Cryptanalysis of PKP: A New Approach
Quite recently, in , a new time-memory tradeoff algorithm was presented. The original goal of this algorithm was to count the number of points on an elliptic curve, however, the authors claimed that their approach could be applied to other problems. In this paper, we describe such an application and show a new way to attack the Permuted Kernel Problem. This new method is faster than any previously known technique but still requires exponential time. In practice, we find that attacking PKP for the original size proposed by Shamir in  could be done on a single PC in 125 years.
- 1.T. Baritaud, M. Campane, P. Chauvaud, and H. Gilbert. On the security on the permuted kernel identification scheme. In CRYPTO92, volume 740 of LNCS, pages 305–311, 1992.Google Scholar
- 2.P. Chauvaud and J. Patarin. Improved algorithms for the permuted kernem problem. In CRYPTO93, volume 773, pages 391–402, 1994.Google Scholar
- 4.A. Joux and R. Lercier. “Chinese & Match”, an alternative to atkin’s “match and sort▸ method used in the SEA algorithm. Mathematics of Computation, 1999. To appear.Google Scholar
- 6.A. Shamir. An efficient identification scheme based on permuted kernels. In CRYPTO89, volume 435 of LNCS, pages 606–609, 1989.Google Scholar