Download presentation

Presentation is loading. Please wait.

Published byQuinn Julien Modified over 2 years ago

1
Jeaman Ahn, Eunjeong Lee*, Hyungju Park (KIAS) 2006. 12. 21. Key Generation of GB Polly Cracker Cryptosystems

2
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 2 목차 Polynomial-based cryptosystems Algorithm of key generation Security issues

3
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 3 다항식 기반 암호

4
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 4 GB Polly Cracker Cryptosystem

5
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 5 GB Polly Cracker Cryptosystem

6
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 6 예 (Graph 3-coloring) Coloring= {(1,0,0,0,1,0,0,0,1), (1,0,0,0,0,1,0,1,0), (0,1,0,1,0,0,0,0,1), (0,1,0,0,0,1,1,0,0), (0,0,1,1,0,0,0,1,0), (0,0,1,0,1,0,1,0,0)} F={x 1 +x 2 +x 3 +1, y 1 +y 2 +y 3 +1, z 1 +z 2 +z 3 +1, x 1 x 2, x 1 x 3, x 2 x 3, y 1 y 2, y 1 y 3, y 2 y 3, z 1 z 2, z 1 z 3, z 2 z 3 x 1 y 1, x 2 y 2, x 3 y 3, y 1 z 1, y 2 z 2, y 3 z 3, x 1 z 1, x 2 z 2, x 3 z 3 }

7
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 7 > std(I); _[1]=z(3)^2+z(3) _[2]=z(2)*z(3) _[3]=z(2)^2+z(2) _[4]=z(1)+z(2)+z(3)+1 _[5]=y(3)*z(3) _[6]=y(3)^2+y(3) _[7]=y(2)*z(3)+y(2)+y(3)*z(1)+z(1) _[8]=y(2)*z(2) _[9]=y(2)*y(3) _[10]=y(2)^2+y(2) _[11]=y(1)+y(2)+y(3)+1 _[12]=x(3)+y(2)*z(3)+y(2)+y(3)*z(1)+y(3)*z(3 )+y(3)+z(1)+z(3)+1 _[13]=x(2)+x(3)*y(2)*z(3)+x(3)*y(3)*z(3)+x(3 )*z(1)+x(3)*z(3)+y(2)*z(3)+y(3)*z(3)+z(1)+z( 3) _[14]=x(1)+x(2)+x(3)+1 in(I); _[1]=z(3)^2 _[2]=z(2)*z(3) _[3]=z(2)^2 _[4]=z(1) _[5]=y(3)*z(3) _[6]=y(3)^2 _[7]=y(2)*z(3) _[8]=y(2)*z(2) _[9]=y(2)*y(3) _[10]=y(2)^2 _[11]=y(1) _[12]=x(3) _[13]=x(2) _[14]=x(1)

8
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 8 키생성 Input : security parameter (T) Output : F, G where I= =,G:GB, 1.Set D reg with N Dreg 2 ~ O(T) –D reg = Castelnuovo-Mumford regularity –N Dreg = maximal matrix size in F 5 algorithm

9
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 9 2. Generate with D reg 3. Generate a variety V randomly –V = designed by 4. Construct a Groebner basis G – = I(V) 5. Generate a generating set F –F={f: f=random combination of g’s, g G}

10
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 10 V={ (, ), (, ), (, ), (, ), (, ) } 1 0 1 2 3 1 3 4 2 3 2. , D reg -> J : monomial ideal 3. V = designed by 4. = I(V) G={f:f(a)=0, a V} and =J

11
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 11 예 : 3-coloring Exponent(S) ={ z 3 z 2 z 1 y 3 y 2 y 1 x 3 x 2 x 1 (0, 0, 0, 0, 0, 0, 0, 0, 0) (0, 0, 0, 0, 1, 0, 0, 0, 0) (0, 0, 0, 1, 0, 0, 0, 0, 0) (0, 1, 0, 1, 0, 0, 0, 0, 0) (0, 1, 0, 0, 0, 0, 0, 0, 0) (1, 0, 0, 0, 0, 0, 0, 0, 0) } => S={1, y 2, y 3, z 2 y 3, z 2, z 3 } Coloring= {(1,0,0,0,1,0,0,0,1), (1,0,0,0,0,1,0,1,0), (0,1,0,1,0,0,0,0,1), (0,1,0,0,0,1,1,0,0), (0,0,1,1,0,0,0,1,0), (0,0,1,0,1,0,1,0,0)}

12
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 12

13
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 13 Regularity and security Regularity of zero-dimensional ideal –I : homogeneous ideal of R=k[x 1,…,x n ] dim K (R/I) < R d =I d for d d 0 for some d 0 x 1 t 1, x 2 t 2,…, x n t n in(I) –m(I) :regularity of I dim K (R/I) < m(I) = min{d : dim K (R/I) d =0} Field equation –V F p n x 1 p -x 1, x 2 p -x 2,…, x n p -x n I(V) dim K (R/I(V)) <

14
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 14 Regularity of affine ideal –D reg (I) := D reg (I h ), dim(I h )≠0 I h ={f h |f h =x 0 deg(f) f(x 1 /x 0,…,x n /x 0 )} –D reg (I) := D reg (I h ) = D reg (Ī), Ī = {f d |f d = sum of monomials of max. deg of f I}, e.g. f(x,y,z)=x 3 +3xyz+3xz-2x-4, f d =x 3 +3xyz dim(I)=0 dim(Ī)=0

15
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 15 Security issue Security of private key –Complexity of Groebner basis computation –Complexity of F 5 -algorithm for ideal I K=F 2 -> O(N d 2 ) : linear algebra of N d xN d matrix for d ≤m(I) D reg = max degree of poly in GB if generators of I are semi- regular sequence. N Dreg = n C Dreg ≤ n C n/2 ~ O(2 n ) –D reg 예측 ? –semi-regular sequence 가 아니면 ? –V : random ? Size?

16
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 16 예 >ideal I_h=homog(I,w); > resolution mre_I_h=mres(I_h,0); > print(betti(mre_I_h),"betti"); 0 1 2 3 4 5 6 7 8 9 10 ----------------------------------------------------- 0: 1 3 3 1 - - - - - - - 1: - 18 102 243 306 210 72 9 - - - 2: - - 9 72 252 486 558 391 165 39 4 ----------------------------------------------------- total: 1 21 114 316 558 696 630 400 165 39 4. ; > regularity(mre_I_h); //--- regularity of I 3

17
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 17

18
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 18 예 : F 2, n=80, deg(f k )=2 (HFE) 1 + 80z + 3080z 2 + 75760z 3 + 1331940z 4 +17720016z 5 +183877240z 6 +1506567920z 7 + 9687269930z 8 + 47105696560z 9 + 152100910104z 10 + 116968809360z 11 - 2135475381260z 12 - 15201837526480z 13 +O(z 14 )

19
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 19 Expected regularity of m=n random polynomials over F 2 m regularity

20
2006-12-212006 SNU-KMS Winter Workshop on Cryptography 20 Expected regularity of m random polynomials in 80 variables over F 2 m regularity

Similar presentations

OK

Chapter 2. A polynomial function has the form where are real numbers and n is a nonnegative integer. In other words, a polynomial is the sum of one.

Chapter 2. A polynomial function has the form where are real numbers and n is a nonnegative integer. In other words, a polynomial is the sum of one.

© 2018 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Water saving tips for kids ppt on batteries Download ppt on environmental chemistry Ppt on nature and human beings Ppt on railway track Ppt on herbs and spices Doc convert to ppt online form Ppt on road accident Ppt on different model of atoms Ppt on natural resources and conservation degrees Download ppt on heating effect of electric current