# Jeaman Ahn, Eunjeong Lee*, Hyungju Park (KIAS) 2006. 12. 21. Key Generation of GB Polly Cracker Cryptosystems.

## Presentation on theme: "Jeaman Ahn, Eunjeong Lee*, Hyungju Park (KIAS) 2006. 12. 21. Key Generation of GB Polly Cracker Cryptosystems."— Presentation transcript:

Jeaman Ahn, Eunjeong Lee*, Hyungju Park (KIAS) 2006. 12. 21. Key Generation of GB Polly Cracker Cryptosystems

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 2 목차 Polynomial-based cryptosystems Algorithm of key generation Security issues

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 3 다항식 기반 암호

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 4 GB Polly Cracker Cryptosystem

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 5 GB Polly Cracker Cryptosystem

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 6 예 (Graph 3-coloring) Coloring= {(1,0,0,0,1,0,0,0,1), (1,0,0,0,0,1,0,1,0), (0,1,0,1,0,0,0,0,1), (0,1,0,0,0,1,1,0,0), (0,0,1,1,0,0,0,1,0), (0,0,1,0,1,0,1,0,0)} F={x 1 +x 2 +x 3 +1, y 1 +y 2 +y 3 +1, z 1 +z 2 +z 3 +1, x 1 x 2, x 1 x 3, x 2 x 3, y 1 y 2, y 1 y 3, y 2 y 3, z 1 z 2, z 1 z 3, z 2 z 3 x 1 y 1, x 2 y 2, x 3 y 3, y 1 z 1, y 2 z 2, y 3 z 3, x 1 z 1, x 2 z 2, x 3 z 3 }

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 7 > std(I); _[1]=z(3)^2+z(3) _[2]=z(2)*z(3) _[3]=z(2)^2+z(2) _[4]=z(1)+z(2)+z(3)+1 _[5]=y(3)*z(3) _[6]=y(3)^2+y(3) _[7]=y(2)*z(3)+y(2)+y(3)*z(1)+z(1) _[8]=y(2)*z(2) _[9]=y(2)*y(3) _[10]=y(2)^2+y(2) _[11]=y(1)+y(2)+y(3)+1 _[12]=x(3)+y(2)*z(3)+y(2)+y(3)*z(1)+y(3)*z(3 )+y(3)+z(1)+z(3)+1 _[13]=x(2)+x(3)*y(2)*z(3)+x(3)*y(3)*z(3)+x(3 )*z(1)+x(3)*z(3)+y(2)*z(3)+y(3)*z(3)+z(1)+z( 3) _[14]=x(1)+x(2)+x(3)+1 in(I); _[1]=z(3)^2 _[2]=z(2)*z(3) _[3]=z(2)^2 _[4]=z(1) _[5]=y(3)*z(3) _[6]=y(3)^2 _[7]=y(2)*z(3) _[8]=y(2)*z(2) _[9]=y(2)*y(3) _[10]=y(2)^2 _[11]=y(1) _[12]=x(3) _[13]=x(2) _[14]=x(1)

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 8 키생성 Input : security parameter (T) Output : F, G where I= =,G:GB, 1.Set D reg with N Dreg 2 ~ O(T) –D reg = Castelnuovo-Mumford regularity –N Dreg = maximal matrix size in F 5 algorithm

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 9 2. Generate  with D reg 3. Generate a variety V randomly –V = designed by  4. Construct a Groebner basis G – = I(V) 5. Generate a generating set F –F={f: f=random combination of g’s, g  G}

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 10 V={ (, ), (, ), (, ), (, ), (, ) } 1 0 1 2 3 1 3 4 2 3 2. , D reg -> J : monomial ideal 3. V = designed by  4. = I(V) G={f:f(a)=0,  a  V} and =J

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 11 예 : 3-coloring Exponent(S) ={ z 3 z 2 z 1 y 3 y 2 y 1 x 3 x 2 x 1 (0, 0, 0, 0, 0, 0, 0, 0, 0) (0, 0, 0, 0, 1, 0, 0, 0, 0) (0, 0, 0, 1, 0, 0, 0, 0, 0) (0, 1, 0, 1, 0, 0, 0, 0, 0) (0, 1, 0, 0, 0, 0, 0, 0, 0) (1, 0, 0, 0, 0, 0, 0, 0, 0) } => S={1, y 2, y 3, z 2 y 3, z 2, z 3 } Coloring= {(1,0,0,0,1,0,0,0,1), (1,0,0,0,0,1,0,1,0), (0,1,0,1,0,0,0,0,1), (0,1,0,0,0,1,1,0,0), (0,0,1,1,0,0,0,1,0), (0,0,1,0,1,0,1,0,0)}

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 12

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 13 Regularity and security Regularity of zero-dimensional ideal –I : homogeneous ideal of R=k[x 1,…,x n ] dim K (R/I) <   R d =I d for d  d 0 for some d 0  x 1 t 1, x 2 t 2,…, x n t n  in(I) –m(I) :regularity of I dim K (R/I) <   m(I) = min{d : dim K (R/I) d =0} Field equation –V  F p n  x 1 p -x 1, x 2 p -x 2,…, x n p -x n  I(V)  dim K (R/I(V)) < 

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 14 Regularity of affine ideal –D reg (I) := D reg (I h ), dim(I h )≠0 I h ={f h |f h =x 0 deg(f) f(x 1 /x 0,…,x n /x 0 )} –D reg (I) := D reg (I h ) = D reg (Ī), Ī = {f d |f d = sum of monomials of max. deg of f  I}, e.g. f(x,y,z)=x 3 +3xyz+3xz-2x-4, f d =x 3 +3xyz dim(I)=0  dim(Ī)=0

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 15 Security issue Security of private key –Complexity of Groebner basis computation –Complexity of F 5 -algorithm for ideal I K=F 2 -> O(N d 2 ) : linear algebra of N d xN d matrix for d ≤m(I) D reg = max degree of poly in GB if generators of I are semi- regular sequence. N Dreg = n C Dreg ≤ n C n/2 ~ O(2 n ) –D reg 예측 ? –semi-regular sequence 가 아니면 ? –V : random ? Size?

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 16 예 >ideal I_h=homog(I,w); > resolution mre_I_h=mres(I_h,0); > print(betti(mre_I_h),"betti"); 0 1 2 3 4 5 6 7 8 9 10 ----------------------------------------------------- 0: 1 3 3 1 - - - - - - - 1: - 18 102 243 306 210 72 9 - - - 2: - - 9 72 252 486 558 391 165 39 4 ----------------------------------------------------- total: 1 21 114 316 558 696 630 400 165 39 4. ; > regularity(mre_I_h); //--- regularity of I 3

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 17

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 18 예 : F 2, n=80, deg(f k )=2 (HFE) 1 + 80z + 3080z 2 + 75760z 3 + 1331940z 4 +17720016z 5 +183877240z 6 +1506567920z 7 + 9687269930z 8 + 47105696560z 9 + 152100910104z 10 + 116968809360z 11 - 2135475381260z 12 - 15201837526480z 13 +O(z 14 )

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 19 Expected regularity of m=n random polynomials over F 2 m regularity

2006-12-212006 SNU-KMS Winter Workshop on Cryptography 20 Expected regularity of m random polynomials in 80 variables over F 2 m regularity

Download ppt "Jeaman Ahn, Eunjeong Lee*, Hyungju Park (KIAS) 2006. 12. 21. Key Generation of GB Polly Cracker Cryptosystems."

Similar presentations