Asymmetric cryptography with S-Boxes

@inproceedings{Patarin1997AsymmetricCW,
  title={Asymmetric cryptography with S-Boxes},
  author={Jacques Patarin and Louis Goubin},
  booktitle={ICICS},
  year={1997}
}
In this paper, we study some new “candidate” asymmetric cryptosystems based on the idea of hiding one or two rounds of small S-box computations with secret functions of degree one or two. The C” scheme of [10] (when its n i values are small can be seen as a very special case of these schemes. This C” scheme was broken in [11] due to unexpected algebraic properties. In the new schemes, those algebraic properties generally do not exist. Nevertheless, we will see that most of the “new” algorithms… Expand
A Cryptanalysis of the Double-Round Quadratic Cryptosystem
TLDR
The attack uses a very general technique introduced in [9] to break the Double-Round Quadratic cryptosystem from [12], which has, in practice, already been cryptanalysed in [5]. Expand
Key-Recovery Attack on the ASASA Cryptosystem with Expanding S-Boxes
TLDR
A cryptanalysis of the ASASA public key cipher alternates three layers of affine transformations A with two layers of quadratic substitutions S and it is shown that the partial derivatives of the public key polynomials contain information about the intermediate layer. Expand
Structural Cryptanalysis of SASAS
TLDR
It is shown that a five layer scheme with 128 bit plaintexts and 8 bit S- boxes is surprisingly weak even when all the S-boxes and affine mappings are key dependent (and thus completely unknown to the attacker). Expand
Structural Cryptanalysis of SASAS
TLDR
It is shown that a five-layer scheme with 128-bit plaintexts and 8-bit S-boxes is surprisingly weak against what is called a multiset attack, even when all the S- boxes and affine mappings are key dependent (and thus completely unknown to the attacker). Expand
Cryptanalysis of Patarin's 2-Round Public Key System with S Boxes (2R)
  • E. Biham
  • Computer Science, Mathematics
  • EUROCRYPT
  • 2000
TLDR
A novel attack is presented which breaks the 64-bit block variant with complexity about 230 steps, and the more secure 128-bit blocks variant with difficulty about 260 steps. Expand
Cryptanalysis of Boolean permutation-based key escrow scheme
  • A. Youssef
  • Mathematics, Computer Science
  • Comput. Electr. Eng.
  • 2010
TLDR
This paper shows that this proposed class of Boolean permutations can be easily inverted without the knowledge of the secret key parameters, which allows the cryptanlyst to efficiently recover the session key using the known public key parameters. Expand
Cryptanalysis of Imai and Matsumoto Scheme B Asymmetric Cryptosystem
TLDR
It is shown that trying to minimize the size of the public key facilitates a cryptanalytic attack that enables the cryptanalyst to decrypt, with high probability of success, a given ciphertext by performing a very limited number of encryption operations using the public encryption function. Expand
Cryptanalysis of 2R- Schemes
TLDR
This paper study the security of 2R− schemes, which are the “minus variant” of two-round schemes, and proposes an efficient algorithm for decomposing 2 R− schemes. Expand
Cryptanalysis of white box DES implementations
TLDR
A general method that applies to all schemes of obfuscation applied to the DES and is implemented with a C code and applied successfully to thousands of obfuscated implementations of DES (both "naked" and "non-standard" DES). Expand
A New Public-Key Cryptosystem as Secure as Factoring
TLDR
This paper proposes a novel public-key cryptosystem, which is practical, provably secure and has some other interesting properties as follows: It can be proven to be as secure as the intractability of factoring n = p2q (in the sense of the security of the whole plaintext) against passive adversaries. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 15 REFERENCES
Asymmetric Cryptography with a Hidden Monomial
TLDR
This paper will enable us to suggest a candidate algorithm for assymetric signatures of length only 64 bits, and it will see that for all the "easy" transformations of C* the answer is no. Expand
Analysis of a Public Key Approach Based on Polynomial Substitution
TLDR
It is shown that it is impossible to produce a public key cryptosystem if the total degree of the encryption polynomial determines the size of the public key when the devices used to limit the number of coefficeints are nilpotence and J-rings. Expand
A Chosen Plaintext Attack of the 16-round Khufu Cryptosystem
TLDR
A chosen plaintext attack of the 16-round version of Khufu, which is based on differential properties of this algorithm, and the estimate of the resources required for breaking the entire scheme is about 243 chosen plain texts and about 243 operations. Expand
Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88
TLDR
It is seen that for almost all the keys almost each cleartext can be found from his ciphertext after only about m2n4 log n computations where m is the degree of the field K chosen, and where mn is the number of bits of the text. Expand
Public Quadratic Polynominal-Tuples for Efficient Signature-Verification and Message-Encryption
TLDR
It is shown that for C* it is practically infeasible to extract the n-tuple of n-variate polynomials representing the inverse of the corresponding public key. Expand
Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms
TLDR
Two new families of Asymmetric Algorithms that so far have resisted all attacks, if properly used: Hidden Field Equations (HFE) and Isomorphism of Polynomials (IP) are presented. Expand
Differential Cryptanalysis of the Full 16-Round DES
TLDR
The first known attack is developed which is capable of breaking the full 16 round DES in less than the 255 complexity of exhaustive search and can be carried out in parallel on up to 233 disconnected processors with linear speedup. Expand
Trapdoor one-way permutations and multivariate polynominals
TLDR
This article presents a new algorithm, called D*, which is based on properties of multivariate polynomials on finite fields, and has similar characteristics to T. Matsumoto and H. Imai's schemes. Expand
How to Protect DES Against Exhaustive Key Search
TLDR
This paper proves, in a formal model, that the DESX construction is sound, and shows that, when F is an idealized block cipher, FXk.k2 is substantially more resistant to key search than is F, and has an effective key length of at least ϰ+n - 1 - lg m bits. Expand
Applications of Finite Fields
1 Introduction to Finite Fields and Bases.- 2 Factoring Polynomials over Finite Fields.- 3 Construction of Irreducible Polynomials.- 4 Normal Bases.- 5 Optimal Normal Bases.- 6 The Discrete LogarithmExpand
...
1
2
...