Fast Cryptanalysis of the Matsumoto-Imai Public Key Scheme
نویسندگان
چکیده
The Matsumoto-Imai public key scheme was developed to provide very fast signatures. It is based on substitution polynomials over GF( 2 ). This paper shows in two ways that the Matsumoto-Imai public key scheme is very easy to break. In the faster of the two attacks the time to cryptanalyze the scheme is about proportional to the binary length of the public key. This shows that Matsumoto and Imai greatly overestimated the security of their scheme. Fast Cryptanalysis of the Matsumoto-Imai Public Key Scheme P. Delsarte Philips Research Laboratory, Avenue Van Becelaere, 2 B-1170 Brussels, Belgium Y. Desmedt Katholieke Universiteit Leuven, Laboratorium ESAT, Kardinaal Mercierlaan, 94 B-3030 Heverlee, Belgium A. Odlyzko AT&T Bell Laboratories Murray Hill, New Jersey 07974, U.S.A. P. Piret Philips Research Laboratory, Avenue Van Becelaere, 2 B-1170 Brussels, Belgium
منابع مشابه
Cryptanalysis of Imai and Matsumoto Scheme B Asymmetric Cryptosystem
Imai and Matsumoto introduced alternative algebraic methods for constructing public key cryptosystems. An obvious advantage of theses public key cryptosystems is that the private side computations can be made very efficient with a simple hardware. Almost all of these proposals and variants of them were broken. However, scheme “B” in [3] is still unbroken. In this paper we show some statistical ...
متن کاملCryptanalysis of Novel Extended Multivariate Public Key Cryptosystem with Invertible Cycle
In 2016, Qiao et al. proposed a novel extended multivariate public key cryptosystem (EMC) to enhance the security of multivariate public key cryptosystem. They applied it on Matsumoto-Imai (MI) encryption scheme and claimed that the enhanced MI scheme can be secure against Linearization Equation (LE) attack. Through analysis, we found that the enhanced MI scheme satisfied Quadratization Equatio...
متن کاملDifferential Cryptanalysis for Multivariate Schemes
In this paper we propose a novel cryptanalytic method against multivariate schemes, which adapts differential cryptanalysis to this setting. In multivariate quadratic systems, the differential of the public key is a linear map and has invariants such as the dimension of the kernel. Using linear algebra, the study of this invariant can be used to gain information on the secret key. We successful...
متن کاملEquivalent keys in ℳultivariate uadratic public key systems
Multivariate Quadratic public key schemes have been suggested back in 1985 by Matsumoto and Imai as an alternative for the RSA scheme. Since then, several other schemes have been proposed, for example Hidden Field Equations, Unbalanced Oil and Vinegar schemes, and Stepwise Triangular Schemes. All these schemes have a rather large key space for a secure choice of parameters. Surprisingly, the qu...
متن کاملEquivalent Keys in Multivariate Quadratic Public Key Systems
Multivariate Quadratic public key schemes have been suggested as early as 1985 by Matsumoto and Imai as an alternative for the RSA scheme. Since then, several schemes have been proposed, for example Hidden Field Equations, Unbalanced Oil and Vinegar schemes, and Stepwise Triangular Schemes. All these schemes have a rather large key space for a secure choice of parameters. Surprisingly, the ques...
متن کامل