多變數公開金鑰密碼系統之設計問題

Yuh-Hua Hu; 胡裕華

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/37853

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	賴飛羆
dc.contributor.author	Yuh-Hua Hu	en
dc.contributor.author	胡裕華	zh_TW
dc.date.accessioned	2021-06-13T15:47:27Z	-
dc.date.available	2011-07-07
dc.date.copyright	2008-07-07
dc.date.issued	2008
dc.date.submitted	2008-06-30
dc.identifier.citation	[1] Gwenole Ars, Jean-Charles Faugere, Hideki Imai, Mitsuru Kawazoe, and Makoto Sugita, Comparison Between XL and Grobner Basis Algorithms, Advances in Cryptology - ASIACRYPT 2004, Lecture Notes in Computer Science 3329, Springer-Verlag (2004) pp. 338-353. [2] Jonathan F. Buss, Gudmund S. Frandsen and Jeffrey O. Shallit, The Computational Complexity of Some Problems of Linear Algebra, BRICES Report Series RS-63-33. Available at http://www.brics.dk/RS/96/33 [3] Olivier Billet and Henri Gilbert, Cryptanalysis of Rainbow, Security and Cryptography for Networks, 5th International Conference, SCN 2006, Lecture Notes in Computer Science 4116, Springer-Verlag (2006) pp. 336-347. [4] Come Berbain, Henri Gilbert and Jacques Patarin, QUAD, A Practical Stream Cipher with Provable security, Advances in Cryptology - EUROCRYPT 2006, Lecture Notes in Computer Science 4004, Springer-Verlag (2006) pp. 109-128. [5] An Braeken, ChristopherWolf and Bart Preneel, A Study of the Security of Unbalanced Oil and Vinegar Signature Schemes, The Cryptographers' Track at the RSA Conference 2005, Lecture Notes in Computer Science 3376, Springer-Verlag (2005) pp. 29-43. [6] Nicolas Courtois, The security of Hidden Field Equations(HFE), The Cryptographers?Track at the RSA Conference 2001, Lecture Notes in Computer Science 2020, Springer-Verlag (2001) pp. 266-281. [7] Nicolas Courtois, Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt, Information Security and Cryptology - ICISC 2002, Lecture Notes in Computer Science 2587, Springer-Verlag (2003) pp. 182-199. [8] Nicolas Courtois, Generic Attacks and the Security of Quartz, Public Key Cryptography - PKC 2003, Lecture Notes in Computer Science 2567, Springer-Verlag (2003) pp. 351-364. [9] Nicolas Courtois, Algebraic Attacks over GF(2k), Application to HFE Challenge 2 and Sflash-v2, Public Key Cryptography - PKC 2004, Lecture Notes in Computer Science 2947, Springer-Verlag (2004) pp. 201-217. [10] Nicolas Courtois, Magnus Daum, and Patrick Felke, On the security of HFE, HFEv- and Quartz, Public Key Cryptography - PKC 2003, Lecture Notes in Computer Science 2567, Springer-Verlag (2002) pp. 337-350. [11] Nicolas Courtois, Louis Goubin and Jacques Patarin: Second updated version of Sflash specification (Sflash-v2). Available at http://www.cryptosystem.net/sflash/ [12] Nicolas Courtois, Louis Goubin and Jacques Patarin, SFlashv3, a fast asymmetric signature scheme - revised specification of SFlash, version 3.0. Available at http://eprint.iacr.org/2003/211, Oct 17th 2003. [13] Nicolas Courtois, Alexander Klimov, Jacques Patarin and Adi Shamir, Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations, Advances in Cryptology - EUROCRYPT 2000, Lecture Notes in Computer Science 1807, Springer-Verlag (2000) pp. 392-407. [14] Nicolas Courtois and Jacques Patarin, About the XL Algorithm over GF(2), The Cryptographers?Track at the RSA Conference 2003, Lecture Notes in Computer Science 2612, Springer-Verlag 2003) pp. 141-157. [15] Don Coppersmith, Jacques Stern, and Serge Vaudenay. Attacks on the birational permutation signature schemes, Advances in Cryptology - CRYPTO'93, Lecture Notes in Computer Science 1773, Springer-Verlag (1994) pp. 435-443. [16] Don Coppersmith, Jacques Stern, and Serge Vaudenay, The security of the birational permutation signature schemes, Jounal of Cryptology, vol 10 (1997) pp. 207-221. [17] Jiun-Ming Chen and Bo-Yin Yang, A More Secure and Efficacious TTS Signature Scheme, Information Security and Cryptology - ICISC 2003, Lecture Notes in Computer Science 2971, Springer-Verlag (2003) pp. 320-338. [18] Jiun-Min Chen, Bo-Yin Yang and Bor-Yuan Peng, Tame Transformation Signatures with Topsy-Turvy Hashes, The Second International Workshop for Asian Public Key Infrastructures, IWAP 2002, Proc. pp. 55-58. [19] Claus Diem, The XL-Algorithm and a Conjecture from Commutative Algebra, Advances in Cryptology - ASIACRYPT 2004, Lecture Notes in Computer Science 3329, Springer-Verlag (2004) pp. 323-337. [20] Jintai Ding, A New Variant of the Matsumoto-Imai Cryptosystem through Perturbation, Public Key Cryptography ?PKC 2004, Lecture Notes in Computer Science 2947, Springer-Verlag (2004) pp. 305-318. [21] Jintai Ding, Cryptanalysis of SFlashv3, Available at http://eprint.iacr.org/2004/103, May 3rd 2004. [22] Vivien Dubois, Pierre-Alain Fouque, and Jacques Stern, Cryptanalysis of SFLASH with Slightly Modified Parameters, Advances in Cryptology - EUROCRYPT 2007, Lecture Notes in Computer Science 4515, Springer-Verlag (2007) pp. 264-275. [23] Vivien Dubois, Pierre-Alain Fouque, Adi Shamir, and Jacques Stern, Practical Cryptanalysis of SFLASH, Advances in Cryptology - CRYPTO 2007, Lecture Notes in Computer Science 4622, Springer-Verlag (2007) pp. 1-12. [24] Vivien Dubois, Louis Granboulan, and Jacques Stern, Cryptanalysis of HFE with Internal Perturbation, Public Key Cryptography - PKC 2007, Lecture Notes in Computer Science 4450, Springer-Verlag (2007) pp. 249-265. [25] Jintai Ding, Lei Hu, Xuyun Nie, Jianyu Li, John Wagner, High Order Linearization Equation (HOLE) Attack on Multivariate Public Key Cryptosystems, Public Key Cryptography ?PKC 2007, Lecture Notes in Computer Science 4450, Springer-Verlag (2007) pp. 233-248. [26] Jintai Ding and Dieter Schmidt Cryptanalysis of HFEv and Internal Perturbation of HFE, Public Key Cryptography - PKC 2005, Lecture Notes in Computer Science 3386, Springer-Verlag (2005) pp. 288-301. [27] Jintai Ding and Dieter Schmidt, Rainbow, a New Multivariable Polynomial Signature Scheme, Applied Cryptography and Network Security - ACNS 2005, Lecture Notes in Computer Science 3531, Springer-Verlag (2005) pp. 164-175. [28] Jintai Ding, Christopher Wolf, Bo-Yin Yang, l-Invertible Cycles for Multivariate Quadratic (MQ) Public Key Cryptography, Public Key Cryptography - PKC 2007, Lecture Notes in Computer Science 4450, Springer-Verlag (2007) pp. 266-281. [29] Jintai Ding, Bo-Yin Yang, Chen-Mou Cheng, Owen Chen and Vivien Dubois, Breaking the Symmetry: a Way to Resist the New Differential Attack, Available at http://eprint.iacr.org/2007/366, Sep 13th 2007. [30] Jintai Ding, Bo-Yin Yang, Lei Hu and Jiun-Ming Chen, Note on Design Criteria for Rainbow-Type Multivariates, Available at http://eprint.iacr.org/2006/307, May 29th 2006. [31] Jean-Charles Faugere, A new efficient algorithm for computing Grobner Bases (F4), Journal of Pure and Applied Algebra, 139 (1000), pp. 61-88. [32] Jean-Charles Faugere, A new efficient algorithm for computing Grobner Bases without reduction to zero (F5), Symbolic and Algebraic Computation, International Symposium ISSAC 2002, Proceedings. ACM 2002, pp. 75-83. [33] Harriet Fell and Whitefield Diffie, Analysis of a public key approach based on polynomial substututions, Advances in Cryptology - CRYPTO'85, Lecture Notes in Computer Science 218, Springer-Verlag (1985) pp. 340-349. [34] Pierre-Alain Fouque, Louis Granboulan, and Jacques Stern, Differential Cryptanalysis for Multivariate Schemes, Advances in Cryptology - EUROCRYPT 2005, Lecture Notes in Computer Science 3494, Springer-Verlag (2005) pp. 341-353. [35] Jean-Charles Faugere and Antoine Joux, Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Grobner Bases, Advances in Cryptology - CRYPTO 2003, Lecture Notes in Computer Science 2729, Springer-Verlag (2003) pp. 44-60. [36] Pierre-Alain Fouque, Gilles Macario-Rat, Ludovic Perret and Jacques Stern, Total Break of the `-IC Signature Scheme, Public Key Cryptography - PKC 2008, Lecture Notes in Computer Science 4939, Springer-Verlag (2008) pp. 1-17. [37] Louis Goubin and Nicolas Courtois, Cryptanalysis of the TTM Cryptosystem, Advances in Cryptology - ASIACRYPT 2000, Lecture Notes in Computer Science 1976, Springer-Verlag (2000) pp. 44-57. [38] Michael R. Garay and David S. Johnson, Computers and Intractability, A Guide to the Theory of NP-completeness, W.H. Freeman and Company(1979), pp. 251. [39] Henri Gilbert and Marine Minier, Cryptanalysis of SFLASH, Advances in Cryptology - EUROCRYPT 2002, Lecture Notes in Computer Science 2332, Springer-Verlag (2002) pp. 288-298. [40] W. Geiselmann, R. Steinwandt, and Th. Beth. Attacking the ane parts of SFlash. In Cryptography and Coding - 8th IMA International Conference, Lecture Notes in Computer Science 2260, Springer-Verlag (2001) pp. 355-359. Extended version: http://eprint.iacr.org/ 2003/220/ [41] Yuh-Hua Hu, Lih-Chung Wang, Chun-Yen Chou and Feipei Lai, Similar Keys of Multivariate Quadratic Public Key Cryptosystems, Cryptology and Network Security, 4th International Conference - CANS 2005, Lecture Notes in Computer Science 3810, Springer-Verlag (2005) pp. 211-222. [42] Yuh-Hua Hu, Chun-Yen Chou, Lih-Chung Wang and Feipei Lai, Cryptanalysis of Variants of UOV, Information Security Conference - ISC 2006, Lecture Notes in Computer Science 4176, Springer-Verlag (2006) pp. 161-170. [43] Hideki Imai and Tsutomu Matsumoto, Algebraic Methods for Constructing Asymmetric Cryptosystems, Algebraic Algorithms and Error-Correcting Codes, 3rd International Conference, Lecture Notes in Computer Science 229, Springer-Verlag (1986) pp. 108-119. [44] Antoine Joux, Sebastien Kunz-Jacques, Frederic Muller, Pierre-Michel Ricordel, Cryptanalysis of the Tractable Rational Map Cryptosystem, Public Key Cryptography ?PKC 2005, Lecture Notes in Computer Science 3386, Springer-Verlag (2005) pp. 258-274. [45] Aviad Kipnis and Adi Shamir, Cryptanalysis of the Oil & Vinegar Signature Scheme, Advances in Cryptology ?CRYPTO?8, Lecture Notes in Computer Science 1462, Springer-Verlag (1998) pp. 257-267. [46] Aviad Kipnis and Adi Shamir, Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization, Advances in Cryptology - CRYPTO'99, Lecture Notes in Computer Science 1666, Springer-Verlag (1999) pp. 19-30. [47] Aviad Kipnis, Jacques Patarin and Louis Goubin, Unbalanced Oil and Vinegar Signature Schemes, Advances in Cryptology - EUROCRYPT'99, Lecture Notes in Computer Science 1592, Springer-Verlag (1999) pp. 206-222. [48] Tsutomu Matsumoto and Hideki Imai, Public Quadratic Polynomial- Tuples for Efficient Signature-Verification and Message-Encryption, Advances in Cryptology - EUROCRYPT 1988, Lecture Notes in Computer Science 330, Springer-Verlag (1988) pp. 419-453. [49] Performance of Optimized Implementations of the NESSIE primitives, version 2.0 http://www.cryptonessie.org. [50] Jacques Patarin, Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt88, Advances in Cryptology - CRYPTO'95, Lecture Notes in Computer Science 963, Springer-Verlag (1995) pp. 248-261. [51] Jacques Patarin, Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms, Advances in Cryptology - EUROCRYPT 1996, Lecture Notes in Computer Science 1070, Springer-Verlag (1996) pp. 33-48. [52] Jacques Patarin, Asymmetric cryptography with a hidden monomial, Advances in Cryptology - CRYPTO'96, Lecture Notes in Computer Science 1109, Springer-Verlag (1996) pp. 45-60. [53] Jacques Patarin, The Oil and Vinegar Algorithm for Signatures, presented at the Dagstuhl Workshop on Cryptography, September 97. [54] Jacques Patarin, Nicolas Courtois and Louis Goubin, QUARTZ, 128-Bit Long Digital Signatures, The Cryptographers' Track at the RSA Conference 2001, Lecture Notes in Computer Science 2020, Springer-Verlag (2001) pp. 282-297. [55] Jacques Patarin, Nicolas Courtois and Louis Goubin, FLASH, a Fast Multivariate Signature Algorithm, The Cryptographers?Track at the RSA Conference 2001, Lecture Notes in Computer Science 2020, Springer-Verlag (2001) pp. 298-307. [56] Jacques Patarin, Louis Goubin and Nicolas Courtois, Improved Algorithms for Isomorphisms of Polynomials, Advances in Cryptology - EUROCRYPT 1998, Lecture Notes in Computer Science 1403, Springer-Verlag (1998) pp. 184-200. [57] Jacques Patarin, Louis Goubin and Nicolas Courtois, {C$^*_{-+}$ and HM: Variations Around Two Schemes of T. Matsumoto and H. Imai, Advances in Cryptology - ASIACRYPT 1998, Lecture Notes in Computer Science 1514, Springer-Verlag (1998) pp. 35-49. [58] Adi Shamir, Efficient Signature Schemes Based on Birational Permutations, Advances in Cryptology - CRYPTO'93, Lecture Notes in Computer Science 1773, Springer-Verlag (1994) pp. 1-12. [59] Rainer Steinwandt, Willi Geiselmann and Thomas Beth, A Theoretical DPA-Based Cryptanalysis of the NESSIE Candidates FLASH and SFLASH, Information Security Conference - ISC 2001, Lecture Notes in Computer Science 2200, Springer-Verlag (2001) pp. 280-293. [60] Christopher Wolf, An Braeken and Bart Preneel, Efficient Cryptanalysis of RSE(2)PKC and RSSE(2)PKC, Security in Communication Networks, 4th International Conference, SCN 2004, Lecture Notes in Computer Science 3352 , Springer-Verlag (2005) pp. 294-309. [61] Lih-Chung Wang and Fei-Hwang Chang, Revision of Tractable Rational Map Cryptosystem Available at http://eprint.iacr.org/2004/046, Dec 27th 2006. [62] Lih-Chung Wang, Yuh-Hua Hu, Feipei Lai, Chun-Yen Chou and Bo-Yin Yang, Tractable Rational Map Signature, Public Key Cryptography - PKC 2005, Lecture Notes in Computer Science 3386, Springer-Verlag(2005) pp. 244-257. [63] Christopher Wolf and Bart Preneel, Large Superfluous Keys in Multivariate Quadratic Asymmetric Systems, , Public Key Cryptography - PKC 2005, Lecture Notes in Computer Science 3386, Springer-Verlag (2005) pp. 275-287. extended version: http://eprint.iacr.org/2005/464/. [64] Lih-Chung Wang, Bo-Yin Yang, Yuh-Hua Hu and Feipei Lai, A Mdeium-Field Multivariate Public-Key Encryption Scheme, he Cryptographers' Track at the RSA Conference 2006, Lecture Notes in Computer Science 3860, Springer-Verlag (2006) pp. 132-149. [65] Bo-Yin Yang and Jiun-Ming Chen, All in the XL Family: Theory and Practice, Information Security and Cryptology ?ICISC 2004, Lecture Notes in Computer Science 3506, Springer-Verlag (2005) pp. 67-86. [66] Bo-Yin Yang, Owen Chia-Hsin Chen, Danial J. Bernstein and Jiun-Ming Chen, Analysis of QUAD, Fast Software Encryption - FSE 2007, Lecture Notes in Computer Science 4593, Springer-Verlag (2007) pp. 290-308. [67] Bo-Yin Yang and Jiun-Ming Chen, TTS: Tank Attacks in Tame-Like Multivariate PKCs, Available at http://eprint.iacr.org/2004/061, Sep 29th 2004. [68] Bo-Yin Yang, Jiun-Ming Chen and Nicolas Courtois, On Asymptotic Security Estimates in XL and Grobner Bases-Related Algebraic Cryptanalysis., Information and Communications Security, 6th International Conference , ICICS 2004, Lecture Notes in Computer Science 3269, Springer-Verlag (2004) pp. 401-413. [69] Bo-Yin Yang, Jiun-Ming Chen and Yen-Hung Chen, TTS: High-Speed Signatures on a Low-Cost Smart Card, Cryptographic Hardware and Embedded Systems - CHES 2004, Lecture Notes in Computer Science 3156, Springer-Verlag (2004) pp. 371-385. [70] Bo-Yin Yang and Jiun-Ming Chen, Building Secure Tame-like Multivariate Public-Key Cryptosystems The New TTS, Information Security and Privacy, 10th Australasian Conference, ACISP 2005, Lecture Notes in Computer Science 3574, Springer-Verlag (2005) pp. 518-531. [71] David Cox, John Little and Donal O'Shea, Using Algebraic Geometry, Springer-Verlag New York, Inc 1998. [72] Version V 2:13 - 14 released on 2007/07/06 in http://magma.maths.usyd.edu.au/magma/. Online Demo:http://magma.maths.usyd.edu.au/calc, CPU: Opteron 2.6G.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/37853	-
dc.description.abstract	許多公開金鑰系統是值基於單變數低次多項式，但多項式的反函數為高次的多項式。因此計算此多項式的反元素是相當費時的，而多變數公開金鑰系統(MQPKC)可以克服此類的問題。第一個多變數公開金鑰系統被Fell 和Diffe[33]所提出。到目前為止，有數十個多變數公開金鑰系統已經被提出，然而大多數都被破解了。如何設計一個安全又有效率的MQPKC 仍是一個未知的問題。為了瞭解如何設計MQPKC，我們研究了目前已提出的MQPKC 及已知的攻擊方法。藉由學習兩個已知的解方程組的演算法的過程中，我們發展出另一個更有效率的解方程組演算法，此外這個方法也可以檢驗MQPKC 可能的弱點。同時我們也提出攻擊Multi-Sets UOV 類簽章的方法；也發展目前最有效率的解多變數二次方程組的演算法，因此我們算出為了達到2 的80 次方的安全性，在有限體個數為256 的條件下，至少要30 個變數及方程式，在有限體個數為16 的條件下，至少要34 個變數及方程式。最後我們推論出設計MQPKC 的準則，以使得所設計的MQPKC 可以被有系統的檢驗及不會再被已知的方法所攻擊。	zh_TW
dc.description.abstract	Many public key cryptosystems are based on univariate polynomials with low degree but the inverse of the polynomials are high degree polynomials. Thus it is time consuming to compute the inverse of the polynomials. Multivariate Quadratic Public Key Cryptosystem (MQPKC) can overcome this problem. The first MQPKC was proposed by Fell and Diffie [33]. Until now, there have been dozens of MQPKCs proposed. However most of them were broken. How to design a secure and practical MQPKC is still unknown. In order to study how to design a MQPKC, we survey the multivariate public key cryptosystems and the attacks against these cryptosystems. By studying the two algorithms for equations solving, we develop a more efficient algorithm for equations solving. Moreover, this algorithm can be used for examining the possible defects of MQPKCs. We also propose the attack against Multi-Sets UOV, e.g. TRMS, TTS, and Rainbow, and study the more efficient algorithm, XFLT , for solving the quadratic equations. Consequently, the minimum numbers of equations and variables for the security level 280 are 30 over GF(256) and 34 over GF(16). Finally we deduce and study criteria for building MQPKCs such that the new MQPKCs are examined systematically and are not attacked by the previous methods.	en
dc.description.provenance	Made available in DSpace on 2021-06-13T15:47:27Z (GMT). No. of bitstreams: 1 ntu-97-D92922015-1.pdf: 592597 bytes, checksum: b645438c70b79881e797d5b214cb63df (MD5) Previous issue date: 2008	en
dc.description.tableofcontents	Contents Abstract i List of Figures vi List of Tables viii 1 Introduction 1 2 Mathematics in MQPKC 4 2.1 Finite Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2 Transformations . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.3 A Generic MQPKC . . . . . . . . . . . . . . . . . . . . . . . . 7 2.3.1 Compositions . . . . . . . . . . . . . . . . . . . . . . . 7 2.3.2 Signature Schemes . . . . . . . . . . . . . . . . . . . . 8 2.3.3 Cryptosystems . . . . . . . . . . . . . . . . . . . . . . 9 3 Cores in MQPKC 10 3.1 Univariate Cores . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.1.1 A Monomial . . . . . . . . . . . . . . . . . . . . . . . . 10 3.1.2 A Polynomial . . . . . . . . . . . . . . . . . . . . . . . 11 3.2 Multivariate Cores . . . . . . . . . . . . . . . . . . . . . . . . 12 3.2.1 Unbalanced Oil And Vinegar . . . . . . . . . . . . . . 12 3.2.2 Multi-Sets . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.3 Hybrid Cores . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.3.1 Multi-Sets . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.3.2 Solving Quadratic Equations . . . . . . . . . . . . . . . 16 3.4 Remedies of MQPKC . . . . . . . . . . . . . . . . . . . . . . . 17 3.4.1 Reduction of the External Equations . . . . . . . . . . 18 3.4.2 Padding to the Internal Equations . . . . . . . . . . . . 18 3.4.3 Addition of the Internal Equations . . . . . . . . . . . 19 3.4.4 Vinegar Variables . . . . . . . . . . . . . . . . . . . . . 20 3.4.5 Imbedding . . . . . . . . . . . . . . . . . . . . . . . . . 21 4 Equations Solving 23 4.1 Gr‥obner Bases . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 4.1.1 Gr‥obner Basis . . . . . . . . . . . . . . . . . . . . . . . 23 4.1.2 The Buchberger’s Algorithm . . . . . . . . . . . . . . . 24 4.1.3 F4 and F5 . . . . . . . . . . . . . . . . . . . . . . . . . 25 4.2 XL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 4.2.1 The Algorithm . . . . . . . . . . . . . . . . . . . . . . 26 4.2.2 Variants of XL . . . . . . . . . . . . . . . . . . . . . . 28 4.3 The Improved XL . . . . . . . . . . . . . . . . . . . . . . . . . 29 4.3.1 The Algorithm of XLT . . . . . . . . . . . . . . . . . . 29 4.3.2 The Termination of XLT . . . . . . . . . . . . . . . . . 31 4.3.3 Obtaining One Solution with XLT . . . . . . . . . . . . 34 4.3.4 Complexity Estimation of XLT . . . . . . . . . . . . . 40 4.4 Comparisons . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 4.4.1 Comparison between XLT and XL with Lanczos . . . . 45 4.4.2 Comparison between XLT and F4 . . . . . . . . . . . . 47 4.4.3 Applications . . . . . . . . . . . . . . . . . . . . . . . . 48 5 Known Attacks For Cores 50 5.1 The Inverse Function of P0 . . . . . . . . . . . . . . . . . . . . 50 5.1.1 The Attack against MIA . . . . . . . . . . . . . . . . . 51 5.1.2 The Attack against MFE . . . . . . . . . . . . . . . . . 51 5.1.3 How to Detect This Kind of Attack . . . . . . . . . . . 53 5.2 Obtaining Information of S and T . . . . . . . . . . . . . . . 53 5.2.1 The Attack against Oil and Vinegar . . . . . . . . . . . 54 5.2.2 The Differential Attack . . . . . . . . . . . . . . . . . . 55 5.2.3 The MinRank Attack . . . . . . . . . . . . . . . . . . . 56 5.2.4 The Dual Rank Attack . . . . . . . . . . . . . . . . . . 57 5.2.5 The Attack against Multi-sets UOV . . . . . . . . . . . 58 5.2.6 How to Detect This Kind of Attack . . . . . . . . . . . 64 5.3 Others . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 5.3.1 Subsystem . . . . . . . . . . . . . . . . . . . . . . . . . 65 5.3.2 Affine Part . . . . . . . . . . . . . . . . . . . . . . . . 66 6 Issues on Designing MQPKCs 67 6.1 Numbers of Variables and Equations . . . . . . . . . . . . . . 67 6.1.1 The Algorithm of XFLT . . . . . . . . . . . . . . . . . 68 6.1.2 Comparison between Previous Implementations . . . . 69 6.2 Issues on Construction of Cores . . . . . . . . . . . . . . . . . 71 6.2.1 The Univariate Core . . . . . . . . . . . . . . . . . . . 72 6.2.2 The Multivariate Core . . . . . . . . . . . . . . . . . . 73 6.2.3 The Hybrid Core . . . . . . . . . . . . . . . . . . . . . 75 6.3 Efficiency And Key Size . . . . . . . . . . . . . . . . . . . . . 76 7 Conclusion and Future Work 78 Bibliography 80
dc.language.iso	en
dc.subject	MQ	zh_TW
dc.subject	多變數二次方程式	zh_TW
dc.subject	Multi-Sests UOV	zh_TW
dc.subject	密碼系統	zh_TW
dc.subject	簽章	zh_TW
dc.subject	XL	zh_TW
dc.subject	XLT	zh_TW
dc.subject	cryptosystem signature	en
dc.subject	XL	en
dc.subject	MQ	en
dc.subject	UOV	en
dc.subject	Multi-Sets	en
dc.subject	multivariate quadratic	en
dc.subject	XLT	en
dc.title	多變數公開金鑰密碼系統之設計問題	zh_TW
dc.title	Design Issues of Multivariate Quadratic Public Key Cryptosystems	en
dc.type	Thesis
dc.date.schoolyear	96-2
dc.description.degree	博士
dc.contributor.oralexamcommittee	周君彥,王立中,陳俊良,李鴻璋,陳澤雄,呂學一
dc.subject.keyword	多變數二次方程式,密碼系統,簽章,XLT,Multi-Sests UOV,MQ,XL,	zh_TW
dc.subject.keyword	multivariate quadratic,cryptosystem signature,XLT,Multi-Sets,UOV,MQ,XL,	en
dc.relation.page	92
dc.rights.note	有償授權
dc.date.accepted	2008-06-30
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	資訊工程學研究所	zh_TW
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-97-1.pdf 未授權公開取用	578.71 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。