The Hidden Root Problem

In this paper we study a novel computational problem called the Hidden Root Problem, which appears naturally when considering fault attacks on pairing based cryptosystems. Furthermore, a variant of this problem is one of the main obstacles for efficient pairing inversion. We present an algorithm to solve this problem over extension fields and investigate for which parameters the algorithm becomes practical.

[1]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[2]  Dan Boneh,et al.  Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes , 1996, CRYPTO.

[3]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[4]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[5]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[6]  Paulo S. L. M. Barreto,et al.  Efficient pairing computation on supersingular Abelian varieties , 2007, IACR Cryptol. ePrint Arch..

[7]  Frederik Vercauteren,et al.  The Eta Pairing Revisited , 2006, IEEE Transactions on Information Theory.

[8]  Michael Scott,et al.  Side Channel Analysis of Practical Pairing Implementations: Which Path Is More Secure? , 2006, VIETCRYPT.

[9]  Frederik Vercauteren,et al.  A Fault Attack on Pairing-Based Cryptography , 2006, IEEE Transactions on Computers.

[10]  Frederik Vercauteren,et al.  Aspects of Pairing Inversion , 2008, IEEE Transactions on Information Theory.

[11]  Michael Scott,et al.  The Importance of the Final Exponentiation in Pairings When Considering Fault Attacks , 2007, Pairing.

[12]  Dan Boneh,et al.  Rounding in lattices and its cryptographic applications , 1997, SODA '97.

[13]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[14]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2001, Journal of Cryptology.

[15]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[16]  Bruno Buchberger,et al.  A theoretical basis for the reduction of polynomials to canonical forms , 1976, SIGS.