Go to JOC 2001 homepageDecomposing Attacks on Asymmetric Cryptography Based on Mapping Compositions
Abstract: Given the algebraic expression of the composition of two mappings how can one identify the two components? This is the problem of mapping decomposition, of which the usual function-decomposition problem [8] is a special case. It was believed that this problem is intractable in general. Some public key cryptosystems (PKC) are based on the difficulty of this mathematical problem. Two types of such PKCs are FAPKC, proposed by Tao [16], and the ``2R -schemes,'' proposed by Patarin and Goubin [11], [12]. FAPKC is based on composing finite automata (FA), while the ``2R -schemes'' use {quadratic functions} as the components. In this paper the decomposition problem for FA and for quadratic functions is investigated. Several methods for FA decomposing and one for quadratic functions are discovered. It is demonstrated that FA composition often exposes essential information about the components and that the full expression of composition of quadratic functions should not be given in 2R -schemes.
0 Replies
Loading