Algebraic Attacks over GF(2k), Application to HFE Challenge 2 and Sflash-v2

The problem MQ of solving a system of multivariate quadratic equations over a finite field is relevant to the security of AES and for several public key cryptosystems. For example Sflash, the fastest known signature scheme (cf. [1]), is based on MQ equations over GF(27), and Patarin’s 500 $ HFE Challenge 2 is over GF(24). Similarly, the fastest alleged algebraic attack on AES due to Courtois, Pieprzyk, Murphy and Robshaw uses a MQ system over GF(28).

[1]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[2]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[3]  Jacques Patarin,et al.  Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms , 1996, EUROCRYPT.

[4]  Louis Goubin,et al.  A Fast and Secure Implementation of Sflash , 2003, Public Key Cryptography.

[5]  Kazuo Ohta,et al.  Advances in Cryptology — ASIACRYPT’98 , 2002, Lecture Notes in Computer Science.

[6]  Jacques Patarin,et al.  Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88 , 1995, CRYPTO.

[7]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[8]  David Naccache,et al.  Topics in Cryptology — CT-RSA 2001 , 2001, Lecture Notes in Computer Science.

[9]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[10]  Louis Goubin,et al.  C*-+ and HM: Variations Around Two Schemes of T. Matsumoto and H. Imai , 1998, ASIACRYPT.

[11]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[12]  Willi Meier,et al.  Solving Underdefined Systems of Multivariate Quadratic Equations , 2002, Public Key Cryptography.

[13]  Adi Shamir,et al.  Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization , 1999, CRYPTO.

[14]  Louis Goubin,et al.  SFLASHv3, a fast asymmetric signature scheme , 2003, IACR Cryptol. ePrint Arch..

[15]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[16]  Antoine Joux,et al.  Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases , 2003, CRYPTO.

[17]  A. Shamir,et al.  Cryptanalysis of the HFE Public Key Cryptosystem , 1999 .

[18]  Nicolas Courtois,et al.  The Security of Hidden Field Equations (HFE) , 2001, CT-RSA.

[19]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[20]  Louis Goubin,et al.  QUARTZ, 128-Bit Long Digital Signatures , 2001, CT-RSA.

[21]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[22]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[23]  Magnus Daum,et al.  On the Security of HFE, HFEv- and Quartz , 2003, Public Key Cryptography.

[24]  Jacques Patarin,et al.  About the XL Algorithm over GF(2) , 2003, CT-RSA.

[25]  Marine Minier,et al.  Cryptanalysis of SFLASH , 2002, EUROCRYPT.

[26]  Louis Goubin,et al.  FLASH, a Fast Multivariate Signature Algorithm , 2001, CT-RSA.

[27]  Nicolas Courtois,et al.  Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt , 2002, ICISC.

[28]  Matthew J. B. Robshaw,et al.  Essential Algebraic Structure within the AES , 2002, CRYPTO.

[29]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[30]  Marc Joye,et al.  Topics in Cryptology — CT-RSA 2003 , 2003 .

[31]  Don Coppersmith,et al.  Matrix multiplication via arithmetic progressions , 1987, STOC.

[32]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[33]  David Naccache,et al.  Why You Cannot Even Hope to use Gröbner Bases in Public Key Cryptography: An Open Letter to a Scientist Who Failed and a Challenge to Those Who Have Not Yet Failed , 1994, J. Symb. Comput..

[34]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.