TY - GEN
T1 - Breaking instance I of new TTM cryptosystems
AU - Nie, Xuyun
AU - Jiang, Xin
AU - Hu, Lei
AU - Ding, Jintai
AU - Zhang, Fengli
PY - 2008
Y1 - 2008
N2 - TTM is a type of multivariate public key cryptosystem. In 2007, the inventor of TTM proposed two new instances of TTM to resist the existing attack, in particular, the Nie et al attack. The two instances are claimed to achieve a security of 2109 against Nie et al attack. In this paper, we show that the instance I is still insecure, and in fact, it do not achieve a better design in the sense that we can find a ciphertext-only attack utilizing the First Order Linearization Equations while for the previous version of TTM, only Second Order Linearization Equations can be used in the beginning stage of the previous attack. Different from previous attacks, we use an iterated linearization method to break the instances I. For any given valid ciphertext, we can find its corresponding plaintext within 231 double-struck F28-computations after performing once for any public key a computation of complexity less than 244. Our experiment result shows we have unlocked the lock polynomials after several iterations, though we do not know the detailed construction of lock polynomials.
AB - TTM is a type of multivariate public key cryptosystem. In 2007, the inventor of TTM proposed two new instances of TTM to resist the existing attack, in particular, the Nie et al attack. The two instances are claimed to achieve a security of 2109 against Nie et al attack. In this paper, we show that the instance I is still insecure, and in fact, it do not achieve a better design in the sense that we can find a ciphertext-only attack utilizing the First Order Linearization Equations while for the previous version of TTM, only Second Order Linearization Equations can be used in the beginning stage of the previous attack. Different from previous attacks, we use an iterated linearization method to break the instances I. For any given valid ciphertext, we can find its corresponding plaintext within 231 double-struck F28-computations after performing once for any public key a computation of complexity less than 244. Our experiment result shows we have unlocked the lock polynomials after several iterations, though we do not know the detailed construction of lock polynomials.
UR - http://www.scopus.com/inward/record.url?scp=58149161327&partnerID=8YFLogxK
U2 - 10.1109/ICCCAS.2008.4657821
DO - 10.1109/ICCCAS.2008.4657821
M3 - Conference Proceeding
AN - SCOPUS:58149161327
SN - 9781424420636
T3 - 2008 International Conference on Communications, Circuits and Systems Proceedings, ICCCAS 2008
SP - 493
EP - 497
BT - 2008 International Conference on Communications, Circuits and Systems Proceedings, ICCCAS 2008
T2 - 2008 International Conference on Communications, Circuits and Systems, ICCCAS 2008
Y2 - 25 May 2008 through 27 May 2008
ER -