Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2013 Toshiba Corporation An Estimation of Computational Complexity for the Section Finding Problem on Algebraic Surfaces Chiho Mihara (TOSHIBA Corp.)

Published byAbel Warner Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2013 Toshiba Corporation An Estimation of Computational Complexity for the Section Finding Problem on Algebraic Surfaces Chiho Mihara (TOSHIBA Corp.)"— Presentation transcript:

1 © 2013 Toshiba Corporation An Estimation of Computational Complexity for the Section Finding Problem on Algebraic Surfaces Chiho Mihara (TOSHIBA Corp.) 2013/03/02

2 2 © 2013 Toshiba Corporation Outline 1.Section Finding Problem(SFP) 2.General Solution  How to solve SFP, Relation between MPKC and ASC 3.Security parameters  ASC security parameters  Complexity parameters in general case 4.Experimental result 5.Key Size Estimation 6.Conclusion Main talk

3 3 © 2013 Toshiba Corporation Outline 1.Section Finding Problem(SFP) 2.General Solution  How to solve SFP, Relation between MPKC and ASC 3.Security parameters  ASC security parameters  Complexity parameters in general case 4.Experimental result 5.Key Size Estimation 6.Conclusion

4 4 © 2013 Toshiba Corporation Given, find such that Given, find such that 1.Section Finding Problem (SFP) Security of Algebraic Surface Cryptosystems(ASC) is based on the difficulty of Section Finding Problem(SFP) Security of Algebraic Surface Cryptosystems(ASC) is based on the difficulty of Section Finding Problem(SFP) Section Finding Problem(SFP) : Algebraic Surface (Public Key) : Section on (Secret Key) To find Section is Too difficult!! Find

5 5 © 2013 Toshiba Corporation Outline 1.Section Finding Problem(SFP) 2.General Solution  How to solve SFP, Relation between MPKC and ASC 3.Security parameters  ASC security parameters  Complexity parameters in general case 4.Experimental result 5.Key Size Estimation 6.Conclusion

6 6 © 2013 Toshiba Corporation We can write down a section as We can write down a section as How to solve SFP(General solution) degree of And substitute these into So the SFP is reduced to a multivariate equation system (SME(*)) If you solve, then you can get (*)Section multivariate equations

7 7 © 2013 Toshiba Corporation Relation between MPKC and ASC Quadratic multivariate equations which is MPKC based on. MPKC Difficulty of SFP on algebraic surface More general multivariate equations which is ASC based on. More 3 dimensional polynomials Public key includes multi- variable equations implicitly ASC

8 8 © 2013 Toshiba Corporation Outline 1.Section Finding Problem(SFP) 2.General Solution  How to solve SFP, Relation between MPKC and ASC 3.Security parameters  ASC security parameters  Complexity parameters in general case 4.Experimental result 5.Key Size Estimation 6.Conclusion Main talk

9 9 © 2013 Toshiba Corporation ASC Security parameters How to solve SFP cardinality of the base field degree of the secret section degree in of the public surface Number of distinct monomials in We propose a new security parameter! (SME) Gröbner basis (SME)

10 10 © 2013 Toshiba Corporation Example of NonRed_Monos How to solve SFP Algerbraic surface Section Solve ASC security parameter This example p11 d1 w3 NonRed_Monos6 :grand field Sample image

11 11 © 2013 Toshiba Corporation Complexity parameters in general case The Complexity of Solving Multivariable Polynomial Equations The Complexity ( in general case ) : NP-hard Parameters related to the complexity : 1. Size of Finite Field : p Complexity 2.Number of variables : n Complexity 3.Number of equations : m Complexity 4.Sparseness “Sparseness” describe simplicity of equations. Complexity Multivariable Polynomial Equation over finite field Parameter in general case ASC security parameter pp n2d+2 mwd+dc SparsenessNonRed_Monos

12 12 © 2013 Toshiba Corporation “Sparseness” and NonRed_Monos “Dense”“Sparse” hard We consider that NonRed_Monos is a parameter of Sparseness. 19 7 7 NonRed_Monos easy

13 13 © 2013 Toshiba Corporation How to calculate “NonRed_Monos” from surface Algebraic form How to calculate “NonRed_Monos” We can calculate “NonRed_Monos” from “Algebraic form” If is max (full size), NonRed_Monos is also max. d Maximal NonRed_Monos and d (w=3:fix) Data exist

14 14 © 2013 Toshiba Corporation Necessity of NonRed_Monos For given 2 surfaces X1,X2, (same p,d,w) which is more difficult to calculate Section? For given 2 surfaces X1,X2, (same p,d,w) which is more difficult to calculate Section? Question We can answer this question, because we can calculate NonRed_Monos! Even if p,d,w has been fixed, there are many surface variations…. Even if p,d,w has been fixed, there are many surface variations….

15 15 © 2013 Toshiba Corporation Outline 1.Section Finding Problem(SFP) 2.General Solution  How to solve SFP, Relation between MPKC and ASC 3.Security parameters  ASC security parameters  Complexity parameters in general case 4.Experimental result 5.Key Size Estimation 6.Conclusion

16 16 © 2013 Toshiba Corporation Experiment OS : centos(Linux) version 2.6 CPU : AMD Opteron (tm) 848 (2.00GHz) Memory : 64GByte Software: Magma version 2.15-11 d = 2, 3, 4 w = 3, 4, 5 size of finite field Form of Algebraic surface (random generate) p = 11 degree of

17 17 © 2013 Toshiba Corporation Experimental result log(time) log(Memory) NonRed_Monos Process time(left) & Memory use(right) to calculate Groebner basis of w

18 18 © 2013 Toshiba Corporation log(time) NonRed_Monos d 234234 Regression formula Prediction interval of 99.9999 % ( ★ ) Experimental result (statistical) Prediction interval of 99.9999 % ( ★ ) =: BEST of Computational Complexity!

19 19 © 2013 Toshiba Corporation Outline 1.Section Finding Problem(SFP) 2.General Solution  How to solve SFP, Relation between MPKC and ASC 3.Security parameters  ASC security parameters  Complexity parameters in general case 4.Experimental result 5.Key Size Estimation 6.Conclusion

20 20 © 2013 Toshiba Corporation Key size estimation (Gröbner basis) FIX d 128bit security Prediction interval of 99.9999 % ( ★ ) Securer Data 1 2 3 4 5 6 7 8 9 10 Max NonRed_Monos Data exist We can choose secure data, d = 8, NonRed_Monos ≧ 29000 We can choose secure data, d = 8, NonRed_Monos ≧ 29000

21 21 © 2013 Toshiba Corporation Key size estimation (Exaustive search) We estimate Computational Complexity of exhaustive search for (SME) /.  You can reduce to half of variables (by Ogura-Mihara), so the number of variables in (SME) is d+1.  To satisfy 128bit security ( = RSA(3072bit)), d>36. (SME(*)) AlgorithmsDwdcnx*Public Key Size Gröbner basis85520 640 bit Ogura-Mihara85520640 bit Exhaustive search3755201220 bit (*)nx: number of terms of algebraic surface (Note: count full terms version in this table)

22 22 © 2013 Toshiba Corporation Outline 1.Section Finding Problem(SFP) 2.General Solution  How to solve SFP, Relation between MPKC and ASC 3.Security parameters  ASC security parameters  Complexity parameters in general case 4.Experimental result 5.Key Size Estimation 6.Conclusion

23 23 © 2013 Toshiba Corporation Conclusion We propose new security parameter NonRed_Monos.  We express “Sparseness” as NonRed_Monos. We can derive an estimation of computational complexity for the Section Finding Problem on Algebraic Surfaces with high accuracy. Recommended Public Key Size of ASC is 1220 bit (128bit security = RSA 3072bit).

24 24 © 2013 Toshiba Corporation Last talk (my failure story) When I saw the “section finding problem" for the first time, I think this problem is easy to solve. So, we tried to develop a more efficient analysis (over Gröbner basis computation), named Ogura-Mihara algorithm. I introduce a concept of Ogura-Mihara algorithm.

25 25 © 2013 Toshiba Corporation Property of Section multivariate equations(SME ) CAT FACE!! Proposition

26 26 © 2013 Toshiba Corporation Concept of Ogura-Mihara algorithm Idea! : Reduce “number of valuables” by pseudo division Vanish! Gröbner basis

27 27 © 2013 Toshiba Corporation Failure and Conclusion Indeed, the number of variables is reduced to half, and in the small parameter, Ogura-Mihara algorithm solves faster than Gröbner basis computation. But we found that degrees of section and surface are higher and higher, Ogura-Mihara’ NonRed_Monos significantly bigger and bigger more than the original (SME)’s NonRed_Monos. So it’s not efficient algorithm. So when you want to estimate computational complexity such as using Gröbner basis, you need to see NonRed_Monos.

28 28 © 2013 Toshiba Corporation

Download ppt "© 2013 Toshiba Corporation An Estimation of Computational Complexity for the Section Finding Problem on Algebraic Surfaces Chiho Mihara (TOSHIBA Corp.)"

Similar presentations

Solve a System Algebraically

Solve a System Algebraically
Splash Screen.

Splash Screen.
Computational Modeling for Engineering MECN 6040

Computational Modeling for Engineering MECN 6040
Slide 1 Bayesian Model Fusion: Large-Scale Performance Modeling of Analog and Mixed- Signal Circuits by Reusing Early-Stage Data Fa Wang*, Wangyang Zhang*,

Slide 1 Bayesian Model Fusion: Large-Scale Performance Modeling of Analog and Mixed- Signal Circuits by Reusing Early-Stage Data Fa Wang*, Wangyang Zhang*,
Data mining and statistical learning - lecture 6

Data mining and statistical learning - lecture 6
Chapter 6 Numerical Interpolation

Chapter 6 Numerical Interpolation
1 Section 2.3 Complexity of Algorithms. 2 Computational Complexity Measure of algorithm efficiency in terms of: –Time: how long it takes computer to solve.

1 Section 2.3 Complexity of Algorithms. 2 Computational Complexity Measure of algorithm efficiency in terms of: –Time: how long it takes computer to solve.
HAWKES LEARNING SYSTEMS math courseware specialists Copyright © 2010 Hawkes Learning Systems. All rights reserved. Hawkes Learning Systems: College Algebra.

HAWKES LEARNING SYSTEMS math courseware specialists Copyright © 2010 Hawkes Learning Systems. All rights reserved. Hawkes Learning Systems: College Algebra.
An Introduction to Support Vector Machines Martin Law.

An Introduction to Support Vector Machines Martin Law.
3.5 Solving systems of equations in 3 variables

3.5 Solving systems of equations in 3 variables
Objectives of Multiple Regression

Objectives of Multiple Regression
Warm up Use the Rational Root Theorem to determine the Roots of : x³ – 5x² + 8x – 6 = 0.

Warm up Use the Rational Root Theorem to determine the Roots of : x³ – 5x² + 8x – 6 = 0.
Introduction and Analysis of Error Pertemuan 1

Introduction and Analysis of Error Pertemuan 1
Lesson 9.7 Solve Systems with Quadratic Equations

Lesson 9.7 Solve Systems with Quadratic Equations
Table of Contents First note this equation has quadratic form since the degree of one of the variable terms is twice that of the other. When this occurs,

Table of Contents First note this equation has "quadratic form" since the degree of one of the variable terms is twice that of the other. When this occurs,
Random Sampling, Point Estimation and Maximum Likelihood.

Random Sampling, Point Estimation and Maximum Likelihood.
Entrance Slip: Quadratics 1)2) 3)4) 5)6) Complete the Square 7)

Entrance Slip: Quadratics 1)2) 3)4) 5)6) Complete the Square 7)
Copyright © Cengage Learning. All rights reserved. 4 Quadratic Functions.

Copyright © Cengage Learning. All rights reserved. 4 Quadratic Functions.
Solving Rational Equations On to Section 2.8a. Solving Rational Equations Rational Equation – an equation involving rational expressions or fractions…can.

Solving Rational Equations On to Section 2.8a. Solving Rational Equations Rational Equation – an equation involving rational expressions or fractions…can.
Roots & Zeros of Polynomials III

Roots & Zeros of Polynomials III

Similar presentations

Ads by Google