TY - GEN
T1 - Revisiting the minrank problem on multivariate cryptography
AU - Wang, Yacheng
AU - Ikematsu, Yasuhiko
AU - Nakamura, Shuhei
AU - Takagi, Tsuyoshi
N1 - Funding Information:
was supported by JP20K19802 and
Funding Information:
JSPS KAKENHI Grant Num- JST CREST Grant Number
Publisher Copyright:
© Springer Nature Switzerland AG 2020.
PY - 2020
Y1 - 2020
N2 - The minrank problem is often considered in the cryptanalysis of multivariate cryptography and code-based cryptography. There have been many multivariate cryptosystems proven insecure due to their weakness against the minrank attack, which is an attack that transforms breaking a cryptosystem into solving a minrank problem instance. In this paper, we review two existing methods, the Kipnis-Shamir method (KS), and minors modeling for solving a minrank instance, and then propose a mixed method that merges these two methods. Our method uses a bilinear subsystem from the KS method and a subsystem from minors modeling. It is at least as effective as the KS method, and does not require as many minors as minors modeling. Moreover, we consider applying the hybrid approach on multivariate polynomials solved in our mixed method to further improve our method. We then revisit the minrank attack on Rainbow and conclude the previous complexity analysis of the minrank attack on Rainbow is overestimated, and provide the correct complexity of the minrank attack on NIST PQC 2nd round Rainbow parameters.
AB - The minrank problem is often considered in the cryptanalysis of multivariate cryptography and code-based cryptography. There have been many multivariate cryptosystems proven insecure due to their weakness against the minrank attack, which is an attack that transforms breaking a cryptosystem into solving a minrank problem instance. In this paper, we review two existing methods, the Kipnis-Shamir method (KS), and minors modeling for solving a minrank instance, and then propose a mixed method that merges these two methods. Our method uses a bilinear subsystem from the KS method and a subsystem from minors modeling. It is at least as effective as the KS method, and does not require as many minors as minors modeling. Moreover, we consider applying the hybrid approach on multivariate polynomials solved in our mixed method to further improve our method. We then revisit the minrank attack on Rainbow and conclude the previous complexity analysis of the minrank attack on Rainbow is overestimated, and provide the correct complexity of the minrank attack on NIST PQC 2nd round Rainbow parameters.
UR - http://www.scopus.com/inward/record.url?scp=85098267942&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85098267942&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-65299-9_22
DO - 10.1007/978-3-030-65299-9_22
M3 - Conference contribution
AN - SCOPUS:85098267942
SN - 9783030652982
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 291
EP - 307
BT - Information Security Applications - 21st International Conference, WISA 2020, Revised Selected Papers
A2 - You, Ilsun
PB - Springer Science and Business Media Deutschland GmbH
T2 - 21st International Conference on Information Security Applications, WISA 2020
Y2 - 26 August 2020 through 28 August 2020
ER -