Breaking instance I of new TTM cryptosystems

Xuyun Nie*, Xin Jiang, Lei Hu, Jintai Ding, Fengli Zhang

*Corresponding author for this work

Research output: Chapter in Book or Report/Conference proceedingConference Proceedingpeer-review

Abstract

TTM is a type of multivariate public key cryptosystem. In 2007, the inventor of TTM proposed two new instances of TTM to resist the existing attack, in particular, the Nie et al attack. The two instances are claimed to achieve a security of 2109 against Nie et al attack. In this paper, we show that the instance I is still insecure, and in fact, it do not achieve a better design in the sense that we can find a ciphertext-only attack utilizing the First Order Linearization Equations while for the previous version of TTM, only Second Order Linearization Equations can be used in the beginning stage of the previous attack. Different from previous attacks, we use an iterated linearization method to break the instances I. For any given valid ciphertext, we can find its corresponding plaintext within 231 double-struck F28-computations after performing once for any public key a computation of complexity less than 244. Our experiment result shows we have unlocked the lock polynomials after several iterations, though we do not know the detailed construction of lock polynomials.

Original languageEnglish
Title of host publication2008 International Conference on Communications, Circuits and Systems Proceedings, ICCCAS 2008
Pages493-497
Number of pages5
DOIs
Publication statusPublished - 2008
Externally publishedYes
Event2008 International Conference on Communications, Circuits and Systems, ICCCAS 2008 - Xiamen, Fujian Province, China
Duration: 25 May 200827 May 2008

Publication series

Name2008 International Conference on Communications, Circuits and Systems Proceedings, ICCCAS 2008

Conference

Conference2008 International Conference on Communications, Circuits and Systems, ICCCAS 2008
Country/TerritoryChina
CityXiamen, Fujian Province
Period25/05/0827/05/08

Fingerprint

Dive into the research topics of 'Breaking instance I of new TTM cryptosystems'. Together they form a unique fingerprint.

Cite this