1 / 20

Jeaman Ahn, Eunjeong Lee*, Hyungju Park (KIAS) 2006. 12. 21.

Key Generation of GB Polly Cracker Cryptosystems. Jeaman Ahn, Eunjeong Lee*, Hyungju Park (KIAS) 2006. 12. 21. 목차. Polynomial-based cryptosystems Algorithm of key generation Security issues. 다항식 기반 암호. GB Polly Cracker Cryptosystem. GB Polly Cracker Cryptosystem.

veda-schultz
Télécharger la présentation

Jeaman Ahn, Eunjeong Lee*, Hyungju Park (KIAS) 2006. 12. 21.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Key Generation of GB Polly Cracker Cryptosystems Jeaman Ahn, Eunjeong Lee*, Hyungju Park (KIAS) 2006. 12. 21.

  2. 목차 • Polynomial-based cryptosystems • Algorithm of key generation • Security issues 2006 SNU-KMS Winter Workshop on Cryptography

  3. 다항식 기반 암호 2006 SNU-KMS Winter Workshop on Cryptography

  4. GB Polly Cracker Cryptosystem 2006 SNU-KMS Winter Workshop on Cryptography

  5. GB Polly Cracker Cryptosystem 2006 SNU-KMS Winter Workshop on Cryptography

  6. 예 (Graph 3-coloring) Coloring= {(1,0,0,0,1,0,0,0,1), (1,0,0,0,0,1,0,1,0), (0,1,0,1,0,0,0,0,1), (0,1,0,0,0,1,1,0,0), (0,0,1,1,0,0,0,1,0), (0,0,1,0,1,0,1,0,0)} • F={x1+x2+x3+1, y1+y2+y3+1, z1+z2+z3+1, • x1x2, x1x3, x2x3, y1y2, y1y3, y2y3, z1z2, z1z3, z2z3 • x1y1, x2y2, x3y3, y1z1, y2z2, y3z3, x1z1, x2z2, x3z3} 2006 SNU-KMS Winter Workshop on Cryptography

  7. > std(I); _[1]=z(3)^2+z(3) _[2]=z(2)*z(3) _[3]=z(2)^2+z(2) _[4]=z(1)+z(2)+z(3)+1 _[5]=y(3)*z(3) _[6]=y(3)^2+y(3) _[7]=y(2)*z(3)+y(2)+y(3)*z(1)+z(1) _[8]=y(2)*z(2) _[9]=y(2)*y(3) _[10]=y(2)^2+y(2) _[11]=y(1)+y(2)+y(3)+1 _[12]=x(3)+y(2)*z(3)+y(2)+y(3)*z(1)+y(3)*z(3)+y(3)+z(1)+z(3)+1 _[13]=x(2)+x(3)*y(2)*z(3)+x(3)*y(3)*z(3)+x(3)*z(1)+x(3)*z(3)+y(2)*z(3)+y(3)*z(3)+z(1)+z(3) _[14]=x(1)+x(2)+x(3)+1 in(I); _[1]=z(3)^2 _[2]=z(2)*z(3) _[3]=z(2)^2 _[4]=z(1) _[5]=y(3)*z(3) _[6]=y(3)^2 _[7]=y(2)*z(3) _[8]=y(2)*z(2) _[9]=y(2)*y(3) _[10]=y(2)^2 _[11]=y(1) _[12]=x(3) _[13]=x(2) _[14]=x(1) 2006 SNU-KMS Winter Workshop on Cryptography

  8. Input : security parameter (T) Output : F, G where I=<F>=<G>,G:GB, Set Dreg with NDreg2 ~ O(T) Dreg = Castelnuovo-Mumford regularity NDreg = maximal matrix size in F5 algorithm 키생성 2006 SNU-KMS Winter Workshop on Cryptography

  9. 2. Generate  with Dreg 3. Generate a variety V randomly • V = designed by  4. Construct a Groebner basis G • <G> = I(V) 5. Generate a generating set F • F={f: f=random combination of g’s, g  G} 2006 SNU-KMS Winter Workshop on Cryptography

  10. 2. , Dreg-> J : monomial ideal 3. V = designed by  4. <G> = I(V) G={f:f(a)=0,aV} and <lt(G)>=J V={ ( , ), ( , ), ( , ), ( , ), ( , ) } 1 0 1 2 3 1 3 4 2 3 2006 SNU-KMS Winter Workshop on Cryptography

  11. 예 : 3-coloring Exponent(S) ={ z3 z2 z1 y3 y2 y1 x3 x2 x1 (0, 0, 0, 0, 0, 0, 0, 0, 0) (0, 0, 0, 0, 1, 0, 0, 0, 0) (0, 0, 0, 1, 0, 0, 0, 0, 0) (0, 1, 0, 1, 0, 0, 0, 0, 0) (0, 1, 0, 0, 0, 0, 0, 0, 0) (1, 0, 0, 0, 0, 0, 0, 0, 0) } => S={1, y2, y3, z2y3, z2, z3} Coloring= {(1,0,0,0,1,0,0,0,1), (1,0,0,0,0,1,0,1,0), (0,1,0,1,0,0,0,0,1), (0,1,0,0,0,1,1,0,0), (0,0,1,1,0,0,0,1,0), (0,0,1,0,1,0,1,0,0)} 2006 SNU-KMS Winter Workshop on Cryptography

  12. 2006 SNU-KMS Winter Workshop on Cryptography

  13. Regularity and security • Regularity of zero-dimensional ideal • I : homogeneous ideal of R=k[x1,…,xn] • dimK(R/I) <   Rd=Id for dd0 for some d0  x1t1, x2t2,…, xntn  in(I) • m(I) :regularity of I • dimK(R/I) <   m(I) = min{d : dimK(R/I)d =0} • Field equation • V  Fpn  x1p-x1, x2p-x2 ,…, xnp-xn  I(V)  dimK(R/I(V)) <  2006 SNU-KMS Winter Workshop on Cryptography

  14. Regularity of affine ideal • Dreg(I) := Dreg (Ih), dim(Ih)≠0 Ih={fh|fh=x0deg(f)f(x1/x0,…,xn/x0)} • Dreg(I) := Dreg (Ih) = Dreg (Ī), • Ī = {fd|fd= sum of monomials of max. deg of fI}, e.g. f(x,y,z)=x3+3xyz+3xz-2x-4, fd=x3+3xyz • dim(I)=0  dim(Ī)=0 2006 SNU-KMS Winter Workshop on Cryptography

  15. Security issue • Security of private key • Complexity of Groebner basis computation • Complexity of F5-algorithm for ideal I • K=F2 -> O(Nd2) : linear algebra of NdxNd matrix for d ≤m(I) • Dreg = max degree of poly in GB if generators of I are semi-regular sequence. • NDreg = nCDreg ≤ nCn/2 ~O(2n) • Dreg예측? • semi-regular sequence가 아니면? • V : random ? Size? 2006 SNU-KMS Winter Workshop on Cryptography

  16. >ideal I_h=homog(I,w); > resolution mre_I_h=mres(I_h,0); > print(betti(mre_I_h),"betti"); 0 1 2 3 4 5 6 7 8 9 10 ----------------------------------------------------- 0: 1 3 3 1 - - - - - - - 1: - 18 102 243 306 210 72 9 - - - 2: - - 9 72 252 486 558 391 165 39 4 ----------------------------------------------------- total: 1 21 114 316 558 696 630 400 165 39 4 . ; > regularity(mre_I_h); //--- regularity of I 3 2006 SNU-KMS Winter Workshop on Cryptography

  17. 2006 SNU-KMS Winter Workshop on Cryptography

  18. 예: F2, n=80, deg(fk)=2 (HFE) 1 + 80z + 3080z2 + 75760z3 + 1331940z4+17720016z5+183877240z6 +1506567920z7 + 9687269930z8+ 47105696560z9 + 152100910104z10 + 116968809360z11 - 2135475381260z12 - 15201837526480z13 +O(z14) 2006 SNU-KMS Winter Workshop on Cryptography

  19. regularity m Expected regularity of m=n random polynomials over F2 2006 SNU-KMS Winter Workshop on Cryptography

  20. regularity m Expected regularity of m random polynomials in 80 variables over F2 2006 SNU-KMS Winter Workshop on Cryptography

More Related