Takanori Yasuda

A Multivariate Encryption Scheme with Rainbow

Multivariate Public Key Cryptosystems (MPKC) are a candidate of post-quantum cryptography. The MPKC signature scheme Rainbow is endowed of efficient signature generation and verification, while no major attack has been reported so far. In this paper, we propose a MPKC encryption scheme based on Rainbow. The public key of Rainbow is a surjective polynomial map, whereas the encryption scheme requires an injective polynomial map. We explain how to change the public key of Rainbow to an injective map.

Reducing the key size of rainbow using non-commutative rings

Multivariate Public Key Cryptosystems (MPKC) are candidates for post-quantum cryptography. Rainbow is a digital signature scheme in MPKC, whose encryption and decryption are relatively efficient. However, the security of MPKC depends on the difficulty in solving a system of multivariate polynomials, and the key length of MPKC becomes substantially large compared with that of RSA cryptosystems for the same level of security. The size of the public key in MPKC has been reduced in previous research, but to the best of our knowledge, there are no algorithms to reduce the size of a private key . In this paper, we propose NC-Rainbow, a variation of Rainbow using non-commutative rings and we describe the ability of the proposed scheme to reduce the size of a private key in comparison with the ordinary Rainbow while maintaining the same level of security. In particular, using the proposed NC-Rainbow, the size of a private key is reduced by about 75% at the 80 bit security level. Moreover, the speed of signature generation is accelerated by about 34% at the 80 bit security level.

Multivariate Signature Scheme Using Quadratic Forms

Multivariate Public Key Cryptosystems (MPKC) are candidates for post-quantum cryptography. MPKC has an advantage in that its encryption and decryption are relatively efficient. In this paper, we propose a multivariate signature scheme using quadratic forms. For a finite dimensional vector space V, it is known that there are exactly two equivalence classes of non-degenerate quadratic forms over V. We utilize the method to transform any non-degenerate quadratic form into the normal form of either of the two equivalence classes in order to construct a new signature scheme in MPKC. The signature generation of our scheme is between eight and nine times more efficient more than the multivariate signature scheme Rainbow at the level of 88-bit security. We show that the public keys of our scheme can not be represented by the public keys of other MPKC signature schemes and this means our scheme is immune to many attacks that depend on the form of the central map used by these schemes.

A variant of rainbow with shorter secret key and faster signature generation

Multivariate public key cryptosystems are being focused on as candidates for post-quantum cryptography. Rainbow is one of the most efficient signature schemes in multivariate public key cryptosystems. The main drawback of Rainbow is that their key size is much larger than that of RSA and ECC. In this paper, we propose an efficient variant of Rainbow that has a shorter secret key (and thus generates signatures faster) than the corresponding original Rainbow. In our scheme, we divide each layer of Rainbow into smaller blocks by using diagonal matrix representations. The size of the smaller blocks can be flexibly selected, and this enables us to carefully choose secure parameters so that our proposed scheme is secure against known attacks such as rank attacks, direct attacks, and UOV attack. We estimate that the secret key size of our proposed scheme with 100-bit security is smaller by about 40% than that of the original Rainbow. In addition, an implementation of our scheme in the C language is seen to generate signature faster by 40%.

Efficient Variant of Rainbow without Triangular Matrix Representation

Multivariate Public Key Cryptosystems (MPKC) is one of candidates for post-quantum cryptography. Rainbow is an MPKC digital signature scheme, with relatively efficient encryption and decryption processes. However, the size of MPKC key is substantially larger than that of an RSA cryptosystem for the same security level. In this paper, we propose a variant of Rainbow that has a smaller secret key. The smaller secret key is to the result of a different description of the quadratic polynomials appearing in the secret key from that of the original Rainbow. In addition, our scheme improves the efficiency of the Rainbow’s signature generation. In particular, the secret key is reduced in size by about 40% and the signature generation is sped up by about 30% at the security level of 100 bits.

Efficient Computing over GF(2^16) Using Graphics Processing Unit

Evaluating non-linear multivariate polynomial systems over finite fields is an important subroutine, e.g., for encryption and signature verification in multivariate cryptography. The security of multivariate cryptography definitely becomes lower if a larger field is used instead of GF(2) given the same number of bits in the key. However, we still would like to use larger fields because multivariate cryptography tends to run faster at the same level of security if a larger field is used. In this paper, we compare the efficiency of several techniques for evaluating multivariate polynomial systems over GF(216) vi their implementations on graphics processing units.

Application of Scalar Multiplication of Edwards Curves to Pairing-Based Cryptography

Edwards curves have efficient scalar multiplication algorithms, and their application to pairing-based cryptography has been studied. In particular, if a pairing-friendly curve used in a pairing-based protocol is isomorphic to an Edwards curve, all the scalar multiplication appearing in the protocol can be computed efficiently. In this paper, we extend this idea to pairing-friendly curves not isomorphic but isogenous to Edwards curves, and add to pairing-friendly curves to which Edwards curves can be applied. Above all, pairing-friendly curves with smaller ρ-values provide more efficient pairing computation. Therefore, we investigate whether pairing-friendly curves with the minimal ρ-values are isogenous to Edwards curves for embedding degree up to 50. Based on the investigation, we present parameters of pairing-friendly curves with 160-bit and 256-bit security level at embedding degree 16 and 24, respectively. These curves have the minimal ρ-values and are not isomorphic but isogenous to Edwards curves, and thus our proposed method is effective for these curves.

A security analysis of uniformly-layered rainbow: revisiting sato-araki's non-commutative approach to ong-schnorr-shamir signature towards post quantum paradigm

In 1984, Ong, Schnorr and Shamir proposed an efficient signature scheme (OSS signature scheme) using a bivariate quadratic equation. Its security was believed to be based on the difficulty of integer factorization. However, an efficient attack without integer factorization was subsequently found. In 2008, Hashimoto and Sakurai proposed an extended scheme (HS scheme), based on OSS signature scheme that used multivariate and non-commutative ring. HS scheme uses a composite number as a modulus in the same manner as OSS signature scheme.

Upper bound of the length of information embedd in RSA public key efficiently

Lenstra proposed a method by which information can be efficiently in a public key N in RSA encryption. Since then, many methods such as the additional key escrow function and a visible public key have been proposed. Lenstra made an assertion that the size of embeddable information is up to half the length of a public key, but he did not mention the strict upper bound of the size. In this paper, we analytially examine the Lenstra algorithm both in theory and implementation, and calcuate the upper bound of the size of information that can be efficiently embedded in an RSA public key.

Constructing Pairing-Friendly Elliptic Curves Using Global Number Fields

Efficient implementation of pairing-based cryptography requires construction of a pairing-friendly curve and its corresponding twisted curve. In this paper, we give a formula which determines the twisted curve. The formula are obtained by using technique in the algebraic number theory such as the complex multiplication theory. Applying the formula, we present an easy method for constructing pairing-friendly curves for BN-family. In fact, our method does not require the process of elliptic curve construction and finite field construction, but only requires searching an integer satisfying some conditions. Using our construction method, we implemented an optimal ate pairing for BN-family which is usable at various security levels, and investigated the time efficiency of the pairing computation for various security levels.