1 / 28

An Estimation of Computational Complexity for the Section Finding Problem on Algebraic Surfaces

An Estimation of Computational Complexity for the Section Finding Problem on Algebraic Surfaces. C hiho Mihara (TOSHIBA C orp.). 2013/03/02. Outline. Section Finding Problem(SFP) General Solution How to solve SFP, Relation between MPKC and ASC Security parameters

pelham
Download Presentation

An Estimation of Computational Complexity for the Section Finding Problem on Algebraic Surfaces

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Estimation of Computational Complexity for the Section Finding Problem on Algebraic Surfaces Chiho Mihara (TOSHIBA Corp.) 2013/03/02

  2. Outline • Section Finding Problem(SFP) • General Solution • How to solve SFP, Relation between MPKC and ASC • Security parameters • ASC security parameters • Complexity parameters in general case • Experimental result • Key Size Estimation • Conclusion Main talk

  3. Outline • Section Finding Problem(SFP) • General Solution • How to solve SFP, Relation between MPKC and ASC • Security parameters • ASC security parameters • Complexity parameters in general case • Experimental result • Key Size Estimation • Conclusion

  4. Section Finding Problem (SFP) Security of Algebraic Surface Cryptosystems(ASC) is based on the difficulty of Section Finding Problem(SFP) Section Finding Problem(SFP) Given , find such that :Algebraic Surface (Public Key) Find :Section on(Secret Key) To findSection is Too difficult!!

  5. Outline • Section Finding Problem(SFP) • General Solution • How to solve SFP, Relation between MPKC and ASC • Security parameters • ASC security parameters • Complexity parameters in general case • Experimental result • Key Size Estimation • Conclusion

  6. How to solve SFP(General solution) We can write down a section as degree of And substitute these into So the SFP is reduced to a multivariate equation system If you solve , then you can get (SME(*)) (*)Section multivariate equations

  7. Relation between MPKC and ASC More general multivariate equations which is ASC based on. MPKC Quadratic multivariate equations which is MPKC based on. ASC More 3 dimensional polynomials Public key includes multi- variable equations implicitly Difficulty of SFP on algebraic surface

  8. Outline • Section Finding Problem(SFP) • General Solution • How to solve SFP, Relation between MPKC and ASC • Security parameters • ASC security parameters • Complexity parameters in general case • Experimental result • Key Size Estimation • Conclusion Main talk

  9. ASC Security parameters cardinality of the base field degree of the secret section How to solve SFP degree in of the public surface (SME) Number of distinct monomials in We propose a new security parameter! (SME) Gröbner basis

  10. Example of NonRed_Monos Sample image How to solve SFP :grand field Algerbraic surface Solve Section

  11. Complexity parameters in general case The Complexity of Solving Multivariable Polynomial Equations The Complexity ( in general case ) : NP-hard Parameters related to the complexity : 1. Size of Finite Field : p Complexity • Number of variables : n Complexity • Number of equations : m Complexity • Sparseness “Sparseness” describe simplicity of equations. Complexity Multivariable Polynomial Equation over finite field

  12. “Sparseness” and NonRed_Monos “Dense” “Sparse” NonRed_Monos NonRed_Monos 19 7 easy hard We consider that NonRed_Monos is a parameter of Sparseness.

  13. How to calculate “NonRed_Monos” from surface We can calculate “NonRed_Monos” from“Algebraic form” How to calculate “NonRed_Monos” Algebraic form If is max (full size), NonRed_Monos is also max. Maximal NonRed_Monos and d NonRed_Monos Data exist d (w=3:fix)

  14. Necessity of NonRed_Monos Even if p,d,w has been fixed, there are many surface variations…. Question For given 2 surfaces X1,X2, (same p,d,w) which is more difficult to calculate Section? We can answer this question, because we can calculate NonRed_Monos!

  15. Outline • Section Finding Problem(SFP) • General Solution • How to solve SFP, Relation between MPKC and ASC • Security parameters • ASC security parameters • Complexity parameters in general case • Experimental result • Key Size Estimation • Conclusion

  16. Experiment OS : centos(Linux) version 2.6 CPU : AMD Opteron (tm) 848 (2.00GHz) Memory : 64GByte Software: Magma version 2.15-11 p= 11 size of finite field degree of d= 2, 3, 4 w= 3, 4, 5 = 40 Form of Algebraic surface (random generate)

  17. Experimental result Process time(left) & Memory use(right) to calculate Groebner basis of w log(Memory) log(time) NonRed_Monos NonRed_Monos

  18. Experimental result (statistical) Regression formula d 2 3 4 Prediction interval of 99.9999%(★) log(time) =:BEST of Computational Complexity! NonRed_Monos Prediction interval of 99.9999%(★)

  19. Outline • Section Finding Problem(SFP) • General Solution • How to solve SFP, Relation between MPKC and ASC • Security parameters • ASC security parameters • Complexity parameters in general case • Experimental result • Key Size Estimation • Conclusion

  20. Key size estimation (Gröbnerbasis) Prediction interval of 99.9999%(★) 128bit security FIX Securer Data Max NonRed_Monos Data exist NonRed_Monos We can choose secure data , d = 8, NonRed_Monos≧29000 1 2 3 4 5 6 7 8 9 10 d

  21. Key size estimation (Exaustive search) • We estimate Computational Complexity of exhaustive search for (SME) / . • You can reduce to half of variables(by Ogura-Mihara) , so the number of variables in (SME) is d+1. • To satisfy 128bit security(=RSA(3072bit)), d>36 . (SME(*)) (*)nx: number of terms of algebraic surface (Note: count full terms version in this table)

  22. Outline • Section Finding Problem(SFP) • General Solution • How to solve SFP, Relation between MPKC and ASC • Security parameters • ASC security parameters • Complexity parameters in general case • Experimental result • Key Size Estimation • Conclusion

  23. Conclusion • We propose new security parameter NonRed_Monos. • We express “Sparseness” as NonRed_Monos. • We can derive an estimation of computational complexity for the Section Finding Problem on Algebraic Surfaceswith high accuracy. • Recommended Public Key Size of ASC is 1220 bit (128bit security = RSA 3072bit).

  24. Last talk (my failure story) • When I saw the “section finding problem" for the first time , I think this problem is easy to solve. • So, we tried to develop a more efficient analysis (over Gröbner basis computation), named Ogura-Miharaalgorithm. • I introduce a concept of Ogura-Mihara algorithm.

  25. Property of Section multivariate equations(SME ) Proposition CAT FACE!!

  26. Concept of Ogura-Mihara algorithm Idea! : Reduce “number of valuables” by pseudo division Vanish! Vanish! Gröbner basis

  27. Failure and Conclusion • Indeed, the number of variables is reduced to half, and in the small parameter, Ogura-Mihara algorithm solves faster than Gröbnerbasis computation. • But we found that degrees of section and surface are higher and higher, Ogura-Mihara’ NonRed_Monos significantly bigger and bigger more than the original (SME)’s NonRed_Monos. So it’s not efficient algorithm. • So when you want to estimate computational complexity such as using Gröbnerbasis, you need to see NonRed_Monos.

More Related