Abstract
Researching post-quantum cryptography is now an important task in cryptography. Although various candidates of post-quantum cryptosystems (PQC) have been constructed, sizes of their public keys are large. Okumura constructed a candidate of PQC whose security is expected to be based on certain Diophantine equations (DEC). Okumura analysis suggests that DEC achieves the high security with small public key sizes. This paper proposes a polynomial time-attack on the one-way property of DEC. We reduce the security of DEC to finding special short lattice points of some low-rank lattices derived from public data. The usual LLL algorithm could not find the most important lattice point in our experiments because of certain properties of the lattice point. Our heuristic analysis leads us to using a variant of the LLL algorithm, called a weighted LLL algorithm by us. Our experiments suggest that DEC with 128 bit security becomes insecure by our attack.
Highlights
Researching post-quantum cryptography is an important task in cryptography
These results suggest that the weighted LLL algorithm is effective in cryptanalysis of cryptosystems whose security are reduced to finding lattice points with special properties: they are not shortest, but the bit length of their entries are almost known and comparatively small among entries of lattice points in certain lattices
We present in this paper a polynomial time-attack based on the weighted LLL reduction against the one-way property of a Diophantine Equation-based Cryptosystem (DEC), which was proposed in 2015 by the third author of this paper as one of the candidates of Post-Quantum Cryptosystems (PQC)
Summary
Researching post-quantum cryptography is an important task in cryptography. National Institute of Standards and Technology published a draft of the report on post-quantum cryptography NISTIR 8105 [23] (see their announcement at PQCrypto 2016 [24]). Various cryptosystems expected to be post-quantum cryptosystems (PQC) have been already constructed, see [7,11] for details, sizes of their public keys are large. Finding computationally-hard problems which allow us to construct PQC with public keys of small sizes is a very important task in cryptography. The Algebraic Surface Cryptosystem (ASC) [4] is based on the difficulty of the section finding problem, which can be viewed as the Diophantine problem over global function fields. Such the Diophantine problem is shown to be unsolvable in general [26,29]. The ideal decomposition attack [15] breaks the one-way property of ASC
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
