Simultaneous Diagonalization of Incomplete Matrices and Applications

in Proceedings of the Fourteenth Algorithmic Number Theory Symposium (ANTS-XIV), edited by Steven Galbraith, Open Book Series 4, Mathematical Sciences Publishers, Berkeley, 2020 (2020, December)

We consider the problem of recovering the entries of diagonal matrices {U_a}_a for a = 1, . . . , t from multiple “incomplete” samples {W_a}_a of the form W_a = P U_a Q, where P and Q are unknown matrices ... [more ▼]

We consider the problem of recovering the entries of diagonal matrices {U_a}_a for a = 1, . . . , t from multiple “incomplete” samples {W_a}_a of the form W_a = P U_a Q, where P and Q are unknown matrices of low rank. We devise practical algorithms for this problem depending on the ranks of P and Q. This problem finds its motivation in cryptanalysis: we show how to significantly improve previous algorithms for solving the approximate common divisor problem and breaking CLT13 cryptographic multilinear maps. [less ▲]

Cryptanalysis of CLT13 Multilinear Maps with Independent Slots

Speeches/Talks (2019)

Improved Cryptanalysis of the AJPS Mersenne Based Cryptosystem

in Journal of Mathematical Cryptology (2019)

At Crypto 2018, Aggarwal, Joux, Prakash and Santha (AJPS) described a new public-key encryption scheme based on Mersenne numbers. Shortly after the publication of the cryptosystem, Beunardeau et al ... [more ▼]

At Crypto 2018, Aggarwal, Joux, Prakash and Santha (AJPS) described a new public-key encryption scheme based on Mersenne numbers. Shortly after the publication of the cryptosystem, Beunardeau et al. described an attack with complexity O(2^(2h)). In this paper, we describe an improvedattack with complexity O(2^(1.75h)) . [less ▲]

High-Order Conversion from Boolean to Arithmetic Masking

in Proceedings of CHES 2017 (2017, September)

Faster Evaluation of SBoxes via Common Shares

in Proceedings of CHES 2016 (2016)

Cryptanalysis of GGH15 Multilinear Maps

in Proceedings of Crypto 2016 (2016)

New Multilinear Maps over the Integers

in Proceedings of Crypto 2015 (2015)

Secure Conversion between Boolean and Arithmetic Masking of Any Order

in Batina, Lejla; Robshaw, Matthew (Eds.) Cryptographic Hardware and Embedded Systems - CHES 2014, 16th International Workshop, Busan, South Korea, September 23-26, 2014. Proceedings (2014, September)

Fast Evaluation of Polynomials over Binary Finite Fields and Application to Side-Channel Countermeasures

in Batina, Lejla; Robshaw, Matthew (Eds.) Cryptographic Hardware and Embedded Systems – CHES 2014 (2014)

We describe a new technique for evaluating polynomials over binary finite fields. This is useful in the context of anti-DPA countermeasures when an S-box is expressed as a polynomial over a binary finite ... [more ▼]

We describe a new technique for evaluating polynomials over binary finite fields. This is useful in the context of anti-DPA countermeasures when an S-box is expressed as a polynomial over a binary finite field. For n-bit S-boxes our new technique has heuristic complexity ${\cal O}(2^{n/2}/\sqrt{n})$ instead of ${\cal O}(2^{n/2})$ proven complexity for the Parity-Split method. We also prove a lower bound of ${\Omega}(2^{n/2}/\sqrt{n})$ on the complexity of any method to evaluate $n$-bit S-boxes; this shows that our method is asymptotically optimal. Here, complexity refers to the number of non-linear multiplications required to evaluate the polynomial corresponding to an S-box. In practice we can evaluate any 8-bit S-box in 10 non-linear multiplications instead of 16 in the Roy-Vivek paper from CHES 2013, and the DES S-boxes in 4 non-linear multiplications instead of 7. We also evaluate any 4-bit S-box in 2 non-linear multiplications instead of 3. Hence our method achieves optimal complexity for the PRESENT S-box. [less ▲]

Practical Multilinear Maps over the Integers

in CRYPTO (1) (2013)