Advertisement

Short Solutions to Nonlinear Systems of Equations

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10737)

Abstract

This paper presents a new hard problem for use in cryptography, called Short Solutions to Nonlinear Equations (SSNE). This problem generalizes the Multivariate Quadratic (MQ) problem by requiring the solution be short; as well as the Short Integer Solutions (SIS) problem by requiring the underlying system of equations be nonlinear. The joint requirement causes common solving strategies such as lattice reduction or Gröbner basis algorithms to fail, and as a result SSNE admits shorter representations of equally hard problems. We show that SSNE can be used as the basis for a provably secure hash function. Despite failing to find public key cryptosystems relying on SSNE, we remain hopeful about that possibility.

Keywords

Signature scheme Hard problem Post-quantum MQ SIS SSNE Hash function 

Notes

Acknowledgments

The authors would like to thank Fré Vercauteren and Wouter Castryck for useful discussions and references, as well as the anonymous reviewers for helpful comments. Alan Szepieniec is being supported by a Ph.D. grant from the Institute for the Promotion of Innovation through Science and Technology in Flanders (IWT-Vlaanderen). This work was supported in part by the Research Council KU Leuven: C16/15/058. In addition, this work was supported by the European Commission through the Horizon 2020 research and innovation programme under grant agreement No. H2020-ICT-2014-644371 WITDOM and H2020-ICT-2014-645622 PQCRYPTO.

References

  1. 1.
    Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: Miller [27] , pp. 99–108. http://doi.acm.org/10.1145/237814.237838
  2. 2.
    Albrecht, M.R., Cid, C., Faugère, J., Fitzpatrick, R., Perret, L.: On the complexity of the BKW algorithm on LWE. Des. Codes Crypt. 74(2), 325–354 (2015).  https://doi.org/10.1007/s10623-013-9864-x MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Bardet, M.: Étude des systèmes algébriques surdéterminés. Applications aux codes correcteurs et à la cryptographie. Ph.D. thesis, Pierre and Marie Curie University, Paris, France (2004). https://tel.archives-ouvertes.fr/tel-00449609
  4. 4.
    Bardet, M., Faugere, J.C., Salvy, B.: On the complexity of gröbner basis computation of semi-regular overdetermined algebraic equations. In: Proceedings of the International Conference on Polynomial System Solving, pp. 71–74 (2004)Google Scholar
  5. 5.
    Bernstein, D.J., Hopwood, D., Hülsing, A., Lange, T., Niederhagen, R., Papachristodoulou, L., Schneider, M., Schwabe, P., Wilcox-O’Hearn, Z.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_15 Google Scholar
  6. 6.
    Bettale, L., Faugère, J., Perret, L.: Hybrid approach for solving multivariate systems over finite fields. J. Math. Crypt. 3(3), 177–197 (2009).  https://doi.org/10.1515/JMC.2009.009 MathSciNetzbMATHGoogle Scholar
  7. 7.
    Bettale, L., Faugère, J., Perret, L.: Solving polynomial systems over finite fields: improved analysis of the hybrid approach. In: van der Hoeven, J., van Hoeij, M. (eds.) International Symposium on Symbolic and Algebraic Computation, ISSAC 2012, Grenoble, France, 22–25 July 2012, pp. 67–74. ACM (2012). http://doi.acm.org/10.1145/2442829.2442843
  8. 8.
    Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_1 CrossRefGoogle Scholar
  9. 9.
    Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer [24], pp. 178–189. https://doi.org/10.1007/3-540-68339-9_16
  10. 10.
    Coppersmith, D.: Finding a small root of a univariate modular equation. In: Maurer [25], pp. 155–165. https://doi.org/10.1007/3-540-68339-9_14
  11. 11.
    Coron, J.-S.: Finding small roots of bivariate integer polynomial equations revisited. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 492–505. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_29 CrossRefGoogle Scholar
  12. 12.
    Coron, J.-S.: Finding small roots of bivariate integer polynomial equations: a direct approach. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 379–394. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74143-5_21 CrossRefGoogle Scholar
  13. 13.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-45539-6_27 CrossRefGoogle Scholar
  14. 14.
    Ding, J., Yang, B.Y.: Multivariate public key cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 193–241. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-540-88702-7_6 CrossRefGoogle Scholar
  15. 15.
    Ding, J., Yang, B.-Y., Chen, C.-H.O., Chen, M.-S., Cheng, C.-M.: New differential-algebraic attacks and reparametrization of rainbow. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 242–257. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-68914-0_15 CrossRefGoogle Scholar
  16. 16.
    Faugere, J.C.: A new efficient algorithm for computing Gröbner bases (F4). J. Pure Appl. Algebra 139(1), 61–88 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Goldreich, O.: The Foundations of Cryptography: Basic Applications, vol. 2. Cambridge University Press, Cambridge (2004)CrossRefzbMATHGoogle Scholar
  18. 18.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Miller [28], pp. 212–219. http://doi.acm.org/10.1145/237814.237866
  19. 19.
    Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997).  https://doi.org/10.1007/BFb0024458 CrossRefGoogle Scholar
  20. 20.
    Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25405-5_2 CrossRefGoogle Scholar
  21. 21.
    Jutla, C.S.: On finding small solutions of modular multivariate polynomial equations. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 158–170. Springer, Heidelberg (1998).  https://doi.org/10.1007/BFb0054124 CrossRefGoogle Scholar
  22. 22.
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_15 Google Scholar
  23. 23.
    Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982).  https://doi.org/10.1007/BF01457454 MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Maurer, U. (ed.): EUROCRYPT 1996. LNCS, vol. 1070. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68339-9 zbMATHGoogle Scholar
  25. 25.
    Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007).  https://doi.org/10.1137/S0097539705447360 MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 147–191. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-540-88702-7_5 CrossRefGoogle Scholar
  27. 27.
    Miller, G.L. (ed.): Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, 22–24 May 1996. ACM (1996)Google Scholar
  28. 28.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, 22–24 May 2005, pp. 84–93. ACM (2005). http://doi.acm.org/10.1145/1060590.1060603
  29. 29.
    Ritzenhofen, M.: On efficiently calculating small solutions of systems of polynomial equations: lattice-based methods and applications to cryptography. Ph.D. thesis, Ruhr University Bochum (2010). http://www-brs.ub.ruhr-uni-bochum.de/netahtml/HSS/Diss/RitzenhofenMaike/
  30. 30.
    Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20–22 November 1994, pp. 124–134. IEEE Computer Society (1994). http://dx.doi.org/10.1109/SFCS.1994.365700

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.imec-COSICKU LeuvenLeuvenBelgium

Personalised recommendations