Further results on the security of MQ—DRBG
نویسندگان
چکیده
In 2011 ISO standardized [2] a family of deterministic pseudorandom bit generators MQ—DRBG, based on multivariate quadratic functions satisfying certain properties. The security of the generator could be described in terms of complexity of solving the corresponding system of multivariate quadratic equations. In our previous article [1] we proposed two different techniques for constructing systems of equations, which satisfy the restrictions of the standard, but could be solved with less complexity than stated in [2]:
منابع مشابه
On the security of MQ_DRBG
MQ—DRBG is a pseudorandom number bit generator proposed for international standardization by the French national organization for Standardization (AFNOR). It makes use of a specific instantiation of a one-way function S : F2 → F 2 based on quadratic multivariate polynomials. We describe two methods for constructing function S, satisfying requirements of the proposed draft, but having less secur...
متن کاملSecurity Analysis of DRBG Using HMAC in NIST SP 800-90
HMAC DRBG is a deterministic random bit generator using HMAC specified in NIST SP 800-90. The document claims that HMAC DRBG is a pseudorandom bit generator if HMAC is a pseudorandom function. However, no proof is given in the document. This article provides a security analysis of HMAC DRBG and confirms the claim.
متن کاملMQ Challenge: Hardness Evaluation of Solving Multivariate Quadratic Problems
Multivariate Quadratic polynomial (MQ) problem serve as the basis of security for potentially post-quantum cryptosystems. The hardness of solving MQ problem depends on a number of parameters, most importantly the number of variables and the degree of the polynomials, as well as the number of equations, the size of the base field etc. We investigate the relation among these parameters and the ha...
متن کاملMQ Signatures for PKI
It is well known that multivariate quadratic (MQ) digital signature schemes have small signatures but huge public keys. However, in some settings, such as public key infrastructure (PKI), both variables are important. This paper explains how to transform any MQ signature scheme into one with a much smaller public key at the cost of a larger signature. The transformation aims to reduce the combi...
متن کاملSalvaging Weak Security Bounds for Blockcipher-Based Constructions
The concrete security bounds for some blockcipher-based constructions sometimes become worrisome or even vacuous; for example, when a light-weight blockcipher is used, when large amounts of data are processed, or when a large number of connections need to be kept secure. Rotating keys helps, but introduces a “hybrid factor” m equal to the number of keys used. In such instances, analysis in the ...
متن کامل