On the Security of MinRank - Inria

More documents

Recommendations

Info

Courtois’ Authentication Scheme – Challenges A : F 65521 , k = 10, n = 6, r = 3 (18 eq., and 18 variables) F 5 + FGLM : 1 minute (30 s.+30 s.), nb sol= 982, d reg = 5 B : F 65521 , k = 10, n = 7, r = 4 (21 eq., and 21 variables) F 5 + FGLM : 3764s.+2580s. , nb sol= 4116, d reg = 6 C : F 65521 , k = 10, n = 11, r = 8 (33 eq., and 33 variables) D : F 2 , k = 81, n = 11, r = 10
Theoretical Complexity Remark The ideal I KS is bi-homogeneous. Theorem Let r ′ = n − r is constant, we can solve in polynomial time the minRank ( k = r ′2 , n, r = n − r ′) problem using Gröbner bases computation; a bound for the number of solutions in the algebraic closure of K is given by #Sol ≤ ( ) n r ′ r ; a complexity bound of the ′ attack is given by ( O n 3 r ′2) . (k, n, r) (9, 6, 3) (9, 7, 4) (9, 11, 8) #Sol (MH Bezout bound) 8000 42875 2 22.1 Complexity bound (#Sol) 3 2 38.9 2 46.2 2 66.3
Page 1 and 2: On the Security of MinRank Ludovic
Page 3 and 4: The MinRank problem MR Input : N, n
Page 5 and 6: Complexity issues Open Question RD
Page 7 and 8: Kipnis-Shamir’s attack Idea Model
Page 9 and 10: Outline 1 MinRank and Related Probl
Page 11 and 12: Properties of KS equations Proposit
Page 13: Zero-dim solving Compute a DRL Grö

On the Security of MinRank - Inria

Create successful ePaper yourself

Delete template?

Save as template?