Cryptanalysis of Patarin's 2-Round Public Key System with S Boxes (2R)

In a series of papers Patarin proposes new efficient public key systems. A very interesting proposal, called 2-Round Public Key System with S Boxes, or 2R, is based on the difficulty of decomposing the structure of several rounds of unknown linear transformations and S boxes. This difficulty is due to the difficulty of decomposing compositions of multivariate binary functions. In this paper we present a novel attack which breaks the 64-bit block variant with complexity about 230 steps, and the more secure 128-bit blocks variant with complexity about 260 steps. It is interesting to note that this cryptanalysis uses only the ciphertexts of selected plaintexts, and does not analyze the details of the supplied encryption code.

[1]  Hideki Imai,et al.  Public Quadratic Polynominal-Tuples for Efficient Signature-Verification and Message-Encryption , 1988, EUROCRYPT.

[2]  Louis Goubin,et al.  Asymmetric cryptography with S-Boxes , 1997, ICICS.

[3]  Adi Shamir,et al.  Efficient Signature Schemes Based on Polynomial Equations , 1984, CRYPTO.

[4]  P SchnorrClaus,et al.  An efficient solution of the congruence x2+ky2=m (modn) , 1987 .

[5]  Jacques Patarin,et al.  Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms , 1996, EUROCRYPT.

[6]  Jacques Patarin,et al.  Asymmetric Cryptography with a Hidden Monomial , 1996, CRYPTO.

[7]  Jacques Patarin,et al.  Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88 , 1995, CRYPTO.

[8]  Ye Ding-Feng,et al.  Cryptanalysis of 2R schemes , 1999, CRYPTO 1999.

[9]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[10]  Kwok-Yan Lam,et al.  Cryptanalysis of "2 R" Schemes , 1999, CRYPTO.

[11]  Adi Shamir,et al.  Efficient Signature Schemes Based on Birational Permutations , 1993, CRYPTO.

[12]  Jacques Patarin Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'98 , 2000, Des. Codes Cryptogr..

[13]  Jacques Stern,et al.  Attacks on the Birational Permutation Signature Schemes , 1993, CRYPTO.

[14]  Claus-Peter Schnorr,et al.  An efficient solution of the congruence x2+ky2=mpmod{n} , 1987, IEEE Trans. Inf. Theory.