The Digital Signature Scheme MQQ-SIG



Similar documents
arxiv: v1 [cs.cr] 15 Oct 2010

Fractal-Structured Karatsuba`s Algorithm for Binary Field Multiplication: FK

Security Analysis of RAPP: An RFID Authentication Protocol based on Permutation

IDENTIFICATION OF THE DYNAMICS OF THE GOOGLE S RANKING ALGORITHM. A. Khaki Sedigh, Mehdi Roudaki

On formula to compute primes and the n th prime

Statistical Pattern Recognition (CE-725) Department of Computer Engineering Sharif University of Technology

A particle swarm optimization to vehicle routing problem with fuzzy demands

Numerical Methods with MS Excel

Optimal multi-degree reduction of Bézier curves with constraints of endpoints continuity

MDM 4U PRACTICE EXAMINATION

THE McELIECE CRYPTOSYSTEM WITH ARRAY CODES. MATRİS KODLAR İLE McELIECE ŞİFRELEME SİSTEMİ

6.7 Network analysis Introduction. References - Network analysis. Topological analysis

Applications of Support Vector Machine Based on Boolean Kernel to Spam Filtering

Preprocess a planar map S. Given a query point p, report the face of S containing p. Goal: O(n)-size data structure that enables O(log n) query time.

APPENDIX III THE ENVELOPE PROPERTY

Fast, Secure Encryption for Indexing in a Column-Oriented DBMS

Cyber Journals: Multidisciplinary Journals in Science and Technology, Journal of Selected Areas in Telecommunications (JSAT), January Edition, 2011

An Approach to Evaluating the Computer Network Security with Hesitant Fuzzy Information

A New Bayesian Network Method for Computing Bottom Event's Structural Importance Degree using Jointree

Models for Selecting an ERP System with Intuitionistic Trapezoidal Fuzzy Information

Meaningful electronic signatures based on an automatic indexing method

Chapter 3. AMORTIZATION OF LOAN. SINKING FUNDS R =

Average Price Ratios

ANOVA Notes Page 1. Analysis of Variance for a One-Way Classification of Data

A Parallel Transmission Remote Backup System

1. The Time Value of Money

Research on Cloud Computing and Its Application in Big Data Processing of Railway Passenger Flow

Relaxation Methods for Iterative Solution to Linear Systems of Equations

Green Master based on MapReduce Cluster

Web Service Composition Optimization Based on Improved Artificial Bee Colony Algorithm

A Smart Machine Vision System for PCB Inspection

The Analysis of Development of Insurance Contract Premiums of General Liability Insurance in the Business Insurance Risk

Abraham Zaks. Technion I.I.T. Haifa ISRAEL. and. University of Haifa, Haifa ISRAEL. Abstract

Proceedings of the 2010 Winter Simulation Conference B. Johansson, S. Jain, J. Montoya-Torres, J. Hugan, and E. Yücesan, eds.

Credibility Premium Calculation in Motor Third-Party Liability Insurance

One way to organize workers that lies between traditional assembly lines, where workers are specialists,

ECONOMIC CHOICE OF OPTIMUM FEEDER CABLE CONSIDERING RISK ANALYSIS. University of Brasilia (UnB) and The Brazilian Regulatory Agency (ANEEL), Brazil

SHAPIRO-WILK TEST FOR NORMALITY WITH KNOWN MEAN

Online Appendix: Measured Aggregate Gains from International Trade

ADAPTATION OF SHAPIRO-WILK TEST TO THE CASE OF KNOWN MEAN

TESTING AND SECURITY IN DISTRIBUTED ECONOMETRIC APPLICATIONS REENGINEERING VIA SOFTWARE EVOLUTION

A particle Swarm Optimization-based Framework for Agile Software Effort Estimation

STATISTICAL PROPERTIES OF LEAST SQUARES ESTIMATORS. x, where. = y - ˆ " 1

Projection model for Computer Network Security Evaluation with interval-valued intuitionistic fuzzy information. Qingxiang Li

The impact of service-oriented architecture on the scheduling algorithm in cloud computing

On Error Detection with Block Codes

Bayesian Network Representation

Maintenance Scheduling of Distribution System with Optimal Economy and Reliability

A Fast Algorithm for Computing the Deceptive Degree of an Objective Function

Aggregation Functions and Personal Utility Functions in General Insurance

Constrained Cubic Spline Interpolation for Chemical Engineering Applications

where p is the centroid of the neighbors of p. Consider the eigenvector problem

CHAPTER 2. Time Value of Money 6-1

AN ALGORITHM ABOUT PARTNER SELECTION PROBLEM ON CLOUD SERVICE PROVIDER BASED ON GENETIC

Automated Event Registration System in Corporation

CIS603 - Artificial Intelligence. Logistic regression. (some material adopted from notes by M. Hauskrecht) CIS603 - AI. Supervised learning

Chapter = 3000 ( ( 1 ) Present Value of an Annuity. Section 4 Present Value of an Annuity; Amortization

STOCHASTIC approximation algorithms have several

Optimal Packetization Interval for VoIP Applications Over IEEE Networks

Study on prediction of network security situation based on fuzzy neutral network

Analysis of Multi-product Break-even with Uncertain Information*

Dynamic Two-phase Truncated Rayleigh Model for Release Date Prediction of Software

An IG-RS-SVM classifier for analyzing reviews of E-commerce product

A multi-layer market for vehicle-to-grid energy trading in the smart grid

DIRAC s BRA AND KET NOTATION. 1 From inner products to bra-kets 1

Session 4: Descriptive statistics and exporting Stata results

A PRACTICAL SOFTWARE TOOL FOR GENERATOR MAINTENANCE SCHEDULING AND DISPATCHING

Curve Fitting and Solution of Equation

USEFULNESS OF BOOTSTRAPPING IN PORTFOLIO MANAGEMENT

n. We know that the sum of squares of p independent standard normal variables has a chi square distribution with p degrees of freedom.

The simple linear Regression Model

Using Phase Swapping to Solve Load Phase Balancing by ADSCHNN in LV Distribution Network

Statistical Intrusion Detector with Instance-Based Learning

Chapter Eight. f : R R

Plastic Number: Construction and Applications

The Gompertz-Makeham distribution. Fredrik Norström. Supervisor: Yuri Belyaev

A Study of Unrelated Parallel-Machine Scheduling with Deteriorating Maintenance Activities to Minimize the Total Completion Time

Compressive Sensing over Strongly Connected Digraph and Its Application in Traffic Monitoring

Simple Linear Regression

Fuzzy Task Assignment Model of Web Services Supplier in Collaborative Development Environment

T = 1/freq, T = 2/freq, T = i/freq, T = n (number of cash flows = freq n) are :

An Effectiveness of Integrated Portfolio in Bancassurance

A Bayesian Networks in Intrusion Detection Systems

Fault Tree Analysis of Software Reliability Allocation

ON SLANT HELICES AND GENERAL HELICES IN EUCLIDEAN n -SPACE. Yusuf YAYLI 1, Evren ZIPLAR 2. yayli@science.ankara.edu.tr. evrenziplar@yahoo.

10.5 Future Value and Present Value of a General Annuity Due

Common p-belief: The General Case

On Savings Accounts in Semimartingale Term Structure Models

Entropy-Based Link Analysis for Mining Web Informative Structures

A system to extract social networks based on the processing of information obtained from Internet

CS100: Introduction to Computer Science

A probabilistic part-of-speech tagger for Swedish

Research on Matching Degree of Resources and Capabilities of Enterprise Transformation Based on the Spatial Points Distance

RQM: A new rate-based active queue management algorithm

Forecasting Trend and Stock Price with Adaptive Extended Kalman Filter Data Fusion

OPTIMAL KNOWLEDGE FLOW ON THE INTERNET

Load Balancing Algorithm based Virtual Machine Dynamic Migration Scheme for Datacenter Application with Optical Networks

We present a new approach to pricing American-style derivatives that is applicable to any Markovian setting

Three Dimensional Interpolation of Video Signals

Load and Resistance Factor Design (LRFD)

Transcription:

The Dgtal Sgature Scheme MQQ-SIG Itellectual Property Statemet ad Techcal Descrpto Frst publshed: 10 October 2010, Last update: 20 December 2010 Dalo Glgorosk 1 ad Rue Stesmo Ødegård 2 ad Rue Erled Jese 2 ad Ludovc Perret 4 ad Jea-Charles Faugère 5 ad Sve Joha Kapskog 2 ad Smle Markovsk 3 1 Departmet of Telematcs, Faculty of Iformato Techology, Mathematcs ad Electrcal Egeerg, The Norwega Uversty of Scece ad Techology (NTNU), O.S.Bragstads plass 2E, N-7491 Trodhem, NORWAY, dalog@tem.tu.o 2 Norwega Uversty of Scece ad Techology Cetre for Quatfable Qualty of Servce Commucato Systems. O.S. Bragstads plass 2E, N-7491 Trodhem, NORWAY, kapskog@q2s.tu.o, rue.odegard@q2s.tu.o, rueerle@stud.tu.o 3 Ss Cyrl ad Methodus Uversty, Faculty of Natural Sceces ad Mathematcs, Isttute of Iformatcs, P.O.Box 162, 1000 Skopje, MACEDONIA, smle@.edu.mk 4 Perre ad Mare Cure Uversty - Pars, Laboratory of Computer Sceces, Pars 6, 104 aveue du Présdet Keedy 75016 Pars FRANCE, ludovc.perret@lp6.fr 5 UPMC, Uversté Pars 06, LIP6 INRIA, Cetre Pars-Rocquecourt, SALSA Project-team CNRS, UMR 7606, LIP6 4, place Jusseu 75252 Pars, Cedex 5, FRANCE jea-charles.faugere@ra.fr Abstract: Ths documet cotas the Itellectual Property Statemet ad the techcal descrpto of the MQQ-SIG - a ew publc key dgtal sgature scheme. The complete scetfc publcato coverg the desg ratoale ad the securty aalyss wll be gve a separate publcato. MQQ- SIG cossts of 4 quadratc polyomals wth Boolea varables where = 160, 192, 224 or 256. Keywords: Publc Key Cryptosystems, Fast sgature geerato, Multvarate Quadratc Polyomals, Quasgroup Strg Trasformatos, Multvarate Quadratc Quasgroup 1 Itellectual Property Statemet We, the seve ames gve the ttle of ths documet ad udersged o ths statemet, the authors ad desgers of MQQ-SIG dgtal sgature scheme, do hereby agree to grat ay terested party a rrevocable, royalty free lcece to practce, mplemet ad use MQQ-SIG dgtal sgature scheme, provded our roles as authors ad desgers of the MQQ-SIG dgtal sgature scheme are recogzed by the terested party as authors ad desgers of the MQQ-SIG dgtal sgature scheme. Name Sgature Place Date 1. Dalo Glgorosk Trodhem 2. Sve Joha Kapskog Trodhem 3. Smle Markovsk Skopje 4. Rue Stesmo Ødegård Trodhem 5. Rue Erled Jese Trodhem 6. Ludovc Perret Pars 7. Jea-Charles Faugère Pars

2 Descrpto of the MQQ-SIG dgtal sgature scheme A geerc descrpto for our scheme ca be expressed as a 3 4 trucato of a typcal multvarate quadratc system: S P S : {0, 1} {0, 1} where S = S x + v (.e. S s a bjectve affe trasformato), S s a osgular lear trasformato, ad P s a bjectve multvarate quadratc mappg o {0, 1}. The bjectve multvarate quadratc mappg P : {0, 1} {0, 1} s defed Table 1. Bjectve multvarate quadratc mappg P (x) Iput: A vector x = (f 1,..., f ) of lear Boolea fuctos of varables. We mplctly suppose that a multvarate quadratc quasgroup s prevously defed, ad that = 32k, k {5, 6, 7, } s also prevously determed. Output: lear expressos P (x 1,..., x ), = 1,..., ad multvarate quadratc polyomals P (x 1,..., x ), = 9,..., 1. Represet a vector x = (f 1,..., f ) of lear Boolea fuctos of varables x 1,..., x, as a strg x = X 1... X where X are vectors of dmeso ; 2. Compute y = Y 1... Y where: Y 1 = X 1, Y j+1 = X j X j+1, for eve j = 2, 4,..., ad Y j+1 = X j+1 X j, for odd j = 3, 5,... 3. Output: y. Table 1. Defto of the bjectve multvarate quadratc mappg P : {0, 1} {0, 1} The algorthm for geeratg the publc ad prvate key s defed the Table 2. Algorthm for geeratg Publc ad Prvate key for the MQQ-SIG scheme Iput: Iteger, where = 32 k ad k {5, 6, 7, }. Output: Publc key P: 4 multvarate quadratc polyomals P(x1,..., x), = 1+ 4,...,, Prvate key: Two permutatos σ 0 0 ad σ1 0 of the umbers {1,..., }, ad 1 bytes for ecodg a quasgroup. 1. Geerate a MQQ accordg to equatos (1)... (4). 2. Geerate a osgular Boolea matrx S ad affe trasformato S accordg to equatos (5),..., (). 3. Compute y = S(P (S (x))), where x = (x 1,..., x ). 4. Output: The publc key s y as 4 multvarate quadratc polyomals P (x 1,..., x ) = 1 + 4,...,, ad the prvate key s the tuple (σ0 0, σ1 0, ). Table 2. Geeratg the publc ad prvate key The algorthm for sgg by the prvate key (σ 0 0, σ 1 0, ) s defed Table 3. Algorthm for dgtal sgature wth the prvate key (σ 0 0, σ1 0, ) Iput: A documet M to be sged. Output: A sgature sg = (x 1,..., x ). 1. Compute y = (y 1,..., y ) = H(M), where M s the message to be sged, H() s a stadardzed cryptographc hash fucto such as SHA-1, or SHA-2, wth a hash output of ot less tha bts. The otato H(M) deotes the least sgfcat bts from the hash output H(M). 2. Set y = S 1 (y). 3. Represet y as y = Y 1... Y where Y are Boolea vectors of dmeso. 4. By usg the left ad rght parastrophes \ ad / of the quasgroup compute x = X 1... X, such that: X 1 = Y 1, X j = X j 1 \Y j, for eve j = 2, 4,..., ad X j = Y j/x j 1, for odd j = 3, 5,.... 5. Compute x = S 1 (x ) + v = (x 1,..., x ). 6. The MQQ-SIG dgtal sgature of the documet M s the vector sg = (x 1,..., x ). Table 3. Dgtal sgg

The algorthm for sgature verfcato wth the publc key P = {P (x 1,..., x ) = 1+ 4,..., } s gve Table 4. Algorthm for sgature verfcato wth a publc key P = {P (x 1,..., x ) = 1 + 4,..., } Iput: A documet M ad ts sgature sg = (x 1,..., x ). Output: TRUE or FALSE. 1. Compute y = (y 1+,..., y ) = H(M), where M s the sged message, H() s a stadardzed 4 4 cryptographc hash fucto such as SHA-1, or SHA-2, wth a hash output of ot less tha bts, ad the otato H(M) 4 deotes the least sgfcat 4 bts from the hash output H(M). 2. Compute z = (z 1+,..., z 4 ) = P(sg). 3. If z = y the retur TRUE, else retur FALSE. Table 4. Dgtal verfcato 3 Multvarate Quadratc Quasgroups A Multvarate Quadratc Quasgroup (MQQ) of order 2 d used ths verso of MQQ-SIG ca be descrbed shortly by the followg expresso: x y B U(x) A 2 y + B A 1 x + c (1) where x = (x 1,..., x d ), y = (y 1,..., y d ), the matrces A 1, A 2 ad B are osgular GF (2), of sze d d, the vector c s a radom d-dmesoal vector wth elemets GF (2) ad all of them are geerated by a uformly radom process. The matrx U(x) s a upper tragular matrx wth all dagoal elemets equal to 1, ad the elemets above the ma dagoal are lear expressos of the varables of x = (x 1,..., x d ). It s computed by the followg expresso: d 1 U(x) = I + U A 1 x, (2) =1 where the matrces U have all elemets 0 except the elemets the rows from {1,..., } that are strctly above the ma dagoal. Those elemets ca be ether 0 or 1. Oce we have a multvarate quadratc quasgroup vv (x 1,..., x d, y 1,..., y d ) = (f 1 (x 1,..., x d, y 1,..., y d ),..., f d (x 1,..., x d, y 1,..., y d )) we wll be terested those quasgroups that wll satsfy the followg codtos: {1,..., d}, Rak(B f ) 2d 4, (3a) j {1,..., d}, Rak(B fj ) = 2d 2 (3b) where matrces B f are 2d 2d Boolea matrces defed from the expressos f as B f = [b j,k ], b j,d+k = b d+k,j = 1, ff x j y k s a term f. (4) Proposto 1. For d =, a multvarate quadratc quasgroup that satsfes the codtos (1),..., (4) ca be ecoded a uque way wth 1 bytes.

4 Nosgular Boolea matrces MQQ-SIG I MQQ-SIG the osgular matrces S are defed by the followg expresso: 16 S 1 = =0 I σ 0 16 +1 I σ 1, (5) =0 where I σ 0, = {0, 1, 2,..., 16 } ad I σ 1, = {0, 1, 2,..., 16 + 1} are permutato matrces of sze, the operato s a btwse exclusve or of the elemets the permutato matrces ad permutatos σ 0 ad σ1 are permutatos o elemets. They are defed by the followg expressos: σ0 0 radom permutato o {1, 2,... }, σ 0 = RotateLeft(σ0 1, ), for = 1,..., 16, σ0 1 (6) radom permutato o {1, 2,... }, σ 1 = RotateLeft(σ1 1, ), for = 1,..., 16 + 1, We chose the permutatos σ 0 0 ad σ 1 0 utl we obta a o-sgular matrx S 1. Oce we have a osgular matrx S 1 we wll compute ts verse obtag S = (S 1 ) 1 ad from there we wll obta the affe trasformato S (x) = S x + v, (7) where the vector v s dmesoal Boolea vector defed from the values of the permutato σ 1 0 = (s 1, s 2,..., s ) by the followg expresso: v = (v 1, v 2,..., v ), where v = (( s 1+ 1 ) 2 ( ) mod ) mod 16 16 + ( s65+ ) 1 2 ( ) mod mod 2. () I words: we costruct the bts of the vector v by costructg two arrays. The frst array s costructed by takg the four least sgfcat bts of the values s 1,..., s ad each of them s shfted by four postos to the left. The secod array s just smple extracto of the values s 65,..., s 65+. Fally we XOR correspodgly those two arrays of values order to produce the vector v of bts. Proposto 2. The lear trasformato S 1 ca be ecoded a uque way wth 2 bytes. 5 Characterstcs of the MQQ-SIG dgtal sgature scheme The ma characterstcs of our MQQ-SIG dgtal sgature scheme ca be brefly summarzed as follows: there s o message expaso; the legth of the sgature s bts where ( = 160, 192, 224 or 256); ts cojectured securty level s 2 2 ; ts verfcato speed s comparable to the speed of other multvarate quadratc PKCs; software ts sgg speed s the rage of 300 7,000 tmes faster tha RSA ad ECC schemes; hardware ts sgg or verfcato speed s more tha 10,000 tmes faster tha RSA ad ECC schemes; t s also well suted for producg short sgatures smart cards ad RFIDs;

5.1 The sze of the publc ad the prvate key The sze of the publc key s 0.75 (1 + (+1) 2 ) bts. The prvate key of our scheme s the tuple (σ 0 0, σ 1 0, ). The correspodg memory sze eeded for storage of the prvate key s 2 + 1 bytes. I Table 5 we gve the sze of the publc key ( KBytes) ad the sze of the prvate key ( bytes) for {160, 192, 224, 256}. Sze of the Sze of the publc key (KBytes) prvate key (bytes) 160 1.69 401 192 325.71 465 224 516.2 529 256 771.02 593 Table 5. Memory sze KBytes for the publc key ad bytes for the prvate key 5.2 Performace of the software ad hardware mplemetato of the MQQ-SIG algorthm We have mplemeted MQQ-SIG C for the SUPERCOP bechmarkg system http://bech.cr. yp.to/supercop.html ad tested t together wth the correspodg RSA ad ECC. I Table 6 we gve the comparso of MQQ-SIG wth RSA ad ECC 64-bt mode of operato o Itel Core 7 920X mache rug at 2 GHz. The umbers the table represet CPU cycles. Although, our C code s ot yet optmzed for the key geerato part, we expect that the performace of key geerato part would be the most tme cosumg part of our algorthm. O the other had, from the Table 6 t s clear that sgg of 59 bytes MQQ-SIG s faster tha RSA the rage from 565 up to 636 tmes, ad s faster tha ECC the rage from 325 up to 517 tmes. The verfcato speed our code s ot so dstctvely faster tha the correspodg RSA ad ECC sce t s programmed for oe core. We expect that the hgh parallelzable ature of MQQ-SIG ca be used to acheve much hgher speeds multcore systems (CPUs or GPUs). Securty bts Algorthm KeyGe Sgg of 59 bytes Verfcato of a sgature of 59 bytes RSA1024 102,69,553 2,230,4 61,116 0 ECC160 1,201,1 1,24,00 1,476,196 MQQSIG160 1,062,12,500 3,440 97,644 RSA1536 322,324,721 7,346,420 123,140 96 ECC192 1,799,24 1,95,752 2,242,9 MQQSIG192 1,2,301,276 4,260 72,60 RSA204 76,466,59 14,15,324 174,792 112 ECC224 2,022,96 2,10,556 2,501,10 MQQSIG224 2,539,322,544 4,160 92,960 RSA3072 2,719,353,53 31,941,760 315,904 12 ECC256 2,296,976 2,41,96 2,33,56 MQQSIG256 4,96,642,44 4,932 13,14 Table 6. Comparso betwee performace of RSA, ECC ad MQQ-SIG CPU cycles 64-bt mode of operato o Itel Core 7 920X mache rug at 2 GHz.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information