Tsutomu Matsumoto - Academia.edu (original) (raw)
Uploads
Papers by Tsutomu Matsumoto
Lecture Notes in Computer Science, 1988
This paper discusses an asymmetric cryptosystem C* which consists of public transformations of co... more This paper discusses an asymmetric cryptosystem C* which consists of public transformations of compIerity O(m2n3) and secret transformations of complexity O((mn)'(m + logn)), where each complexity is measured in the total number of bit-operations for processing an mn-bit message block. Each public key of C ' is an n-tuple of quadratic n-variate polynomials over GF(2m) and can be used for both verifying signatures and encrypting plaintexts. This paper also shows that for C" it is practically infeasible to extract the n-tuple of n-variate polynomials representing the inverse of the corresponding public key.
In 4], H. Imai and T. Matsumoto presented some new candidate trapdoor one-way permutations with a... more In 4], H. Imai and T. Matsumoto presented some new candidate trapdoor one-way permutations with a public key given as multivariate polynomials over a nite eld. One of these schemes was later presented in 7] under the name C , and was based on the idea of hiding a monomial eld equation. This scheme was broken in 8] by Jacques Patarin, due to unexpected algebraic properties. J. Patarin and L. Goubin then suggested ( 9], 10], 11], 12]) some schemes to repair C , but this was done at the cost of slightly more complex public key or secret key computations. In part I of this paper, we will study some very simple variations of the C scheme, where the attack of 8] is avoided, and where the very simple secret key computations are kept. The C ?+ scheme will be one of these variations. We will design some new cryptanalysis that are e cient against some of { but not all { these variations.
Lecture Notes in Computer Science, 1988
This paper discusses an asymmetric cryptosystem C* which consists of public transformations of co... more This paper discusses an asymmetric cryptosystem C* which consists of public transformations of compIerity O(m2n3) and secret transformations of complexity O((mn)'(m + logn)), where each complexity is measured in the total number of bit-operations for processing an mn-bit message block. Each public key of C ' is an n-tuple of quadratic n-variate polynomials over GF(2m) and can be used for both verifying signatures and encrypting plaintexts. This paper also shows that for C" it is practically infeasible to extract the n-tuple of n-variate polynomials representing the inverse of the corresponding public key.
In 4], H. Imai and T. Matsumoto presented some new candidate trapdoor one-way permutations with a... more In 4], H. Imai and T. Matsumoto presented some new candidate trapdoor one-way permutations with a public key given as multivariate polynomials over a nite eld. One of these schemes was later presented in 7] under the name C , and was based on the idea of hiding a monomial eld equation. This scheme was broken in 8] by Jacques Patarin, due to unexpected algebraic properties. J. Patarin and L. Goubin then suggested ( 9], 10], 11], 12]) some schemes to repair C , but this was done at the cost of slightly more complex public key or secret key computations. In part I of this paper, we will study some very simple variations of the C scheme, where the attack of 8] is avoided, and where the very simple secret key computations are kept. The C ?+ scheme will be one of these variations. We will design some new cryptanalysis that are e cient against some of { but not all { these variations.