Advertisement

Cryptanalysis of the Tractable Rational Map Cryptosystem

  • Antoine Joux
  • Sébastien Kunz-Jacques
  • Frédéric Muller
  • Pierre-Michel Ricordel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3386)

Abstract

In this paper, we present the cryptanalysis of a public key scheme based on a system of multivariate polynomial equations, the “tractable rational map” cryptosystem. We show combinatorial weaknesses of the cryptosystem, and introduce a variant of the XL resolution algorithm, the Linear Method, which is able to leverage these weaknesses to invert in short time the trapdoor one-way function defined by the cipher using only the public key, and even rebuild a private key. We also interpret the behavior of the Linear Method on random instances of the scheme, and show that various generalizations of the cipher, as well as an increase of the security parameter, cannot lead to a secure scheme.

Keywords

Public Key Cryptography Polynomial Systems Tractable Rational Map Cryptosystem XL Gröbner Bases Isomorphism of Polynomials 

References

  1. 1.
    Adams, W., Loustaunau, P.: An introduction to Gröbner Bases. Graduate Studies in Mathematics, vol. 3. American Mathematical Society, Providence (1994)Google Scholar
  2. 2.
    Wang, L., Chang, F.: Tractable Rational Map Cryptosystem. Cryptology ePrint archive, Report 2004/046, http://eprint.iacr.org
  3. 3.
    Faugére, J.-C.: A New Efficient Algorithm for Computing Gröbner Bases without reduction to zero (F 5). In: Mora, T. (ed.) ISSAC 2002, pp. 75–83 (2002)Google Scholar
  4. 4.
    Faugére, J.-C.: Report on a Successful Attack of HFE Challenge 1 with Gröbner Basis Algorithm F5/2. Announcement on sci.crypt newsgroup, April 19 (2002)Google Scholar
  5. 5.
    Faugére, J.-C.: A New Efficient Algorithm for Computing Gröbner Bases (F 4). Journal of Pure and Applied Algebra 139(1-3), 61–88 (1999)MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Matsumoto, T., Imai, H.: Public Quadratic Polynomial-tuples for Efficient Signature Verification and Message Encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)Google Scholar
  7. 7.
    Faugère, J.-C., Joux, A.: Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Kipnis, A., Shamir, A.: Cryptanalysis of the HFE Public-key Cryptosystem. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999)Google Scholar
  9. 9.
    Lazard, D.: Gröbner Basis, Gaussian Elimination and Resolution of Systems of Algebraic Equations. In: van Hulzen, J.A. (ed.) ISSAC 1983 and EUROCAL 1983. LNCS, vol. 162, pp. 146–156. Springer, Heidelberg (1983)Google Scholar
  10. 10.
  11. 11.
    Patarin, J., Courtois, N., Klimov, A., Shamir, A.: Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) Eurocrypt 2000. LNCS, vol. 180, pp. 392–407. Springer, Heidelberg (2000)Google Scholar
  12. 12.
    Patarin, J., Courtois, N., Goubin, L.: Improved Algorithms for Isomorphisms of Polynomials. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 184–200. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  13. 13.
    Patarin, J., Courtois, N., Goubin, L.: Flash, a Fast Multivariate Signature Algorithm. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 298–307. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt’ 88. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)Google Scholar
  15. 15.
    Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Antoine Joux
    • 1
  • Sébastien Kunz-Jacques
    • 2
  • Frédéric Muller
    • 2
  • Pierre-Michel Ricordel
    • 2
  1. 1.SPOTI 
  2. 2.DCSSI Crypto Lab 51Boulevard de La Tour-MaubourgParis 07 SPFrance

Personalised recommendations