Advertisement

Cryptanalysis of Rainbow

  • Olivier Billet
  • Henri Gilbert
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4116)

Abstract

Rainbow is a fast asymmetric multivariate signature algorithm proposed by J. Ding and D. Schmidt in [5]. This paper presents a cryptanalysis of Rainbow which enables an attacker provided with the public key to recover an equivalent representation of the secret key, thus allowing her to efficiently forge a signature of any message. For the set of parameter values recommended by the authors of Rainbow in order to achieve a security level strictly higher than 280, the complexity of our attack is less than 271 operations. This is 240 times less than the complexity of the best known attack used by the authors to dimension their system.

Keywords

Public Key Cryptography Multivariate Cryptography Rainbow UOV (Unblanced Oil and Vinegar) Signature Schemes 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Akkar, M.-L., Courtois, N.T., Goubin, L., Duteuil, R.: A fast and secure implementation of sflash. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 267–278. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Braeken, A., Wolf, C., Preneel, B.: A Study of the Security of Unbalanced Oil and Vinegar Signature Schemes. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 29–43. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Courtois, N.T.: Efficient Zero-Knowledge Authentication Based on a Linear Algebra Problem MinRank. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 402–421. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Goubin, L., Courtois, N.T.: Cryptanalysis of the TTM cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 44–57. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Ding, J., Schmidt, D.: Rainbow, a New Multivariable Polynomial Signature Scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Imai, H., Matsumoto, T.: Algebraic Methods for Constructing Asymmetric Cryptosystems. In: Calmet, J. (ed.) AAECC 1985. LNCS, vol. 229, pp. 108–119. Springer, Heidelberg (1986)Google Scholar
  7. 7.
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced Oil and Vinegar Signature Schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Lidl, R., Niederreiter, H.: Finite fields. In: Encyclopedia of Mathematics and its Applications, 2nd edn., vol. 20. Cambridge University Press, Cambridge (1997)Google Scholar
  9. 9.
    Matsumoto, T., Imai, H.: Public Quadratic Polynomial-Tuples for Efficient Signature-Verification and Message-Encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)Google Scholar
  10. 10.
    Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt 1988. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)Google Scholar
  11. 11.
    Patarin, J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): Two new families of asymmetric algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)Google Scholar
  12. 12.
    Patarin, J.: The Oil and Vinegar Algorithm for Signatures. In: Dagsthul Workshop on Cryptography (September 1997)Google Scholar
  13. 13.
    Kipnis, A., Shamir, A.: Cryptanalysis of the Oil & Vinegar Signature Scheme. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 257–266. Springer, Heidelberg (1998)Google Scholar
  14. 14.
    Wolf, C., Braeken, A., Preneel, B.: Efficient cryptanalysis of RSE(2)PKC and RSSE(2)PKC. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 294–309. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Yang, B.-Y., Chen, J.-M.: Tts: Rank attacks in tame-like multivariate pkcs. Cryptology ePrint Archive, Report, 2004/061 (2004), http://eprint.iacr.org/

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Olivier Billet
    • 1
  • Henri Gilbert
    • 1
  1. 1.France Télécom R&DIssy les MoulineauxFrance

Personalised recommendations