Final Report

1
Final Report

• A New Variant of the Matsumoto-Imai Cryptosystems
  through Perturbation

2
Abstract

• Matsumoto Imai cryptosystems was broken by
  Patarin
• Propose a new variant of MI system, inspired by
  the idea of perturbationadding random
  quadratic function with no new variables gain.
• Unlike HFE and Oil-Vinegar system
• A practical implementation example of 136 bits

3
Conclu.sion!?

• PMI system is a new multivariable cryptosystem
• , it can combine with HFE method in order to
  improve the security and also considered to be a
  better cryptosystem then RSA and some of the
  multivariable cryptosystems.
• The argument about security and efficiency in
  this paper is based on intuitive and rough ideas
  and not on strict mathematical arguments.

4
Original MI system

• Two invertible affine linear maps L1 and L2 and a
  hidden monomial F with the relation below

5
Extend MI system

• 1 ) Minus-Plus method
• Minus some quadratic polynomial components and/or
  add some randomly chosen quadratic ones.
• Suitable for signature schemes
• ExampleSFLASH (by Shamir)

6
Extend MI system(conti.)

• 2 ) Hidden Field Equation Method
• A need not be small, but bigger one results
  slower decryption process ( by Kipnis and Shamir )

7
Extend MI system(conti.)

• 3 ) HFE and Oil-Vinegar Method
• HFE with new variables mixed
• Also can be broken by algebraic method ( ALSO by
  Kipnis and Shamir )

8
New ConstructionPerturbation MI system

• 1 ) Randomly chooser linearly independent
• functions
• 2 ) Add randomly quadratic polynomial of zi
• to define a new map

9
Perturbation MI system (conti.)

• fkr ? kn
• Pa set consist of all pairs (?,µ)
• s.t f(µ) ?
• Pqr, probabilistically

10
Compare with PMI and MI system

• MI cipher
• PMI cipher

11
Compare with PMI and MI system(conti)

• Public Key n quadratic polynomials
• Private KeyPMI system need to store additional
  linear functions zi and the set of points in P
• Encryption

12
Decryption of PMI system

• By a factor of qr, the decryption is slower

13
Security Analysis of PMI system

• The Attack by Linearization Method
• cant due to n-C(r,2) equations available
• The Attack Methods to the MI Minus Systems
• cant, cause no terms missing and one way is
  guess with probability 1/64, but no way to judge
  if anyone is the right guess or not

14
Security Analysis of PMI system(conti.)

• The Attack Methods on the HFE
• The main methods to resist when PMI
• designs. perturbed polynomials can't be
  written into low rank quadratic form. (Minrank
  method)
• XL Attack
• We believe that the security of our system has
  the attack complexity of 2100

15
Comparison with RSA

• SecurityRSA 512 is needed
• PMI F2136
• Key sizeRSA 1.5K
• PMI 1M
• DecryptionPMI is much faster

16
Comparison with other Multivariable Cryptosystem

• The implementation of multivariable cryptosystem
  is for either authentication purpose or
  encryption purpose.
• The main examples of signature schemes are Quartz
  schemes and Sflash schemes
• In short, PMI is better (..)

17
Real Conclusion

• This paper is a suggestion of a new multivariable
  cryptosystem
• The main purpose of this paper is to introduce
  the theoretical idea of internal perturbation,
  which we believe is a very general and applicable
  idea.

18
?????