Ming-Shing Chen

New differential-algebraic attacks and reparametrization of rainbow

A recently proposed class of multivariate Public-Key Cryptosystems, the Rainbow-Like Digital Signature Schemes, in which successive sets of central variables are obtained from previous ones by solving linear equations, seem to lead to efficient schemes (TTS, TRMS, and Rainbow) that perform well on systems of low computational resources. Recently SFLASH (C*-) was broken by Dubois, Fouque, Shamir, and Stern via a differential attack. In this paper, we exhibit similar algebraic and diffential attacks, that will reduce published Rainbow-like schemes below their security levels. We will also discuss how parameters for Rainbow and TTS schemes should be chosen for practical applications.

Design Principles for HFEv- Based Multivariate Signature Schemes

The Hidden Field Equations HFE Cryptosystem as proposed by Patarin is one of the best known and most studied multivariate schemes. While the security of the basic scheme appeared to be very weak, the HFEv- variant seems to be a good candidate for digital signature schemes on the basis of multivariate polynomials. However, the currently existing scheme of this type, the QUARTZ signature scheme, is hardly used in practice because of its poor efficiency. In this paper we analyze recent results from Ding and Yang about the degree of regularity of HFEv- systems and derive from them design principles for signature schemes of the HFEv- type. Based on these results we propose the new HFEv- based signature scheme Gui, which is more than 100 times faster than QUARTZ and therefore highly comparable with classical signature schemes such as RSA and ECDSA.

Square, a New Multivariate Encryption Scheme

We propose and analyze a multivariate encryption scheme that uses odd characteristic and an embedding in its construction. This system has a very simple core map F (X ) = X 2, allowing for efficient decryption. We also discuss ways to make this decryption faster with specific parameter choices. We give heuristic arguments along with experimental data to show that this scheme resists all known attacks.

Securing M2M With Post-Quantum Public-Key Cryptography

In this paper, we present an ASIC implementation of two post-quantum public-key cryptosystems (PKCs): NTRUEncrypt and TTS. It represents a first step toward securing machine-to-machine (M2M) systems using strong, hardware-assisted PKC. In contrast to the conventional wisdom that PKC is too “expensive” for M2M sensors, it actually can lower the total cost of ownership because of cost savings in provision, deployment, operation, maintenance, and general management. Furthermore, PKC can be more energy-efficient because PKC-based security protocols usually involve less communication than their symmetric-key-based counterparts, and communication is getting relatively more and more expensive compared with computation. More importantly, recent algorithmic advances have brought several new PKCs, NTRUEncrypt and TTS included, that are orders of magnitude more efficient than traditional PKCs such as RSA. It is therefore our primary goal in this paper to demonstrate the feasibility of using hardware-based PKC to provide general data security in M2M applications.

Practical-Sized Instances of Multivariate PKCs: Rainbow, TTS, and l IC-Derivatives

We present instances of MPKCs (multivariate public key cryptosystems) with design, given the best attacks we know, and implement them on commodity PC hardware. We also show that they can hold their own compared to traditional alternatives. In fact, they can be up to an order of magnitude faster.

HMFEv - An Efficient Multivariate Signature Scheme

Multivariate Cryptography, as one of the main candidates for establishing post-quantum cryptosystems, provides strong, efficient and well-understood digital signature schemes such as UOV, Rainbow, and Gui. While Gui provides very short signatures, it is, for efficiency reasons, restricted to very small finite fields, which makes it hard to scale it to higher levels of security and leads to large key sizes.

Frobenius Additive Fast Fourier Transform

In ISSAC 2017, van der Hoeven and Larrieu showed that evaluating a polynomial P ın Fq [x] of degree <n at all n -th roots of unity in Fqd can essentially be computed d times faster than evaluating Q ın Fqd x at all these roots, assuming Fqd contains a primitive n -th root of unity. Termed the Frobenius FFT, this discovery has a profound impact on polynomial multiplication, especially for multiplying binary polynomials, which finds ample application in coding theory and cryptography. In this paper, we show that the theory of Frobenius FFT beautifully generalizes to a class of additive FFT developed by Cantor and Gao-Mateer. Furthermore, we demonstrate the power of Frobenius additive FFT for q=2: to multiply two binary polynomials whose product is of degree <256, the new technique requires only 29,005 bit operations, while the best result previously reported was 33,397. To the best of our knowledge, this is the first time that FFT-based multiplication outperforms Karatsuba and the like at such a low degree in terms of bit-operation count.