200 likes | 325 Views
Key Generation of GB Polly Cracker Cryptosystems. Jeaman Ahn, Eunjeong Lee*, Hyungju Park (KIAS) 2006. 12. 21. 목차. Polynomial-based cryptosystems Algorithm of key generation Security issues. 다항식 기반 암호. GB Polly Cracker Cryptosystem. GB Polly Cracker Cryptosystem.
E N D
Key Generation of GB Polly Cracker Cryptosystems Jeaman Ahn, Eunjeong Lee*, Hyungju Park (KIAS) 2006. 12. 21.
목차 • Polynomial-based cryptosystems • Algorithm of key generation • Security issues 2006 SNU-KMS Winter Workshop on Cryptography
다항식 기반 암호 2006 SNU-KMS Winter Workshop on Cryptography
GB Polly Cracker Cryptosystem 2006 SNU-KMS Winter Workshop on Cryptography
GB Polly Cracker Cryptosystem 2006 SNU-KMS Winter Workshop on Cryptography
예 (Graph 3-coloring) Coloring= {(1,0,0,0,1,0,0,0,1), (1,0,0,0,0,1,0,1,0), (0,1,0,1,0,0,0,0,1), (0,1,0,0,0,1,1,0,0), (0,0,1,1,0,0,0,1,0), (0,0,1,0,1,0,1,0,0)} • F={x1+x2+x3+1, y1+y2+y3+1, z1+z2+z3+1, • x1x2, x1x3, x2x3, y1y2, y1y3, y2y3, z1z2, z1z3, z2z3 • x1y1, x2y2, x3y3, y1z1, y2z2, y3z3, x1z1, x2z2, x3z3} 2006 SNU-KMS Winter Workshop on Cryptography
> std(I); _[1]=z(3)^2+z(3) _[2]=z(2)*z(3) _[3]=z(2)^2+z(2) _[4]=z(1)+z(2)+z(3)+1 _[5]=y(3)*z(3) _[6]=y(3)^2+y(3) _[7]=y(2)*z(3)+y(2)+y(3)*z(1)+z(1) _[8]=y(2)*z(2) _[9]=y(2)*y(3) _[10]=y(2)^2+y(2) _[11]=y(1)+y(2)+y(3)+1 _[12]=x(3)+y(2)*z(3)+y(2)+y(3)*z(1)+y(3)*z(3)+y(3)+z(1)+z(3)+1 _[13]=x(2)+x(3)*y(2)*z(3)+x(3)*y(3)*z(3)+x(3)*z(1)+x(3)*z(3)+y(2)*z(3)+y(3)*z(3)+z(1)+z(3) _[14]=x(1)+x(2)+x(3)+1 in(I); _[1]=z(3)^2 _[2]=z(2)*z(3) _[3]=z(2)^2 _[4]=z(1) _[5]=y(3)*z(3) _[6]=y(3)^2 _[7]=y(2)*z(3) _[8]=y(2)*z(2) _[9]=y(2)*y(3) _[10]=y(2)^2 _[11]=y(1) _[12]=x(3) _[13]=x(2) _[14]=x(1) 2006 SNU-KMS Winter Workshop on Cryptography
Input : security parameter (T) Output : F, G where I=<F>=<G>,G:GB, Set Dreg with NDreg2 ~ O(T) Dreg = Castelnuovo-Mumford regularity NDreg = maximal matrix size in F5 algorithm 키생성 2006 SNU-KMS Winter Workshop on Cryptography
2. Generate with Dreg 3. Generate a variety V randomly • V = designed by 4. Construct a Groebner basis G • <G> = I(V) 5. Generate a generating set F • F={f: f=random combination of g’s, g G} 2006 SNU-KMS Winter Workshop on Cryptography
2. , Dreg-> J : monomial ideal 3. V = designed by 4. <G> = I(V) G={f:f(a)=0,aV} and <lt(G)>=J V={ ( , ), ( , ), ( , ), ( , ), ( , ) } 1 0 1 2 3 1 3 4 2 3 2006 SNU-KMS Winter Workshop on Cryptography
예 : 3-coloring Exponent(S) ={ z3 z2 z1 y3 y2 y1 x3 x2 x1 (0, 0, 0, 0, 0, 0, 0, 0, 0) (0, 0, 0, 0, 1, 0, 0, 0, 0) (0, 0, 0, 1, 0, 0, 0, 0, 0) (0, 1, 0, 1, 0, 0, 0, 0, 0) (0, 1, 0, 0, 0, 0, 0, 0, 0) (1, 0, 0, 0, 0, 0, 0, 0, 0) } => S={1, y2, y3, z2y3, z2, z3} Coloring= {(1,0,0,0,1,0,0,0,1), (1,0,0,0,0,1,0,1,0), (0,1,0,1,0,0,0,0,1), (0,1,0,0,0,1,1,0,0), (0,0,1,1,0,0,0,1,0), (0,0,1,0,1,0,1,0,0)} 2006 SNU-KMS Winter Workshop on Cryptography
Regularity and security • Regularity of zero-dimensional ideal • I : homogeneous ideal of R=k[x1,…,xn] • dimK(R/I) < Rd=Id for dd0 for some d0 x1t1, x2t2,…, xntn in(I) • m(I) :regularity of I • dimK(R/I) < m(I) = min{d : dimK(R/I)d =0} • Field equation • V Fpn x1p-x1, x2p-x2 ,…, xnp-xn I(V) dimK(R/I(V)) < 2006 SNU-KMS Winter Workshop on Cryptography
Regularity of affine ideal • Dreg(I) := Dreg (Ih), dim(Ih)≠0 Ih={fh|fh=x0deg(f)f(x1/x0,…,xn/x0)} • Dreg(I) := Dreg (Ih) = Dreg (Ī), • Ī = {fd|fd= sum of monomials of max. deg of fI}, e.g. f(x,y,z)=x3+3xyz+3xz-2x-4, fd=x3+3xyz • dim(I)=0 dim(Ī)=0 2006 SNU-KMS Winter Workshop on Cryptography
Security issue • Security of private key • Complexity of Groebner basis computation • Complexity of F5-algorithm for ideal I • K=F2 -> O(Nd2) : linear algebra of NdxNd matrix for d ≤m(I) • Dreg = max degree of poly in GB if generators of I are semi-regular sequence. • NDreg = nCDreg ≤ nCn/2 ~O(2n) • Dreg예측? • semi-regular sequence가 아니면? • V : random ? Size? 2006 SNU-KMS Winter Workshop on Cryptography
예 >ideal I_h=homog(I,w); > resolution mre_I_h=mres(I_h,0); > print(betti(mre_I_h),"betti"); 0 1 2 3 4 5 6 7 8 9 10 ----------------------------------------------------- 0: 1 3 3 1 - - - - - - - 1: - 18 102 243 306 210 72 9 - - - 2: - - 9 72 252 486 558 391 165 39 4 ----------------------------------------------------- total: 1 21 114 316 558 696 630 400 165 39 4 . ; > regularity(mre_I_h); //--- regularity of I 3 2006 SNU-KMS Winter Workshop on Cryptography
예: F2, n=80, deg(fk)=2 (HFE) 1 + 80z + 3080z2 + 75760z3 + 1331940z4+17720016z5+183877240z6 +1506567920z7 + 9687269930z8+ 47105696560z9 + 152100910104z10 + 116968809360z11 - 2135475381260z12 - 15201837526480z13 +O(z14) 2006 SNU-KMS Winter Workshop on Cryptography
regularity m Expected regularity of m=n random polynomials over F2 2006 SNU-KMS Winter Workshop on Cryptography
regularity m Expected regularity of m random polynomials in 80 variables over F2 2006 SNU-KMS Winter Workshop on Cryptography