Sciweavers

ASIACRYPT
2000
Springer

Cryptanalysis of the TTM Cryptosystem

14 years 4 months ago
Cryptanalysis of the TTM Cryptosystem
Abstract. In 1985 Fell and Diffie proposed constructing trapdoor functions with multivariate equations [11]. They used several sequentially solved stages. Another idea of building triangular systems we call T has been initiated by Shamir. In the present paper, we study a more general family of TPM (for ”Triangle Plus Minus”) schemes: a triangular construction mixed with some u random polynomials and with some r of the beginning equations removed. We go beyond all previous attacks proposed on such cryptosystems using a low degree component of the inverse function. The cryptanalysis of TPM is reduced to a simple linear algebra problem called MinRank(r): Find a linear combination of given matrices that has a small rank r. We introduce a new attack for MinRank called ‘Kernel Attack’ that works for qr small. We explain that TPM schemes can be used in encryption only if qr is small and therefore they are not secure. As an application, we showed that the TTM cryptosystem proposed by T...
Louis Goubin, Nicolas Courtois
Added 02 Aug 2010
Updated 02 Aug 2010
Type Conference
Year 2000
Where ASIACRYPT
Authors Louis Goubin, Nicolas Courtois
Comments (0)