Solving Systems of Quadratic Equations - PowerPoint PPT Presentation

About This Presentation
Title:

Solving Systems of Quadratic Equations

Description:

Solving Systems of Quadratic Equations. I) General HFE Systems. II) The Affine Multiple Attack ... secret affine. transformations. public key. 9/23/09. Solving ... – PowerPoint PPT presentation

Number of Views:36
Avg rating:3.0/5.0
Slides: 37
Provided by: unkn886
Category:

less

Transcript and Presenter's Notes

Title: Solving Systems of Quadratic Equations


1
Solving Systems of Quadratic Equations
  • I) General HFE Systems
  • II) The Affine Multiple Attack
  • Magnus Daum / Patrick Felke

2
Overview of Part I
  • Review of HFE Systems
  • parameters, hidden polynomial
  • Solving by Using Buchberger Algorithm
  • special properties of HFE systems
  • simulations
  • 3) Number of solutions of HFE-Systems
  • HFE polynomials ? general polynomials

systems of arbitrary quadratic equations
HFE systems ?
3
Review of HFE Systems
4
Review Parameters of an HFE System
n number of polynomials and
variables blocklength field extension degree
q cardinality of the smaller finite
field (fields Fq and Fq n)
d degree of the hidden polynomial
5
Review Example
6
Review Example - Encryption
7
Review Example - Encryption
8
Review Example - Decryption
9
Review Example - Decryption
without secret key solve system directly OR find
transformation to univariate polynomial of low
degree
with secret key transform back to univariate
polyno- mial of low degree
10
Review Hidden Polynomial
  • transformation from univariate HFE-polynomial f
    to HFE-System is always possible
  • (construction of the public key)
  • transformation from system of quadratic equations
    to an univariate polynomial representing this
    system is always possible

11
Review Example - Decryption
without secret key try to solve system
directly OR try to find transformation to
univariate polynomial of low degree
with secret key transform back to univariate
polyno- mial of low degree
12
Solving HFE Systems Using Buchberger Algorithm
13
General Approach Example
14
General Approach Example
15
General Approach Example
16
General Approach Problems
  • degree of output poly-nomials may get very big
  • Buchberger algorithm has exponential worst case
    complexity
  • compute all solutions in algebraic closure

17
HFE Systems are Special
  • defined over a very small finite field
  • include only quadratic polynomials
  • need only solutions in the base field Fq
  • hidden polynomial of low degree

18
HFE Systems are Special
  • defined over a very small finite field
  • include only quadratic polynomials
  • need only solutions in the base field Fq
  • hidden polynomial of low degree

19
Solutions in the Base Field
20
Solutions in the Base Field Example
21
Solutions in the Base Field Example
22
Solutions in the Base Field Example
Buchberger algorithm
  • Advantages
  • we compute only informa-tion we need
  • degree of polynomials involved in this
    compu-tation is bounded

23
HFE Systems are Special
  • defined over a very small finite field
  • include only quadratic polynomials
  • need only solutions in the base field Fq
  • hidden polynomial of low degree

24
HFE Systems are Special
  • defined over a very small finite field
  • include only quadratic polynomials
  • need only solutions in the base field Fq
  • hidden polynomial of low degree

25
Hidden Polynomial
  • Patarin / Courtois
  • if hidden polynomial is of low degree or special
    form there are many relations between the
    polynomials in the HFE system
  • one main idea of Buchberger algorithm is to make
    use of such relations in a sophisticated way

26
HFE Systems are Special
  • defined over a very small finite field
  • include only quadratic polynomials
  • need only solutions in the base field Fq
  • hidden polynomial

27
Simulations
  • 96000 simulations
  • parameters
  • HFE systems and random quadratic systems
  • in each simulation
  • generate system of quadratic equations
  • (HFE or random)
  • add polynomials
  • solve by using Buchberger algorithm (with FGLM)

28
Simulations Dependency on n
29
Simulations Dependency on n
30
Simulations Dependency on d
31
Simulations Dependency on logqd
32
Conclusion of this Section
  • Buchberger algorithm is not feasible for solving
    HFE systems of usual parameters
  • (small q, , )
  • but
  • if d is very small, computation is much faster
  • HFE systems with usual parameters seem to be very
    similar to systems of random quadratic equations

33
Number of Solutions of HFE Systems
34
Distribution of Numbers of Solutions
35
Hints Supporting this Assumption
  • numbers of zeros of general polynomials are
    distributed according to the Poisson distribution
  • arithmetic mean and variance of the distribution
    of the numbers of zeros of HFE polynomials of
    bounded degree is very similar to that of a
    Poisson distribution

36
Applications to HFE
  • gives another hint that we may consider HFE
    systems as systems of arbitrary quadratic
    equations
  • allows to estimate the probabilities that
    encryption or signing will fail and to compute
    the amount of redundancy needed

37
Solving Systems of Quadratic Equations
  • I) General HFE Systems
  • II) The Affine Multiple Attack

38
Solving Systems of Quadratic Equations
  • I) General HFE Systems
  • II) The Affine Multiple Attack
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Solving Systems of Quadratic Equations" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!