR Cryptol. ePrint Arch..
[10]
T. Moh.
Two New Examples of TTM
,
2007,
IACR Cryptol. ePrint Arch..