Stanislav Bulygin

CyclicRainbow - A Multivariate Signature Scheme with a Partially Cyclic Public Key

Multivariate Cryptography is one of the alternatives to guarantee the security of communication in the post-quantum world. One major drawback of such schemes is the huge size of their keys. In [PB10] Petzoldt et al. proposed a way how to reduce the public key size of the UOV scheme by a large factor. In this paper we extend this idea to the Rainbow signature scheme of Ding and Schmidt [DS05]. By our construction it is possible to reduce the size of the public key by up to 62%.

Selecting parameters for the rainbow signature scheme

Multivariate public key cryptography is one of the main approaches to guarantee the security of communication in a post-quantum world. One of the most promising candidates in this area is the Rainbow signature scheme, which was first proposed by J. Ding and D. Schmidt in 2005. In this paper we develop a model of security for the Rainbow signature scheme. We use this model to find parameters which, under certain assumptions, guarantee the security of the scheme for now and the near future.

MXL 3 : an efficient algorithm for computing gröbner bases of zero-dimensional ideals

This paper introduces a new efficient algorithm, called MXL3, for computing Grobner bases of zero-dimensional ideals. The MXL3 is based on XL algorithm, mutant strategy, and a new sufficient condition for a set of polynomials to be a Grobner basis. We present experimental results comparing the behavior of MXL3 to F4 on HFE and random generated instances of the MQ problem. In both cases the first implementation of the MXL3 algorithm succeeds faster and uses less memory than Magmas implementation of F4.

Improved algebraic side-channel attack on AES

In this paper, we present improvements of the algebraic side-channel analysis of the Advanced Encryption Standard (AES) proposed in the works of M. Renauld and F.-X. Standaert. In particular, we optimize the algebraic representation of both the AES block cipher and obtained side-channel information, in the form of Hamming weights of intermediate states, in order to speed up the attack and increase its success rate. We study the performance of our improved attack in both known and unknown plaintext/ciphertext attack scenarios. Our experiments indicate that in both cases the amount of required side-channel information is less than the one required in the attacks introduced earlier. Furthermore, we introduce a method for handling erroneous side-channel information, which allows our improved algebraic side-channel attack (IASCA) to partially escape the assumption of an error-free environment and thus become applicable in practice. We demonstrate the practical use of our IASCA by inserting predictions from a single-trace template attack.

Linear recurring sequences for the UOV key generation

Multivariate public key cryptography is one of the main approaches to guarantee the security of communication in the post-quantum world. Due to its high efficiency and modest computational requirements, multivariate cryptography seems especially appropriate for signature schemes on low cost devices. However, multivariate schemes are not much used yet, mainly because of the large size of their public keys. In [PB10] Petzoldt et al. presented an idea how to create a multivariate signature scheme with a partially cyclic public key based on the UOV scheme of Kipnis and Patarin [KP99]. In this paper we use their idea to create a multivariate signature scheme whose public key is mainly given by a linear recurring sequence (LRS). By doing so, we are able to reduce the size of the public key by up to 86%. Moreover, we get a public key with good statistical properties.

Using SAT Solving to Improve Differential Fault Analysis of Trivium

Combining different cryptanalytic methods to attack a cryptosystem became one of the hot topics in cryptanalysis. In particular, algebraic methods in side channel and differential fault analysis (DFA) attracted a lot of attention recently. In [9], Hojsik and Rudolf used DFA to recover the inner state of the stream cipher Trivium which leads to recovering the secret key. For this attack, they required 3.2 one-bit fault injections on average and 800 keystream bits. In this paper, we give an example of combining DFA attacks and algebraic attacks. We use algebraic methods to improve the DFA of Trivium [9]. Our improved DFA attack recovers the inner state of Trivium by using only 2 fault injections and only 420 keystream bits.

Algebraic cryptanalysis of the round-reduced and side channel analysis of the full PRINTCipher-48

In this paper we analyze the recently proposed lightweight block cipher PRINTCipher. Applying algebraic methods and SAT-solving we are able to break 8 rounds of PRINTCipher-48 and 9 rounds under some additional assumptions with only 2 known plaintexts faster than brute force. We show that it is possible to break the full 48-round cipher by assuming a moderate leakage of internal state bits or even just Hamming weights of some three-bit states. Such a simulation side-channel attack has practical complexity.

Small Public Keys and Fast Verification for \(\mathcal{M}\)ultivariate \(\mathcal{Q}\)uadratic Public Key Systems

Security of public key schemes in a post-quantum world is a challenging task—as both RSA and ECC will be broken then. In this paper, we show how post-quantum signature systems based on \(\mathcal{M}\)ultivariate \(\mathcal{Q}\)uadratic (\(\mathcal{MQ}\)) polynomials can be improved up by about 9/10, and 3/5, respectively, in terms of public key size and verification time. The exact figures are 88% and 59%. This is particularly important for small-scale devices with restricted energy, memory, or computational power. In addition, we provide evidence that this reduction does not affect security and that it is also optimal in terms of possible attacks. We do so by combining the previously unrelated concepts of reduced and equivalent keys. Our new scheme is based on the so-called Unbalanced Oil and Vinegar class of \(\mathcal{MQ}\)-schemes. We have derived our results mathematically and verified the speed-ups through a C++ implementation.

Towards Provable Security of the Unbalanced Oil and Vinegar Signature Scheme under Direct Attacks

In this paper we show that solving systems coming from the public key of the Unbalanced Oil and Vinegar (UOV) signature scheme is on average at least as hard as solving a certain quadratic system with completely random quadratic part. In providing lower bounds on direct attack complexity we rely on the empirical fact that complexity of solving a non-linear polynomial system is determined by the homogeneous part of this system of the highest degree. Our reasoning explains, in particular, the results on solving the UOV systems presented by J.-C. Faugere and L. Perret at the SCC conference in 2008.

Fast Verification for Improved Versions of the UOV and Rainbow Signature Schemes

Multivariate cryptography is one of the main candidates to guarantee the security of communication in the post-quantum era. While multivariate signature schemes are fast and require only modest computational resources, the key sizes of such schemes are quite large. In [14] Petzoldt et al. proposed a way to reduce the public key size of certain multivariate signature schemes like UOV and Rainbow by a large factor. In this paper we show that by using this idea it is possible to speed up the verification process of these schemes, too. For example, we are able to speed up the verification process of UOV by a factor of 5.