Abstract
This paper is about the design of improved algorithms to solve Isomorphisms of Polynomials (IP) problems. These problems were first explicitly related to the problem of finding the secret key of some asymmetric cryptographic algorithms (such as Matsumoto and Imai's C* scheme of [12], or some variations of Patarin's HFE scheme of [14]). Moreover, in [14], it was shown that IP can be used in order to design an asymmetric authentication or signature scheme in a straightforward way. We also introduce the more general Morphisms of Polynomials problem (MP). As we see in this paper, these problems IP and MP have deep links with famous problems such as the Isomorphism of Graphs problem or the problem of fast multiplication of n x n matrices. The complexities of our algorithms for IP are still not polynomial, but they are much more efficient than the previously known algorithms. For example, for the IP problem of finding the two secret matrices of a Matsumoto-Imai C* scheme over K = Fq, the complexity of our algorithms is \(\mathcal{O}(q^{n/2} )\) instead of \(\mathcal{O}(q^{(n^2 )} )\) for previous algorithms. (In [13], the C* scheme was broken, but the secret key was not found). Moreover, we have algorithms to achieve a complexity \(\mathcal{O}(q^{\tfrac{3}{2}n} )\) on any system of n quadratic equations with n variables over K = Fq (not only equations from C*). We also show that the problem of deciding whether a polynomial isomorphism exists between two sets of equations is not NP-complete (assuming the classical hypothesis about Arthur-Merlin games), but solving IP is at least as difficult as the Graph Isomorphism problem (GI) (and perhaps much more difficult), so that IP is unlikely to be solvable in polynomial time. Moreover, the more general Morphisms of Polynomials problem (MP) is NP-hard. Finally, we suggest some variations of the IP problem that may be particularly convenient for cryptographic use.
Chapter PDF
Similar content being viewed by others
References
László Babai, Shlomo Moran, Arthur-Merlin games: A randomized proof system, and a hierarchy of complexity classes, JCSS, vol. 36, 1988, pp. 254–276.
Manuel Blum, How to prove a theorem so no one else can claim it, Proceeedings of the International Congress of Mathematics, Berkeley CA, 1986, pp. 1444–1451.
Ravi B. Boppana, Johan Håstad, Stathis Zachos, Does co-NP have short interactive proofs, Information Proc. Letters, vol. 25, 1987, pp. 127–132.
Don Coppersmith, Shmuel Winograd, Matrix multiplication via arithmetic progressions, J. Symbolic Computation (1990), 9, pp. 251–280.
Scott Fortin, The Graph Isomorphism Problem, Technical Report 93-20, University of Alberta, Edmonton, Alberta, Canada, July 1996. This paper is available at ftp://ftp.cs.ualberta.ca/pub/TechReports/1996/TR96-20/TR96-20.ps.gz
Oded Goldreich, Silvio Micali, Avi Wigderson, Proofs that yield nothing but their validity and a methodology of cryptographic protocol design, Journal of the ACM, v. 38, n. 1, Jul. 1991, pp. 691–729.
Shafi Goldwasser, Silvio Micali, Charles Rackoff, The knowledge complexity of interactive proofs, SIAM J. Comput., vol. 18, 1989, pp. 186–208.
Shafi Goldwasser, Michael Sipser, Private coins vs. public coins in interactive proof systems, Advances in Computing Research, S. Micali (Ed.), vol. 5, 1989, pp. 73–90.
John Gustafson, Srinivas Aluru, Massively Parallel Searching for Better Algorithms or, How to Do a Cross Product with Five Multiplications, Ames Laboratory, Department of Energy, ISU, Ames, Iowa. This paper is available at http://www.scl.ameslab.gov/Publications/FiveMultiplications/Five.html
Johan Håstad, Tensor Rank is NP-Complete, Journal of Algorithms, vol. 11, pp. 644–654, 1990.
Rudolf Lidl, Harald Niederreiter, “Finite Fields”, Encyclopedia of Mathematics and its applications, Volume 20, Cambridge University Press.
Tsutomu Matsumoto, Hideki Imai, Public quadratic polynomial-Tuples for efficient Signature-Verification and Message-Encryption, EUROCRYPT'88, Springer-Verlag, pp. 419–453.
Jacques Patarin, Cryptanalysis of the Matsumoto and Imai public Key Scheme of Eurocrypt'88, CRYPTO'95, Springer-Verlag, pp. 248–261.
Jacques Patarin, Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): two new Families of asymmetric Algorithms, EUROCRYPT'96, Springer-Verlag, pp. 33–48.
Erev Petrank, Ron M. Roth, Is Code Equivalence Easy to Decide?, IEEE Transactions on Information Theory, 1997.
Volker Strassen, Gaussian elimination is not optimal, Numerische Mathematik 13, 1969, pp. 354–356.
Volker Strassen, The asymptotic spectrum of tensors, J. Reine Angew. Math., vol. 384, pp. 102–152, 1988.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Patarin, J., Goubin, L., Courtois, N. (1998). Improved algorithms for isomorphisms of polynomials. In: Nyberg, K. (eds) Advances in Cryptology — EUROCRYPT'98. EUROCRYPT 1998. Lecture Notes in Computer Science, vol 1403. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0054126
Download citation
DOI: https://doi.org/10.1007/BFb0054126
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64518-4
Online ISBN: 978-3-540-69795-4
eBook Packages: Springer Book Archive