Abstract
We give three new algorithms to solve the "isomorphism of polynomial" problem, which was underlying the hardness of recovering the secret-key in some multivariate trapdoor one-way functions. In this problem, the adversary is given two quadratic functions, with the promise that they are equal up to linear changes of coordinates. Her objective is to compute these changes of coordinates, a task which is known to be harder than Graph-Isomorphism. Our new algorithm build on previous work in a novel way. Exploiting the birthday paradox, we break instances of the problem in time q2n/3 (rigorously) and qn/2 (heuristically), where q n is the time needed to invert the quadratic trapdoor function by exhaustive search. These results are obtained by turning the algebraic problem into a combinatorial one, namely that of recovering partial information on an isomorphism between two exponentially large graphs. These graphs, derived from the quadratic functions, are new tools in multivariate cryptanalysis. © 2013 International Association for Cryptologic Research.
Cite
CITATION STYLE
Bouillaguet, C., Fouque, P. A., & Véber, A. (2013). Graph-theoretic algorithms for the “isomorphism of polynomials” problem. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7881 LNCS, pp. 211–227). https://doi.org/10.1007/978-3-642-38348-9_13
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
