### Abstract

Researching post-quantum cryptography has been an important task in cryptography. The section finding problem on algebraic surfaces (AS-SFP) is considered to be intractable also after building quantum computers. Thus AS-SFP is used as a basis of the security of the Algebraic Surface Cryptosystem (ASC), which is a candidate of post-quantum cryptosystems, and it is important for designing parameters which make ASC secure to estimate the complexity of AS-SFP. Solving AS-SFP is reduced to solving certain multivariate equation systems (section equation systems) of high degrees, and one can solve such equation systems by using the Gröbner basis technique. Although estimating the complexity of computing a Gröbner basis associated with an equation system is difficult in general, it becomes easy if the equation system is semi-regular. In this paper, we experimentally estimate the complexity of AS-SFP. From our experimental results, although we see that section equation systems do not become semi-regular in most cases for small parameters, we can infer parameters closely related to the difficulty of computing Gröbner bases associated with section equation systems. According to our inference, we estimate the complexity of AS-SFP and parameters which make ASC 128-bit security against the attack by the Gröbner basis technique. We also consider a brute-force attack against ASSFP and conjecture that the brute-force attack is more efficient than the attack by the Gröbner basis technique. Finally, we estimate parameters and sizes of public keys such that ASC has 128-bit security against the brute-force attack. Its size (876 bits) is much smaller than sizes of public keys in other efficient candidates of PQC.

Original language | English |
---|---|

Title of host publication | Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016 |

Publisher | Institute of Electrical and Electronics Engineers Inc. |

Pages | 28-36 |

Number of pages | 9 |

ISBN (Electronic) | 9781509026555 |

DOIs | |

Publication status | Published - Jan 13 2017 |

Event | 4th International Symposium on Computing and Networking, CANDAR 2016 - Hiroshima, Japan Duration: Nov 22 2016 → Nov 25 2016 |

### Publication series

Name | Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016 |
---|

### Other

Other | 4th International Symposium on Computing and Networking, CANDAR 2016 |
---|---|

Country | Japan |

City | Hiroshima |

Period | 11/22/16 → 11/25/16 |

### Fingerprint

### All Science Journal Classification (ASJC) codes

- Computer Science Applications
- Hardware and Architecture
- Signal Processing
- Computer Networks and Communications

### Cite this

*Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016*(pp. 28-36). [7818591] (Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CANDAR.2016.51

**An estimate of the complexity of the section finding problem on algebraic surfaces.** / Okumura, Shinya; Akiyama, Koichiro; Takagi, Tsuyoshi.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016.*, 7818591, Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016, Institute of Electrical and Electronics Engineers Inc., pp. 28-36, 4th International Symposium on Computing and Networking, CANDAR 2016, Hiroshima, Japan, 11/22/16. https://doi.org/10.1109/CANDAR.2016.51

}

TY - GEN

T1 - An estimate of the complexity of the section finding problem on algebraic surfaces

AU - Okumura, Shinya

AU - Akiyama, Koichiro

AU - Takagi, Tsuyoshi

PY - 2017/1/13

Y1 - 2017/1/13

N2 - Researching post-quantum cryptography has been an important task in cryptography. The section finding problem on algebraic surfaces (AS-SFP) is considered to be intractable also after building quantum computers. Thus AS-SFP is used as a basis of the security of the Algebraic Surface Cryptosystem (ASC), which is a candidate of post-quantum cryptosystems, and it is important for designing parameters which make ASC secure to estimate the complexity of AS-SFP. Solving AS-SFP is reduced to solving certain multivariate equation systems (section equation systems) of high degrees, and one can solve such equation systems by using the Gröbner basis technique. Although estimating the complexity of computing a Gröbner basis associated with an equation system is difficult in general, it becomes easy if the equation system is semi-regular. In this paper, we experimentally estimate the complexity of AS-SFP. From our experimental results, although we see that section equation systems do not become semi-regular in most cases for small parameters, we can infer parameters closely related to the difficulty of computing Gröbner bases associated with section equation systems. According to our inference, we estimate the complexity of AS-SFP and parameters which make ASC 128-bit security against the attack by the Gröbner basis technique. We also consider a brute-force attack against ASSFP and conjecture that the brute-force attack is more efficient than the attack by the Gröbner basis technique. Finally, we estimate parameters and sizes of public keys such that ASC has 128-bit security against the brute-force attack. Its size (876 bits) is much smaller than sizes of public keys in other efficient candidates of PQC.

AB - Researching post-quantum cryptography has been an important task in cryptography. The section finding problem on algebraic surfaces (AS-SFP) is considered to be intractable also after building quantum computers. Thus AS-SFP is used as a basis of the security of the Algebraic Surface Cryptosystem (ASC), which is a candidate of post-quantum cryptosystems, and it is important for designing parameters which make ASC secure to estimate the complexity of AS-SFP. Solving AS-SFP is reduced to solving certain multivariate equation systems (section equation systems) of high degrees, and one can solve such equation systems by using the Gröbner basis technique. Although estimating the complexity of computing a Gröbner basis associated with an equation system is difficult in general, it becomes easy if the equation system is semi-regular. In this paper, we experimentally estimate the complexity of AS-SFP. From our experimental results, although we see that section equation systems do not become semi-regular in most cases for small parameters, we can infer parameters closely related to the difficulty of computing Gröbner bases associated with section equation systems. According to our inference, we estimate the complexity of AS-SFP and parameters which make ASC 128-bit security against the attack by the Gröbner basis technique. We also consider a brute-force attack against ASSFP and conjecture that the brute-force attack is more efficient than the attack by the Gröbner basis technique. Finally, we estimate parameters and sizes of public keys such that ASC has 128-bit security against the brute-force attack. Its size (876 bits) is much smaller than sizes of public keys in other efficient candidates of PQC.

UR - http://www.scopus.com/inward/record.url?scp=85015169906&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85015169906&partnerID=8YFLogxK

U2 - 10.1109/CANDAR.2016.51

DO - 10.1109/CANDAR.2016.51

M3 - Conference contribution

AN - SCOPUS:85015169906

T3 - Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016

SP - 28

EP - 36

BT - Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016

PB - Institute of Electrical and Electronics Engineers Inc.

ER -