Improved Attacks for Characteristic-2 Parameters of the Cubic ABC Simple Matrix Encryption Scheme
- 1.5k Downloads
In the last few years multivariate public key cryptography has experienced an infusion of new ideas for encryption. Among these new strategies is the ABC Simple Matrix family of encryption schemes which utilize the structure of a large matrix algebra to construct effectively invertible systems of nonlinear equations hidden by an isomorphism of polynomials. One promising approach to cryptanalyzing these schemes has been structural cryptanalysis, based on applying a strategy similar to MinRank attacks to the discrete differential. These attacks however have been significantly more expensive when applied to parameters using fields of characteristic 2, which have been the most common choice for published parameters. This disparity is especially great for the cubic version of the Simple Matrix Encryption Scheme.
In this work, we demonstrate a technique that can be used to implement a structural attack which is as efficient against parameters of characteristic 2 as are attacks against analogous parameters over higher characteristic fields. This attack demonstrates that, not only is the cubic simple matrix scheme susceptible to structural attacks, but that the published parameters claiming 80 bits of security are less secure than claimed (albeit only slightly.) Similar techniques can also be applied to improve structural attacks against the original Simple Matrix Encryption scheme, but they represent only a modest improvement over previous structural attacks. This work therefore demonstrates that choosing a field of characteristic 2 for the Simple Matrix Encryption Scheme or its cubic variant will not provide any additional security value.
KeywordsMultivariate public key cryptography Differential invariant MinRank Encryption
- 3.Group, C.T.: Submission requirements and evaluation criteria for the post-quantum cryptogra-phy standardization process. NIST CSRC (2016). http://csrc.nist.gov/groups/ST/post-quantum-crypto/documents/call-for-proposals-nal-dec-2016.pdf
- 12.Porras, J., Baena, J., Ding, J.: ZHFE, a new multivariate public key encryption scheme. In: , pp. 229–245 (2014)Google Scholar
- 13.Tao, C., Diene, A., Tang, S., Ding, J.: Simple matrix scheme for encryption. In: , pp. 231–242 (2013)Google Scholar
- 14.Ding, J., Petzoldt, A., Wang, L.: The cubic simple matrix encryption scheme. In: , pp. 76–87 (2014)Google Scholar
- 15.Szepieniec, A., Ding, J., Preneel, B.: Extension field cancellation: a new central trapdoor for multivariate quadratic systems. In: , pp. 182–196 (2016)Google Scholar
- 16.Perlner, R.A., Smith-Tone, D.: Security analysis and key modification for ZHFE. In: , pp. 197–212 (2016)Google Scholar
- 17.Moody, D., Perlner, R.A., Smith-Tone, D.: An asymptotically optimal structural attack on the ABC multivariate encryption scheme. In: , pp. 180–196 (2014)Google Scholar
- 18.Moody, D., Perlner, R.A., Smith-Tone, D.: Key recovery attack on the cubic ABC simple matrix multivariate encryption scheme. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 255–271. Springer, Cham (2017)Google Scholar
- 19.Barker, E., Roginsky, A.: Transitions: recommendation for transitioning the use of cryptographic algorithms and key lengths. NIST Special Publication (2015). http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.Spp.800-131Ar1.pdf
- 20.Diene, A., Tao, C., Ding, J.: Simple matrix scheme for encryption (ABC). In: PQCRYPTO 2013 (2013). http://pqcrypto2013.xlim.fr/slides/05-06-2013/Diene.pdf
- 22.Developers, T.S.: SageMath, the Sage Mathematics Software System (SAGE, Version 7.2) (2016). http://www.sagemath.org