Presentation is loading. Please wait.

Presentation is loading. Please wait.

Multivariate Signature Scheme using Quadratic Forms Takanori Yasuda (ISIT) Joint work with Tsuyoshi Takagi (Kyushu Univ.), Kouichi Sakurai (Kyushu Univ.)

Published byEmerald Chandler Modified over 9 years ago

Similar presentations

Presentation on theme: "Multivariate Signature Scheme using Quadratic Forms Takanori Yasuda (ISIT) Joint work with Tsuyoshi Takagi (Kyushu Univ.), Kouichi Sakurai (Kyushu Univ.)"— Presentation transcript:

1 Multivariate Signature Scheme using Quadratic Forms Takanori Yasuda (ISIT) Joint work with Tsuyoshi Takagi (Kyushu Univ.), Kouichi Sakurai (Kyushu Univ.) 2013/3/3 Workshop on Solving Multivariate Polynomial Systems and Related Topics

2 Contents 1.Multivariate Signature Schemes 2.Quadratic Forms 3.Multivariate System defined by Quadratic Forms 4.Application to Signature Scheme 5.Comparison with Rainbow 1.Efficiency of Signature Generation 2.Key Sizes 3.Security 6.Conclusion 1

3 MPKC Signature Signature Message 6 For any message M, there must exist the corresponding signature. F is surjective.

4 New Multivariate Polynomial Map We introduce a multivariate polynomial map not surjective, and apply it to signature. 2 For a symmetric matrix A,

5 Problems of G 3 Is G applicable to signature or not? Problems

6 Quadratic Forms

7

8 How to compute the inverse map 5 Simple case Problem 1’ is equivalent to

9 Real field Case Gram-Schmidt orthonormalization provides an efficient algorithm to solve Problem 1’’. Definition: We want to apply Gram-Schmidt orthonormalization technique to the case of finite fields.

10 Finite Field Case However, we can extend Gram-Schmidt orthonormalization by inserting a step: We cannot apply Gram-Schmidt orthonormalization directly. Solve Problem 1’

11 Problem 2 7

12 Classification Theorem

13 Application to MPKC Signature Scheme

14 Signature Generation

15 Property of Our Scheme 14

16 Property of Our Scheme Multivariate Polynomial Maps Rainbow UOV HFE MI Proposal Surjective Not Surjective 4

17 Security of Our Scheme There are several attacks of MPKC signature schemes which depend on the structure of central map. For example, UOV attack is an attack which transforms public key into a form of central map of UOV scheme. o Central maps of UOV ara surjective. o The public key of our scheme cannot be transformed into any surjective map. These attacks is not applicable against our scheme. ( Other example: Rainbow-band-separation attack, UOV-Reconciliation attack ) However, attacks which is independent of scheme, like direct attacks, are applicable to our scheme. 15

18 Comparison with Rainbow 16

19 Conclusion We propose a new MPKC signature scheme using quadtaci forms. The multivariate polynomial map used in the scheme is not surjective. Signature generation uses an extended Gram-Schmidt orthonormalization. It is 8 or 9 times more efficient than that of Rainbow at the level of 88-bit security. Future Work Security analysis Application to encryption scheme 17

Download ppt "Multivariate Signature Scheme using Quadratic Forms Takanori Yasuda (ISIT) Joint work with Tsuyoshi Takagi (Kyushu Univ.), Kouichi Sakurai (Kyushu Univ.)"

Similar presentations

Asymptotically Optimal Communication for Torus- Based Cryptography David Woodruff MIT Joint work with Marten van Dijk Philips/MIT.

Asymptotically Optimal Communication for Torus- Based Cryptography David Woodruff MIT Joint work with Marten van Dijk Philips/MIT.
A Fast Data Protection Technique for Mobile Agents to Avoid Attacks in Malicious Hosts Jesús Arturo Pérez Díaz Darío Álvarez Gutiérrez Department of Informatics.

A Fast Data Protection Technique for Mobile Agents to Avoid Attacks in Malicious Hosts Jesús Arturo Pérez Díaz Darío Álvarez Gutiérrez Department of Informatics.
1 Design of Key-Sharing System Based on a Unique Device Kenji Imamoto (Kyushu Univ.) Hiromi Fukaya (Pastel) Kouichi Sakurai (Kyushu Univ.)

1 Design of Key-Sharing System Based on a Unique Device Kenji Imamoto (Kyushu Univ.) Hiromi Fukaya (Pastel) Kouichi Sakurai (Kyushu Univ.)
Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.

Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.
An Ω(n 1/3 ) Lower Bound for Bilinear Group Based Private Information Retrieval Alexander Razborov Sergey Yekhanin.

An Ω(n 1/3 ) Lower Bound for Bilinear Group Based Private Information Retrieval Alexander Razborov Sergey Yekhanin.
Fast Multi-Scalar Multiplication Methods on Elliptic Curves with Precomputation Strategy using Montgomery Trick Hitachi Ltd. Katsuyuki Okeya Kouichi Sakurai.

Fast Multi-Scalar Multiplication Methods on Elliptic Curves with Precomputation Strategy using Montgomery Trick Hitachi Ltd. Katsuyuki Okeya Kouichi Sakurai.
The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.

The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.
Overview of Cryptography Anupam Datta CMU Fall 2007-08 18739A: Foundations of Security and Privacy.

Overview of Cryptography Anupam Datta CMU Fall A: Foundations of Security and Privacy.
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.
The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 89321032 游精允.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.
N. Karampetakis, S. Vologiannidis

N. Karampetakis, S. Vologiannidis
Eigen-decomposition of a class of Infinite dimensional tridiagonal matrices G.V. Moustakides: Dept. of Computer Engineering, Univ. of Patras, Greece B.

Eigen-decomposition of a class of Infinite dimensional tridiagonal matrices G.V. Moustakides: Dept. of Computer Engineering, Univ. of Patras, Greece B.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
On the fundamental matrix of the inverse of a polynomial matrix and applications N. P. Karampetakis S. Vologiannidis Department of Mathematics Aristotle.

On the fundamental matrix of the inverse of a polynomial matrix and applications N. P. Karampetakis S. Vologiannidis Department of Mathematics Aristotle.
Ger man Aerospace Center Gothenburg, 11-12 April, 2007 Coding Schemes for Crisscross Error Patterns Simon Plass, Gerd Richter, and A.J. Han Vinck.

Ger man Aerospace Center Gothenburg, April, 2007 Coding Schemes for Crisscross Error Patterns Simon Plass, Gerd Richter, and A.J. Han Vinck.
Many quadratic equations can not be solved by factoring. Other techniques are required to solve them. 7.1 – Completing the Square x 2 = 20 5x 2 + 55 =

Many quadratic equations can not be solved by factoring. Other techniques are required to solve them. 7.1 – Completing the Square x 2 = 20 5x =
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
5.1 Orthogonality.

5.1 Orthogonality.
Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

Similar presentations

Ads by Google