多项式等价类枚举及其在MPKC中的应用
78 浏览量
更新于2024-07-15
收藏 245KB PDF 举报
"On enumeration of polynomial equivalence classes and their application to MPKC"
本文主要探讨了多项式同构(IP)问题在多变量公钥密码学(MPKC)中的核心地位及其相关的计数问题。IP问题在MPKC中是基础性的,因为它涉及到多项式系统之间的等价分类。作者提出了一种新的框架,利用有限几何的工具来研究与IP相关的计数问题。特别是,他们关注于枚举或估算齐次二次多项式系统的同构等价类的数量。
在多变量公钥密码学中,密钥空间的结构和安全性很大程度上取决于多项式系统的等价类。这些等价类代表了可能的密钥,而找到它们之间的同构关系对于攻击者来说可能意味着能够找到密钥的潜在能力。因此,理解和计算这些等价类的数量对于评估密码系统的安全性至关重要。
文章中,作者详细介绍了如何利用有限域和有限几何的理论来解决这个问题。有限域在密码学中有着广泛的应用,因为它们提供了计算上的便利性和丰富的数学结构。而有限几何则提供了一种分析多项式系统结构的工具,通过研究几何对象的性质来推导等价类的计数。
作者提出了新的算法和技术,这些技术可以有效地枚举或近似计算齐次二次多项式的等价类。这些方法对于减少MPKC中所谓的“冗余密钥”(superfluous keys)也可能是有益的,冗余密钥指的是在等价类中等效但看起来不同的密钥,它们的存在可能会降低系统的效率。
此外,文章还讨论了与IP问题相关的关键词,如多项式等价、有限几何、等价类、冗余密钥等,这些都是理解MPKC安全性基础的关键概念。通过深入研究这些主题,作者不仅对理论问题进行了贡献,还为实际的密码系统设计提供了理论支持。
最后,文章提到了接收和修订日期,表明了这个研究成果是在经过同行评审和修改后发表的,这增加了其科学性和可靠性。文章由S.Gao推荐,进一步强调了其在该领域的专业性和重要性。
这篇论文为解决MPKC中的一个重要难题——多项式同构问题提供了新的视角和方法,对于理解和改进多变量公钥密码系统的安全性具有深远的影响。通过利用有限几何的工具,作者开辟了一个新的研究方向,这有助于推动密码学理论的发展,并可能为实际密码系统的优化提供新的思路。
286 D. Lin et al. / Finite Fields and Their Applications 18 (2012) 283–302
the number of “equivalent” secret keys in a multivariate scheme and the total number of different
multivariate cryptographic schemes respectively.
To this end, we will extensively use tools of finite geometry [18–22]. Geometries over finite fields
study in particular the standard form of quadratic form over finite fields under some linear transfor-
mation, which is related to the IP problem.
Organization of the paper. In Section 2, we recall the definition of IP and introduce the con-
nection between IP and the matrices congruence problem. This is the key point of the paper. In
Section 3, we study the enumeration problem of polynomial isomorphism classes in two different
cases: char
(F
q
) = 2 and char(F
q
) = 2. In each case, we provide a lower bound on the total number
of (linearly) equivalence classes. Finally, in Section 4 we will give some basic results for this enu-
meration problem and consider their application to some specific multivariate cryptographic system
(C
∗
and HFE). In particular, we provide a partial answer how many different cryptographic schemes
can be derived from a monomial central function, and how many pairs of secret keys we can choose
for a fixed scheme/central function, which is the real scale of its private key space.
2. Preliminary
In this section, we recall the definition of IP problem introduced in [13] and a useful theorem
given by Kipnis and Shamir in [23] (restated by Ding, Gower and Schmidt in their book [24]) which
is about the relation between polynomials system and univariate polynomial over extension field. We
also introduce a new notation called friendly mapping. Both the theorem and friendly mapping provide
the key ingredient to connect our new tool to IP problem.
2.1. Isomorphism of polynomials
Let
F
q
be a finite field with q elements and F
q
[x
1
,...,x
n
] be the ring of polynomials in n 1
indeterminates over
F
q
.
Definition 3. We denote by P the set of all the transformations F : (x
1
,...,x
n
) → ( f
1
,..., f
n
) from F
n
q
to F
n
q
, where f
i
=
n
s
=1
s
t
=1
c
i,st
x
s
x
t
∈ F
q
[x
1
,...,x
n
]. We say that F
1
∈ P and F
2
∈ P are equivalent
if there exist two invertible linear transformations
(T , L) ∈ GL
n
(F
q
) × GL
n
(F
q
) such that F
2
= T ◦ F
1
◦ L.
Clearly, the above relation is an equivalence relation on the elements of P.Thus,P can be written
as a disjoint union of different equivalence classes. The problem of recovering the transformations T
and L is known as IP with two secrets. A restricted problem called IP with one secret (IP1S) (see [13])
involves only one transformation on the variables, namely to find L
∈ GL
n
(F
q
) such that F
2
= F
1
◦ L.
Generally, this simplification will induce more equivalence classes. Indeed, linear transformation T
mixes some classes together.
Remark 1 . Note that, in the case of q
= 2, it holds that x
2
k
= x
k
. As a consequence, the f
i
’s in Defini-
tion 3 are not always homogeneous. They are, in fact, quadratic polynomials without constant terms.
For simplicity and by abuse of language, we still refer to such polynomials as homogeneous in this
paper.
IP (as well as IP1S) can also be interpreted as a group action. Let
G = GL
n
(F
q
) × GL
n
(F
q
) be the
direct product of GL
n
(F
q
) and GL
n
(F
q
),thenG forms a group under the operation: (T
1
, L
1
) · (T
2
, L
2
) =
(
T
1
◦ T
2
, L
2
◦ L
1
). Considering G acting on the set P, we can define the invariant group of F ∈ P as
follows:
H =
(T , L): T ◦ F ◦ L = F
.
Then T
1
◦ F ◦ L
1
= T
2
◦ F ◦ L
2
iff (T
−1
1
◦ T
2
) ◦ F ◦ (L
2
◦ L
−1
1
) = F ,hence(T
−1
1
◦ T
2
, L
2
◦ L
−1
1
) ∈ H.This
means that in order to study equivalent keys, it suffices to study the invariant group H of F . H is a
剩余19页未读,继续阅读
138 浏览量
2023-06-10 上传
2023-05-21 上传
2023-12-17 上传
2023-04-06 上传
2023-03-31 上传
2023-03-02 上传
2023-02-15 上传
2024-09-11 上传
2023-03-29 上传
weixin_38535132
- 粉丝: 5
- 资源: 1015
我的内容管理
展开
最新资源
- 解决Eclipse配置与导入Java工程常见问题
- 真空发生器:工作原理与抽吸性能分析
- 爱立信RBS6201开站流程详解
- 电脑开机声音解析:故障诊断指南
- JAVA实现贪吃蛇游戏
- 模糊神经网络实现与自学习能力探索
- PID型模糊神经网络控制器设计与学习算法
- 模糊神经网络在自适应PID控制器中的应用
- C++实现的学生成绩管理系统设计
- 802.1D STP 实现与优化:二层交换机中的生成树协议
- 解决Windows无法完成SD卡格式化的九种方法
- 软件测试方法:Beta与Alpha测试详解
- 软件测试周期详解:从需求分析到维护测试
- CMMI模型详解:软件企业能力提升的关键
- 移动Web开发框架选择:jQueryMobile、jQTouch、SenchaTouch对比
- Java程序设计试题与复习指南
