The Multivariate Probabilistic Encryption Scheme MQQ-ENC

We propose a new multivariate probabilistic encryption scheme with decryption errors MQQ-ENC that belongs to the family of MQQ-based public key schemes. Similarly to MQQ-SIG, the trapdoor is constructed using quasigroup string transformations with multivariate quadratic quasigroups, and a minus modifier with relatively small and fixed number of removed equations. To make the decryption possible and also efficient, we use a universal hash function to eliminate possibly wrong plaintext candidates. We show that, in this way, the probability of erroneous decryption becomes negligible. MQQ-ENC is defined over the fields F2k for any k ≥ 1, and can easily be extended to any Fpk , for prime p. One important difference from MQQ-SIG is that in MQQ-ENC we use left MQQs (LMQQs) instead of bilinear MQQs. Our choice can be justified by our extensive experimental analysis that showed the superiority of the LMQQs over the bilinear MQQs for the design of MQQ-ENC. We apply the standard cryptanalytic techniques on MQQ-ENC, and from the results, we pose a plausible conjecture that the instances of the MQQ-ENC trapdoor are hard instances with respect to the MQ problem. Under this assumption, we adapt the Kobara-Imai conversion of the McEliece scheme for MQQ-ENC and prove that it provides IND−CCA security despite the negligible probability of decryption errors. We also recommend concrete parameters for MQQ-ENC for encryption of blocks of 128 bits for a security level of O(2128).

[1]  Jacques Stern,et al.  Cryptanalysis of HFE with Internal Perturbation , 2007, Public Key Cryptography.

[2]  Jacques Stern,et al.  An Efficient Provable Distinguisher for HFE , 2006, ICALP.

[3]  Bart Preneel,et al.  On the security of stepwise triangular systems , 2006, Des. Codes Cryptogr..

[4]  Jacques Stern,et al.  Differential Cryptanalysis for Multivariate Schemes , 2005, EUROCRYPT.

[5]  Jintai Ding,et al.  Algebraic Attack on the MQQ Public Key Cryptosystem , 2009, CANS.

[6]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[7]  Antoine Joux,et al.  Cover and Decomposition Index Calculus on Elliptic Curves made practical. Application to a seemingly secure curve over Fp6 , 2011, IACR Cryptol. ePrint Arch..

[8]  Adi Shamir,et al.  Efficient Signature Schemes Based on Birational Permutations , 1993, CRYPTO.

[9]  A. W. Roscoe,et al.  Short-output universal hash functions and their use in fast and secure message authentication , 2012 .

[10]  John Proos Imperfect Decryption and an Attack on the NTRU Encryption Scheme , 2003, IACR Cryptol. ePrint Arch..

[11]  Jacques Stern,et al.  Practical Cryptanalysis of SFLASH , 2007, CRYPTO.

[12]  Adi Shamir,et al.  Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization , 1999, CRYPTO.

[13]  A. W. Roscoe,et al.  Short-Output Universal Hash Functions and Their Use in Fast and Secure Data Authentication , 2012, FSE.

[14]  Louis Goubin,et al.  FLASH, a Fast Multivariate Signature Algorithm , 2001, CT-RSA.

[15]  Jintai Ding,et al.  A New Variant of the Matsumoto-Imai Cryptosystem through Perturbation , 2004, Public Key Cryptography.

[16]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[17]  Antoine Joux,et al.  Cover and Decomposition Index Calculus on Elliptic Curves Made Practical - Application to a Previously Unreachable Curve over $\mathbb{F}_{p^6}$ , 2012, EUROCRYPT.

[18]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[19]  David Pointcheval,et al.  Chosen-Ciphertext Security without Redundancy , 2003, ASIACRYPT.

[20]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[21]  Chen-Mou Cheng,et al.  Implementing Minimized Multivariate PKC on Low-Resource Embedded Systems , 2006, SPC.

[22]  David Pointcheval,et al.  Chosen-Ciphertext Security for Any One-Way Cryptosystem , 2000, Public Key Cryptography.

[23]  Luk Bettale,et al.  Cryptanalysis of HFE, multi-HFE and variants for odd and even characteristic , 2012, Designs, Codes and Cryptography.

[24]  Hugo Krawczyk,et al.  MMH: Software Message Authentication in the Gbit/Second Rates , 1997, FSE.

[25]  Igor A. Semaev Summation polynomials and the discrete logarithm problem on elliptic curves , 2004, IACR Cryptol. ePrint Arch..

[26]  Nicolas Courtois,et al.  Efficient Zero-Knowledge Authentication Based on a Linear Algebra Problem MinRank , 2001, ASIACRYPT.

[27]  Phillip Rogaway,et al.  Fast Universal Hashing with Small Keys and No Preprocessing: The PolyR Construction , 2000, ICISC.

[28]  J. Faugère,et al.  On the complexity of Gröbner basis computation of semi-regular overdetermined algebraic equations , 2004 .

[29]  Louis Goubin,et al.  Cryptanalysis of the TTM Cryptosystem , 2000, ASIACRYPT.

[30]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[31]  Danilo Gligoroski,et al.  Construction of Multivariate Quadratic Quasigroups (MQQs) in arbitrary Galois fields , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[32]  Danilo Gligoroski,et al.  Multivariate quadratic trapdoor functions based on multivariate quadratic quasigroups , 2008 .

[33]  Rajesh P. Singh,et al.  Public Key Cryptography Using Permutation P-polynomials over Finite Fields , 2009, IACR Cryptol. ePrint Arch..

[34]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[35]  Luk Bettale,et al.  Hybrid approach for solving multivariate systems over finite fields , 2009, J. Math. Cryptol..

[36]  B. Salvy,et al.  Asymptotic Behaviour of the Degree of Regularity of Semi-Regular Polynomial Systems , 2022 .

[37]  Jean-Charles Faugère,et al.  Improving the Complexity of Index Calculus Algorithms in Elliptic Curves over Binary Fields , 2012, EUROCRYPT.

[38]  Luk Bettale,et al.  Cryptanalysis of Multivariate and Odd-Characteristic HFE Variants , 2011, Public Key Cryptography.

[39]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[40]  T. T. Moh,et al.  A public key system with signature and master key functions , 1999 .

[41]  Jacques Stern,et al.  The security of the birational permutation signature schemes , 1997, Journal of Cryptology.

[42]  Danilo Gligoroski,et al.  Analysis of the MQQ Public Key Cryptosystem , 2010, CANS.

[43]  C. Diem On the discrete logarithm problem in elliptic curves , 2010, Compositio Mathematica.

[44]  Jintai Ding,et al.  Rainbow, a New Multivariable Polynomial Signature Scheme , 2005, ACNS.

[45]  Moni Naor,et al.  Immunizing Encryption Schemes from Decryption Errors , 2004, EUROCRYPT.

[46]  Jacques Patarin,et al.  Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms , 1996, EUROCRYPT.

[47]  Enrico Thomae,et al.  A Generalization of the Rainbow Band Separation Attack and its Applications to Multivariate Schemes , 2012, IACR Cryptol. ePrint Arch..

[48]  Kazukuni Kobara,et al.  On Achieving Chosen Ciphertext Security with Decryption Errors , 2006, AAECC.

[49]  Pierrick Gaudry,et al.  Index calculus for abelian varieties of small dimension and the elliptic curve discrete logarithm problem , 2009, J. Symb. Comput..

[50]  Bart Preneel,et al.  Taxonomy of Public Key Schemes based on the problem of Multivariate Quadratic equations , 2005, IACR Cryptol. ePrint Arch..

[51]  Stanislav Bulygin,et al.  CyclicRainbow - A Multivariate Signature Scheme with a Partially Cyclic Public Key , 2010, INDOCRYPT.

[52]  Tatsuaki Okamoto,et al.  How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[53]  Kohtaro Tadaki,et al.  Proposal of a Signature Scheme Based on STS Trapdoor , 2010, PQCrypto.

[54]  Hideki Imai,et al.  Algebraic Methods for Constructing Asymmetric Cryptosystems , 1985, AAECC.

[55]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[56]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[57]  Jean-Charles Faugère,et al.  On the complexity of solving quadratic Boolean systems , 2011, J. Complex..

[58]  Danilo Gligoroski,et al.  MQQ-SIG - An Ultra-Fast and Provably CMA Resistant Digital Signature Scheme , 2011, INTRUST.

[59]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[60]  Louis Goubin,et al.  Unbalanced Oil and Vinegar Signature Schemes , 1999, EUROCRYPT.

[61]  Kazukuni Kobara,et al.  Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC , 2001, Public Key Cryptography.