Multivariate Signature Scheme using Quadratic Forms Takanori Yasuda (ISIT) Joint work with Tsuyoshi Takagi (Kyushu Univ.), Kouichi Sakurai (Kyushu Univ.)

Slides:

Advertisements

Similar presentations

Relations, Functions, and Matrices Mathematical Structures for Computer Science Chapter 4 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesThe Mighty Mod.

Advertisements

Asymptotically Optimal Communication for Torus- Based Cryptography David Woodruff MIT Joint work with Marten van Dijk Philips/MIT.

On an Improved Chaos Shift Keying Communication Scheme Timothy J. Wren & Tai C. Yang.

A Fast Data Protection Technique for Mobile Agents to Avoid Attacks in Malicious Hosts Jesús Arturo Pérez Díaz Darío Álvarez Gutiérrez Department of Informatics.

1 Design of Key-Sharing System Based on a Unique Device Kenji Imamoto (Kyushu Univ.) Hiromi Fukaya (Pastel) Kouichi Sakurai (Kyushu Univ.)

6.4 Best Approximation; Least Squares

Secure Evaluation of Multivariate Polynomials

An Ω(n 1/3 ) Lower Bound for Bilinear Group Based Private Information Retrieval Alexander Razborov Sergey Yekhanin.

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Overview of Cryptography Anupam Datta CMU Fall A: Foundations of Security and Privacy.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.

N. Karampetakis, S. Vologiannidis

Eigen-decomposition of a class of Infinite dimensional tridiagonal matrices G.V. Moustakides: Dept. of Computer Engineering, Univ. of Patras, Greece B.

Lecture 23 Symmetric Encryption

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

ASYMMETRIC CIPHERS.

5.1 Orthogonality.

The RSA Algorithm Rocky K. C. Chang, March

Cryptosystems for Social Organizations based on TSK( Tsujii-Shamir-Kasahara ) ー MPKC Shigeo Tsujii Kohtaro Tadaki Masahito Gotaishi Ryo Fujita Hiroshi.

HYDRA: A Flexible PQC Processor

Digital signature in automatic analyses for confidentiality against active adversaries Ilja Tšahhirov, Peeter Laud.

1 AN EFFICIENT METHOD FOR FACTORING RABIN SCHEME SATTAR J ABOUD 1, 2 MAMOUN S. AL RABABAA and MOHAMMAD A AL-FAYOUMI 1 1 Middle East University for Graduate.

ORDINARY DIFFERENTIAL EQUATION (ODE) LAPLACE TRANSFORM.

An Efficient Identity-based Cryptosystem for

Oblivious Signature-Based Envelope Ninghui Li, Stanford University Wenliang (Kevin) Du, Syracuse University Dan Boneh, Stanford University.

1 Secure Cooperative MIMO Communications Under Active Compromised Nodes Liang Hong, McKenzie McNeal III, Wei Chen College of Engineering, Technology, and.

Gram-Schmidt Orthogonalization

AES Background and Mathematics CSCI 5857: Encoding and Encryption.

02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.

Cryptography, Authentication and Digital Signatures

Rijndael Advanced Encryption Standard. Overview Definitions Definitions Who created Rijndael and the reason behind it Who created Rijndael and the reason.

Midterm Review Cryptography & Network Security

Cryptography and Network Security (CS435) Part Eight (Key Management)

Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.

Public key ciphers 2 Session 6.

Multivariate Signature Scheme using Quadratic Forms Takanori Yasuda (ISIT) Joint work with Tsuyoshi Takagi (Kyushu Univ.), Kouichi Sakurai (Kyushu Univ.)

Cryptanalysis and Improvement of an Access Control in User Hierarchy Based on Elliptic Curve Cryptosystem Reporter : Tzer-Long Chen Information Sciences.

© 2013 Toshiba Corporation An Estimation of Computational Complexity for the Section Finding Problem on Algebraic Surfaces Chiho Mihara (TOSHIBA Corp.)

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

24-Nov-15Security Cryptography Cryptography is the science and art of transforming messages to make them secure and immune to attacks. It involves plaintext,

Packet-Marking Scheme for DDoS Attack Prevention

ECE509 Cyber Security : Concept, Theory, and Practice Key Management Spring 2014.

Chapter 10 Real Inner Products and Least-Square

NEW DIRECTIONS IN CRYPTOGRAPHY Made Harta Dwijaksara, Yi Jae Park.

Fast Verification for Improved Versions of the UOV and Rainbow Signature Schemes Albrecht Petzoldt, Stanislav Bulygin and Johannes Buchmann TU Darmstadt,

Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.

Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.

An Improved Efficient Secret Handshakes Scheme with Unlinkability Author: Jie Gu and Zhi Xue Source: IEEE Comm. Letters 15 (2) (2011) Presenter: Yu-Chi.

A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,

Copyright 2012, Toshiba Corporation. A Survey on the Algebraic Surface Cryptosystems Koichiro Akiyama ( TOSHIBA Corporation ) Joint work with Prof. Yasuhiro.

Key Management Network Systems Security Mort Anvari.

DIGITAL SIGNATURE(DS) IN VIDEO. Contents  What is Digital Signature(DS)?  General Signature Vs. Digital Signatures  How DS is Different from Encryption?

Ruhr University Bochum Faculty of Mathematics Information-Security and Cryptology On the Security of HFE, HFEv- and Quartz Nicolas T. CourtoisMagnus DaumPatrick.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.

Ruhr University Bochum Faculty of Mathematics Information-Security and Cryptology Some new aspects concerning the Analysis of HFE type Cryptosystems Magnus.

Key Generation Protocol in IBC Author ： Dhruti Sharma and Devesh Jinwala 論文報告 2015/12/24 董晏彰 1.

1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Quick reviews / corrections

Aesun Park1 , Kyung-Ah Shim2*, Namhun Koo2, and Dong-Guk Han1

Key Management Network Systems Security

TWO-FACE New Public Key Multivariate Schemes

Presentation transcript:

Multivariate Signature Scheme using Quadratic Forms Takanori Yasuda (ISIT) Joint work with Tsuyoshi Takagi (Kyushu Univ.), Kouichi Sakurai (Kyushu Univ.) 1 This work was partially supported by the Japan Science and Technology Agency (JST) Strategic Japanese-Indian Cooperative Programme for Multidisciplinary Research Fields, which aims to combine Information and Communications Technology with Other Fields. The first author is supported by Grant-in-Aid for Young Scientists (B), Grant number

Contents 1.Multivariate Signature Schemes 2.Quadratic Forms 3.Multivariate System defined by Quadratic Forms 4.Application to Signature Scheme 5.Comparison with Rainbow 1.Efficiency of Signature Generation 2.Key Sizes 3.Security 6.Conclusion 2

MPKC Signature Signature Message For any message M, there must exist the corresponding signature. F is surjective. 3

New Multivariate Polynomial Map We introduce a multivariate polynomial map not surjective, and apply it to signature scheme. For a symmetric matrix A, 4

Questions Is G applicable to signature scheme or not? Questions 5

Quadratic Forms 6

7

How to compute the inverse map Simple case Problem 1 is equivalent to 8

Real field Case Gram-Schmidt orthonormalization provides an efficient algorithm to solve Problem 1’. Definition: We want to apply Gram-Schmidt orthonormalization technique to the case of finite fields. 9

Finite Field Case However, we can extend Gram-Schmidt orthonormalization by inserting a step: We cannot apply Gram-Schmidt orthonormalization directly. Solve Problem 1 10

2-dimensional case (1) 11

2-dimensional case (2) 12 ⇒ apply the usual GS-normalization.

2-dimensional case (3) 13

Problem 2 14

Classification Theorem 15

Application to MPKC Signature Scheme 16

Signature Generation 17

Property of Our Scheme For any M, there exists the corresponding signature. M 18

Other Signature Schemes Multivariate Polynomial Maps Rainbow UOV HFE MI Proposal Surjective Not Surjective 19

Security of Our Scheme There are several attacks of MPKC signature schemes which depend on the structure of central map. For example, UOV attack is an attack which transforms public key into a form of central map of UOV scheme. o Central maps of UOV are surjective. o The public key of our scheme cannot be transformed into any surjective map. These attacks is not applicable against our scheme. （ Other examples: Rainbow-band-separation attack, UOV-Reconciliation attack ） However, attacks which is independent of scheme, like direct attacks, are applicable to our scheme. 20

Comparison with Rainbow 21

Conclusion We propose a new MPKC signature scheme using quadratic forms. The multivariate polynomial map used in the scheme is not surjective. Signature generation uses an extended Gram-Schmidt orthonormalization. It is 8 or 9 times more efficient than that of Rainbow at the level of 88-bit security. Future Work Security analysis Application to encryption scheme 22