CINXE.COM

Search results

<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link href="/css/dist/css/bootstrap.min.css" rel="stylesheet"> <title>Search results</title> <link rel="stylesheet" href="/css/eprint.css?v=10"> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" /> <link rel="apple-touch-icon" href="/img/apple-touch-icon-180x180.png" /> <style> input { background-color: #e8e8e8 !important; } mark { font-weight: 600; padding: .2em 0px .2em 0px; color: black; } span.term { font-weight: 700 !important; font-family: var(--bs-font-monospace), monospace !important; } form { background-color:#fff; } @media (min-width: 768px) { form { position:sticky;top:6rem; } } </style> <meta name="description" content="Search the Cryptology ePrint Archive"> </head> <body> <noscript> <h1 class="text-center">What a lovely hat</h1> <h4 class="text-center">Is it made out of <a href="https://iacr.org/tinfoil.html">tin foil</a>?</h4> </noscript> <div class="fixed-top" id="topNavbar"> <nav class="navbar navbar-custom navbar-expand-lg"> <div class="container px-0 justify-content-between justify-content-lg-evenly"> <div class="order-0 align-items-center d-flex"> <button class="navbar-toggler btnNoOutline" type="button" data-bs-toggle="collapse" data-bs-target="#navbarContent" aria-controls="navbarContent" aria-expanded="false"> <span class="icon-bar top-bar"></span> <span class="icon-bar middle-bar"></span> <span class="icon-bar bottom-bar"></span> </button> <a class="d-none me-5 d-lg-inline" href="https://iacr.org/"><img class="iacrlogo" src="/img/iacrlogo_small.png" alt="IACR Logo" style="max-width:6rem;"></a> </div> <a class="ePrintname order-1" href="/"> <span class="longNavName">Cryptology ePrint Archive</span> </a> <div class="collapse navbar-collapse order-3" id="navbarContent"> <ul class="navbar-nav me-auto ms-2 mb-2 mb-lg-0 justify-content-end w-100"> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> Papers </a> <ul class="dropdown-menu me-3" aria-labelledby="navbarDropdown"> <span class="text-dark mx-3" style="white-space:nowrap;">Updates from the last:</span> <li><a class="dropdown-item ps-custom" href="/days/7">7 days</a></li> <li><a class="dropdown-item ps-custom" href="/days/31">31 days</a></li> <li><a class="dropdown-item ps-custom" href="/days/183">6 months</a></li> <li><a class="dropdown-item ps-custom" href="/days/365">365 days</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/byyear">Listing by year</a></li> <li><a class="dropdown-item" href="/complete">All papers</a></li> <li><a class="dropdown-item" href="/complete/compact">Compact view</a></li> <li><a class="dropdown-item" href="https://www.iacr.org/news/subscribe">Subscribe</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/citation.html">How to cite</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/rss">Harvesting metadata</a></li> </ul> </li> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="submissionsDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> Submissions </a> <ul class="dropdown-menu me-3" aria-labelledby="submissionsDropdown"> <li><a class="dropdown-item" href="/submit">Submit a paper</a></li> <li><a class="dropdown-item" href="/revise">Revise or withdraw a paper</a></li> <li><a class="dropdown-item" href="/operations.html">Acceptance and publishing conditions</a></li> </ul> </li> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="aboutDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> About </a> <ul class="dropdown-menu me-3" aria-labelledby="aboutDropdown"> <li><a class="dropdown-item" href="/about.html">Goals and history</a></li> <li><a class="dropdown-item" href="/news.html">News</a></li> <li><a class="dropdown-item" href="/stats">Statistics</a></li> <li><a class="dropdown-item" href="/contact.html">Contact</a></li> </ul> </li> </ul> </div> <div class="dropdown ps-md-2 text-right order-2 order-lg-last"> <button class="btn btnNoOutline" type="button" id="dropdownMenuButton1" data-bs-toggle="dropdown" aria-expanded="false"> <img src="/img/search.svg" class="searchIcon" alt="Search Button"/> </button> <div id="searchDd" class="dropdown-menu dropdown-menu-end p-0" aria-labelledby="dropdownMenuButton1"> <form action="/search" method="GET"> <div class="input-group"> <input id="searchbox" name="q" type="search" class="form-control" autocomplete="off"> <button class="btn btn-secondary border input-group-append ml-2"> Search </button> </div> </form> <div class="ms-2 p-1 d-none"><a href="/search">Advanced search</a></div> </div> </div> </div> </nav> </div> <main id="eprintContent" class="container px-3 py-4 p-md-4"> <div class="row"> <div class="col-12 col-lg-4"> <form class="p-2 pt-md-4 align-items-end needs-validation" novalidate onsubmit="return validateForm()" method="GET" action="/search"> <label for="anything" class="mt-2 form-label">Match anything</label> <input type="text" name="q" class="form-control form-control-sm" id="anything" aria-label="Match anything" value="Gröbner bases"> <label for="title" class="mt-4 form-label">Match title</label> <input type="text" name="title" class="form-control form-control-sm" id="title" aria-label="Match title" value=""> <label for="authors" class="mt-4 form-label">Match authors</label> <input type="text" name="authors" class="form-control form-control-sm" id="authors" aria-label="Match authors" value=""> <label for="category" class="mt-4 form-label">Category</label><br> <select class="form-select form-select-sm" id="category" name="category" aria-label="Category"> <option value="">All categories</option> <option value="APPLICATIONS" >Applications</option> <option value="PROTOCOLS" >Cryptographic protocols</option> <option value="FOUNDATIONS" >Foundations</option> <option value="IMPLEMENTATION" >Implementation</option> <option value="SECRETKEY" >Secret-key cryptography</option> <option value="PUBLICKEY" >Public-key cryptography</option> <option value="ATTACKS" >Attacks and cryptanalysis</option> </select> <div class="row d-none d-lg-flex"> <div class="col-6"> <label for="submittedafter" class="mt-4 form-label">Submitted after</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="submittedafter" name="submittedafter" aria-label="Submitted after" value="None" placeholder="Enter a year"> </div> <div class="col-6"> <label for="submittedbefore" class="mt-4 form-label">Submitted before</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="submittedbefore" name="submittedbefore" aria-label="Submitted before" value="None" placeholder="Enter a year"> <div class="invalid-feedback"> Dates are inconsistent </div> </div> </div> <div class="row d-none d-lg-flex"> <div class="col-6"> <label for="revisedafter" class="mt-4 form-label">Revised after</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="revisedafter" name="revisedafter" aria-label="Revised after" placeholder="Enter a year" value="None"> <div class="invalid-feedback"> Dates are inconsistent </div> </div> <div class="col-6"> <label for="revisedbefore" class="mt-4 form-label">Revised before</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="revisedbefore" name="revisedbefore" aria-label="Revised before" value="None" placeholder="Enter a year"> </div> </div> <div class="d-none d-lg-flex mt-3"> <div class="form-check"> <input type="checkbox" id="relevance" name="relevance" > <label for="relevance" class="form-check-label ms-2">Sort by relevance</label> </div> </div> <div class="mt-3 d-flex"> <button class="btn btn-primary btn-sm" type="submit">Search</button> <button id="clearButton" class="btn btn-secondary btn-sm ms-2" type="button">Clear</button> <button id="helpButton" class="btn btn-info btn-sm ms-auto" type="button" data-bs-toggle="modal" data-bs-target="#helpModal">Help</button> </div> </form> <div class="modal" tabindex="-1" id="helpModal"> <div class="modal-dialog modal-lg"> <div class="modal-content"> <div class="modal-header"> <h4 class="modal-title">Search Help</h4> <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button> </div> <div class="modal-body"> <p> You can search for a phrase by enclosing it in double quotes, e.g., <span class="term text-nowrap"><a href="/search?q=%22differential%20privacy%22">"differential privacy"</a></span>. </p> <p> You can require or exclude specific terms using + and -. For example, to search for papers that contain the term elliptic but not the term factoring, use <span class="term text-nowrap"><a href="/search?q=%2Belliptic%20-factoring">+elliptic -factoring</a></span> </p> <p> To search in a title or for author name, use <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20author%3Aboneh">title:isogeny author:boneh</a></span>. If you want to require both, you can use <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20AND%20author%3Aboneh">title:isogeny AND author:boneh</a></span> because it recognizes logical operators <span class="term">AND</span> and <span class="term">OR</span>. This is equivalent to <a href="/search?title=isogeny&authors=boneh">using the individual fields</a> for author and title. You can also use NOT to negate a condition, as with <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20AND%20NOT%20author%3Aboneh">title:isogeny AND NOT author:boneh</a></span> to search for papers with an author other than Boneh. </p> <p> To find documents containing a term starting with the string <span class="term">differe</span>, use <span class="term"><a href="/search?q=differe%2A">differe*</a></span>. This will match the terms difference, different, and differential </p> <p> Note that search applies stemming, so that if you search for <span class="term">yield</span> it will also match terms <span class="term">yields</span> and <span class="term">yielding</span>. If you want to disable stemming, capitalize the term. A search for <span class="term">Adam</span> will not match the term 'Adams'. </p> <p> The system attempts to recognize possible misspellings. This is perhaps a source of amusement more than anything else. </p> <p> This currently searches the text in titles, authors, abstracts, and keywords, but does not search in the PDF or PS itself. </p> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button> </div> </div> </div> </div> <!-- Parsed query: Query(((gröbner@1 AND Zbase@2) AND_MAYBE PostingSource(Xapian::ValueWeightPostingSource(slot=2)))) --> </div> <div class="col-12 col-lg-8" style="min-height:80vh"> <h4 class="mt-3 ms-4">96 results sorted by ID</h5> <div class="alert alert-info ms-lg-4">Possible spell-corrected query: <a href="/search?q=Gröbner based">Gröbner based</a></div> <div class="ms-lg-4 mt-3 results"> <div class="mb-4"> <div class="d-flex"><a title="2025/466" class="paperlink" href="/2025/466">2025/466</a> <span class="ms-2"><a href="/2025/466.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-12</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Algebraic Cryptanalysis of Small-Scale Variants of Stream Cipher E0</strong> <div class="mt-1"><span class="fst-italic">Jan Dolejš, Martin Jureček</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This study explores the algebraic cryptanalysis of small-scale variants of the E0 stream cipher, a legacy cipher used in the Bluetooth protocol. By systematically reducing the size of the linear feedback shift registers (LFSRs) while preserving the cipher’s core structure, we investigate the relationship between the number of unknowns and the number of consecutive keystream bits required to recover the internal states of the LFSRs. Our work demonstrates an approximately linear relationship...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/259" class="paperlink" href="/2025/259">2025/259</a> <span class="ms-2"><a href="/2025/259.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Improved Resultant Attack against Arithmetization-Oriented Primitives</strong> <div class="mt-1"><span class="fst-italic">Augustin Bariant, Aurélien Boeuf, Pierre Briaud, Maël Hostettler, Morten Øygarden, Håvard Raddum</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In the last decade, the introduction of advanced cryptographic protocols operating on large finite fields $\mathbb{F}_q$ has raised the need for efficient cryptographic primitives in this setting, commonly referred to as Arithmetization-Oriented (AO). The cryptanalysis of AO hash functions is essentially done through the study of the CICO problem on the underlying permutation. Two recent works at Crypto 2024 and Asiacrypt 2024 managed to solve the CICO problem much more efficiently than...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1975" class="paperlink" href="/2024/1975">2024/1975</a> <span class="ms-2"><a href="/2024/1975.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-01-28</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Quadratic Modelings of Syndrome Decoding</strong> <div class="mt-1"><span class="fst-italic">Alessio Caminata, Ryann Cartor, Alessio Meneghetti, Rocco Mora, Alex Pellegrini</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper presents enhanced reductions of the bounded-weight and exact-weight Syndrome Decoding Problem (SDP) to a system of quadratic equations. Over $\mathbb{F}_2$, we improve on a previous work and study the degree of regularity of the modeling of the exact weight SDP. Additionally, we introduce a novel technique that transforms SDP instances over $\mathbb{F}_q$ into systems of polynomial equations and thoroughly investigate the dimension of their varieties. Experimental results are...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1900" class="paperlink" href="/2024/1900">2024/1900</a> <span class="ms-2"><a href="/2024/1900.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-25</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Opening the Blackbox: Collision Attacks on Round-Reduced Tip5, Tip4, Tip4&#39; and Monolith</strong> <div class="mt-1"><span class="fst-italic">Fukang Liu, Katharina Koschatko, Lorenzo Grassi, Hailun Yan, Shiyao Chen, Subhadeep Banik, Willi Meier</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">A new design strategy for ZK-friendly hash functions has emerged since the proposal of $\mathsf{Reinforced Concrete}$ at CCS 2022, which is based on the hybrid use of two types of nonlinear transforms: the composition of some small-scale lookup tables (e.g., 7-bit or 8-bit permutations) and simple power maps over $\mathbb{F}_p$. Following such a design strategy, some new ZK-friendly hash functions have been recently proposed, e.g., $\mathsf{Tip5}$, $\mathsf{Tip4}$, $\mathsf{Tip4}&#39;$ and the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1770" class="paperlink" href="/2024/1770">2024/1770</a> <span class="ms-2"><a href="/2024/1770.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Improved Attacks for SNOVA by Exploiting Stability under a Group Action</strong> <div class="mt-1"><span class="fst-italic">Daniel Cabarcas, Peigen Li, Javier Verbel, Ricardo Villanueva-Polanco</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">SNOVA is a post-quantum digital signature scheme based on multivariate polynomials. It is a second-round candidate in an ongoing NIST standardization process for post-quantum signatures, where it stands out for its efficiency and compactness. Since its initial submission, there have been several improvements to its security analysis, both on key recovery and forgery attacks. All these works reduce to solving a structured system of quadratic polynomials, which we refer to as SNOVA...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1577" class="paperlink" href="/2024/1577">2024/1577</a> <span class="ms-2"><a href="/2024/1577.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-01</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Solving Multivariate Coppersmith Problems with Known Moduli</strong> <div class="mt-1"><span class="fst-italic">Keegan Ryan</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We examine the problem of finding small solutions to systems of modular multivariate polynomials. While the case of univariate polynomials has been well understood since Coppersmith&#39;s original 1996 work, multivariate systems typically rely on carefully crafted shift polynomials and significant manual analysis of the resulting Coppersmith lattice. In this work, we develop several algorithms that make such hand-crafted strategies obsolete. We first use the theory of Gröbner bases to develop an...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1396" class="paperlink" href="/2024/1396">2024/1396</a> <span class="ms-2"><a href="/2024/1396.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-09-05</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Rare structures in tensor graphs - Bermuda triangles for cryptosystems based on the Tensor Isomorphism problem</strong> <div class="mt-1"><span class="fst-italic">Lars Ran, Simona Samardjiska</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Recently, there has been a lot of interest in improving the understanding of the practical hardness of the 3-Tensor Isomorphism (3-TI) problem, which, given two 3-tensors, asks for an isometry between the two. The current state-of-the-art for solving this problem is the algebraic algorithm of Ran et al. &#39;23 and the graph-theoretic algorithm of Narayanan et al. &#39;24 that have both slightly reduced the security of the signature schemes MEDS and ALTEQ, based on variants of the 3-TI problem...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/809" class="paperlink" href="/2024/809">2024/809</a> <span class="ms-2"><a href="/2024/809.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-05-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Reducing Overdefined Systems of Polynomial Equations Derived from Small Scale Variants of the AES via Data Mining Methods</strong> <div class="mt-1"><span class="fst-italic">Jana Berušková, Martin Jureček, Olha Jurečková</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper deals with reducing the secret key computation time of small scale variants of the AES cipher using algebraic cryptanalysis, which is accelerated by data mining methods. This work is based on the known plaintext attack and aims to speed up the calculation of the secret key by processing the polynomial equations extracted from plaintext-ciphertext pairs. Specifically, we propose to transform the overdefined system of polynomial equations over GF(2) into a new system so that the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/786" class="paperlink" href="/2024/786">2024/786</a> <span class="ms-2"><a href="/2024/786.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-05-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Modelling Ciphers with Overdefined Systems of Quadratic Equations: Application to Friday, Vision, RAIN and Biscuit</strong> <div class="mt-1"><span class="fst-italic">Fukang Liu, Mohammad Mahzoun, Willi Meier</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">It is well-known that a system of equations becomes easier to solve when it is overdefined. In this work, we study how to overdefine the system of equations to describe the arithmetic oriented (AO) ciphers Friday, Vision, and RAIN, as well as a special system of quadratic equations over $\mathbb F_{2^{\ell}}$ used in the post-quantum signature scheme Biscuit. Our method is inspired by Courtois-Pieprzyk&#39;s and Murphy-Robshaw&#39;s methods to model AES with overdefined systems of quadratic...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/693" class="paperlink" href="/2024/693">2024/693</a> <span class="ms-2"><a href="/2024/693.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-09-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Note on Gröbner Bases for Anemoi</strong> <div class="mt-1"><span class="fst-italic">Pierre Briaud</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper focuses on algebraic attacks on the $\mathsf{Anemoi}$ family of arithmetization-oriented permutations [Crypto &#39;23]. We consider a slight variation of the naive modeling of the $\mathsf{CICO}$ problem associated to the primitive, for which we can very easily obtain a Gröbner basis and prove the degree of the associated ideal. For inputs in $\mathbb{F}_{q}^2$ when $q$ is an odd prime, we recover the same degree as conjectured for alternative polynomial systems used in other recent...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/605" class="paperlink" href="/2024/605">2024/605</a> <span class="ms-2"><a href="/2024/605.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-04-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Security Analysis of XHASH8/12</strong> <div class="mt-1"><span class="fst-italic">Léo Perrin</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We have investigated both the padding scheme and the applicability of algebraic attacks to both XHash8 and XHash12. The only vulnerability of the padding scheme we can find is plausibly applicable only in the multi-rate setting---for which the authors make no claim---and is safe otherwise. For algebraic attack relying on the computation and exploitation of a Gröbner basis, our survey of the literature suggests to base a security argument on the complexity of the variable elimination step...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/595" class="paperlink" href="/2024/595">2024/595</a> <span class="ms-2"><a href="/2024/595.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-04-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Analysis of Multivariate Encryption Schemes: Application to Dob and C*</strong> <div class="mt-1"><span class="fst-italic">Morten Øygarden, Patrick Felke, Håvard Raddum</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">A common strategy for constructing multivariate encryption schemes is to use a central map that is easy to invert over an extension field, along with a small number of modifications to thwart potential attacks. In this work we study the effectiveness of these modifications, by deriving estimates for the number of degree fall polynomials. After developing the necessary tools, we focus on encryption schemes using the $C^*$ and Dobbertin central maps, with the internal perturbation (ip), and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/572" class="paperlink" href="/2024/572">2024/572</a> <span class="ms-2"><a href="/2024/572.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-08-26</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Split Gröbner Bases for Satisfiability Modulo Finite Fields</strong> <div class="mt-1"><span class="fst-italic">Alex Ozdemir, Shankara Pailoor, Alp Bassa, Kostas Ferles, Clark Barrett, Işil Dillig</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Satisfiability modulo finite fields enables automated verification for cryptosystems. Unfortunately, previous solvers scale poorly for even some simple systems of field equations, in part because they build a full Gröbner basis (GB) for the system. We propose a new solver that uses multiple, simpler GBs instead of one full GB. Our solver, implemented within the cvc5 SMT solver, admits specialized propagation algorithms, e.g., for understanding bitsums. Experiments show that it solves...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/528" class="paperlink" href="/2024/528">2024/528</a> <span class="ms-2"><a href="/2024/528.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-09-23</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>The solving degrees for computing Gröbner bases of affine semi-regular polynomial sequences</strong> <div class="mt-1"><span class="fst-italic">Momonari Kudo, Kazuhiro Yokoyama</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Determining the complexity of computing Gr\&#34;{o}bner bases is an important problem both in theory and in practice, and for that the solving degree plays a key role. In this paper, we study the solving degrees for affine semi-regular sequences and their homogenized sequences. Some of our results are considered to give mathematically rigorous proofs of the correctness of methods for computing Gr\&#34;{o}bner bases of the ideal generated by an affine semi-regular sequence. This paper is a sequel...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/468" class="paperlink" href="/2024/468">2024/468</a> <small class="ms-auto">Last updated: 2024-12-23</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Zero-Dimensional Gröbner Bases for Rescue-XLIX</strong> <div class="mt-1"><span class="fst-italic">Matthias Johann Steiner</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Rescue-XLIX is an Arithmetization-Oriented Substitution-Permutation Network over prime fields $\mathbb{F}_p$ which in one full round first applies a SPN based on $x \mapsto x^d$ followed by a SPN based on the inverse power map $x \mapsto x^\frac{1}{d}$. In a recent work, zero-dimensional Gröbner bases for SPN and Poseidon sponge functions have been constructed by utilizing weight orders. Following this approach we construct zero-dimensional Gröbner bases for Rescue-XLIX ciphers and sponge functions.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/313" class="paperlink" href="/2024/313">2024/313</a> <span class="ms-2"><a href="/2024/313.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>The Complexity of Algebraic Algorithms for LWE</strong> <div class="mt-1"><span class="fst-italic">Matthias Johann Steiner</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Arora &amp; Ge introduced a noise-free polynomial system to compute the secret of a Learning With Errors (LWE) instance via linearization. Albrecht et al. later utilized the Arora-Ge polynomial model to study the complexity of Gröbner basis computations on LWE polynomial systems under the assumption of semi-regularity. In this paper we revisit the Arora-Ge polynomial and prove that it satisfies a genericity condition recently introduced by Caminata &amp; Gorla, called being in generic coordinates....</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/310" class="paperlink" href="/2024/310">2024/310</a> <small class="ms-auto">Last updated: 2024-12-23</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Zero-Dimensional Gröbner Basis for Poseidon</strong> <div class="mt-1"><span class="fst-italic">Matthias Johann Steiner</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper we construct dedicated weight orders $&gt;$ so that a $&gt;$-Gröbner bases of Poseidon can be found via linear transformations for the preimage as well as the CICO problem. In particular, with our Gröbner bases we can exactly compute the $\mathbb{F}_q$-vector space dimension of the quotient space for all possible Poseidon configurations. This in turn resolves previous attempts to assess the security of Poseidon against Gröbner basis attacks, since the vector space dimension...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/250" class="paperlink" href="/2024/250">2024/250</a> <span class="ms-2"><a href="/2024/250.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-23</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Exploring the Six Worlds of Gröbner Basis Cryptanalysis: Application to Anemoi</strong> <div class="mt-1"><span class="fst-italic">Katharina Koschatko, Reinhard Lüftenegger, Christian Rechberger</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Gröbner basis cryptanalysis of hash functions and ciphers, and their underlying permutations, has seen renewed interest recently. Anemoi (Crypto&#39;23) is a permutation-based hash function that is efficient for a variety of arithmetizations used in zero-knowledge proofs. In this paper, exploring both theoretical bounds as well as experimental validation, we present new complexity estimates for Gröbner basis attacks on the Anemoi permutation over prime fields. We cast our findings in what we...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/086" class="paperlink" href="/2024/086">2024/086</a> <span class="ms-2"><a href="/2024/086.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-03-03</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>On Hilbert-Poincaré series of affine semi-regular polynomial sequences and related Gröbner bases</strong> <div class="mt-1"><span class="fst-italic">Momonari Kudo, Kazuhiro Yokoyama</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-FOUNDATIONS">Foundations</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Gröbner bases are nowadays central tools for solving various problems in commutative algebra and algebraic geometry. A typical use of Gröbner bases is is the multivariate polynomial system solving, which enables us to construct algebraic attacks against post-quantum cryptographic protocols. Therefore, the determination of the complexity of computing Gröbner bases is very important both in theory and in practice: One of the most important cases is the case where input polynomials compose...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1474" class="paperlink" href="/2023/1474">2023/1474</a> <span class="ms-2"><a href="/2023/1474.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-02-28</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Efficacy and Mitigation of the Cryptanalysis on AIM</strong> <div class="mt-1"><span class="fst-italic">Seongkwang Kim, Jincheol Ha, Mincheol Son, Byeonghak Lee</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Recent advancements in post-quantum cryptography have highlighted signature schemes based on the MPC-in-the-Head (MPCitH) framework due to their reliance only on the one-way function of the underlying primitive. This reliance offers a diverse set of assumptions regarding the difficulty of post-quantum cryptographic problems. In this context, Kim et al. proposed $\mathsf{AIM}$, an MPCitH-compatible one-way function. This function is distinguished by its large algebraic S-boxes and parallel...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1093" class="paperlink" href="/2023/1093">2023/1093</a> <span class="ms-2"><a href="/2023/1093.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-04-26</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Properties of Lattice Isomorphism as a Cryptographic Group Action</strong> <div class="mt-1"><span class="fst-italic">Benjamin Benčina, Alessandro Budroni, Jesús-Javier Chi-Domínguez, Mukul Kulkarni</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-FOUNDATIONS">Foundations</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In recent years, the Lattice Isomorphism Problem (LIP) has served as an underlying assumption to construct quantum-resistant cryptographic primitives, e.g. the zero-knowledge proof and digital signature scheme by Ducas and van Woerden (Eurocrypt 2022), and the HAWK digital signature scheme (Asiacrypt 2022). While prior lines of work in group action cryptography, e.g. the works of Brassard and Yung (Crypto 1990), and more recently Alamati, De Feo, Montgomery and Patranabis (Asiacrypt...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1008" class="paperlink" href="/2023/1008">2023/1008</a> <span class="ms-2"><a href="/2023/1008.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-06-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Cryptanalysis of rank-metric schemes based on distorted Gabidulin codes</strong> <div class="mt-1"><span class="fst-italic">Pierre Briaud, Pierre Loidreau</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this work, we introduce a new attack for the Loidreau scheme [PQCrypto 2017] and its more recent variant LowMS. This attack is based on a constrained linear system for which we provide two solving approaches: - The first one is an enumeration algorithm inspired from combinatorial attacks on the Rank Decoding (RD) Problem. While the attack technique remains very simple, it allows us to obtain the best known structural attack on the parameters of these two schemes. - The second one is...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/950" class="paperlink" href="/2023/950">2023/950</a> <span class="ms-2"><a href="/2023/950.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-08-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A new approach based on quadratic forms to attack the McEliece cryptosystem</strong> <div class="mt-1"><span class="fst-italic">Alain Couvreur, Rocco Mora, Jean-Pierre Tillich</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We introduce a novel algebraic approach for attacking the McEliece cryptosystem which is currently at the $4$-th round of the NIST competition. The contributions of the article are twofold. (1) We present a new distinguisher on alternant and Goppa codes working in a much broader range of parameters than \cite{FGOPT11}. (2) With this approach we also provide a polynomial--time key recovery attack on alternant codes which are distinguishable with the distinguisher \cite{FGOPT11}. ...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/731" class="paperlink" href="/2023/731">2023/731</a> <span class="ms-2"><a href="/2023/731.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-05-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Fast Exhaustive Search for Polynomial Systems over F3</strong> <div class="mt-1"><span class="fst-italic">Bo-Yin Yang, Wei-Jeng Wang, Shang-Yi Yang, Char-Shin Miou, Chen-Mou Cheng</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Solving multivariate polynomial systems over finite fields is an important problem in cryptography. For random F2 low-degree systems with equally many variables and equations, enumeration is more efficient than advanced solvers for all practical problem sizes. Whether there are others remained an open problem. We here study and propose an exhaustive-search algorithm for low degrees systems over F3 which is suitable for parallelization. We implemented it on Graphic Processing Units...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/176" class="paperlink" href="/2023/176">2023/176</a> <span class="ms-2"><a href="/2023/176.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-02-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A New Algebraic Approach to the Regular Syndrome Decoding Problem and Implications for PCG Constructions</strong> <div class="mt-1"><span class="fst-italic">Pierre Briaud, Morten Øygarden</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The Regular Syndrome Decoding (RSD) problem, a variant of the Syndrome Decoding problem with a particular error distribution, was introduced almost 20 years ago by Augot et al. . In this problem, the error vector is divided into equally sized blocks, each containing a single noisy coordinate. More recently, the last five years have seen increased interest in this assumption due to its use in MPC and ZK applications. Generally referred to as &#34;LPN with regular noise&#34; in this context, the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/1387" class="paperlink" href="/2022/1387">2022/1387</a> <span class="ms-2"><a href="/2022/1387.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-03-25</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>AIM: Symmetric Primitive for Shorter Signatures with Stronger Security (Full Version)</strong> <div class="mt-1"><span class="fst-italic">Seongkwang Kim, Jincheol Ha, Mincheol Son, Byeonghak Lee, Dukjae Moon, Joohee Lee, Sangyub Lee, Jihoon Kwon, Jihoon Cho, Hyojin Yoon, Jooyoung Lee</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Post-quantum signature schemes based on the MPC-in-the-Head (MPCitH) paradigm are recently attracting significant attention as their security solely depends on the one-wayness of the underlying primitive, providing diversity for the hardness assumption in post-quantum cryptography. Recent MPCitH-friendly ciphers have been designed using simple algebraic S-boxes operating on a large field in order to improve the performance of the resulting signature schemes. Due to their simple algebraic...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/987" class="paperlink" href="/2022/987">2022/987</a> <span class="ms-2"><a href="/2022/987.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-08-02</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Signature-Based Gröbner Basis Algorithm with Tail-Reduced Reductors (M5GB)</strong> <div class="mt-1"><span class="fst-italic">Manuel Hauke, Lukas Lamster, Reinhard Lüftenegger, Christian Rechberger</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-FOUNDATIONS">Foundations</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Gröbner bases are an important tool in computational algebra and, especially in cryptography, often serve as a boilerplate for solving systems of polynomial equations. Research regarding (efficient) algorithms for computing Gröbner bases spans a large body of dedicated work that stretches over the last six decades. The pioneering work of Bruno Buchberger in 1965 can be considered as the blueprint for all subsequent Gröbner basis algorithms to date. Among the most efficient algorithms in this...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/787" class="paperlink" href="/2022/787">2022/787</a> <span class="ms-2"><a href="/2022/787.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-06-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Block Cipher&#39;s Substitution Box Generation Based on Natural Randomness in Underwater Acoustics and Knight&#39;s Tour Chain</strong> <div class="mt-1"><span class="fst-italic">Muhammad Fahad Khan, Khalid Saleem, Tariq Shah, Mohmmad Mazyad Hazzazi, Ismail Bahkali, Piyush Kumar Shukla</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The protection of confidential information is a global issue and block encryption algorithms are the most reliable option for securing data. The famous information theorist, Claude Shannon has given two desirable characteristics that should exist in a strong cipher which are substitution and permutation in their fundamental research on &#34;Communication Theory of Secrecy Systems.” block ciphers strictly follow the substitution and permutation principle in an iterative manner to generate a...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/695" class="paperlink" href="/2022/695">2022/695</a> <span class="ms-2"><a href="/2022/695.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-07-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Yet Another Algebraic Cryptanalysis of Small Scale Variants of AES</strong> <div class="mt-1"><span class="fst-italic">Marek Bielik, Martin Jureček, Olha Jurečková, Róbert Lórencz</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This work presents new advances in algebraic cryptanalysis of small scale derivatives of AES. We model the cipher as a system of polynomial equations over GF(2), which involves only the variables of the initial key, and we subsequently attempt to solve this system using Gröbner bases. We show, for example, that one of the attacks can recover the secret key for one round of AES-128 under one minute on a contemporary CPU. This attack requires only two known plaintexts and their corresponding...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/016" class="paperlink" href="/2022/016">2022/016</a> <span class="ms-2"><a href="/2022/016.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-08-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>An algebraic attack to the Bluetooth stream cipher E0</strong> <div class="mt-1"><span class="fst-italic">Roberto La Scala, Sergio Polese, Sharwan K. Tiwari, Andrea Visconti</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper we study the security of the Bluetooth stream cipher E0 from the viewpoint it is a “difference stream cipher”, that is, it is defined by a system of explicit difference equations over the finite field GF(2). This approach highlights some issues of the Bluetooth encryption such as the invertibility of its state transition map, a special set of 14 bits of its 132-bit state which when guessed implies linear equations among the other bits and finally a small number of spurious...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/1529" class="paperlink" href="/2021/1529">2021/1529</a> <span class="ms-2"><a href="/2021/1529.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-06-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Autoguess: A Tool for Finding Guess-and-Determine Attacks and Key Bridges</strong> <div class="mt-1"><span class="fst-italic">Hosein Hadipour, Maria Eichlseder</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The guess-and-determine technique is one of the most widely used techniques in cryptanalysis to recover unknown variables in a given system of relations. In such attacks, a subset of the unknown variables is guessed such that the remaining unknowns can be deduced using the information from the guessed variables and the given relations. This idea can be applied in various areas of cryptanalysis such as finding the internal state of stream ciphers when a sufficient amount of output data is...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/1070" class="paperlink" href="/2021/1070">2021/1070</a> <span class="ms-2"><a href="/2021/1070.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-12-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Onyx: New Encryption and Signature Schemes with Multivariate Public Key in Degree 3</strong> <div class="mt-1"><span class="fst-italic">Gilles Macario-Rat, Jacques Patarin</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we present a new secret trapdoor function for the design of multivariate schemes that we call ``Onyx&#39;&#39;, suitable for encryption and signature. It has been inspired by the schemes presented in Ariadne Thread and Pepper: New mul-tivariate cryptographic schemes with public keys in degree 3. . From this idea, we present some efficient encryption and signature multivariate schemes with explicit parameters that resist all known attacks. In particular they resist the two main (and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/870" class="paperlink" href="/2021/870">2021/870</a> <span class="ms-2"><a href="/2021/870.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-06-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>SoK: Gröbner Basis Algorithms for Arithmetization Oriented Ciphers</strong> <div class="mt-1"><span class="fst-italic">Jan Ferdinand Sauer, Alan Szepieniec</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Many new ciphers target a concise algebraic description for efficient evaluation in a proof system or a multi-party computation. This new target for optimization introduces algebraic vulnerabilities, particularly involving Gröbner basis analysis. Unfortunately, the literature on Gröbner bases tends to be either purely mathematical, or focused on small fields. In this paper, we survey the most important algorithms and present them in an intuitive way. The discussion of their complexities...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/367" class="paperlink" href="/2021/367">2021/367</a> <span class="ms-2"><a href="/2021/367.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-03-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions</strong> <div class="mt-1"><span class="fst-italic">Arnab Roy, Elena Andreeva, Jan Ferdinand Sauer</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In recent years a new type of block ciphers and hash functions over a (large) field, such as MiMC and GMiMC, have been designed. Their security, particularly over a prime field, is mainly determined by algebraic cryptanalysis techniques, such as Gröbner basis and interpolation attacks. In SAC 2019, Li and Preneel presented low memory interpolation cryptanalysis against the MiMC and Feistel-MiMC designs. In this work we answer the open question posed in their work and show that low memory...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/1442" class="paperlink" href="/2020/1442">2020/1442</a> <span class="ms-2"><a href="/2020/1442.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-05-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Analysis of Multivariate Encryption Schemes: Application to Dob</strong> <div class="mt-1"><span class="fst-italic">Morten Øygarden, Patrick Felke, Håvard Raddum</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we study the effect of two modifications to multivariate public key encryption schemes: internal perturbation (ip), and Q_+. Focusing on the Dob encryption scheme, a construction utilising these modifications, we accurately predict the number of degree fall polynomials produced in a Gröbner basis attack, up to and including degree five. The predictions remain accurate even when fixing variables. Based on this new theory we design a novel attack on the Dob encryption scheme,...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/1375" class="paperlink" href="/2020/1375">2020/1375</a> <span class="ms-2"><a href="/2020/1375.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-11-10</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Semi-regular sequences and other random systems of equations</strong> <div class="mt-1"><span class="fst-italic">M. Bigdeli, E. De Negri, M. M. Dizdarevic, E. Gorla, R. Minko, S. Tsakou</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The security of multivariate cryptosystems and digital signature schemes relies on the hardness of solving a system of polynomial equations over a finite field. Polynomial system solving is also currently a bottleneck of index-calculus algorithms to solve the elliptic and hyperelliptic curve discrete logarithm problem. The complexity of solving a system of polynomial equations is closely related to the cost of computing Gröbner bases, since computing the solutions of a polynomial system can...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2019/1415" class="paperlink" href="/2019/1415">2019/1415</a> <span class="ms-2"><a href="/2019/1415.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2019-12-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Toward A More Efficient Gröbner-based Algebraic Cryptanalysis</strong> <div class="mt-1"><span class="fst-italic">Hossein Arabnezhad-Khanoki, Babak Sadeghiyan</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we propose a new method to launch a more efficient algebraic cryptanalysis. Algebraic cryptanalysis aims at finding the secret key of a cipher by solving a collection of polynomial equations that describe the internal structure of the cipher, while chosen correlated plaintexts, as what appear in higher order differential cryptanalysis and its derivatives such as cube attack or integral cryptanalysis, forces many linear relation between intermediate state bits in the cipher. In...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2019/903" class="paperlink" href="/2019/903">2019/903</a> <span class="ms-2"><a href="/2019/903.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-10-02</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Probabilistic analysis on Macaulay matrices over finite fields and complexity of constructing Gröbner bases</strong> <div class="mt-1"><span class="fst-italic">Igor Semaev, Andrea Tenti</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-FOUNDATIONS">Foundations</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Gröbner basis methods are used to solve systems of polynomial equations over finite fields, but their complexity is poorly understood. In this work an upper bound on the time complexity of constructing a Gröbner basis and finding a solutions of a system is proved. A key parameter in this estimate is the degree of regularity of the leading forms of the polynomials. Therefore, we provide an upper bound on the degree of regularity for a sufficiently overdetermined system of forms over any...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2019/426" class="paperlink" href="/2019/426">2019/426</a> <span class="ms-2"><a href="/2019/426.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-02-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Design of Symmetric-Key Primitives for Advanced Cryptographic Protocols</strong> <div class="mt-1"><span class="fst-italic">Abdelrahaman Aly, Tomer Ashur, Eli Ben-Sasson, Siemen Dhooghe, Alan Szepieniec</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">While traditional symmetric algorithms like AES and SHA3 are optimized for efficient hardware and software implementations, a range of emerging applications using advanced cryptographic protocols such as multi-party computation and zero-knowledge proofs require optimization with respect to a different metric: arithmetic complexity. In this paper we study the design of secure cryptographic algorithms optimized to minimize this metric. We begin by identifying the differences in the design...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2019/313" class="paperlink" href="/2019/313">2019/313</a> <span class="ms-2"><a href="/2019/313.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-12-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A SAT-based approach for index calculus on binary elliptic curves</strong> <div class="mt-1"><span class="fst-italic">Monika Trimoska, Sorina Ionica, Gilles Dequen</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Logical cryptanalysis, first introduced by Massacci in 2000, is a viable alternative to common algebraic cryptanalysis techniques over boolean fields. With XOR operations being at the core of many cryptographic problems, recent research in this area has focused on handling XOR clauses efficiently. In this paper, we investigate solving the point decomposition step of the index calculus method for prime degree extension fields $\mathbb{F}_{2^n}$, using SAT solving methods. We experimented with...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2018/765" class="paperlink" href="/2018/765">2018/765</a> <span class="ms-2"><a href="/2018/765.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2018-08-20</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Symbolic Proofs for Lattice-Based Cryptography</strong> <div class="mt-1"><span class="fst-italic">Gilles Barthe, Xiong Fan, Joshua Gancher, Benjamin Grégoire, Charlie Jacomme, Elaine Shi</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Symbolic methods have been used extensively for proving security of cryptographic protocols in the Dolev-Yao model, and more recently for proving security of cryptographic primitives and constructions in the computational model. However, existing methods for proving security of cryptographic constructions in the computational model often require significant expertise and interaction, or are fairly limited in scope and expressivity. This paper introduces a symbolic approach for proving...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2018/232" class="paperlink" href="/2018/232">2018/232</a> <span class="ms-2"><a href="/2018/232.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2018-03-01</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Improved fully homomorphic public-key encryption with small ciphertext size</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">A cryptosystem which supports both addition and multiplication (thereby preserving the ring structure of the plaintexts) is known as fully homomorphic encryption (FHE) and is very powerful. Using such a scheme, any circuit can be homomorphically evaluated, effectively allowing the construction of programs which may be run on ciphertexts of their inputs to produce a ciphertext of their output. Since such a program never decrypts its input, it can be run by an untrusted party without revealing...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2018/088" class="paperlink" href="/2018/088">2018/088</a> <span class="ms-2"><a href="/2018/088.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2018-01-28</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Fully homomorphic public-key encryption with small ciphertext size</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In previous work I proposed a fully homomorphic encryption without bootstrapping which has the large size of ciphertext. This tme I propose the fully homomorphic public-key encryption scheme on non-associative octonion ring over finite field with the small size of ciphertext. In this scheme the size of ciphertext is one-third of the size in the scheme proposed before. Because proposed scheme adopts the medium text with zero norm, it is immune from the “p and -p attack”. As the proposed...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2017/763" class="paperlink" href="/2017/763">2017/763</a> <span class="ms-2"><a href="/2017/763.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2017-08-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Improved Fully Homomorphic Encryption without Bootstrapping</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Gentry’s bootstrapping technique is the most famous method of obtaining fully homomorphic encryption. In previous work I proposed a fully homomorphic encryption without bootstrapping which has the weak point in the enciphering function. In this paper I propose the improved fully homomorphic public-key encryption scheme on non-associative octonion ring over finite field without bootstrapping technique. The plaintext p consists of two sub-plaintext u and v. The proposed fully homomorphic...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2016/653" class="paperlink" href="/2016/653">2016/653</a> <span class="ms-2"><a href="/2016/653.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-07-02</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Fully Homomorphic Encryption with Zero Norm Cipher Text</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Gentry’s bootstrapping technique is the most famous method of obtaining fully homomorphic encryption. In previous work I proposed a fully homomorphic encryption without bootstrapping which has the weak point in the plaintext. I also proposed fully homomorphic encryptions with composite number modulus which avoid the weak point by adopting the plaintext including the random numbers in it. In this paper I propose another fully homomorphic encryption with zero norm cipher text where zero norm...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2016/462" class="paperlink" href="/2016/462">2016/462</a> <span class="ms-2"><a href="/2016/462.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-05-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Fully Homomorphic Encryption with Isotropic Elements</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In previous work I proposed a fully homomorphic encryption without bootstrapping which has the weak point in the enciphering function. In this paper I propose the fully homomorphic encryption scheme with non-zero isotropic octonions. I improve the previous scheme by adopting the non-zero isotropic octonions so that the “m and -m attack” is not useful because in proposed scheme many ciphertexts exist where the plaintext m is not zero and the norm is zero. The improved scheme is based on...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2016/412" class="paperlink" href="/2016/412">2016/412</a> <span class="ms-2"><a href="/2016/412.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-04-28</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Solving Quadratic Equations with XL on Parallel Architectures - extended version</strong> <div class="mt-1"><span class="fst-italic">Chen-Mou Cheng, Tung Chou, Ruben Niederhagen, Bo-Yin Yang</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">Solving a system of multivariate quadratic equations (MQ) is an NP-complete problem whose complexity estimates are relevant to many cryptographic scenarios. In some cases it is required in the best known attack; sometimes it is a generic attack (such as for the multivariate PKCs), and sometimes it determines a provable level of security (such as for the QUAD stream ciphers). Under reasonable assumptions, the best way to solve generic MQ systems is the XL algorithm implemented with a sparse...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2016/050" class="paperlink" href="/2016/050">2016/050</a> <span class="ms-2"><a href="/2016/050.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-01-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Improved Fully Homomorphic Encryption with Composite Number Modulus</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Gentry’s bootstrapping technique is the most famous method of obtaining fully homomorphic encryption. In previous work I proposed a fully homomorphic encryption without bootstrapping which has the weak point in the plaintext. I also proposed a fully homomorphic encryption with composite number modulus which avoids the weak point by adopting the plaintext including the random numbers in it. In this paper I propose another fully homomorphic encryption with composite number modulus where the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/1121" class="paperlink" href="/2015/1121">2015/1121</a> <span class="ms-2"><a href="/2015/1121.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2019-06-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>On the First Fall Degree of Summation Polynomials</strong> <div class="mt-1"><span class="fst-italic">Stavros Kousidis, Andreas Wiemers</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">We improve on the first fall degree bound of polynomial systems that arise from a Weil descent along Semaev&#39;s summation polynomials relevant to the solution of the Elliptic Curve Discrete Logarithm Problem via Gröbner basis algorithms.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/1040" class="paperlink" href="/2015/1040">2015/1040</a> <span class="ms-2"><a href="/2015/1040.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2015-10-28</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Fully Homomorphic Encryption with Composite Number Modulus</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Gentry’s bootstrapping technique is the most famous method of obtaining fully homomorphic encryption. In previous work I proposed a fully homomorphic encryption without bootstrapping which has the weak point in the plaintext. In this paper I propose the improved fully homomorphic encryption scheme on non-associative octonion ring over finite ring with composite number modulus where the plaintext p consists of three numbers u,v,w. The proposed fully homomorphic encryption scheme is immune...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/733" class="paperlink" href="/2015/733">2015/733</a> <span class="ms-2"><a href="/2015/733.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2015-07-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Fully Homomorphic Encryption on Octonion Ring</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In previous work(2015/474 in Cryptology ePrint Archive), I proposed a fully homomorphic encryption without bootstrapping which has the weak point in the enciphering function. In this paper I propose the improved fully homomorphic encryption scheme on non-associative octonion ring over finite field without bootstrapping technique. I improve the previous scheme by (1) adopting the enciphering function such that it is difficult to express simply by using the matrices and (2) constructing the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/474" class="paperlink" href="/2015/474">2015/474</a> <span class="ms-2"><a href="/2015/474.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2015-06-21</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Fully Homomorphic Encryption without bootstrapping</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Gentry’s bootstrapping technique is the most famous method of obtaining fully homomorphic encryption. In this paper I propose a new fully homomorphic encryption scheme on non-associative octonion ring over finite field without bootstrapping technique. The security of the proposed fully homomorphic encryption scheme is based on computational difficulty to solve the multivariate algebraic equations of high degree while the almost all multivariate cryptosystems proposed until now are based on...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/176" class="paperlink" href="/2015/176">2015/176</a> <span class="ms-2"><a href="/2015/176.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2016-02-03</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Key Recovery for LWE in Polynomial Time</strong> <div class="mt-1"><span class="fst-italic">Kim Laine, Kristin Lauter</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">We discuss a higher dimensional generalization of the Hidden Number Problem and generalize the Boneh-Venkatesan method for solving it in polynomial time. We then use this to analyze a key recovery (decoding) attack on LWE which runs in polynomial time using the LLL lattice basis reduction algorithm and Babai&#39;s nearest planes method. We prove that success can be guaranteed with overwhelming probability when the error distribution is narrow enough and $q\geq 2^{O(n)}$, where $n$ is the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2014/806" class="paperlink" href="/2014/806">2014/806</a> <span class="ms-2"><a href="/2014/806.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2014-10-15</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Summation polynomial algorithms for elliptic curves in characteristic two</strong> <div class="mt-1"><span class="fst-italic">Steven D. Galbraith, Shishay W. Gebregiyorgis</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The paper is about the discrete logarithm problem for elliptic curves over characteristic 2 finite fields F_2^n of prime degree n. We consider practical issues about index calculus attacks using summation polynomials in this setting. The contributions of the paper include: a choice of variables for binary Edwards curves (invariant under the action of a relatively large group) to lower the degree of the summation polynomials; a choice of factor base that “breaks symmetry” and increases the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2014/711" class="paperlink" href="/2014/711">2014/711</a> <span class="ms-2"><a href="/2014/711.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2014-09-11</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>New Class of Multivariate Public Key Cryptosystem, K(XI)RSE(2)PKC, Constructed based on Reed-Solomon Code Along with K(X)RSE(2)PKC over $\mathbb{F}_2$</strong> <div class="mt-1"><span class="fst-italic">Masao KASAHARA</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Extensive studies have been made of the public key cryptosystems based on multivariate polynomials (Multi-variate PKC, MPKC) over $\mathbb{F}_2$ and $\mathbb{F}_2^m$. However most of the proposed MPKC are proved not secure. In this paper, we propose a new class of MPKC based on Reed-Solomon code, referred to as K(XI)RSE(2)PKC. In Appendix, we present another class of MPKC referred to as K(X)RSE(2)PKC over $\mathbb{F}_2$. Both K(X)RSE(2)PKC and K(XI)RSE(2)PKC yield the coding rate of 1.0. We...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2014/360" class="paperlink" href="/2014/360">2014/360</a> <span class="ms-2"><a href="/2014/360.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2014-09-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>McEliece in the world of Escher</strong> <div class="mt-1"><span class="fst-italic">Danilo Gligoroski, Simona Samardjiska, Håkon Jacobsen, Sergey Bezzateev</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">We present a new family of linear binary codes of length n and dimension k accompanied with a fast list decoding algorithm that can correct up to n/2 errors in a bounded channel with an error density $\rho$. The decisional problem of decoding random codes using these generalized error sets is NP-complete. Next we use the properties of these codes to design both an encryption scheme and a signature scheme. Although in the open literature there have been several proposals how to produce...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2013/799" class="paperlink" href="/2013/799">2013/799</a> <span class="ms-2"><a href="/2013/799.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2013-12-01</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>New Insight into the Isomorphism of Polynomials problem IP1S and its Use in Cryptography</strong> <div class="mt-1"><span class="fst-italic">Gilles Macario-Rat, Jérôme Plût, Henri Gilbert</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper investigates the mathematical structure of the ``Isomorphism of Polynomial with One Secret&#39;&#39; problem (IP1S). Our purpose is to understand why for practical parameter values of IP1S most random instances are easily solvable (as first observed by Bouillaguet et al.). We show that the structure of the problem is directly linked to the structure of quadratic forms in odd and even characteristic. We describe a completely new method allowing to efficiently solve most instances. Unlike...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2013/596" class="paperlink" href="/2013/596">2013/596</a> <span class="ms-2"><a href="/2013/596.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2013-09-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Solving the Elliptic Curve Discrete Logarithm Problem Using Semaev Polynomials, Weil Descent and Gröbner Basis Methods -- an Experimental Study</strong> <div class="mt-1"><span class="fst-italic">Michael Shantz, Edlyn Teske</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">At ASIACRYPT 2012, Petit and Quisquater suggested that there may be a subexponential-time index-calculus type algorithm for the Elliptic Curve Discrete Logarithm Problem (ECDLP) in characteristic two fields. This algorithm uses Semaev polynomials and Weil Descent to create a system of polynomial equations that subsequently is to be solved with Gröbner basis methods. Its analysis is based on heuristic assumptions on the performance of Gröbner basis methods in this particular setting. While...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2013/060" class="paperlink" href="/2013/060">2013/060</a> <span class="ms-2"><a href="/2013/060.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2013-05-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>On FHE without bootstrapping</strong> <div class="mt-1"><span class="fst-italic">Aayush Jain</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">We investigate the use of multivariate polynomials in constructing a fully homomorphic encryption. In this work we come up with two fully homomorphic schemes. First, we propose an IND-CPA secure symmetric key homomorphic encryption scheme using multivariate polynomial ring over finite fields. This scheme gives a method of constructing a CPA secure homomorphic encryption scheme from another symmetric deterministic CPA secure scheme. We base the security of the scheme on pseudo random...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2012/241" class="paperlink" href="/2012/241">2012/241</a> <span class="ms-2"><a href="/2012/241.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2012-04-30</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Key distribution system and attribute-based encryption</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">I propose the new key distribution system and attribute-based encryption scheme on non-commutative ring where the complexity required for enciphering and deciphering is small. As in this system encryption keys and decryption keys involve the attributes of each user, the system is adaptive for cloud computing systems. The security of this system is based on the complexity for solving the multivariate algebraic equations of high degree over finite field, that is, one of NP complete problems....</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2012/199" class="paperlink" href="/2012/199">2012/199</a> <span class="ms-2"><a href="/2012/199.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2013-06-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Using Symmetries in the Index Calculus for Elliptic Curves Discrete Logarithm</strong> <div class="mt-1"><span class="fst-italic">Jean-Charles Faugère, Pierrick Gaudry, Louise Huot, Guénaël Renault</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In 2004, an algorithm is introduced to solve the DLP for elliptic curves defined over a non prime finite field $\F_{q^n}$. One of the main steps of this algorithm requires decomposing points of the curve $E(\F_{q^n})$ with respect to a factor base, this problem is denoted PDP. In this paper, we will apply this algorithm to the case of Edwards curves, the well-known family of elliptic curves that allow faster arithmetic as shown by Bernstein and Lange. More precisely, we show how to take...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2012/079" class="paperlink" href="/2012/079">2012/079</a> <span class="ms-2"><a href="/2012/079.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2012-02-23</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Public Key Cryptosystems Constructed Based on Reed-Solomon Codes, K(XV)SE(2)PKC, Realizing Coding Rate of Exactly 1.0</strong> <div class="mt-1"><span class="fst-italic">Masao KASAHARA</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we present a new class of public-key cryptosystems, K(XV)SE(2)PKC realizing the coding rate of exactly 1.0, based on Reed-Solomon codes(RS codes). We show that K(XV)SE(2)PKC is secure against the various attacks including the attacks based on the Gröbner basis calcula&amp;#65364;ion (Gröbner basis attack, GB attack) and a linear transformation attack.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2011/690" class="paperlink" href="/2011/690">2011/690</a> <span class="ms-2"><a href="/2011/690.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2011-12-23</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A New Class of Multivariate Public Key Cryptosystem Constructed on the Basis of Message-Dependent Transformation</strong> <div class="mt-1"><span class="fst-italic">Masao KASAHARA</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, a new class of Public-Key Cryptosystem(PKC) based on Random Simultaneous Equation of degree g(RSE(g)PKC) is presented. The proposed scheme uses a new class of trap-doors based on two classes of transformation, i.e. random transformation and message-dependent random transformation. For constructing the proposed scheme,random transformations X and &amp;#936; are used. The transformation &amp;#936; would yield a breakthrough to a &amp;#64257;eld of multivaliate cryptosystem in a sense that...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2011/598" class="paperlink" href="/2011/598">2011/598</a> <span class="ms-2"><a href="/2011/598.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2011-11-10</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>New Subexponential Algorithms for Factoring in $SL(2,\fq)$</strong> <div class="mt-1"><span class="fst-italic">Jean-Charles Faugère, Ludovic Perret, Christophe Petit, Guénaël Renault</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Cayley hash functions are a particular kind of cryptographic hash functions with very appealing properties. Unfortunately, their security is related to a mathematical problem whose hardness is not very well understood, the {factorization problem in finite groups}. Given a group $G$, a set of generators $\gen$ for this group and an element $g\in G$, the factorization problem asks for a ``short&#39;&#39; representation of $g$ as a product of the generators. In this paper, we provide a new algorithm...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2011/573" class="paperlink" href="/2011/573">2011/573</a> <span class="ms-2"><a href="/2011/573.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2011-10-25</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A New Class of Multivariate Public Key Cryptosystems Constructed Based on Random Pseudo Cyclic Codes, K(XIII)SE(2)PKC, Realizing Coding Rate of Exactly 1.0</strong> <div class="mt-1"><span class="fst-italic">Masao Kasahara</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we present a new class of multivariate public-key cryptosystems, K(XIII)SE(2)PKC realizing the coding rate of exactly 1.0, based on random pseudo cyclic codes. The K(XIII)SE(2)PKC is constructed on the basis of K(IX)SE(1)PKC, formerly presented by the author. We show that K(XIII)SE(2)PKC is secure against the various attacks including the attack based on the Gröbner bases calculaion(GB attack) and the rank attack.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2011/545" class="paperlink" href="/2011/545">2011/545</a> <span class="ms-2"><a href="/2011/545.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2011-10-11</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Public Key Cryptosystems Constructed Based on Random Pseudo Cyclic Codes, K(IX)SE(1)PKC, Realizing Coding Rate of Exactly 1.0</strong> <div class="mt-1"><span class="fst-italic">Masao Kasahara</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we present a new class of public-key cryptosystems, K(IX)SE(1)PKC realizing the coding rate of exactly 1.0, based on random pseudo cyclic codes. We show that K(IX)SE(1)PKC is secure against the various attacks including the attack based on the Gröbner bases calculaion (GB attack).</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2011/399" class="paperlink" href="/2011/399">2011/399</a> <span class="ms-2"><a href="/2011/399.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2011-07-28</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Cryptanalysis of HFE, Multi-HFE and Variants for Odd and Even Characteristic</strong> <div class="mt-1"><span class="fst-italic">Luk Bettale, Jean-Charles Faugère, Ludovic Perret</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We investigate in this paper the security of HFE and Multi-HFE schemes as well as their minus and embedding variants. Multi-HFE is a generalization of the well-known HFE schemes. The idea is to use a multivariate quadratic system -- instead of a univariate polynomial in HFE -- over an extension field as a private key. According to the authors, this should make the classical direct algebraic (message-recovery) attack proposed by Faugère and Joux on HFE no longer efficient against Multi-HFE....</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2011/353" class="paperlink" href="/2011/353">2011/353</a> <span class="ms-2"><a href="/2011/353.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2011-07-04</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Hidden Pair of Bijection Signature Scheme</strong> <div class="mt-1"><span class="fst-italic">Masahito Gotaishi, Shigeo Tsujii</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">A new signature system of multivariate public key cryptosys- tem is proposed. The new system, Hidden Pair of Bijection (HPB), is the advanced version of the Complementary STS system. This system real- ized both high security and quick signing. Experiments showed that the cryptanalysis of HPB by Gröbner bases has no less complexity than the random polynomial systems. It is secure against other way of cryptanalysis effective for Complementary STS. On the other hand, since it is based on...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2011/289" class="paperlink" href="/2011/289">2011/289</a> <span class="ms-2"><a href="/2011/289.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2012-11-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Polly Cracker, Revisited</strong> <div class="mt-1"><span class="fst-italic">Martin R. Albrecht, Jean-Charles Faugère, Pooya Farshim, Gottfried Herold, Ludovic Perret</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">We initiate the formal treatment of cryptographic constructions based on the hardness of computing remainders modulo an ideal in multivariate polynomial rings. Of particular interest to us is a class of schemes known as &#34;Polly Cracker.&#34; We start by formalising and studying the relation between the ideal remainder problem and the problem of computing a Gröbner basis. We show both positive and negative results. On the negative side, we define a symmetric Polly Cracker encryption scheme and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2011/164" class="paperlink" href="/2011/164">2011/164</a> <span class="ms-2"><a href="/2011/164.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2012-01-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>On the relation between the MXL family of algorithms and Gröbner basis algorithms</strong> <div class="mt-1"><span class="fst-italic">Martin Albrecht, Carlos Cid, Jean-Charles Faugère, Ludovic Perret</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-FOUNDATIONS">Foundations</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The computation of Gröbner bases remains one of the most powerful methods for tackling the Polynomial System Solving (PoSSo) problem. The most efficient known algorithms reduce the Gröbner basis computation to Gaussian eliminations on several matrices. However, several degrees of freedom are available to generate these matrices. It is well known that the particular strategies used can drastically affect the efficiency of the computations. In this work we investigate a recently-proposed...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2011/036" class="paperlink" href="/2011/036">2011/036</a> <small class="ms-auto">Last updated: 2011-06-12</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>The Complexity Analysis of the MutantXL Family</strong> <div class="mt-1"><span class="fst-italic">Mohamed Saied Emam Mohamed, Jintai Ding, Johannes Buchmann</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">Algebraic attacks are based on the problem of solving systems of multivariate polynomial equations. The complexity of algorithms for solving this problem is essentially affected by the method of enlarging these multivariate systems. The MutantXL algorithm was presented as an efficient algorithm for solving multivariate systems. In this paper, we study the complexity of the MutantXL algorithm and give an upper bound to the number of mutants necessary for terminating the computations of the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2010/596" class="paperlink" href="/2010/596">2010/596</a> <span class="ms-2"><a href="/2010/596.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2012-07-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Solving Systems of Multivariate Quadratic Equations over Finite Fields or: From Relinearization to MutantXL</strong> <div class="mt-1"><span class="fst-italic">Enrico Thomae, Christopher Wolf</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">In this article we investigate algorithms for solving non-linear multivariate equations over finite fields and the relation between them. For non binary fields usually computing the Gröbner basis of the corresponding ideal is the best choice in this context. One class of algorithms is based on Buchberger&#39;s algorithm. Today&#39;s best algorithms like F_4 and F_5 belong to this class. Another strategy to solve such systems is called eXtended Linearization (XL) from Eurocrypt 2000. In the past both...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2010/557" class="paperlink" href="/2010/557">2010/557</a> <small class="ms-auto">Last updated: 2011-01-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Digital Signature Based on Multivariate Polynomials over Fq</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">We propose the digital signature scheme based on multivariate polynomials over finite fields in this paper. We generate the multivariate a polynomial of high degree F(X) . We construct the digital signature scheme using F(X). Our system is immune from the Gröbner bases attacks because obtaining parameters of F(X) to be secret keys arrives at solving the multivariate algebraic equations that is one of NP complete problems .</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2010/516" class="paperlink" href="/2010/516">2010/516</a> <span class="ms-2"><a href="/2010/516.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2010-10-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Key Agreement Protocols Based on Multivariate Polynomials over Fq</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper we propose new key agreement protocols based on multivariate polynomials over finite field Fq. We concretely generate the multivariate polynomial F(X)\in Fq[x1,..,xn] such that F(X)=\sum^m_{i=1} ki[Ai(X)^d+ Ai(X)^{d-1}+ ..+ Ai(X)] where Ai(X) =ai1x1+…+ainxn ,coefficients ki , aij\in Fq (i=1,..,m:j=1,..,n) and variables X=(x1,..,xn)^T \in Fq[x1,..,xn]^n. The common key K(X) has the form such that K(X)=\sum^m_{i=1}hi F((bi1x1,...,binxn)^T) where hi ,bij\in Fq (i=1,..,m:j=1,..,n)...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2010/458" class="paperlink" href="/2010/458">2010/458</a> <span class="ms-2"><a href="/2010/458.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2010-11-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Key Agreement Protocols Using Multivariate Equations on Non-commutative Ring</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper we propose two KAP(key agreement protocols) using multivariate equations. As the enciphering functions we select the multivariate functions of high degree on non-commutative ring H over finite field Fq. Two enciphering functions are slightly different from the enciphering function previously proposed by the present author. In proposed systems we can adopt not only the quaternion ring but also the non-associative octonion ring as the basic ring. Common keys are generated by...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2010/377" class="paperlink" href="/2010/377">2010/377</a> <span class="ms-2"><a href="/2010/377.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2010-08-15</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Key Agreement Protocols Based on Multivariate Algebraic Equations on Quaternion Ring</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper we propose new key agreement protocols based on multivariate algebraic equations. We choose the multivariate function F(X) of high degree on non-commutative quaternion ring H over finite field Fq. Common keys are generated by using the public-key F(X). Our system is immune from the Gröbner bases attacks because obtaining parameters of F(X) to be secret keys arrives at solving the multivariate algebraic equations that is one of NP complete problems .Our protocols are also...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2010/352" class="paperlink" href="/2010/352">2010/352</a> <span class="ms-2"><a href="/2010/352.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2010-06-27</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Digital Signature Using Multivariate Functions on Quaternion Ring</strong> <div class="mt-1"><span class="fst-italic">Masahiro Yagisawa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We propose the digital signature scheme on non-commutative quaternion ring over finite fields in this paper. We generate the multivariate function of high degree F(X) . We construct the digital signature scheme using F(X). Our system is immune from the Gröbner bases attacks because obtaining parameters of F(X) to be secret keys arrives at solving the multivariate algebraic equations that is one of NP complete problems .</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2010/158" class="paperlink" href="/2010/158">2010/158</a> <span class="ms-2"><a href="/2010/158.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2010-03-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A variant of the F4 algorithm</strong> <div class="mt-1"><span class="fst-italic">Antoine Joux, Vanessa Vitse</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">Algebraic cryptanalysis usually requires to find solutions of several similar polynomial systems. A standard tool to solve this problem consists of computing the Gröbner bases of the corresponding ideals, and Faugère&#39;s F4 and F5 are two well-known algorithms for this task. In this paper, we present a new variant of the F4 algorithm which is well suited to algebraic attacks of cryptosystems since it is designed to compute Gröbner bases of a set of polynomial systems having the same shape. It...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2010/157" class="paperlink" href="/2010/157">2010/157</a> <span class="ms-2"><a href="/2010/157.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2010-03-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Elliptic Curve Discrete Logarithm Problem over Small Degree Extension Fields. Application to the static Diffie-Hellman problem on $E(\F_{q^5})$</strong> <div class="mt-1"><span class="fst-italic">Antoine Joux, Vanessa Vitse</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">In 2008 and 2009, Gaudry and Diem proposed an index calculus method for the resolution of the discrete logarithm on the group of points of an elliptic curve defined over a small degree extension field $\F_{q^n}$. In this paper, we study a variation of this index calculus method, improving the overall asymptotic complexity when $\log q \leq c n^3$. In particular, we are able to successfully obtain relations on $E(\F_{p^5})$, whereas the more expensive computational complexity of Gaudry and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2010/118" class="paperlink" href="/2010/118">2010/118</a> <span class="ms-2"><a href="/2010/118.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2010-03-05</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Proposal of a Signature Scheme based on STS Trapdoor</strong> <div class="mt-1"><span class="fst-italic">Shigeo Tsujii, Masahito Gotaishi, Kohtaro Tadaki, Ryou Fujita</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">A New digital signature scheme based on Stepwise Triangular Scheme (STS) is proposed. The proposed trapdoor has resolved the vulnerability of STS and secure against both Gröbner Bases and Rank Attacks. In addition, as a basic trapdoor, it is more efficient than the existing systems. With the efficient implementation, the Multivariate Public Key Cryptosystems (MPKC) signature public key has the signature longer than the message by less than 25 %, for example.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2009/619" class="paperlink" href="/2009/619">2009/619</a> <span class="ms-2"><a href="/2009/619.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2009-12-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Family of Weak Keys in HFE (and the Corresponding Practical Key-Recovery)</strong> <div class="mt-1"><span class="fst-italic">Charles Bouillaguet, Pierre-Alain Fouque, Antoine Joux, Joana Treger</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The HFE (Hidden Field Equations) cryptosystem is one of the most interesting public-key multivariate scheme. It has been proposed more than 10 years ago by Patarin and seems to withstand the attacks that break many other multivariate schemes, since only subexponential ones have been proposed. The public key is a system of quadratic equations in many variables. These equations are generated from the composition of the secret elements: two linear mappings and a polynomial of small degree over...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2009/583" class="paperlink" href="/2009/583">2009/583</a> <span class="ms-2"><a href="/2009/583.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2010-02-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Differential-Algebraic Algorithms for the Isomorphism of Polynomials Problem</strong> <div class="mt-1"><span class="fst-italic">Charles Bouillaguet, Jean-Charles Faugère, Pierre-Alain Fouque, Ludovic Perret</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we investigate the difficulty of the Isomorphism of Polynomials (IP) Problem as well as one of its variant IP1S. The Isomorphism of Polynomials is a well-known problem studied more particularly in multivariate cryptography as it is related to the hardness of the key recovery of such cryptosystems. The problem is the following: given two families of multivariate polynomials~$\A$ and~$\B$, find two invertible linear (or affine) mappings $S$ and $T$ such that $\B=T\circ \A...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2009/483" class="paperlink" href="/2009/483">2009/483</a> <span class="ms-2"><a href="/2009/483.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2009-10-05</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>On the Security of UOV</strong> <div class="mt-1"><span class="fst-italic">Jean-Charles Faugère, Ludovic Perret</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this short note, we investigate the security of the Unbalanced Oil and Vinegar Scheme \cite{uov}. To do so, we use a hybrid approach for solving the algebraic systems naturally arising when mounting a signature-forgery attack. The basic idea is to compute Gröbner bases of several modified systems rather than a Gröbner basis of the initial system. It turns out that our approach is efficient in practice. We have obtained a complexity bounded from above by $2^{40.3}$ (or $9$ hours of...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2009/151" class="paperlink" href="/2009/151">2009/151</a> <span class="ms-2"><a href="/2009/151.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2010-01-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Euclid&#39;s Algorithm, Guass&#39; Elimination and Buchberger&#39;s Algorithm</strong> <div class="mt-1"><span class="fst-italic">Shaohua Zhang</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">It is known that Euclid&#39;s algorithm, Guass&#39; elimination and Buchberger&#39;s algorithm play important roles in algorithmic number theory, symbolic computation and cryptography, and even in science and engineering. The aim of this paper is to reveal again the relations of these three algorithms, and, simplify Buchberger&#39;s algorithm without using multivariate division algorithm. We obtain an algorithm for computing the greatest common divisor of several positive integers, which can be regarded as...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2009/108" class="paperlink" href="/2009/108">2009/108</a> <span class="ms-2"><a href="/2009/108.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2009-03-30</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Further Results on Implicit Factoring in Polynomial Time</strong> <div class="mt-1"><span class="fst-italic">Santanu Sarkar, Subhamoy Maitra</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-FOUNDATIONS">Foundations</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In PKC 2009, May and Ritzenhofen presented interesting problems related to factoring large integers with some implicit hints. One of the problems is as follows. Consider $N_1 = p_1 q_1$ and $N_2 = p_2 q_2$, where $p_1, p_2, q_1, q_2$ are large primes. The primes $p_1, p_2$ are of same bit-size with the constraint that certain amount of Least Significant Bits (LSBs) of $p_1, p_2$ are same. Further the primes $q_1, q_2$ are of same bit-size without any constraint. May and Ritzenhofen proposed...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2008/543" class="paperlink" href="/2008/543">2008/543</a> <span class="ms-2"><a href="/2008/543.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2008-12-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Odd-Char Multivariate Hidden Field Equations</strong> <div class="mt-1"><span class="fst-italic">Chia-Hsin Owen Chen, Ming-Shing Chen, Jintai Ding, Fabian Werner, Bo-Yin Yang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We present a multivariate version of Hidden Field Equations (HFE) over a finite field of odd characteristic, with an extra ``embedding&#39;&#39; modifier. Combining these known ideas makes our new MPKC (multivariate public key cryptosystem) more efficient and scalable than any other extant multivariate encryption scheme. Switching to odd characteristics in HFE-like schemes affects how an attacker can make use of field equations. Extensive empirical tests (using MAGMA-2.14, the best commercially...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2008/514" class="paperlink" href="/2008/514">2008/514</a> <span class="ms-2"><a href="/2008/514.pdf">(PDF)</a></span> <span class="ms-2"><a href="/2008/514.ps">(PS)</a></span> <small class="ms-auto">Last updated: 2008-12-09</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Noncommutative Polly Cracker-type cryptosystems and chosen-ciphertext security</strong> <div class="mt-1"><span class="fst-italic">Tapan Rai, Stanislav Bulygin</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper we consider chosen-ciphertext attacks against noncommutative Polly Cracker-type cryptosystems. We present several versions of these attacks, as well as techniques to counter them. First we introduce a chosen-ciphertext attack, which assumes a very simple private key. We then present generalizations of this attack which are valid in more general situations, and propose a simple but effective technique to counter these attacks. Finally, we show how this technique can also be...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2008/166" class="paperlink" href="/2008/166">2008/166</a> <span class="ms-2"><a href="/2008/166.pdf">(PDF)</a></span> <span class="ms-2"><a href="/2008/166.ps">(PS)</a></span> <small class="ms-auto">Last updated: 2008-04-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards</strong> <div class="mt-1"><span class="fst-italic">Nicolas T. Courtois, Karsten Nohl, Sean O&#39;Neil</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">MiFare Crypto 1 is a lightweight stream cipher used in London&#39;s Oyster card, Netherland&#39;s OV-Chipcard, US Boston&#39;s CharlieCard, and in numerous wireless access control and ticketing systems worldwide. Recently, researchers have been able to recover this algorithm by reverse engineering. We have examined MiFare from the point of view of the so called &#34;algebraic attacks&#34;. We can recover the full 48-bit key of MiFare algorithm in 200 seconds on a PC, given 1 known IV (from one single...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2007/152" class="paperlink" href="/2007/152">2007/152</a> <span class="ms-2"><a href="/2007/152.pdf">(PDF)</a></span> <span class="ms-2"><a href="/2007/152.ps">(PS)</a></span> <small class="ms-auto">Last updated: 2007-05-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>CTC2 and Fast Algebraic Attacks on Block Ciphers Revisited</strong> <div class="mt-1"><span class="fst-italic">Nicolas T. Courtois</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The cipher CTC (Courtois Toy Cipher) has been designed to demonstrate that it is possible to break on a PC a block cipher with good diffusion and very small number of known (or chosen) plaintexts. It has however never been designed to withstand all known attacks on block ciphers and Dunkelman and Keller have shown that a few bits of the key can be recovered by Linear Cryptanalysis (LC) - which cannot however compromise the security of a large key. This weakness can easily be avoided: in this...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2006/402" class="paperlink" href="/2006/402">2006/402</a> <span class="ms-2"><a href="/2006/402.pdf">(PDF)</a></span> <span class="ms-2"><a href="/2006/402.ps">(PS)</a></span> <small class="ms-auto">Last updated: 2007-09-09</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Algebraic Cryptanalysis of the Data Encryption Standard</strong> <div class="mt-1"><span class="fst-italic">Nicolas T. Courtois, Gregory V. Bard</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In spite of growing importance of AES, the Data Encryption Standard is by no means obsolete. DES has never been broken from the practical point of view. The triple DES is believed very secure, is widely used, especially in the financial sector, and should remain so for many many years to come. In addition, some doubts have been risen whether its replacement AES is secure, given the extreme level of ``algebraic vulnerability&#39;&#39; of the AES S-boxes (their low I/O degree and exceptionally large...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2006/098" class="paperlink" href="/2006/098">2006/098</a> <span class="ms-2"><a href="/2006/098.pdf">(PDF)</a></span> <span class="ms-2"><a href="/2006/098.ps">(PS)</a></span> <small class="ms-auto">Last updated: 2006-07-07</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Gröbner Basis Based Cryptanalysis of SHA-1</strong> <div class="mt-1"><span class="fst-italic">Makoto Sugita, Mitsuru Kawazoe, Hideki Imai</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-FOUNDATIONS">Foundations</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Recently, Wang proposed a new method to cryptanalyze SHA-1 and found collisions of $58$-round SHA-1. However many details of Wang&#39;s attack are still unpublished, especially, 1) How to find differential paths? 2) How to modify messages properly? For the first issue, some results have already been reported. In our article, we clarify the second issue and give a sophisticated method based on Gröbner basis techniques. We propose two algorithm based on the basic and an improved message...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2006/051" class="paperlink" href="/2006/051">2006/051</a> <span class="ms-2"><a href="/2006/051.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2006-02-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Proposal for Piece In Hand Matrix Ver.2: General Concept for Enhancing Security of Multivariate Public Key Cryptosystems</strong> <div class="mt-1"><span class="fst-italic">Shigeo Tsujii, Kohtaro Tadaki, Ryou Fujita</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We proposed the concept, piece in hand (soldiers in hand) matrix and have developed the framework based on the concept so far. The piece in hand matrix is a general concept which can be applicable to any type of multivariate public key cryptosystems to enhance their security. In this paper, we make improvements in the PH matrix method as follows. (i) In the PH matrix method, an arbitrary number of additional variables can be introduced to the random polynomial term in the public key, which...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2005/312" class="paperlink" href="/2005/312">2005/312</a> <span class="ms-2"><a href="/2005/312.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2005-09-12</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A New Efficient Algorithm for Solving Systems of Multivariate Polynomial Equations</strong> <div class="mt-1"><span class="fst-italic">Xijin Tang, Yong Feng</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">The security of many recently proposed cryptosystems is based on the difficulty of solving large systems of quadratic multivariate polynomial equations. The classical algorithm for solving such a system is Buchberger&#39;s algorithm for constructing Gröbner bases. Another algorithm for solving such a system is XL algorithm. For sparse system, Buchberger&#39;s algorithm benefits from sparsity of the system, but its complexity is impractical and hard to determine. XL could not make a good use of...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2004/222" class="paperlink" href="/2004/222">2004/222</a> <span class="ms-2"><a href="/2004/222.pdf">(PDF)</a></span> <span class="ms-2"><a href="/2004/222.ps">(PS)</a></span> <small class="ms-auto">Last updated: 2005-08-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Study of the Security of Unbalanced Oil and Vinegar Signature Schemes</strong> <div class="mt-1"><span class="fst-italic">An Braeken, Christopher Wolf, Bart Preneel</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The Unbalanced Oil and Vinegar scheme (UOV) is a signature scheme based on multivariate quadratic equations. It uses $m$ equations and $n$ variables. A total of $v$ of these are called ``vinegar variables&#34;. In this paper, we study its security from several points of view. First, we are able to demonstrate that the constant part of the affine transformation does not contribute to the security of UOV and should therefore be omitted. Second, we show that the case $n \geq 2m$ is particularly...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2002/138" class="paperlink" href="/2002/138">2002/138</a> <span class="ms-2"><a href="/2002/138.pdf">(PDF)</a></span> <span class="ms-2"><a href="/2002/138.ps">(PS)</a></span> <small class="ms-auto">Last updated: 2002-09-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>On the Security of HFE, HFEv- and Quartz</strong> <div class="mt-1"><span class="fst-italic">Nicolas T. Courtois, Magnus Daum, Patrick Felke</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Quartz is a signature scheme based on an HFEv- trapdoor function published at Eurocrypt 1996. In this paper we study &#34;inversion&#34; attacks for Quartz, i.e. attacks that solve the system of multivariate equations used in Quartz. We do not cover some special attacks that forge signatures without inversion. We are interested in methods to invert the HFEv- trapdoor function or at least to distinguish it from a random system of the same size. There are 4 types of attacks known on HFE:...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2002/087" class="paperlink" href="/2002/087">2002/087</a> <span class="ms-2"><a href="/2002/087.pdf">(PDF)</a></span> <span class="ms-2"><a href="/2002/087.ps">(PS)</a></span> <small class="ms-auto">Last updated: 2003-02-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Higher Order Correlation Attacks, XL algorithm and Cryptanalysis of Toyocrypt</strong> <div class="mt-1"><span class="fst-italic">Nicolas T. Courtois</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">There is abundant literature on how to use linear approximations to break various stream ciphers. In this paper we show that it is possible to design an efficient attack based on higher degree approximations. We reduce the attack to solving an overdefined system of multivariate equations and use the XL algorithm from Eurocrypt 2000. The complexity of the XL algorithm is sometimes controversial, however in practice and for the cases relevant here (much more equations than variables), we show...</p> </div> </div> </div> </div> </div> <script> document.getElementById('clearButton').addEventListener('click', function(ev) { document.querySelectorAll('input').forEach(el => { el.value = ''; }); document.getElementById('category').selectedIndex = "0"; }); function validateForm() { // check that dates are compatible. let submittedAfter = document.getElementById('submittedafter'); let submittedBefore = document.getElementById('submittedbefore'); let revisedAfter = document.getElementById('revisedafter'); let revisedBefore = document.getElementById('revisedbefore'); if (submittedAfter.value && submittedBefore.value && submittedAfter.value > submittedBefore.value) { submittedAfter.classList.add('is-invalid'); submittedBefore.classList.add('is-invalid'); return false; } if (revisedAfter.value && revisedBefore.value && revisedAfter.value > revisedBefore.value) { revisedAfter.classList.add('is-invalid'); revisedBefore.classList.add('is-invalid'); return false; } if (revisedBefore.value && submittedAfter.value && revisedBefore.value < submittedAfter.value) { revisedBefore.classList.add('is-invalid'); submittedAfter.classList.add('is-invalid'); return false; } return true; } </script> <script src="/js/mark.min.js"></script> <script> var instance = new Mark("div.results"); let urlParams = new URLSearchParams(window.location.search); if (urlParams.get('q')) { instance.mark(urlParams.get('q')); } if (urlParams.get('title')) { instance.mark(urlParams.get('title')); } if (urlParams.get('authors')) { instance.mark(urlParams.get('authors')); } </script> <!-- --> </main> <div class="container-fluid mt-auto" id="eprintFooter"> <a href="https://iacr.org/"> <img id="iacrlogo" src="/img/iacrlogo_small.png" class="img-fluid d-block mx-auto" alt="IACR Logo"> </a> <div class="colorDiv"></div> <div class="alert alert-success w-75 mx-auto"> Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content. </div> </div> <script src="/css/bootstrap/js/bootstrap.bundle.min.js"></script> <script> var topNavbar = document.getElementById('topNavbar'); if (topNavbar) { document.addEventListener('scroll', function(e) { if (window.scrollY > 100) { topNavbar.classList.add('scrolled'); } else { topNavbar.classList.remove('scrolled'); } }) } </script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10