In this paper, we investigate the difficulty of one of the most relevant problems in multivariate cryptography - namely MinRank - about which no real progress has been reported since [9, 19]. Our starting point is the Kipnis-Shamir attack [19]. We first show new properties of the ideal generated by Kipnis-Shamir's equations. We then propose a new modeling of the problem. Concerning the practical resolution, we adopt a Gröbner basis approach that permitted us to actually solve challenges A and B proposed by Courtois in [8]. Using the multi-homogeneous structure of the algebraic system, we have been able to provide a theoretical complexity bound reflecting the practical behavior of our approach. Namely, when r m3r/2 the dimension of the matrices minus the rank of the target matrix in the MinRank problem is constant, then we have a polynomial time attack . For the challenge C [8], we obtain a theoretical bound of 266.3 operations. © 2008 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Faugère, J. C., Levy-Dit-Vehel, F., & Perret, L. (2008). Cryptanalysis of MinRank. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5157 LNCS, pp. 280–296). https://doi.org/10.1007/978-3-540-85174-5_16
Mendeley helps you to discover research relevant for your work.