Improved algorithms for isomorphisms of polynomials
 Jacques Patarin,
 Louis Goubin,
 Nicolas Courtois
 … show all 3 hide
Abstract
This paper is about the design of improved algorithms to solve Isomorphisms of Polynomials (IP) problems. These problems were first explicitly related to the problem of finding the secret key of some asymmetric cryptographic algorithms (such as Matsumoto and Imai's C* scheme of [12], or some variations of Patarin's HFE scheme of [14]). Moreover, in [14], it was shown that IP can be used in order to design an asymmetric authentication or signature scheme in a straightforward way. We also introduce the more general Morphisms of Polynomials problem (MP). As we see in this paper, these problems IP and MP have deep links with famous problems such as the Isomorphism of Graphs problem or the problem of fast multiplication of n x n matrices. The complexities of our algorithms for IP are still not polynomial, but they are much more efficient than the previously known algorithms. For example, for the IP problem of finding the two secret matrices of a MatsumotoImai C* scheme over K = Fq, the complexity of our algorithms is \(\mathcal{O}(q^{n/2} )\) instead of \(\mathcal{O}(q^{(n^2 )} )\) for previous algorithms. (In [13], the C* scheme was broken, but the secret key was not found). Moreover, we have algorithms to achieve a complexity \(\mathcal{O}(q^{\tfrac{3}{2}n} )\) on any system of n quadratic equations with n variables over K = Fq (not only equations from C*). We also show that the problem of deciding whether a polynomial isomorphism exists between two sets of equations is not NPcomplete (assuming the classical hypothesis about ArthurMerlin games), but solving IP is at least as difficult as the Graph Isomorphism problem (GI) (and perhaps much more difficult), so that IP is unlikely to be solvable in polynomial time. Moreover, the more general Morphisms of Polynomials problem (MP) is NPhard. Finally, we suggest some variations of the IP problem that may be particularly convenient for cryptographic use.
 Babai, L., Moran, S. (1988) ArthurMerlin games: A randomized proof system, and a hierarchy of complexity classes. JCSS 36: pp. 254276
 Manuel Blum, How to prove a theorem so no one else can claim it, Proceeedings of the International Congress of Mathematics, Berkeley CA, 1986, pp. 1444–1451.
 Boppana, R. B., Håstad, J., Zachos, S. (1987) Does coNP have short interactive proofs. Information Proc. Letters 25: pp. 127132 CrossRef
 Coppersmith, D., Winograd, S. (1990) Matrix multiplication via arithmetic progressions. J. Symbolic Computation 9: pp. 251280 CrossRef
 Scott Fortin, The Graph Isomorphism Problem, Technical Report 9320, University of Alberta, Edmonton, Alberta, Canada, July 1996. This paper is available at ftp://ftp.cs.ualberta.ca/pub/TechReports/1996/TR9620/TR9620.ps.gz
 Goldreich, O., Micali, S., Wigderson, A. (1991) Proofs that yield nothing but their validity and a methodology of cryptographic protocol design. Journal of the ACM 38: pp. 691729
 Goldwasser, S., Micali, S., Rackoff, C. (1989) The knowledge complexity of interactive proofs. SIAM J. Comput. 18: pp. 186208 CrossRef
 Shafi Goldwasser, Michael Sipser, Private coins vs. public coins in interactive proof systems, Advances in Computing Research, S. Micali (Ed.), vol. 5, 1989, pp. 73–90.
 John Gustafson, Srinivas Aluru, Massively Parallel Searching for Better Algorithms or, How to Do a Cross Product with Five Multiplications, Ames Laboratory, Department of Energy, ISU, Ames, Iowa. This paper is available at http://www.scl.ameslab.gov/Publications/FiveMultiplications/Five.html
 Håstad, J. (1990) Tensor Rank is NPComplete. Journal of Algorithms 11: pp. 644654 CrossRef
 Rudolf Lidl, Harald Niederreiter, “Finite Fields”, Encyclopedia of Mathematics and its applications, Volume 20, Cambridge University Press.
 Tsutomu Matsumoto, Hideki Imai, Public quadratic polynomialTuples for efficient SignatureVerification and MessageEncryption, EUROCRYPT'88, SpringerVerlag, pp. 419–453.
 Jacques Patarin, Cryptanalysis of the Matsumoto and Imai public Key Scheme of Eurocrypt'88, CRYPTO'95, SpringerVerlag, pp. 248–261.
 Jacques Patarin, Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): two new Families of asymmetric Algorithms, EUROCRYPT'96, SpringerVerlag, pp. 33–48.
 Erev Petrank, Ron M. Roth, Is Code Equivalence Easy to Decide?, IEEE Transactions on Information Theory, 1997.
 Strassen, V. (1969) Gaussian elimination is not optimal. Numerische Mathematik 13: pp. 354356 CrossRef
 Strassen, V. (1988) The asymptotic spectrum of tensors. J. Reine Angew. Math. 384: pp. 102152
 Title
 Improved algorithms for isomorphisms of polynomials
 Book Title
 Advances in Cryptology — EUROCRYPT'98
 Book Subtitle
 International Conference on the Theory and Application of Cryptographic Techniques Espoo, Finland, May 31 – June 4, 1998 Proceedings
 Pages
 pp 184200
 Copyright
 1998
 DOI
 10.1007/BFb0054126
 Print ISBN
 9783540645184
 Online ISBN
 9783540697954
 Series Title
 Lecture Notes in Computer Science
 Series Volume
 1403
 Series ISSN
 03029743
 Publisher
 Springer Berlin Heidelberg
 Copyright Holder
 SpringerVerlag
 Additional Links
 Topics
 Industry Sectors
 eBook Packages
 Editors
 Authors

 Jacques Patarin ^{(1)}
 Louis Goubin ^{(1)}
 Nicolas Courtois ^{(2)}
 Author Affiliations

 1. Bull Smart Cards and Terminals, 68 route de Versailles, BP 45, 78431, Louveciennes Cedex, France
 2. Modélisation et Signal, Université de Toulon et du Var, BP 132, 83957, La Garde Cedex, France
Continue reading...
To view the rest of this content please follow the download PDF link above.