Cryptanalysis of MinRank

Jean Charles Faugère; Françoise Levy-Dit-Vehel; Ludovic Perret

doi:10.1007/978-3-540-85174-5_16

Cryptanalysis of MinRank

Jean Charles Faugère
, Françoise Levy-Dit-Vehel
, Ludovic Perret

INRIA Institut National de Recherche en Informatique et en Automatique

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

In this paper, we investigate the difficulty of one of the most relevant problems in multivariate cryptography - namely MinRank - about which no real progress has been reported since [9, 19]. Our starting point is the Kipnis-Shamir attack [19]. We first show new properties of the ideal generated by Kipnis-Shamir's equations. We then propose a new modeling of the problem. Concerning the practical resolution, we adopt a Gröbner basis approach that permitted us to actually solve challenges A and B proposed by Courtois in [8]. Using the multi-homogeneous structure of the algebraic system, we have been able to provide a theoretical complexity bound reflecting the practical behavior of our approach. Namely, when r ^m3r/2 the dimension of the matrices minus the rank of the target matrix in the MinRank problem is constant, then we have a polynomial time attack . For the challenge C [8], we obtain a theoretical bound of 2^66.3 operations.

Original language	English
Title of host publication	Advances in Cryptology - CRYPTO 2008 - 28th Annual International Cryptology Conference, Proceedings
Pages	280-296
Number of pages	17
DOIs	https://doi.org/10.1007/978-3-540-85174-5_16
Publication status	Published - 22 Sept 2008
Event	28th Annual International Cryptology Conference, CRYPTO 2008 - Santa Barbara, CA, United States Duration: 17 Aug 2008 → 21 Aug 2008

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	5157 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	28th Annual International Cryptology Conference, CRYPTO 2008
Country/Territory	United States
City	Santa Barbara, CA
Period	17/08/08 → 21/08/08

Access to Document

10.1007/978-3-540-85174-5_16

Cite this

Faugère, J. C., Levy-Dit-Vehel, F., & Perret, L. (2008). Cryptanalysis of MinRank. In Advances in Cryptology - CRYPTO 2008 - 28th Annual International Cryptology Conference, Proceedings (pp. 280-296). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5157 LNCS). https://doi.org/10.1007/978-3-540-85174-5_16

@inproceedings{cc3c78309cdd44b3b4058e4afce52d16,

title = "Cryptanalysis of MinRank",

abstract = "In this paper, we investigate the difficulty of one of the most relevant problems in multivariate cryptography - namely MinRank - about which no real progress has been reported since [9, 19]. Our starting point is the Kipnis-Shamir attack [19]. We first show new properties of the ideal generated by Kipnis-Shamir's equations. We then propose a new modeling of the problem. Concerning the practical resolution, we adopt a Gr{\"o}bner basis approach that permitted us to actually solve challenges A and B proposed by Courtois in [8]. Using the multi-homogeneous structure of the algebraic system, we have been able to provide a theoretical complexity bound reflecting the practical behavior of our approach. Namely, when r m3r/2 the dimension of the matrices minus the rank of the target matrix in the MinRank problem is constant, then we have a polynomial time attack . For the challenge C [8], we obtain a theoretical bound of 266.3 operations.",

author = "Faug{\`e}re, \{Jean Charles\} and Fran{\c c}oise Levy-Dit-Vehel and Ludovic Perret",

year = "2008",

month = sep,

day = "22",

doi = "10.1007/978-3-540-85174-5\_16",

language = "English",

isbn = "3540851739",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "280--296",

booktitle = "Advances in Cryptology - CRYPTO 2008 - 28th Annual International Cryptology Conference, Proceedings",

note = "28th Annual International Cryptology Conference, CRYPTO 2008 ; Conference date: 17-08-2008 Through 21-08-2008",

}

Faugère, JC, Levy-Dit-Vehel, F & Perret, L 2008, Cryptanalysis of MinRank. in Advances in Cryptology - CRYPTO 2008 - 28th Annual International Cryptology Conference, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5157 LNCS, pp. 280-296, 28th Annual International Cryptology Conference, CRYPTO 2008, Santa Barbara, CA, United States, 17/08/08. https://doi.org/10.1007/978-3-540-85174-5_16

Cryptanalysis of MinRank. / Faugère, Jean Charles; Levy-Dit-Vehel, Françoise; Perret, Ludovic.
Advances in Cryptology - CRYPTO 2008 - 28th Annual International Cryptology Conference, Proceedings. 2008. p. 280-296 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5157 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Cryptanalysis of MinRank

AU - Faugère, Jean Charles

AU - Levy-Dit-Vehel, Françoise

AU - Perret, Ludovic

PY - 2008/9/22

Y1 - 2008/9/22

N2 - In this paper, we investigate the difficulty of one of the most relevant problems in multivariate cryptography - namely MinRank - about which no real progress has been reported since [9, 19]. Our starting point is the Kipnis-Shamir attack [19]. We first show new properties of the ideal generated by Kipnis-Shamir's equations. We then propose a new modeling of the problem. Concerning the practical resolution, we adopt a Gröbner basis approach that permitted us to actually solve challenges A and B proposed by Courtois in [8]. Using the multi-homogeneous structure of the algebraic system, we have been able to provide a theoretical complexity bound reflecting the practical behavior of our approach. Namely, when r m3r/2 the dimension of the matrices minus the rank of the target matrix in the MinRank problem is constant, then we have a polynomial time attack . For the challenge C [8], we obtain a theoretical bound of 266.3 operations.

AB - In this paper, we investigate the difficulty of one of the most relevant problems in multivariate cryptography - namely MinRank - about which no real progress has been reported since [9, 19]. Our starting point is the Kipnis-Shamir attack [19]. We first show new properties of the ideal generated by Kipnis-Shamir's equations. We then propose a new modeling of the problem. Concerning the practical resolution, we adopt a Gröbner basis approach that permitted us to actually solve challenges A and B proposed by Courtois in [8]. Using the multi-homogeneous structure of the algebraic system, we have been able to provide a theoretical complexity bound reflecting the practical behavior of our approach. Namely, when r m3r/2 the dimension of the matrices minus the rank of the target matrix in the MinRank problem is constant, then we have a polynomial time attack . For the challenge C [8], we obtain a theoretical bound of 266.3 operations.

U2 - 10.1007/978-3-540-85174-5_16

DO - 10.1007/978-3-540-85174-5_16

M3 - Conference contribution

AN - SCOPUS:51849145057

SN - 3540851739

SN - 9783540851738

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 280

EP - 296

BT - Advances in Cryptology - CRYPTO 2008 - 28th Annual International Cryptology Conference, Proceedings

T2 - 28th Annual International Cryptology Conference, CRYPTO 2008

Y2 - 17 August 2008 through 21 August 2008

ER -

Cryptanalysis of MinRank

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this