An Efficient Provable Distinguisher for HFE
نویسندگان
چکیده
The HFE cryptosystem was the subject of several cryptanalytic studies, sometimes successful, but always heuristic. To contrast with this trend, this work goes back to the beginnning and achieves in a provable way a first step of cryptanalysis which consists in distinguishing HFE public keys from random systems of quadratic equations. We provide two distinguishers: the first one has polynomial complexity and subexponential advantage; the second has subexponential complexity and advantage close to one. These distinguishers are built on the differential methodology introduced at Eurocrypt’05 by Fouque & al. Their rigorous study makes extensive use of combinatorics in binary vector spaces. This combinatorial approach is novel in the context of multivariate schemes. We believe that the alliance of both techniques provides a powerful framework for the mathematical analysis of multivariate schemes.
منابع مشابه
Inverting HFE Is Quasipolynomial
In the last ten years, multivariate cryptography has emerged as a possible alternative to public key cryptosystems based on hard computational problems from number theory. Notably, the HFE scheme [17] appears to combine efficiency and resistance to attacks, as expected from any public key scheme. However, its security is not yet completely understood. On one hand, since the security is related ...
متن کاملDistinguishing Attacks on a Kind of Generalized Unbalanced Feistel Network
Recently, a new kind of Generalized Unbalanced Feistel Network, denoted as GUFN-n, is proposed by Choy et al. at ACISP 2009. The advantages of this structure are that it allows parallel computations for encryption and it can provide provable security against traditional differential and linear cryptanalysis given that the round function is bijective. For this new structure, the designers also f...
متن کاملStructural Evaluation of AES and Chosen-Key Distinguisher of 9-Round AES-128
While the symmetric-key cryptography community has now a good experience on how to build a secure and efficient fixed permutation, it remains an open problem how to design a key-schedule for block ciphers, as shown by the numerous candidates broken in the related-key model or in a hash function setting. Provable security against differential and linear cryptanalysis in the related-key scenario ...
متن کاملIdentifying Ideal Lattices
Micciancio defined a generalization of cyclic lattices, called ideal lattices. These lattices can be used in cryptosystems to decrease the number of parameters necessary to describe a lattice by a square root, making them more efficient. He proves that the computational intractability of classic lattice problems for these lattices gives rise to provably secure one-way and collision-resistant ha...
متن کاملCryptanalysis of a Generalized Unbalanced Feistel Network Structure
This paper reevaluates the security of GF-NLFSR, a new kind of generalized unbalanced Feistel network structure that was proposed at ACISP 2009. We show that GF-NLFSR itself reveals a very slow diffusion rate, which could lead to several distinguishing attacks. For GF-NLFSR containing n sub-blocks, we find an n-round integral distinguisher by algebraic methods and further use this integral to c...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006