Jeaman Ahn, Eunjeong Lee*,

1
Key Generation of GB Polly Cracker Cryptosystems

• Jeaman Ahn, Eunjeong Lee,
• Hyungju Park (KIAS)
• 2006. 12. 21.

2
??

• Polynomial-based cryptosystems
• Algorithm of key generation
• Security issues

3
??? ?? ??
4
GB Polly Cracker Cryptosystem
5
GB Polly Cracker Cryptosystem
6
? (Graph 3-coloring)
Coloring (1,0,0,0,1,0,0,0,1),
(1,0,0,0,0,1,0,1,0), (0,1,0,1,0,0,0,0,1),
(0,1,0,0,0,1,1,0,0), (0,0,1,1,0,0,0,1,0),
(0,0,1,0,1,0,1,0,0)
Fx1x2x31, y1y2y31, z1z2z31, x1x2,
x1x3, x2x3, y1y2, y1y3, y2y3, z1z2, z1z3, z2z3
x1y1, x2y2, x3y3, y1z1, y2z2, y3z3, x1z1, x2z2,
x3z3
7
gt std(I) _1z(3)2z(3) _2z(2)z(3) _3z(2
)2z(2) _4z(1)z(2)z(3)1 _5y(3)z(3) _6
y(3)2y(3) _7y(2)z(3)y(2)y(3)z(1)z(1) _
8y(2)z(2) _9y(2)y(3) _10y(2)2y(2) _11
y(1)y(2)y(3)1 _12x(3)y(2)z(3)y(2)y(3)
z(1)y(3)z(3)y(3)z(1)z(3)1 _13x(2)x(3)y(
2)z(3)x(3)y(3)z(3)x(3)z(1)x(3)z(3)y(2)z(
3)y(3)z(3)z(1)z(3) _14x(1)x(2)x(3)1
in(I) _1z(3)2 _2z(2)z(3) _3z(2)2 _4
z(1) _5y(3)z(3) _6y(3)2 _7y(2)z(3) _
8y(2)z(2) _9y(2)y(3) _10y(2)2 _11y(1
) _12x(3) _13x(2) _14x(1)
8
???

• Input security parameter (T)
• Output F, G where IltFgtltGgt,GGB,
• Set Dreg with NDreg2 O(T)
• Dreg Castelnuovo-Mumford regularity
• NDreg maximal matrix size in F5 algorithm

9

• 2. Generate ? with Dreg
• 3. Generate a variety V randomly
• V designed by ?
• 4. Construct a Groebner basis G
• ltGgt I(V)
• 5. Generate a generating set F
• Ff frandom combination of gs, g ? G

10

• 2. ?, Dreg-gt J monomial ideal
• 3. V designed by ?
• 4. ltGgt I(V)
• Gff(a)0,?a?V and ltlt(G)gtJ

V ( , ), ( , ), ( ,
), ( , ), ( , )
1 0 1 2 3 1 3 4
2 3
11
? 3-coloring
Exponent(S) z3 z2 z1 y3 y2 y1 x3 x2 x1 (0,
0, 0, 0, 0, 0, 0, 0, 0) (0, 0, 0, 0, 1, 0, 0, 0,
0) (0, 0, 0, 1, 0, 0, 0, 0, 0) (0, 1, 0, 1, 0, 0,
0, 0, 0) (0, 1, 0, 0, 0, 0, 0, 0, 0) (1, 0, 0, 0,
0, 0, 0, 0, 0) gt S1, y2, y3, z2y3, z2, z3
Coloring (1,0,0,0,1,0,0,0,1),
(1,0,0,0,0,1,0,1,0), (0,1,0,1,0,0,0,0,1),
(0,1,0,0,0,1,1,0,0), (0,0,1,1,0,0,0,1,0),
(0,0,1,0,1,0,1,0,0)
12
(No Transcript)
13
Regularity and security

• Regularity of zero-dimensional ideal
• I homogeneous ideal of Rkx1,,xn
• dimK(R/I) lt ? ? RdId for d?d0 for some d0
• ? x1t1, x2t2,, xntn ? in(I)
• m(I) regularity of I
• dimK(R/I) lt ? ? m(I) mind dimK(R/I)d 0
• Field equation
• V ?? Fpn ? x1p-x1, x2p-x2 ,, xnp-xn ? I(V)
• ? dimK(R/I(V)) lt ?

14

• Regularity of affine ideal
• Dreg(I) Dreg (Ih), dim(Ih)?0
• Ihfhfhx0deg(f)f(x1/x0,,xn/x0)
• Dreg(I) Dreg (Ih) Dreg (I),
• I fdfd sum of monomials of
• max. deg of f?I,
• e.g. f(x,y,z)x33xyz3xz-2x-4, fdx33xyz
• dim(I)0 ? dim(I)0

15
Security issue

• Security of private key
• Complexity of Groebner basis computation
• Complexity of F5-algorithm for ideal I
• KF2 -gt O(Nd2) linear algebra of NdxNd matrix
  for d m(I)
• Dreg max degree of poly in GB if generators of
  I are semi-regular sequence.
• NDreg nCDreg nCn/2 O(2n)
• Dreg ???
• semi-regular sequence? ????
• V random ? Size?

16
?
gtideal I_hhomog(I,w) gt resolution
mre_I_hmres(I_h,0) gt print(betti(mre_I_h),"betti
") 0 1 2 3 4 5
6 7 8 9 10 ----------------------
------------------------------- 0 1
3 3 1 - - - - - -
- 1 - 18 102 243 306 210
72 9 - - - 2 - -
9 72 252 486 558 391 165 39
4 ------------------------------------------------
----- total 1 21 114 316 558 696
630 400 165 39 4 . gt
regularity(mre_I_h) //--- regularity of I 3
17
(No Transcript)
18

• ? F2, n80, deg(fk)2 (HFE)

1 80z 3080z2 75760z3 1331940z417720016z5
183877240z6 1506567920z7
9687269930z8 47105696560z9 152100910104z10
116968809360z11 - 2135475381260z12 -
15201837526480z13 O(z14)
19
regularity
m
Expected regularity of mn random polynomials
over F2
20
regularity
m
Expected regularity of m random polynomials in 80
variables over F2