Abstract
In 2004, the inventors of TTM cryptosystems proposed a new scheme that could resist the existing attacks, in particular, the Goubin-Courtois attack [GC00] and the Ding-Schmidt attack [DS03]. In this paper, we show the new version is still insecure, and we find that the polynomial components of the cipher (F i ) satisfy nontrivial equations of the special form
which could be found with 238 computations. From these equations and consequently the linear equations we derive from these equations for any given ciphertext, we can eliminate some of the variables x i by restricting the functions to an affine subspace, such that, on this subspace, we can trivialize the ”lock” polynomials, which are the key structure to ensure its security in this new instance of TTM. Then with method similar to Ding-Schmidt [DS03], we can find the corresponding plaintext for any given ciphertext. The total computational complexity of the attack is less than 239 operations over a finite field of size 28. Our results are further confirmed by computer experiments.
Chapter PDF
Similar content being viewed by others
References
Chen, J., Moh, T.: On the Goubin-Courtois attack on TTM. Cryptology ePrint Archive 72 (2001), http://eprint.iacr.org/2001/072
Courtois, N., Patarin, J.: About the XL algorithm over GF(2). In: CT-RSA 2003, pp. 141–157 (2003)
Ding, J., Hodges, T.: Cryptanalysis of an Implementation Scheme of TTM. J. Algebra Appl., 273–282 (2004), http://eprint.iacr.org/2003/084
Ding, J., Schmidt, D.: The new TTM implementation is not secure. In: Niederreiter, H., Feng, K.Q., Xing, C.P. (eds.) Proceedings of International Workshop on Coding, Cryptography and Combinatorics (CCC 2003), pp. 106–121 (2003)
Goubin, L., Courtois, N.T.: Cryptanalysis of the TTM cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 44–57. Springer, Heidelberg (2000)
Moh, T.: A fast public key system with signature and master key functions. Lecture Notes at EE department of Stanford University (May 1999), http://www.usdsi.com/ttm.html
Matsumoto, T., Imai, H.: Public Quadratic Polynomial-Tuples for Efficient Signature-Verification and Message-Encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)
Moh, T., Chen, J., Yang, B.: Building Instances of TTM Immune to the Goubin-Courtois Attack andthe Ding-Schmidt Attack. IACR eprint 2004/168 (2004), http://eprint.iacr.org
Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt 1988. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)
Shor, P.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Journal on Computing 26(5), 1484–1509 (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nie, X., Hu, L., Li, J., Updegrove, C., Ding, J. (2006). Breaking a New Instance of TTM Cryptosystems. In: Zhou, J., Yung, M., Bao, F. (eds) Applied Cryptography and Network Security. ACNS 2006. Lecture Notes in Computer Science, vol 3989. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11767480_14
Download citation
DOI: https://doi.org/10.1007/11767480_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34703-3
Online ISBN: 978-3-540-34704-0
eBook Packages: Computer ScienceComputer Science (R0)