Attacks on the AJPS Mersenne-Based Cryptosystem

Boer, Koen de; Ducas, Léo; Jeffery, Stacey; Wolf, Ronald de

doi:10.1007/978-3-319-79063-3_5

Cited by 12 publications

(18 citation statements)

References 22 publications

(54 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [1], the authors suggest to choose N and h to be such that N −1 h−1 ≥ 2 λ and 4h 2 < N , for a desired λ-bit security level. After the publications of the attacks by Beunardeau et al [6] and De Boer et al [7], the authors revised the choice of the parameters ( [2]) to be such that h = λ and 10h 2 < N .…”

Section: Then Seqmentioning

confidence: 99%

“…Meet-in-the-Middle attack De Boer et al [7] showed that a Meet-in-the-Middle attack to MLHRatioSP is possible using locality-sensitive hashing with complex-…”

Section: Previous Attacksmentioning

confidence: 99%

“…Even if Beunardeau et al showed that this attack practically hits the security estimations in [1], they did not present any clear asymptotic analysis of its complexity. However, de Boer et al [7], computed the complexity of this attack.…”

Section: Previous Attacksmentioning

confidence: 99%

“…There the attack is performed via a series of calls to an SVP-oracle. Its complexity has been estimated by de Boer et al in [7]. They also showed that a Meet-in-the-Middle attack is possible using locality-sensitive hashing, which improves upon brute force.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

The Mersenne Low Hamming Combination Search Problem Can Be Reduced to an ILP Problem

Budroni

Tenti

2019

Progress in Cryptology – AFRICACRYPT 2019

View full text Add to dashboard Cite

In 2017, Aggarwal, Joux, Prakash, and Santha proposed an innovative NTRU-like public-key cryptosystem that was believed to be quantum resistant, based on Mersenne prime numbers q = 2 N − 1. After a successful attack designed by Beunardeau, Connolly, Géraud, and Naccache, the authors revised the protocol which was accepted for Round 1 of the Post-Quantum Cryptography Standardization Process organized by NIST. The security of this protocol is based on the assumption that a so-called Mersenne Low Hamming Combination Search Problem (ML-HCombSP) is hard to solve. In this work, we present a reduction of MLHCombSP to an instance of Integer Linear Programming (ILP). This opens new research directions that are necessary to be investigated in order to assess the concrete robustness of such cryptosystem. We propose different approaches to perform such reduction. Moreover, we uncover a new family of weak keys, for whose our reduction leads to an attack consisting in solving < N 3 ILP problems of dimension 3.

show abstract

Section: Then Seqmentioning

confidence: 99%

“…Meet-in-the-Middle attack De Boer et al [7] showed that a Meet-in-the-Middle attack to MLHRatioSP is possible using locality-sensitive hashing with complex-…”

Section: Previous Attacksmentioning

confidence: 99%

Section: Previous Attacksmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

The Mersenne Low Hamming Combination Search Problem Can Be Reduced to an ILP Problem

Budroni

Tenti

2019

Progress in Cryptology – AFRICACRYPT 2019

View full text Add to dashboard Cite

show abstract

“…It is considered that this problem is hard for solving. MLHRSP is resistant to many known attacks, namely Meet-in-the-middle attacks, Guess and Win, Latticebased attacks etc [8,9,10]. Therefore, it is possible to build a cryptosystem, the security of which will be based on complexity of MLHRSP.…”

Section: Mersenne Numbers and Their Propertiesmentioning

confidence: 99%