mathematical problems in multivariate public key
play

Mathematical Problems in Multivariate Public Key Cryptography - PowerPoint PPT Presentation

Oct 04, 2023 •345 likes •1.05k views

Mathematical Problems in Multivariate Public Key Cryptography Timothy Hodges University of Cincinnati January 15, 2015 Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 1 / 28 Overview Multivariate

  1. Mathematical Problems in Multivariate Public Key Cryptography Timothy Hodges University of Cincinnati January 15, 2015 Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 1 / 28

  2. Overview Multivariate Public Key Cryptosystems 1 Solving Systems of Polynomial Equations 2 First Fall Degree and HFE-systems 3 Semi-regular systems 4 Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 2 / 28

  3. Outline Multivariate Public Key Cryptosystems 1 Solving Systems of Polynomial Equations 2 First Fall Degree and HFE-systems 3 Semi-regular systems 4 Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 3 / 28

  4. Multivariate Public Key Cryptosystems F a finite field with | F | = q { p 1 ,..., p n } F n → F m − − − − − − p i ( x 1 , . . . , x n ) ∈ F [ x 1 , . . . , x n ] / � x q 1 − x 1 , . . . , x q n − x n � = Fun( F n , F ) Solving p 1 ( x 1 , . . . , x n ) = y 1 . . . . . . p m ( x 1 , . . . , x n ) = y m is a hard problem. Problem Design a trapdoor that retains this level of security. Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 4 / 28

  5. Multivariate Public Key Cryptosystems F a finite field with | F | = q { p 1 ,..., p n } F n → F m − − − − − − p i ( x 1 , . . . , x n ) ∈ F [ x 1 , . . . , x n ] / � x q 1 − x 1 , . . . , x q n − x n � = Fun( F n , F ) Solving p 1 ( x 1 , . . . , x n ) = y 1 . . . . . . p m ( x 1 , . . . , x n ) = y m is a hard problem. Problem Design a trapdoor that retains this level of security. Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 4 / 28

  6. Multivariate Public Key Cryptosystems F a finite field with | F | = q { p 1 ,..., p n } F n → F m − − − − − − p i ( x 1 , . . . , x n ) ∈ F [ x 1 , . . . , x n ] / � x q 1 − x 1 , . . . , x q n − x n � = Fun( F n , F ) Solving p 1 ( x 1 , . . . , x n ) = y 1 . . . . . . p m ( x 1 , . . . , x n ) = y m is a hard problem. Problem Design a trapdoor that retains this level of security. Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 4 / 28

  7. Multivariate Public Key Cryptosystems F a finite field with | F | = q { p 1 ,..., p n } F n → F m − − − − − − p i ( x 1 , . . . , x n ) ∈ F [ x 1 , . . . , x n ] / � x q 1 − x 1 , . . . , x q n − x n � = Fun( F n , F ) Solving p 1 ( x 1 , . . . , x n ) = y 1 . . . . . . p m ( x 1 , . . . , x n ) = y m is a hard problem. Problem Design a trapdoor that retains this level of security. Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 4 / 28

  8. Multivariate Public Key Cryptosystems F a finite field with | F | = q { p 1 ,..., p n } F n → F m − − − − − − p i ( x 1 , . . . , x n ) ∈ F [ x 1 , . . . , x n ] / � x q 1 − x 1 , . . . , x q n − x n � = Fun( F n , F ) Solving p 1 ( x 1 , . . . , x n ) = y 1 . . . . . . p m ( x 1 , . . . , x n ) = y m is a hard problem. Problem Design a trapdoor that retains this level of security. Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 4 / 28

  9. Hidden Field Systems: Matsumoto-Imai Identify (secretly) F n with an extension field K , where dim F K = n . So | K | = q n The map P : K → K , P ( X ) = X θ is invertible with inverse P − 1 ( X ) = X s if gcd( θ, q n − 1) = 1, For all 0 � = α ∈ K , α q n − 1 = 1 by Lagrange’s Theorem. Since gcd( θ, q n − 1) = 1, then there exist s , t ∈ Z such that θ s + ( q n − 1) t = 1 so ( α θ ) s = α − ( q n − 1) t +1 = α − ( q n − 1) t α = α Take q = 2 t and θ = 1 + q s , P ( X ) = X . X q s is quadratic P − − − − − → K K Private Key x ? σ ? τ ? ? y { p 1 ,..., p n } F n → F n − − − − − − Public Key σ, τ invertible affine linear maps Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 5 / 28

  10. Hidden Field Systems: Matsumoto-Imai Identify (secretly) F n with an extension field K , where dim F K = n . So | K | = q n The map P : K → K , P ( X ) = X θ is invertible with inverse P − 1 ( X ) = X s if gcd( θ, q n − 1) = 1, For all 0 � = α ∈ K , α q n − 1 = 1 by Lagrange’s Theorem. Since gcd( θ, q n − 1) = 1, then there exist s , t ∈ Z such that θ s + ( q n − 1) t = 1 so ( α θ ) s = α − ( q n − 1) t +1 = α − ( q n − 1) t α = α Take q = 2 t and θ = 1 + q s , P ( X ) = X . X q s is quadratic P − − − − − → K K Private Key x ? σ ? τ ? ? y { p 1 ,..., p n } F n → F n − − − − − − Public Key σ, τ invertible affine linear maps Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 5 / 28

  11. Hidden Field Systems: Matsumoto-Imai Identify (secretly) F n with an extension field K , where dim F K = n . So | K | = q n The map P : K → K , P ( X ) = X θ is invertible with inverse P − 1 ( X ) = X s if gcd( θ, q n − 1) = 1, For all 0 � = α ∈ K , α q n − 1 = 1 by Lagrange’s Theorem. Since gcd( θ, q n − 1) = 1, then there exist s , t ∈ Z such that θ s + ( q n − 1) t = 1 so ( α θ ) s = α − ( q n − 1) t +1 = α − ( q n − 1) t α = α Take q = 2 t and θ = 1 + q s , P ( X ) = X . X q s is quadratic P − − − − − → K K Private Key x ? σ ? τ ? ? y { p 1 ,..., p n } F n → F n − − − − − − Public Key σ, τ invertible affine linear maps Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 5 / 28

  12. Hidden Field Systems: Matsumoto-Imai Identify (secretly) F n with an extension field K , where dim F K = n . So | K | = q n The map P : K → K , P ( X ) = X θ is invertible with inverse P − 1 ( X ) = X s if gcd( θ, q n − 1) = 1, For all 0 � = α ∈ K , α q n − 1 = 1 by Lagrange’s Theorem. Since gcd( θ, q n − 1) = 1, then there exist s , t ∈ Z such that θ s + ( q n − 1) t = 1 so ( α θ ) s = α − ( q n − 1) t +1 = α − ( q n − 1) t α = α Take q = 2 t and θ = 1 + q s , P ( X ) = X . X q s is quadratic P − − − − − → K K Private Key x ? σ ? τ ? ? y { p 1 ,..., p n } F n → F n − − − − − − Public Key σ, τ invertible affine linear maps Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 5 / 28

  13. Hidden Field Systems: Matsumoto-Imai Identify (secretly) F n with an extension field K , where dim F K = n . So | K | = q n The map P : K → K , P ( X ) = X θ is invertible with inverse P − 1 ( X ) = X s if gcd( θ, q n − 1) = 1, For all 0 � = α ∈ K , α q n − 1 = 1 by Lagrange’s Theorem. Since gcd( θ, q n − 1) = 1, then there exist s , t ∈ Z such that θ s + ( q n − 1) t = 1 so ( α θ ) s = α − ( q n − 1) t +1 = α − ( q n − 1) t α = α Take q = 2 t and θ = 1 + q s , P ( X ) = X . X q s is quadratic P − − − − − → K K Private Key x ? σ ? τ ? ? y { p 1 ,..., p n } F n → F n − − − − − − Public Key σ, τ invertible affine linear maps Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 5 / 28

  14. Hidden Field Systems: Matsumoto-Imai Identify (secretly) F n with an extension field K , where dim F K = n . So | K | = q n The map P : K → K , P ( X ) = X θ is invertible with inverse P − 1 ( X ) = X s if gcd( θ, q n − 1) = 1, For all 0 � = α ∈ K , α q n − 1 = 1 by Lagrange’s Theorem. Since gcd( θ, q n − 1) = 1, then there exist s , t ∈ Z such that θ s + ( q n − 1) t = 1 so ( α θ ) s = α − ( q n − 1) t +1 = α − ( q n − 1) t α = α Take q = 2 t and θ = 1 + q s , P ( X ) = X . X q s is quadratic P − − − − − → K K Private Key x ? σ ? τ ? ? y { p 1 ,..., p n } F n → F n − − − − − − Public Key σ, τ invertible affine linear maps Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 5 / 28

  15. Patarin’s HFE System P ( X ) is P ( X ) K − − − − − → K x ? of low total degree, D (efficient σ ? τ ? ? y decryption). { p 1 ,..., p n } F n → F n − − − − − − quadratic over F so that p i ( x 1 , . . . , x n ) are quadratic (efficient encryption) a ij X q i + q j + b i X q i + c X X P ( X ) = q i + q j ≤ D q i ≤ D where a ij , b i , c ∈ K . Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 6 / 28

  16. Patarin’s HFE System P ( X ) is P ( X ) K − − − − − → K x ? of low total degree, D (efficient σ ? τ ? ? y decryption). { p 1 ,..., p n } F n → F n − − − − − − quadratic over F so that p i ( x 1 , . . . , x n ) are quadratic (efficient encryption) a ij X q i + q j + b i X q i + c X X P ( X ) = q i + q j ≤ D q i ≤ D where a ij , b i , c ∈ K . Timothy Hodges (University of Cincinnati) Mathematical Problems in MPKC January 15, 2015 6 / 28

Recommend

Multivariate random variables DS GA 1002 Statistical and Mathematical Models

Multivariate random variables DS GA 1002 Statistical and Mathematical Models

Multivariate random variables DS GA 1002 Statistical and Mathematical Models http://www.cims.nyu.edu/~cfgranda/pages/DSGA1002_fall16 Carlos Fernandez-Granda Joint distributions Tool to characterize several uncertain numerical quantities of

1.39k views • 121 slides
Supposedly Hard Problems In Multivariate Cryptography Charles Bouillaguet Universit de

Supposedly Hard Problems In Multivariate Cryptography Charles Bouillaguet Universit de

Introduction The MQ Problem Polynomial Equivalence Problems Supposedly Hard Problems In Multivariate Cryptography Charles Bouillaguet Universit de Versailles Saint-Quentin Versailles, France Sminaire CARAMEL 20 janvier 2012

721 views • 59 slides
Multivariate L evy driven Stochastic Volatility Models Robert Stelzer Chair of Mathematical

Multivariate L evy driven Stochastic Volatility Models Robert Stelzer Chair of Mathematical

1 September 22nd, 2008 Multivariate L evy driven Stochastic Volatility Models Robert Stelzer Chair of Mathematical Statistics Zentrum Mathematik Technische Universit at M unchen email: rstelzer@ma.tum.de http://www.ma.tum.de/stat/

467 views • 43 slides
A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials Kim

A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials Kim

A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials Kim Batselier KU Leuven Department of Electrical Engineering

1.19k views • 108 slides
A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials Kim

A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials Kim

A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials A Numerical Linear Algebra Framework for Solving Problems with Multivariate Polynomials Kim Batselier KU Leuven Department of Electrical Engineering

1.14k views • 109 slides
MATHEMATICAL PROBLEMS ASSOCIATED WITH MATHEMATICAL PROBLEMS ASSOCIATED WITH ATMOSPHERIC DATA

MATHEMATICAL PROBLEMS ASSOCIATED WITH MATHEMATICAL PROBLEMS ASSOCIATED WITH ATMOSPHERIC DATA

MATHEMATICAL PROBLEMS ASSOCIATED WITH MATHEMATICAL PROBLEMS ASSOCIATED WITH ATMOSPHERIC DATA ASSIMILATION AND ATMOSPHERIC DATA ASSIMILATION AND WEATHER PREDICTION WEATHER PREDICTION Pierre Gauthier Department of Earth and Atmospheric Sciences

580 views • 13 slides
Hilberts problems and contemporary mathematical logic Jan Kraj cek MFF UK (KA)

Hilberts problems and contemporary mathematical logic Jan Kraj cek MFF UK (KA)

Hilberts problems and contemporary mathematical logic Jan Kraj cek MFF UK (KA) Are there BIG open problems in mathematical logic besides the P vs. NP problem? Ideals for the qualification big: The Riemann

715 views • 34 slides
Multivariate Public Key Cryptography Jintai Ding University of Cincinnati Technical University

Multivariate Public Key Cryptography Jintai Ding University of Cincinnati Technical University

Multivariate Public Key Cryptography Jintai Ding University of Cincinnati Technical University of Darmstadt 1 1. General Introduction 2. Multivariate public key cryptosystems 3. Challenges 2 1 General Introduction In June 2006, in Belgium,

1.06k views • 68 slides
Open Problems in Multivariate Cryptography Louis Goubin LGoubin@ slb.com Nicolas Courtois

Open Problems in Multivariate Cryptography Louis Goubin LGoubin@ slb.com Nicolas Courtois

Open Problems in Multivariate Cryptography Louis Goubin LGoubin@ slb.com Nicolas Courtois Ncourtois@ slb.com SchlumbergerSema Louveciennes France Bruges - 26/11/2002 STORK Cryptography Workshop 1 Design of Block Ciphers and Hash

429 views • 4 slides
Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in

Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in

Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Secure Communication Earlier we discussed the problems

202 views • 18 slides
Adaptive Approximation for Multivariate Linear Problems with Inputs Lying in a Cone Fred J.

Adaptive Approximation for Multivariate Linear Problems with Inputs Lying in a Cone Fred J.

Adaptive Approximation for Multivariate Linear Problems with Inputs Lying in a Cone Fred J. Hickernell Department of Applied Mathematics Center for Interdisciplinary Scientific Computation Illinois Institute of Technology hickernell@iit.edu

440 views • 30 slides
Outline Multivariate Data 1 Multivariate Parametric Methods Multivariate Normal Distribution 2

Outline Multivariate Data 1 Multivariate Parametric Methods Multivariate Normal Distribution 2

Multivariate Data Multivariate Normal Distribution Multivariate Classification Multivariate Regression Multivariate Data Multivariate Normal Distribution Multivariate Classification Multivariate Regression Outline Multivariate Data 1

319 views • 7 slides
Problems for Multivariate Data Analysis Censored data. Riffle: an R Package for Nonmetric

Problems for Multivariate Data Analysis Censored data. Riffle: an R Package for Nonmetric

Problems for Multivariate Data Analysis Censored data. Riffle: an R Package for Nonmetric Clustering Tied ranks and reduced variance when < 5 5. Geoffrey B. Matthews and Robin A. Matthews Systematic bias when

155 views • 4 slides
Pattern Selection Problems in Multivariate Time-Series using Equation Discovery Arne Koopman,

Pattern Selection Problems in Multivariate Time-Series using Equation Discovery Arne Koopman,

Pattern Selection Problems in Multivariate Time-Series using Equation Discovery Arne Koopman, Arno Knobbe, Marving Meeng Leiden University. The university to discover. InfraWatch Data Mining for Infrastructure Asset Management - Hollandse Brug

621 views • 11 slides
Principal Component Analysis Applied Multivariate Statistics Spring 2012 Overview

Principal Component Analysis Applied Multivariate Statistics Spring 2012 Overview

Principal Component Analysis Applied Multivariate Statistics Spring 2012 Overview Intuition Four definitions Practical examples Mathematical example Case study Appl. Multivariate Statistics - Spring 2012 2 PCA: Goals

418 views • 26 slides
Problems With Notation Mathematical notation is very precise. This contrasts with both oral

Problems With Notation Mathematical notation is very precise. This contrasts with both oral

Problems With Notation Mathematical notation is very precise. This contrasts with both oral communication and some written English. Alan H. SteinUniversity of Connecticut Problems With Notation Mathematical notation is very precise. This

252 views • 4 slides
Bayesian Inverse Problems and Uncertainty Quantification Hanne Kekkonen Centre for Mathematical

Bayesian Inverse Problems and Uncertainty Quantification Hanne Kekkonen Centre for Mathematical

Bayesian Inverse Problems and Uncertainty Quantification Hanne Kekkonen Centre for Mathematical Sciences University of Cambridge June 4, 2019 Inverse problems arise naturally from applications 1 / 27 Inverse problems are ill-posed We want to

398 views • 36 slides
Multivariate Quadratic Public-Key Cryptography Part 1: Basics Bo-Yin Yang Academia Sinica

Multivariate Quadratic Public-Key Cryptography Part 1: Basics Bo-Yin Yang Academia Sinica

Multivariate Quadratic Public-Key Cryptography Part 1: Basics Bo-Yin Yang Academia Sinica PQCrypto Executive Summer School 2017 Eindhoven, the Netherlands Friday, 23.06.2017 B.-Y. Yang (Academia Sinica) Multivariate Cryptography PQC Exec.

973 views • 49 slides
Probability on spaces of functions with applications to inverse problems and data assimilation

Probability on spaces of functions with applications to inverse problems and data assimilation

Probability on spaces of functions with applications to inverse problems and data assimilation Jan Mandel Department of Mathematical and Statistical Sciences University of Colorado Denver European Mathematical Society School on Mathematical

1.05k views • 102 slides
Multivariate Public Key Cryptosystems Produced by Quasigroups Simona Samardjiska PhD defence

Multivariate Public Key Cryptosystems Produced by Quasigroups Simona Samardjiska PhD defence

Multivariate Public Key Cryptosystems Produced by Quasigroups Simona Samardjiska PhD defence Trondheim, June 22, 2015 Department of Telematics, Faculty of Information Technology, Mathematics and Electrical Engineering, Norwegian University of

2.51k views • 157 slides
Introduction to Multivariate Public Key Cryptography Geovandro Carlos C. F. Pereira PhD advisor:

Introduction to Multivariate Public Key Cryptography Geovandro Carlos C. F. Pereira PhD advisor:

Introduction to Multivariate Public Key Cryptography Geovandro Carlos C. F. Pereira PhD advisor: Prof. Dr. Paulo S. L. M. Barreto LARC - Computer Architecture and Networking Lab Department of Computer Engineering and Digital Systems Escola

1.04k views • 101 slides
Problems With Notation Mathematical notation is very precise. This contrasts with both oral

Problems With Notation Mathematical notation is very precise. This contrasts with both oral

Problems With Notation Mathematical notation is very precise. This contrasts with both oral communication and some written English. Correct mathematical notation: x 2 2 x 8 ( x 4)( x + 2) lim x 4 = lim x 4 = lim x 4 ( x +

420 views • 9 slides
Estimation equations for multivariate linear models with Kronecker structured covariance matrices

Estimation equations for multivariate linear models with Kronecker structured covariance matrices

Estimation equations for multivariate linear models with Kronecker structured covariance matrices nska- Alvarez a , Chengcheng Hao b , Szczepa Yuli Liang c , Dietrich von Rosen d , e a Department of Mathematical and Statistical Methods,

580 views • 19 slides
Advanced PHP Dr. Steven Bitner A/B and Multivariate testing Why use multivariate testing If

Advanced PHP Dr. Steven Bitner A/B and Multivariate testing Why use multivariate testing If

Advanced PHP Dr. Steven Bitner A/B and Multivariate testing Why use multivariate testing If your employer is interested in understanding how effective certain changes are, you may consider A/B or multivariate testing How to do it First,

372 views • 12 slides

More recommend