The Hidden Root Problem

  • Frederik Vercauteren
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5209)

Abstract

In this paper we study a novel computational problem called the Hidden Root Problem, which appears naturally when considering fault attacks on pairing based cryptosystems. Furthermore, a variant of this problem is one of the main obstacles for efficient pairing inversion. We present an algorithm to solve this problem over extension fields and investigate for which parameters the algorithm becomes practical.

Keywords

finite fields subgroups hidden root problem pairing inversion 
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barreto, P.S.L.M., Galbraith, S.D., Ó’hÉigeartaigh, C., Scott, M.: Efficient pairing computation on supersingular abelian varieties. Designs, Codes and Cryptography 42(3), 239–271 (2007)MATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 129–142. Springer, Heidelberg (1996)Google Scholar
  3. 3.
    Boneh, D., Venkatesan, R.: Rounding in lattices and its cryptographic applications. In: Proc. 8th Annual ACM-SIAM Symp. on Discr. Algorithms, pp. 675–681. ACM, New York (1997)Google Scholar
  4. 4.
    Buchberger, B.: A theoretical basis for the reduction of polynomials to canonical forms. SIGSAM Bull 10(3), 19–29 (1976)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inform. Theory 31(4), 469–472 (1985)MATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Galbraith, S.D., Hess, F., Vercauteren, F.: Aspects of pairing inversion (preprint 2008), http://eprint.iacr.org/2007/256
  8. 8.
    Hess, F., Smart, N., Vercauteren, F.: The Eta-pairing revisited. IEEE Transactions on Information Theory 52(10), 4595–4602 (2006)CrossRefMathSciNetGoogle Scholar
  9. 9.
    Miller, V.S.: The Weil pairing, and its efficient calculation. J. Cryptology 17(4), 235–261 (2004)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Page, D., Vercauteren, F.: A Fault Attack on Pairing Based Cryptography. IEEE Transactions on Computers 55(9), 1075–1080 (2006)CrossRefGoogle Scholar
  11. 11.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  12. 12.
    Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261(4), 515–534 (1982)MATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Comm. ACM 21(2), 120–126 (1978)MATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Shparlinski, I.E.: Playing ”Hide-and-Seek” in finite fields: Hidden number problem and its applications. In: Proc. 7th Spanish Meeting on Cryptology and Information Security, vol. 1, pp. 49–72. Univ. of Oviedo (2002)Google Scholar
  15. 15.
    Verheul, E.: Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 195–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Verheul, E.: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. J. Crypt. 17(4), 277–296 (2004)MATHMathSciNetGoogle Scholar
  17. 17.
    Whelan, C., Scott, M.: The Importance of the Final Exponentiation in Pairings when Considering Fault Attacks. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 225–246. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Whelan, C., Scott, M.: Side Channel Analysis of Practical Pairings: Which Path is more Secure? In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 99–114. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Frederik Vercauteren
    • 1
  1. 1.Department of Electrical EngineeringUniversity of LeuvenLeuven-HeverleeBelgium

Personalised recommendations