290 likes | 382 Views
A Survey on the Algebraic Surface Cryptosystems. Koichiro Akiyama ( TOSHIBA Corporation ) Joint work with Prof. Yasuhiro Goto. 2013/03/02. Contents. Introduction Public key cryptosystem, Motivation Section Finding Problem A Computational Hard Problem on Algebraic Surface
E N D
A Survey on the Algebraic Surface Cryptosystems Koichiro Akiyama ( TOSHIBA Corporation ) Joint work with Prof. Yasuhiro Goto 2013/03/02
Contents • Introduction Public key cryptosystem, Motivation • Section Finding Problem A Computational Hard Problem on Algebraic Surface • Algebraic Surface Public-key Cryptosystem Encryption/Decryption/Key Generation Algorithms • Known Attacks -Rational Point Attack -Ideal Factorization Attack • Conclusion and Future Research A Survey on the Algebraic Surface Cryptosystems
Contents • Introduction Public key cryptosystem, Motivation • Section Finding Problem A Computational Hard Problem on Algebraic Surface • Algebraic Surface Public-key Cryptosystem Encryption/Decryption/Key Generation Algorithms • Known Attacks -Rational Point Attack -Ideal Factorization Attack • Conclusion and Future Research A Survey on the Algebraic Surface Cryptosystems
Public key Cryptosystem ( Concept ) Hello World Hello World Sender A Receiver B Computational Hard Problem B’s Public Key B’s Secret Key Ex. Integer Factorization sHueLjOl8k7 sHueLjOl8k7 Security of public key cryptosystem relies on the the problem which is hard to compute. A Survey on the Algebraic Surface Cryptosystems
Motivation Our target is an algebraic surface • Want to construct public-key cryptosystems having following features • Resistant against known attacks by quantum computer. ( Not based on the factorization or discrete logarithm problems. ) • Fast in process time & compact in size. • Based on a hard problem in algebraic geometry. A Survey on the Algebraic Surface Cryptosystems
Comparison with other cryptosystems Algebraic Surface Cryptosystem Public key size Public key size Fast & compact : number of valuables (1) Short Public key (2) Higher Dimensional Equations Multivariate Cryptosystems higher degree (>3) equations Quadratic equations RSA Elliptic Curve Cryptosystem A Survey on the Algebraic Surface Cryptosystems
Construction for Public Key Cryptosystem Factoring Problem Hardness Security requirement Hard Easy Secure parameter Size of the parameter The Section Finding Problem Next talk Algebraic Surface Hard Easy Section RSA Cryptosystem Algebraic Surface Cryptosystem This talk Improvement Attack Success! Call for Attack Design Encryption Algorithm Selection of Hard Problem Start Security Proof Define the secure parameters Elementary Algorithm Optimized Algorithms Practical implementation Hard even for Quantum Computer Easy for Quantum Computer A Survey on the Algebraic Surface Cryptosystems
Contents • Introduction Public key cryptosystem, Motivation • Section Finding Problem A Computational Hard Problem on Algebraic Surface • Algebraic Surface Public-key Cryptosystem Encryption/Decryption/Key Generation Algorithms • Known Attacks -Rational Point Attack -Ideal Factorization Attack • Conclusion and Future Research A Survey on the Algebraic Surface Cryptosystems
Algebraic Surface An algebraic surface (we use) is a 2-dimensional affine algebraic variety with fibration. We consider algebraic surfaces defined over a finite field . where is small enough to calculate, but need not be 2. A Survey on the Algebraic Surface Cryptosystems
Section Finding Problem ( SFP ) Algebraic Surface easy section Algebraic Surface hard A Survey on the Algebraic Surface Cryptosystems
General Solution of SFP The SFP is reduced to multivariable equations To solve the SFP, we put the section as follows: (are variables ) Substitute into , we obtain A Survey on the Algebraic Surface Cryptosystems
Contents • Introduction Public key cryptosystem, Motivation • Section Finding Problem A Computational Hard Problem on Algebraic Surface • Algebraic Surface Public-key Cryptosystem Encryption/Decryption/Key Generation Algorithms • Known Attacks -Rational Point Attack -Ideal Factorization Attack • Conclusion and Future Research A Survey on the Algebraic Surface Cryptosystems
Keys • System parameters • Size of finite field : prime • Degree of section : • Public key • Algebraic surface • Form of the plaintext polynomial • Form of the divisor polynomial • Secret key • Section (example) ( are given ) ( are given ) A Survey on the Algebraic Surface Cryptosystems
Form of the plaintext polynomial and are designated. For example, Form described the formula as fllows: indicates an element of A Survey on the Algebraic Surface Cryptosystems
plaintext m embedded to m(x,y,t) In the case of So the plaintext described as In the case of plaintext must be divided into 2bits block Therefore m embedded to m(x,y,t) as coefficients A Survey on the Algebraic Surface Cryptosystems
Encryption Randomize (operations) message Public Key:algebraic surface embed Message poly. Random polynomial Divisor polynomial Cipher text A Survey on the Algebraic Surface Cryptosystems
Decryption Cipher Plaintext Random Random Public key Section substitute Secret key: Section factoring message polynomial message Solve linear equations A Survey on the Algebraic Surface Cryptosystems
Key generation Coefficients other than constant term Secret key : section Select randomly Select randomly Public key: algebraic surface Calculate the constant term A Survey on the Algebraic Surface Cryptosystems
Contents • Introduction Public key cryptosystem, Motivation • Section Finding Problem A Computational Hard Problem on Algebraic Surface • Algebraic Surface Public-key Cryptosystem Encryption/Decryption/Key Generation Algorithms • Known Attacks -Rational Point Attack -Ideal Factorization Attack • Conclusion and Future Research A Survey on the Algebraic Surface Cryptosystems
Rational point attack( 1 ) where subtract Remove the plaintext polynomial A Survey on the Algebraic Surface Cryptosystems
Rational point attack ( 2 ) = substitution rational points construct Solve Linear Equation extract Success! factoring A Survey on the Algebraic Surface Cryptosystems
Rational point attack ( 3 ) = = rational points substitution Solve linear equations reconstruct A Survey on the Algebraic Surface Cryptosystems
Counter measure against RPA are in the same form and This is also another solution = is a solution, there exists polynomial If which is in the same form of and satisfy . For arbitrary which is in the same form of , We can avoid the attack, when we select the form of which has enough polynomials not to be able to identify the correct one. A Survey on the Algebraic Surface Cryptosystems
Ideal factorization attack Cipher text Ideal Factoring where Solve Linear Eq. A Survey on the Algebraic Surface Cryptosystems
Sequence of events on ASC Jan 2004 1st version was proposed in domestic conference May 2006 1st version was presented in international conference PQC2006 Jintai Ding pointed out a flaw in our system Oct 2006 2nd version was presented in AMS conference. . Jan 2007 Shigenori Uchiyama proposed an attack against 2nd version . Apr2007 Felipe Voloch proposed another attack against 2nd version Jan 2008 3rd version was proposed in domestic conference. Mar 2009 3rdwas presented in international conference PKC2009 May 2010 Jean-Charles Faugere( INRIA ) proposed an attack against 3rd version. NowWe are preparing 4th version whose security is equivalent to SFP. A Survey on the Algebraic Surface Cryptosystems
Contents • Introduction Public key cryptosystem, Motivation • Section Finding Problem A Computational Hard Problem on Algebraic Surface • Algebraic Surface Public-key Cryptosystem Encryption/Decryption/Key Generation Algorithms • Known Attacks -Rational Point Attack -Ideal Factorization Attack • Conclusion and Future Research A Survey on the Algebraic Surface Cryptosystems
Conclusions • We showed a new type of public-key cryptosystem using an algebraic surface. • We showed the algorithm for encryption, decryption and key generation. • Our contributions are • The public key size is O(n). • Our cryptosystem is associated higher general equations than multivariate cryptosystems. ( contains equation which degree is more than 3) A Survey on the Algebraic Surface Cryptosystems
Construct a secure algorithm We try to construct a provable secure cryptosystem Determine the recommendable parameter size We developed an efficient algorithm to solve the SFP. Now we estimate computational complexity by computational experimentation. Open Problems Next Talk A Survey on the Algebraic Surface Cryptosystems