General fault attacks on multivariate public key cryptosystems

Yasufumi Hashimoto, Tsuyoshi Takagi, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)

Abstract

The multivariate public key cryptosystem (MPKC), which is based on the problem of solving a set of multivariate systems of quadratic equations over a finite field, is expected to be secure against quantum attacks. Although there are several existing schemes in MPKC that survived known attacks and are much faster than RSA and ECC, there have been few discussions on security against physical attacks, aside from the work of Okeya et al. (2005) on side-channel attacks against Sflash. In this study, we describe general fault attacks on MPKCs including Big Field type (e.g. Matsumoto-Imai, HFE and Sflash) and Stepwise Triangular System (STS) type (e.g. UOV, Rainbow and TTM/TTS). For both types, recovering (parts of) the secret keys S,T with our fault attacks becomes more efficient than doing without them. Especially, on the Big Field type, only single fault is sufficient to recover the secret keys.

Original languageEnglish
Title of host publicationPost-Quantum Cryptography - 4th International Workshop, PQCrypto 2011, Proceedings
Pages1-18
Number of pages18
DOIs
Publication statusPublished - Dec 12 2011
Event4th International Workshop on Post-Quantum Cryptography, PQCrypto 2011 - Taipei, Taiwan, Province of China
Duration: Nov 29 2011Dec 2 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7071 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other4th International Workshop on Post-Quantum Cryptography, PQCrypto 2011
CountryTaiwan, Province of China
CityTaipei
Period11/29/1112/2/11

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'General fault attacks on multivariate public key cryptosystems'. Together they form a unique fingerprint.

Cite this