Linearity Measures for MQ Cryptography
نویسندگان
چکیده
We propose a new general framework for the security of multivariate quadratic (MQ) schemes with respect to attacks that exploit the existence of linear subspaces. We adopt linearity measures that have been used traditionally to estimate the security of symmetric cryptographic primitives, namely the nonlinearity measure for vectorial functions introduced by Nyberg at Eurocrypt ’92, and the (s, t)–linearity measure introduced recently by Boura and Canteaut at FSE’13. We redefine some properties of MQ cryptosystems in terms of these known symmetric cryptography notions, and show that our new framework is a compact generalization of several known attacks in MQ cryptography against single field schemes. We use the framework to explain various pitfalls regarding the successfulness of these attacks. Finally, we argue that linearity can be used as a solid measure for the susceptibility of MQ schemes to these attacks, and also as a necessary tool for prudent design practice in MQ cryptography.
منابع مشابه
Implementing Joux-Vitse's Crossbred Algorithm for Solving MQ Systems over GF(2) on GPUs
The hardness of solving multivariate quadratic (MQ) systems is the underlying problem for multivariate-based schemes in the field of post-quantum cryptography. The concrete, practical hardness of this problem needs to be measured by state-of-the-art algorithms and high-performance implementations. We describe, implement, and evaluate an adaption of the Crossbred algorithm by Joux and Vitse from...
متن کاملMQ Challenge: Hardness Evaluation of Solving Multivariate Quadratic Problems
Multivariate Quadratic polynomial (MQ) problem serve as the basis of security for potentially post-quantum cryptosystems. The hardness of solving MQ problem depends on a number of parameters, most importantly the number of variables and the degree of the polynomials, as well as the number of equations, the size of the base field etc. We investigate the relation among these parameters and the ha...
متن کاملPublic-Key Identification Schemes Based on Multivariate Quadratic Polynomials
A problem of solving a system of multivariate quadratic polynomials over a finite field, which is called an MQ problem, is a promising problem in cryptography. A number of studies have been conducted on designing public-key schemes using the MQ problem, which are known as multivariate public-key cryptography (MPKC). However, the security of the existing schemes in MPKC relies not only on the MQ...
متن کاملSmall Private Key PKS on an Embedded Microprocessor
Multivariate quadratic (MQ) cryptography requires the use of long public and private keys to ensure a sufficient security level, but this is not favorable to embedded systems, which have limited system resources. Recently, various approaches to MQ cryptography using reduced public keys have been studied. As a result of this, at CHES2011 (Cryptographic Hardware and Embedded Systems, 2011), a sma...
متن کاملS 6830 – Cryptography Oct 1 , 2009 Lecture 11 : Pseudorandom functions
Definition 2 (Multi-message secure encryption) (Gen,Enc,Dec) is a multi-message secure encryption scheme if for all nuPPT A, for all polynomial q(·) there exists a negligible function (·) such that ∀ n ∈ N and for all pairs of sequences of messages m0,m1, . . . ,mq(n), m ′ 0,m ′ 1, . . . ,m ′ q(n) ∈ {0, 1} , A distinguishes {k ← Gen(1) : Enck(m0), . . . , Enck(mq(n))} {k ← Gen(1) : Enck(m0), . ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2014 شماره
صفحات -
تاریخ انتشار 2014