Asymmetric cryptography with S-Boxes Is it easier than expected to design efficient asymmetric cryptosystems?

  • Jacques Patarin
  • Louis Goubin
Session 12: Public Systems II
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1334)


In this paper, we study some new “candidate” asymmetric cryptosystems based on the idea of hiding one or two rounds of small S-box computations with secret functions of degree one or two. The C” scheme of [10] (when its n i values are small can be seen as a very special case of these schemes. This C” scheme was broken in [11] due to unexpected algebraic properties. In the new schemes, those algebraic properties generally do not exist. Nevertheless, we will see that most of the “new” algorithms can also be broken and we deduce some very different cryptanalysis of C”.

However, we were not able to find the cryptanalysis of all the new schemes, for example for two round schemes. An interest of the paper lies therefore in the highlighting of these new schemes. The main practical advantage of these schemes is that secret computations are easy and can be performed in low-cost smartcards.

An extended version of this paper can be obtained from the authors.


Finite Field Multivariate Polynomial Round Function Functional Decomposition Differential Cryptanalysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Eli Biham, Adi Shamir, Differential Cryptanalysis of the full 16-Round DES, CRYPTO'92, Springer-Verlag, pp. 487–496.Google Scholar
  2. 2.
    Ian Blake, XuHong Gao, Ronald Mullin, Scott Vanstone, Tomik Yaghoobian, Applications of finite Fields, Kluwer Academic Publishers, p. 25.Google Scholar
  3. 3.
    Matthew Dickerson, The functional Decomposition of Polynomials, Ph.D Thesis, TR 89-1023, Department of Computer Science, Cornell University, Ithaca, NY, July 1989.Google Scholar
  4. 4.
    Matthew Dickerson, The Inverse of an Automorphism in polynomial Time, IEEE 30th annual symposium on Foundations of Computer Science (FOGS), 1989, pp. 82–87.Google Scholar
  5. 5.
    Harriet Fell and Whitfield Diffie, Analysis of a public Key Approach based on polynomial Substitutions, CRYPTO'85, Springer-Verlag, pp. 340–349.Google Scholar
  6. 6.
    Michael Garey, David Johnson, Computers and Intractability, a Guide to the Theory of NP-Completeness, Freeman, p. 251.Google Scholar
  7. 7.
    Henri Gilbert, Pascal Chauvaud, A chosen Plaintext Attack of the 16-Round Khufu Cryptosystem, CRYPTO'94, Springer-Verlag, pp. 359–368.Google Scholar
  8. 8.
    Joe Kilian, Phillip Rogaway, How to protect DES against eshaustive Key Search, CRYPTO'96, Springer-Verlag, pp. 252–267.Google Scholar
  9. 9.
    Rudolf Lidl, Harald Niederreiter, Finite Fields, Encyclopedia of Mathematics and its applications, volume 20, Cambridge University Press, p. 287.Google Scholar
  10. 10.
    Tsutomu Matsumoto, Hideki Imai, Public quadratic polynomial-Tuples for efficient Signature-Verification and Message-Encryption, EUCROCRYPT'88, Springer-Verlag, pp. 419–453.Google Scholar
  11. 11.
    Jacques Patarin, Cryptanalysis of the Matsumoto and Imai public Key Scheme of Eurocrypt'88, CRYPTO'95, Springer-Verlag, pp. 248–261.Google Scholar
  12. 12.
    Jacques Patarin, Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): two new Families of asymmetric Algorithms, EUROCRYPT'96, Springer-Verlag, pp. 33–48.Google Scholar
  13. 13.
    Jacques Patarin, Asymmetric Cryptography with a hidden Monomial, CRYPTO'96, Springer-Verlag, pp. 45–60.Google Scholar
  14. 14.
    Jacques Patarin, Louis Goubin, Trapdoor one-way permutations and multivariate polynomials, IC ICS'97 (this conference).Google Scholar
  15. 15.
    Joachim von zur Gathen, Functional Decomposition of Polynomials: the tame Case, J. Symbolic Computation (1990), vol. 9, pp. 281–299.Google Scholar
  16. 16.
    Joachim von zur Gathen, Functional Decomposition of Polynomials: the wild Case, J. Symbolic Computation (1990), vol. 10, pp. 437–452.Google Scholar

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  • Jacques Patarin
    • 1
  • Louis Goubin
    • 1
  1. 1.Bull PTSLouveciennes CedexFrance

Personalised recommendations