The Security Summary Of Matsumoto-Imai Cryptosystem And C^*- Scheme

February 27,2003,NESSIE has held 4 times in international conferences,has received a total of more than 10 countries from the 42 kinds of cryptographic algorithms(including the block cipher,stream cipher,MAC,Hash function,public key cryptography,digital signatures and non-symmetrical recognition scheme),the publication of the 17 recommended algorithms,including three digital signature scheme.In the three signature scheme,SFLASH and QUARTZ are areas of multivariate public-key cryptosystem,which allows scholars in study of multivariate public-key cryptosystem to become hot.Multivariate public key cryptosystem is a new branch of public key cryptography system in recent years,the public-key is multi-variable polynomials of a finite field (or ring) on a group.MI cryptosystem is is an important component of multivariate public-key cryptosystem.C^*- scheme is by deleting a number of public-key equations based on MI cryptosystem,although this is not suitable for encryption,but the signature is applied.SFLASH signature algorithm are fixed parameters C^*- scheme.This article first describes some of the MI cryptosystem architecture and common attack methods,focusing on proposed by Patarin password on the MI cryptosystem of linear equations of attack.By studying the method,as long as know that a complete public key,you can use linear equations attack directly derived from an plaintext only by ciphertext,which for our next program on the C^*- laid a foundation for the attack.In chapter 3,introduced the signature algorithm SFLASH the latest version of SFLASHv3.In chapter 4,the detailed information such as proposed by Dubois on SFLASH a new method of differential attacks.Using this new method of attack to restore the original public key can complete the equivalent of a public key,and then use the linear equation method to forge signatures of SFLASH.Dubois,such as the use of the method,through the analysis of changes of linear sub-space dimension and by sub-space dimension to delete a public-key equations with the,research VS1 and VS2 of the linear space of two common non-trivial multiplier required contains the number of linear sub-space,linear space,dimension, subspace by a common dimension such as a detailed analysis of C^*- safety program carried out a careful assessment is given and proved that C^*- minimum security limitation.Finally,the experimental data,when the deletion of the number of public key equations to meet under minimum security limitationt,the use of methods of differential attacks can not be forged signature attack,this is the theory of the need to remove the security of public key equations of the minimum number.