Document Open Access Logo

Cryptanalysis of a Generalized Subset-Sum Pseudorandom Generator

Authors Charles Bouillaguet, Florette Martinez, Damien Vergnaud

PDF
Thumbnail PDF

File

LIPIcs.MFCS.2023.23.pdf
  • Filesize: 0.7 MB
  • 15 pages

Document Identifiers

Author Details

Charles Bouillaguet
  • Sorbonne Université, CNRS, LIP6, F-75005 Paris, France
Florette Martinez
  • Sorbonne Université, CNRS, LIP6, F-75005 Paris, France
Damien Vergnaud
  • Sorbonne Université, CNRS, LIP6, F-75005 Paris, France

Funding

This work was supported in part by the French Agence Nationale de la Recherche under project "GORILLA" (ANR-20-CE39-0002). Preliminary computational experiments were carried out using the Grid'5000 testbed, supported by a scientific interest group hosted by Inria and including CNRS, RENATER and several Universities as well as other organizations (see https://www.grid5000.fr).

Acknowledgements

The authors are grateful to the anonymous reviewers for their insightful comments and valuable suggestions.

Cite AsGet BibTex

Charles Bouillaguet, Florette Martinez, and Damien Vergnaud. Cryptanalysis of a Generalized Subset-Sum Pseudorandom Generator. In 48th International Symposium on Mathematical Foundations of Computer Science (MFCS 2023). Leibniz International Proceedings in Informatics (LIPIcs), Volume 272, pp. 23:1-23:15, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2023)
https://doi.org/10.4230/LIPIcs.MFCS.2023.23

Abstract

We present attacks on a generalized subset-sum pseudorandom generator, which was proposed by von zur Gathen and Shparlinski in 2004. Our attacks rely on a sub-quadratic algorithm for solving a vectorial variant of the 3SUM problem, which is of independent interest. The attacks presented have complexities well below the brute-force attack, making the generators vulnerable. We provide a thorough analysis of the attacks and their complexities and demonstrate their practicality through implementations and experiments.

Subject Classification

ACM Subject Classification
  • Security and privacy → Cryptography
Keywords
  • Cryptography
  • pseudo-random generator
  • subset-sum problem
  • 3SUM problem
  • cryptanalysis

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads
    0
    Metadata Views

Supplementary Materials

References

  1. Omran Ahmadi and Igor E. Shparlinski. Exponential sums over points of elliptic curves. J. Number Theory, 140:299-313, 2014. Google Scholar
  2. R. Arratia and L. Gordon. Tutorial on large deviations for the binomial distribution. Bulletin of Mathematical Biology, 51(1):125-131, 1989. Google Scholar
  3. Aurélie Bauer, Damien Vergnaud, and Jean-Christophe Zapalowicz. Inferring sequences produced by nonlinear pseudorandom number generators using Coppersmith’s methods. In Marc Fischlin, Johannes Buchmann, and Mark Manulis, editors, PKC 2012: 15th International Conference on Theory and Practice of Public Key Cryptography, volume 7293 of Lecture Notes in Computer Science, pages 609-626, Darmstadt, Germany, May 21-23 2012. Springer, Heidelberg, Germany. URL: https://doi.org/10.1007/978-3-642-30057-8_36.
  4. Simon R. Blackburn, Alina Ostafe, and Igor E. Shparlinski. On the distribution of the subset sum pseudorandom number generator on elliptic curves. Unif. Distrib. Theory, 6(1):127-142, 2011. Google Scholar
  5. Ian F. Blake, Gadiel Seroussi, and Nigel P. Smart. Elliptic curves in cryptography, volume 265 of Lond. Math. Soc. Lect. Note Ser. Cambridge: Cambridge University Press, 1999. Google Scholar
  6. Don Coppersmith. Finding a small root of a bivariate integer equation; factoring with high bits known. In Ueli M. Maurer, editor, Advances in Cryptology - EUROCRYPT'96, volume 1070 of Lecture Notes in Computer Science, pages 178-189, Saragossa, Spain, May 12-16 1996. Springer, Heidelberg, Germany. URL: https://doi.org/10.1007/3-540-68339-9_16.
  7. Don Coppersmith. Finding a small root of a univariate modular equation. In Ueli M. Maurer, editor, Advances in Cryptology - EUROCRYPT'96, volume 1070 of Lecture Notes in Computer Science, pages 155-165, Saragossa, Spain, May 12-16 1996. Springer, Heidelberg, Germany. URL: https://doi.org/10.1007/3-540-68339-9_14.
  8. Edwin D. El-Mahassni. On the distribution of the elliptic subset sum generator of pseudorandom numbers. Integers, 8(1):article a31, 7, 2008. Google Scholar
  9. Helmut Hasse. Zur Theorie der abstrakten elliptischen Funktionenkörper. III: Die Struktur des Meromorphismenringes. Die Riemannsche Vermutung. J. Reine Angew. Math., 175:193-208, 1936. Google Scholar
  10. Mathias Herrmann and Alexander May. Attacking power generators using unravelled linearization: When do we output too much? In Mitsuru Matsui, editor, Advances in Cryptology - ASIACRYPT 2009, volume 5912 of Lecture Notes in Computer Science, pages 487-504, Tokyo, Japan, December 6-10 2009. Springer, Heidelberg, Germany. URL: https://doi.org/10.1007/978-3-642-10366-7_29.
  11. Ellen Jochemsz and Alexander May. A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In Xuejia Lai and Kefei Chen, editors, Advances in Cryptology - ASIACRYPT 2006, volume 4284 of Lecture Notes in Computer Science, pages 267-282, Shanghai, China, December 3-7 2006. Springer, Heidelberg, Germany. URL: https://doi.org/10.1007/11935230_18.
  12. Simon Knellwolf and Willi Meier. Cryptanalysis of the knapsack generator. In Antoine Joux, editor, Fast Software Encryption - FSE 2011, volume 6733 of Lecture Notes in Computer Science, pages 188-198, Lyngby, Denmark, February 13-16 2011. Springer, Heidelberg, Germany. URL: https://doi.org/10.1007/978-3-642-21702-9_11.
  13. Donald Ervin Knuth. The art of computer programming, Volume 4B: Combinatorial Algorithms, Part 2. Addison-Wesley, 2022. Google Scholar
  14. Florette Martinez. Attacks on pseudo random number generators hiding a linear structure. In Steven D. Galbraith, editor, Topics in Cryptology - CT-RSA 2022, volume 13161 of Lecture Notes in Computer Science, pages 145-168, Virtual Event, March 1-2 2022. Springer, Heidelberg, Germany. URL: https://doi.org/10.1007/978-3-030-95312-6_7.
  15. S.M. Ross. Probability Models for Computer Science. Elsevier Science, 2002. Google Scholar
  16. Rainer A. Rueppel and James L. Massey. Knapsack as a nonlinear fonction. In IEEE International Symposium on Information Theory. IEEE Press, NY, 1985. Google Scholar
  17. Victor Shoup. Lower bounds for discrete logarithms and related problems. In Walter Fumy, editor, Advances in Cryptology - EUROCRYPT'97, volume 1233 of Lecture Notes in Computer Science, pages 256-266, Konstanz, Germany, May 11-15 1997. Springer, Heidelberg, Germany. URL: https://doi.org/10.1007/3-540-69053-0_18.
  18. Jacques Stern, David Pointcheval, John Malone-Lee, and Nigel P. Smart. Flaws in applying proof methodologies to signature schemes. In Moti Yung, editor, Advances in Cryptology - CRYPTO 2002, volume 2442 of Lecture Notes in Computer Science, pages 93-110, Santa Barbara, CA, USA, August 18-22 2002. Springer, Heidelberg, Germany. URL: https://doi.org/10.1007/3-540-45708-9_7.
  19. Joachim von zur Gathen and Igor Shparlinski. Predicting subset sum pseudorandom generators. In Helena Handschuh and Anwar Hasan, editors, SAC 2004: 11th Annual International Workshop on Selected Areas in Cryptography, volume 3357 of Lecture Notes in Computer Science, pages 241-251, Waterloo, Ontario, Canada, August 9-10 2004. Springer, Heidelberg, Germany. URL: https://doi.org/10.1007/978-3-540-30564-4_17.
  20. Joachim von zur Gathen and Igor E. Shparlinski. Subset sum pseudorandom numbers: fast generation and distribution. J. Math. Cryptol., 3(2):149-163, 2009. URL: https://doi.org/10.1515/JMC.2009.007.
  21. Lawrence C. Washington. Elliptic curves. Number theory and cryptography. Boca Raton, FL: Chapman and Hall/CRC, 2nd ed. edition, 2008. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail
© 2023-2024 Schloss Dagstuhl – LZI GmbH Imprint Privacy Contact