A Panorama of Post-quantum Cryptography

  • Paulo S. L. M. Barreto
  • Felipe Piazza Biasi
  • Ricardo Dahab
  • Julio César López-Hernández
  • Eduardo M. de Morais
  • Ana D. Salina de Oliveira
  • Geovandro C. C. F. Pereira
  • Jefferson E. Ricardini
Chapter

Abstract

In 1994, Peter Shor published a quantum algorithm capable of factoring large integers and computing discrete logarithms in Abelian groups in polynomial time. Since these computational problems provide the security basis of conventional asymmetric cryptosystems (e.g., RSA, ECC), information encrypted under such schemes today may well become insecure in a future scenario where quantum computers are a technological reality. Fortunately, certain classical cryptosystems based on entirely different intractability assumptions appear to resist Shor’s attack, as well as others similarly based on quantum computing. The security of these schemes, which are dubbed post-quantum cryptosystems, stems from hard problems on lattices, error-correcting codes, multivariate quadratic systems, and hash functions. Here we introduce the essential notions related to each of these schemes and explore the state of the art on practical aspects of their adoption and deployment, like key sizes and cryptogram/signature bandwidth overhead.

References

  1. 1.
    M. Ajtai, Generating hard instances of lattice problems (extended abstract), in Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, STOC ‘96 (ACM, New York, 1996), pp. 99–108Google Scholar
  2. 2.
    M. Alabbadi, S.B. Wicker, A digital signature scheme based on linear error-correcting block codes, in Advances in Cryptology – Asiacrypt ‘94, vol. 917 of Lecture Notes in Computer Science (Springer, New York, 1994), pp. 238–348Google Scholar
  3. 3.
    L Babai, On lovsz lattice reduction and the nearest lattice point problem. Combinatorica 6(1), 1–13 (1986)CrossRefMATHMathSciNetGoogle Scholar
  4. 4.
    M. Baldi, F. Chiaraluce, Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC code, in IEEE International Symposium on Information Theory – ISIT 2007 (IEEE, Nice, 2007), pp. 2591–2595Google Scholar
  5. 5.
    M. Baldi, F. Chiaraluce, M. Bodrato, A new analysis of the McEliece cryptosystem based on QC-LDPC codes, in Security and Cryptography for Networks – SCN 2008, vol. 5229 of Lecture Notes in Computer Science (Springer, Amalfi, 2008), pp. 246–262Google Scholar
  6. 6.
    R. Barbulescu, P. Gaudry, A. Joux, E. Thomé, A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. HAL-INRIA technical report, http://hal.inria.fr/hal-00835446/ (2013)
  7. 7.
    M. Bellare, P. Rogaway, Random oracles are practical: A paradigm for designing efficient protocols, in Proceedings of the 1st ACM conference on Computer and communications security (ACM, 1993), pp. 62–73Google Scholar
  8. 8.
    T.P. Berger, P.-L. Cayrel, P. Gaborit, A. Otmani, Reducing key length of the McEliece cryptosystem, in Progress in Cryptology – Africacrypt 2009, Lecture Notes in Computer Science (Springer, Gammarth, 2009), pp. 77–97Google Scholar
  9. 9.
    E. Berlekamp, R. McEliece, H. van Tilborg, On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24(3), 384–386 (1978)CrossRefMATHGoogle Scholar
  10. 10.
    D. Bernstein, T. Lange, C. Peters, Smaller decoding exponents: ball-collision decoding, in Advances in Cryptology – Crypto 2011, vol. 6841 of Lecture Notes in Computer Science (Springer, Santa Barbara, 2011), pp. 743–760Google Scholar
  11. 11.
    D.J. Bernstein, List decoding for binary Goppa codes, in Coding and Cryptology—Third International Workshop, IWCC 2011, Lecture Notes in Computer Science (Springer, Qingdao, 2011), pp. 62–80Google Scholar
  12. 12.
    D.J. Bernstein, J. Buchmann, E. Dahmen, Post-Quantum Cryptography (Springer, Heidelberg, 2008)Google Scholar
  13. 13.
    D.J. Bernstein, T. Lange, C. Peters, Attacking and defending the McEliece cryptosystem, in Post-Quantum Cryptography – PQCrypto 2008, vol. 5299 of Lecture Notes in Computer Science (Springer, New York, 2008), pp. 31–46. http://www.springerlink.com/content/68v69185x478p53g
  14. 14.
    D.J. Bernstein, T. Lange, C. Peters, Wild McEliece, in Selected Areas in Cryptography – SAC 2010, vol. 6544 of Lecture Notes in Computer Science (Springer, Waterloo, 2010), pp. 143–158Google Scholar
  15. 15.
    G. Bertoni, J. Daemen, M. Peeters, G. Van Assche, Keccak specifications. Submission to NIST (2010). http://keccak.noekeon.org/Keccak-specifications.pdf
  16. 16.
    G. Bertoni, J. Daemen, M. Peeters, G. Van Assche, Sponge functions. ECRYPT Hash Workshop 2007 (2007). Also available as public comment to NIST from http://www.csrc.nist.gov/pki/HashWorkshop/Public_Comments/2007_May.html
  17. 17.
    D. Boneh, C. Gentry, M. Hamburg, Space-efficient identity based encryption without pairings, in FOCS, pp. 647–657 (2007)Google Scholar
  18. 18.
    A. Braeken, C. Wolf, B. Preneel, A study of the security of unbalanced oil and vinegar signature schemes, in Topics in Cryptology – CT-RSA 2005, vol. 3376 of Lecture Notes in Computer Science (Springer, New York, 2005), pp. 29–43Google Scholar
  19. 19.
    Z. Brakerski, V. Vaikuntanathan, Efficient fully homomorphic encryption from (standard) lwe. Electron. Colloq. Comput. Complex. 18, 109 (2011)Google Scholar
  20. 20.
    J. Buchmann, C. Coronado, E. Dahmen, M. Dring, E. Klintsevich, CMSS – an improved merkle signature scheme, in Progress in Cryptology INDOCRYPT 2006, vol. 4329 of Lecture Notes in Computer Science (Springer, New York, 2006), pp. 349–363Google Scholar
  21. 21.
    J. Buchmann, E. Dahmen, S. Ereth, A. Hlsing, M. Rckert, On the security of the Winternitz one-time signature scheme, in Progress in Cryptology – AFRICACRYPT 2011, vol. 6737 of Lecture Notes in Computer Science (Springer, New York, 2011), pp. 363–378Google Scholar
  22. 22.
    J. Buchmann, E. Dahmen, A. Hlsing, XMSS-a practical secure signature scheme based on minimal security assumptions, in Cryptology ePrint Archive - Report 2011/484. ePrint (2011)Google Scholar
  23. 23.
    J. Buchmann, E. Dahmen, E. Klintsevich, K. Okeya, C. Vuillaume, Merkle signatures with virtually unlimited signature capacity, in Applied Cryptography and Network Security – ACNS 2007, vol. 4521 of Lecture Notes in Computer Science (Springer, New York, 2007), pp. 31–45Google Scholar
  24. 24.
    J. Buchmann, E. Dahmen, M. Schneider, Merkle tree traversal revisited, in Post-Quantum Cryptography – PQCrypto 2008, vol. 5299 of Lecture Notes in Computer Science (Springer, New York, 2008), pp. 63–78Google Scholar
  25. 25.
    S. Contini, A.K. Lenstra, R. Steinfeld, VSH, an Efficient and Provable Collision Resistant Hash Function. Cryptology ePrint Archive, Report 2005/193 (2005). http://eprint.iacr.org/
  26. 26.
    N. Courtois, M. Finiasz, N. Sendrier, How to achieve a McEliece-based digital signature scheme, in Advances in Cryptology – Asiacrypt 2001, vol. 2248 of Lecture Notes in Computer Science (Springer, Gold Coast, 2001), pp. 157–174Google Scholar
  27. 27.
    R.A. DeMillo, D.P. Dobkin, A.K. Jones, R.J. Lipton, Foundations of Secure Computation (Academic Press, New York, 1978)MATHGoogle Scholar
  28. 28.
    J. Ding, D. Schmidt, Rainbow, a new multivariable polynomial signature scheme, in International Conference on Applied Cryptography and Network Security – ACNS 2005, vol. 3531 of Lecture Notes in Computer Science (Springer, New York, 2005), pp. 164–175Google Scholar
  29. 29.
    C. Dods, N. Smart, M. Stam, Hash based digital signature schemes, in Cryptography and Coding, vol. 3796 of Lecture Notes in Computer Science (Springer, New York, 2005), pp. 96–115Google Scholar
  30. 30.
    J.-C. Faugère, A. Otmani, L. Perret, J.-P. Tilllich, Algebraic cryptanalysis of McEliece variants with compact keys, in Advances in Cryptology – Eurocrypt 2010, vol. 6110 of Lecture Notes in Computer Science (Springer, Nice, 2010), pp. 279–298Google Scholar
  31. 31.
    P. Gaborit, Shorter keys for code based cryptography, in International Workshop on Coding and Cryptography – WCC 2005 (ACM Press, Bergen, 2005), pp. 81–91Google Scholar
  32. 32.
    R.G. Gallager, Low-density parity-check codes. Information Theory, IRE Transactions on 8(1), 21–28 (1962)CrossRefMATHMathSciNetGoogle Scholar
  33. 33.
    M.R. Garey, D.S. Johnson, Computers and Intractability – A Guide to the Theory of NP-Completeness (W. H. Freeman and Company, New York, 1979)MATHGoogle Scholar
  34. 34.
    S. Garg, C. Gentry, S. Halevi, Candidate multilinear maps from ideal lattices, in Advances in Cryptology – EUROCRYPT 2013, pp. 1–17 (2013)Google Scholar
  35. 35.
    S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters, Candidate indistinguishability obfuscation and functional encryption for all circuits, IACR Cryptology ePrint Archive 2013, 451 (2013)Google Scholar
  36. 36.
    V. Gauthier, G. Leander, Practical key recovery attacks on two McEliece variants, in International Conference on Symbolic Computation and Cryptography – SCC 2010 (Springer, Egham, 2010)Google Scholar
  37. 37.
    C. Gentry, A fully homomorphic encryption scheme. PhD thesis, Stanford University, 2009. crypto.stanford.edu/craig
  38. 38.
    C. Gentry, Encrypted messages from the heights of cryptomania, in TCC, pp. 120–121 (2013)Google Scholar
  39. 39.
    C. Gentry, C. Peikert, V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, in Proceedings of the 40th Annual ACM Symposium on Theory of Computing, STOC ‘08 (ACM, New York, 2008), pp. 197–206Google Scholar
  40. 40.
    C. Gentry, A. Sahai, B. Waters, Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based, in Advances in Cryptology – CRYPTO ‘89, vol. 8042 of Lecture Notes in Computer Science (Springer, New York, 2013), pp. 75–92Google Scholar
  41. 41.
    J.K. Gibson, The security of the Gabidulin public key cryptosystem, in Advances in Cryptology – Eurocrypt ‘96, vol. 1070 of Lecture Notes in Computer Science (Springer, Zaragoza, 1996), pp. 212–223Google Scholar
  42. 42.
    O. Goldreich, S. Goldwasser, S. Halevi, Public-key cryptosystems from lattice reduction problems, in Advances in Cryptology – CRYPTO ‘97, vol. 1294 of Lecture Notes in Computer Science (Springer, New York, 1997), pp. 112–131Google Scholar
  43. 43.
    V.D. Goppa, A new class of linear error correcting codes. Problemy Peredachi Informatsii 6, 24–30 (1970)MATHMathSciNetGoogle Scholar
  44. 44.
    A. Hülsing, Practical forward secure signatures using minimal security assumptions. PhD thesis, TU Darmstadt, 2013Google Scholar
  45. 45.
    J. Hoffstein, J. Pipher, J.H. Silverman, Ntru: A ring-based public key cryptosystem, in Lecture Notes in Computer Science (Springer, New York, 1998), pp. 267–288Google Scholar
  46. 46.
    W.C. Huffman, V. Pless, Fundamentals of Error-Correcting Codes (Cambridge University Press, Cambridge, 2003)CrossRefMATHGoogle Scholar
  47. 47.
    A. Kipnis, A. Shamir, Cryptanalysis of the oil and vinegar signature scheme, in ed. by H. Krawczyk. Advances in Cryptology – Crypto 1998, vol. 1462 of Lecture Notes in Computer Science (Springer, New York, 1998), pp. 257–266Google Scholar
  48. 48.
    A. Kipnis, J. Patarin, L. Goubin, Unbalanced oil and vinegar signature schemes, in ed. by J. Stern. Advances in Cryptology – EUROCRYPT ‘99, vol. 1592 of Lecture Notes in Computer Science (Springer, New York, 1999), pp. 206–222Google Scholar
  49. 49.
    L. Lamport, Constructing digital signatures from a one way function, in SRI International. CSL-98 (1979)Google Scholar
  50. 50.
    A.K. Lenstra, H.W. Lenstra, L. Lovsz, Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)CrossRefMATHMathSciNetGoogle Scholar
  51. 51.
    A. Lewko, T. Okamoto, A. Sahai, K. Takashima, B. Waters, Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption, in H. Gilbert. Advances in Cryptology – EUROCRYPT 2010, vol. 6110 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 2010), pp. 62–91Google Scholar
  52. 52.
    V. Lyubashevsky, C. Peikert, O. Regev, On ideal lattices and learning with errors over rings. Adv. Cryptology EUROCRYPT 2010 6110/2010(015848), 1–23 (2010)Google Scholar
  53. 53.
    F.J. MacWilliams, N.J.A. Sloane, The Theory of Error-Correcting Codes, vol. 16 (North-Holland Mathematical Library, Amsterdam, 1977)MATHGoogle Scholar
  54. 54.
    S.M. Matyas, C.H. Meyer, J. Oseas, Generating strong one-way functions with cryptographic algorithm, IBM Techn. Disclosure Bull., 1985Google Scholar
  55. 55.
    R. McEliece, A public-key cryptosystem based on algebraic coding theory. The Deep Space Network Progress Report, DSN PR 42–44, 1978. http://ipnpr.jpl.nasa.gov/progressreport2/42-44/44N.PDF. Acesso em:.
  56. 56.
    R.C. Merkle, Secrecy, Authentication, and Public Key Systems. Stanford Ph.D. thesis, 1979Google Scholar
  57. 57.
    R.C. Merkle, A digital signature based on a conventional encryption function, in Advances in Cryptology – CRYPTO’87, vol. 435 of Lecture Notes in Computer Science (Springer, New York, 1987), pp. 369–378Google Scholar
  58. 58.
    D. Micciancio, C. Peikert, Trapdoors for lattices: Simpler, tighter, faster, smaller, in ed. by D. Pointcheval, T. Johansson. Advances in Cryptology EUROCRYPT 2012, vol. 7237 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 2012), pp. 700–718Google Scholar
  59. 59.
    V.S. Miller, Use of elliptic curves in cryptography, in Advances in Cryptology — Crypto ‘85 (Springer, New York, 1986), pp. 417–426Google Scholar
  60. 60.
    R. Misoczki, N. Sendrier, J.-P. Tilllich, P.S.L.M. Barreto, MDPC-McEliece: New McEliece variants from moderate density parity-check codes. Cryptology ePrint Archive, Report 2012/409, 2012. http://eprint.iacr.org/2012/409
  61. 61.
    C. Monico, J. Rosenthal, A. Shokrollahi, Using low density parity check codes in the McEliece cryptosystem, in IEEE International Symposium on Information Theory – ISIT 2000 (IEEE, Sorrento, 2000), p. 215Google Scholar
  62. 62.
    E.M. Morais, R. Dahab, Encriptao homomrfica, in XII Simpsio Brasileiro em Segurana da Informao e de Sistemas Computacionais: Minicursos, SBSeg (2012)Google Scholar
  63. 63.
    P. Nguyen, O. Regev, Learning a parallelepiped: Cryptanalysis of ggh and ntru signatures, in S. Vaudenay. Advances in Cryptology - EUROCRYPT 2006, vol. 4004 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 2006), pp. 271–288Google Scholar
  64. 64.
    H. Niederreiter, Knapsack-type cryptosystems and algebraic coding theory. Prob. Control Inf. Theory 15(2), 159–166 (1986)MATHMathSciNetGoogle Scholar
  65. 65.
    NIST, Federal Information Processing Standard FIPS 186-3 – Digital Signature Standard (DSS) – 6. The Elliptic Curve Digital Signature Algorithm (ECDSA) (National Institute of Standards and Technology (NIST), Gaithersburg, 2012). http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
  66. 66.
    A. K. D. S. Oliveira, J. López. Implementação em software do Esquema de Assinatura Digital de Merkle e suas variantes, in Brazilian Symposium on Information and Computer Systems Security – SBSeg 2013 (SBC, 2013)Google Scholar
  67. 67.
    A. Otmani, J.-P. Tillich, L. Dallot, Cryptanalysis of two McEliece cryptosystems based on quasi-cyclic codes. Math. Comput. Sci. 3(2), 129–140 (2010)CrossRefMATHMathSciNetGoogle Scholar
  68. 68.
    J. Patarin, The oil and vinegar signature scheme, in Dagstuhl Workshop on Cryptography (1997). TransparenciesGoogle Scholar
  69. 69.
    J. Patarin, L. Goubin, Trapdoor one-way permutations and multivariate polynomials, in ICICS’97, vol. 1334 of Lecture Notes in Computer Science (Springer, New York, 1997), pp. 356–368Google Scholar
  70. 70.
    J. Patarin, Hidden fields equations (hfe) and isomorphisms of polynomials (ip): Two new families of asymmetric algorithms, in ed. by U. Maurer. Advances in Cryptology – EUROCRYPT ‘96, vol. 1070 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 1996), pp. 33–48Google Scholar
  71. 71.
    J. Patarin, L. Goubin, N. Courtois, Improved algorithms for isomorphisms of polynomials, in Advances in Cryptology – EUROCRYPT ‘98 (Springer, New York, 1998), pp. 184–200CrossRefGoogle Scholar
  72. 72.
    N.J. Patterson, The algebraic decoding of Goppa codes. IEEE Trans. Inf. Theory 21(2), 203–207 (1975)CrossRefMATHGoogle Scholar
  73. 73.
    C. Peikert, Public-key cryptosystems from the worst-case shortest vector problem: extended abstract, in Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC ‘09 (ACM, New York, 2009), pp. 333–342Google Scholar
  74. 74.
    A. Petzoldt, S. Bulygin, J. Buchmann, CyclicRainbow – a multivariate signature scheme with a partially cyclic public key, in ed. by G. Gong, K. Gupta. Progress in Cryptology – Indocrypt 2010, vol. 6498 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 2010), pp. 33–48Google Scholar
  75. 75.
    A. Petzoldt, S. Bulygin, J. Buchmann, Selecting parameters for the Rainbow signature scheme, in ed. by N. Sendrier Post-Quantum Cryptography – PQCrypto 2010, vol. 6061 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 2010), pp. 218–240. Extended Version: http://eprint.iacr.org/2010/437
  76. 76.
    A. Petzoldt, S. Bulygin, J. Buchmann, Linear recurring sequences for the UOV key generation, in International Conference on Practice and Theory in Public Key Cryptography – PKC 2011, vol. 6571 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 2011), pp. 335–350Google Scholar
  77. 77.
    A. Petzoldt, S. Bulygin, J. Buchmann, Cyclicrainbow - a multivariate signature scheme with a partially cyclic public key, in ed. by G. Gong, K.C. Gupta. INDOCRYPT, volume 6498 of Lecture Notes in Computer Science (Springer, New York, 2010), pp. 33–48Google Scholar
  78. 78.
    B. Preneel, Analysis and design of cryptographic hash functions. PhD thesis, Katholieke Universiteit Leuven, 1983Google Scholar
  79. 79.
    L. Rausch, A. Hlsing, J. Buchmann, Optimal parameters for \(xmss^{\mathrm{MT}}\), in CD-ARES 2013, vol. 8128 of Lecture Notes in Computer Science (Springer, New York, 2013), pp. 194–208Google Scholar
  80. 80.
    O. Regev, The learning with errors problem (invited survey), in IEEE Conference on Computational Complexity (IEEE Computer Society, Washington, DC, 2010), pp. 191–204Google Scholar
  81. 81.
    R.L. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1978)CrossRefMATHMathSciNetGoogle Scholar
  82. 82.
    A. Sahai, B. Waters, Attribute-based encryption for circuits from multilinear maps. CoRR, abs/1210.5287 (2012)Google Scholar
  83. 83.
    N. Sendrier, Decoding one out of many, in ed. by B-Y. Yang. Post-Quantum Cryptography – PQCrypto 2011, vol. 7071 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 2011), pp. 51–67. 10.1007/978-3-642-25405-5-4Google Scholar
  84. 84.
    P.W. Shor, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26, 1484–1509 (1997)CrossRefMATHMathSciNetGoogle Scholar
  85. 85.
    A. Shoufan, N. Huber, H. Molter, A novel cryptoprocessor architecture for chained merkle signature scheme, in Microprocessors and Microsystems (Elsevier, Amsterdam, 2011), pp. 34–47Google Scholar
  86. 86.
    D. Stehlé, R. Steinfeld, Making ntru as secure as worst-case problems over ideal lattices, in Proceedings of the 30th Annual International Conference on Theory and Applications of Cryptographic Techniques: Advances in Cryptology, EUROCRYPT’11 (Springer, Berlin, Heidelberg, 2011), pp. 27–47Google Scholar
  87. 87.
    J. Stern, A method for finding codewords of small weight. Coding Theory Appl. 388, 106–133 (1989)CrossRefGoogle Scholar
  88. 88.
    J. Stern, Can one design a signature scheme based on error-correcting codes? in Advances in Cryptology – ASIACRYPT’94, vol. 917 of Lecture Notes in Computer Science (Springer, New York, 1994), pp. 426–428Google Scholar
  89. 89.
    M. Szydlo, Merkle tree traversal in log space and time, in Advances in Cryptology – Eurocrypt 2004, vol. 3027 of Lecture Notes in Computer Science (Springer, New York, 2004), pp. 541–554Google Scholar
  90. 90.
    R.M. Tanner, Spectral graphs for quasi-cyclic LDPC codes, in IEEE International Symposium on Information Theory – ISIT 2001 (IEEE, Washington, DC, 2001), p. 226Google Scholar
  91. 91.
    E. Thomae, A generalization of the Rainbow band separation attack and its applications to multivariate schemes. Cryptology ePrint Archive, Report 2012/223, 2012. http://eprint.iacr.org/2012/223.
  92. 92.
    C. Wieschebrink, Two NP-complete problems in coding theory with an application in code based cryptography, in IEEE International Symposium on Information Theory – ISIT 2006 (IEEE, Seattle, 2006), pp. 1733–1737Google Scholar
  93. 93.
    R.S. Winternitz, Producing a one-way hash function from DES, in Advances in Cryptology – CRYPTO ‘83 (Springer, New York, 1983), pp. 203–207Google Scholar
  94. 94.
    C. Wolf, B. Preneel, Taxonomy of public key schemes based on the problem of multivariate quadratic equations. IACR Cryptology ePrint Archive 2005, 77 (2005)Google Scholar
  95. 95.
    T. Yasuda, K Sakurai, T. Takagi, Reducing the key size of Rainbow using non-commutative rings, in Topics in Cryptology – CT-RSA 2012, vol. 7178 of Lecture Notes in Computer Science (Springer, New York, 2012), pp. 68–83Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Paulo S. L. M. Barreto
    • 1
  • Felipe Piazza Biasi
    • 1
  • Ricardo Dahab
    • 2
  • Julio César López-Hernández
    • 2
  • Eduardo M. de Morais
    • 2
  • Ana D. Salina de Oliveira
    • 2
  • Geovandro C. C. F. Pereira
    • 1
  • Jefferson E. Ricardini
    • 1
  1. 1.Escola PolitécnicaUniversity of Sãao PauloSão Paulo (SP)Brazil
  2. 2.Instituto de ComputaçãoUniversity of CampinasCampinas (SP)Brazil

Personalised recommendations