Skip to main content

Algorithmic and Mathematical Cryptology

Periodic Reporting for period 3 - AlmaCrypt (Algorithmic and Mathematical Cryptology)

Reporting period: 2019-01-01 to 2019-12-31

Cryptology is a foundation of information security in the digital world. Today's internet is protected by a form of cryptography based on complexity theoretic hardness assumptions. Ideally, they should be strong to ensure security and versatile to offer a wide range of functionalities and allow efficient implementations. However, these assumptions are largely untested and internet security could be built on sand. This issue is becoming even more sensitive due to the possible emergence of general purpose quantum computers in the mid-term future.

The main ambition of Almacrypt is to remedy this issue by challenging the assumptions through an advanced algorithmic analysis.

In particular, the scope of proposal includes the status of the two current pillars of public-key encryption: factoring and discrete logarithms. It is already known that they would be vulnerable to quantum computers. In addition, recent progress showed that in some cases, the discrete logarithm problem is considerably weaker than previously assumed against classical computers. A main objective is to ponder the security of other cases of the discrete logarithm problem, including elliptic curves, and of factoring. We are studying the generalization of the recent techniques and searching for new algorithmic options with comparable or better efficiency. Concerning elliptic curves, we are also interested by the related issue of isogeny between curves.

We also study hardness assumptions based on codes, subset-sum and polynomial systems, which are candidates hard problems for post-quantum cryptographic schemes. Essentially, we are considering the applicability of recent algorithmic and mathematical techniques, in order to discover more about the corresponding complexity classes, to refine the analysis of the algorithms, and to design new algorithm tools.

Cryptology is not limited to the above assumptions: other hard problems can be proposed to aim at post-quantum security or to offer extra functionalities. Using these other problems as testbeds to demonstrate other applications of our algorithmic progress is also within the scope of Almacrypt.

In addition to its scientific goal, Almacrypt also aims at seeding a strengthened research community dedicated to algorithmic and mathematical cryptology.
Main results of the time period:

1) A new method for solving polynomial systems of Boolean equations. The method was used to perform record computations in the Fukuoka challenge. The pre-existing record was at 66 variables using some dedicated hardware (FPGAs), with the method it was possible to find solutions to all the type I challenges from 67 up to 74 variables on a general purpose cluster. Note that the 74 variables challenge was the largest type I instance published by the Fukuoka team. After out publication, the algorithm has been programmed on GPUs by an independent team which confirmed its great potential compared to previously existing techniques.

2) A new candidate cryptosystem based on the use of Mersenne primes. This new system uses an extremely simple mathematical structure and seems to provide a very promising post-quantum secure key exchange method. The paper presenting the system has been accepted for presentation at Crypto'2018. The system has also been submitted to the on-going international competition organized by NIST in order to standardize post-quantum cryptosystems.

3) Use of the Walsh transform algorithm in a generalization of the quantum swap test. (cross-disciplinary reseach with the quantum information team at LIP6)

4) An algorithm for speeding up linear algebra on nearly sparse matrices using a new variation of block Wiedemann algorithm.

5) A simplification of the degree 2 elimination techique used in one method for small characteristic discrete logarithm. The work was initiated during the visit of Faruk Gologlu.

6) Results in Computational Number Theory (Finite Fields, Number Fields, Elliptic Curves)

7) Results about side-channel attacks on Number-theoretic cryptosystems

In addition to the above results, we followed the suggestion of the project's reviewer and started integrating lattice problems in Almacrypt from the start of 2018.
I) The ability to efficiently solve Boolean systems of polynomial equations farther than what was previously known is a surprising result that will have impact on the security and parameter choices of cryptosystems which are based on the hardness of this problem. This mainly includes multivariate cryptosystems which are some of the considered candidates for post-quantum cryptography. The algorithm has been successfully implemented on a GPU computing architecture by an independent team of researcher (see This shows that the new algorithm is of high practical relevance not only on standard computers but also on a larger variety of computing devices.
We will continue exploring this algorithm and its potential during the rest of the project.

II) The Mersenne system is also a unexpected and very promising result of Almacrypt. The basic idea was born as an attempt to simplify some existing cryptosystems in order to facilitate their analysis. However, it turned out that after the simplification, it was possible to design a very simple, yet seemingly secure cryptosystem. As a consequence, we decided submit it to the NIST call for post-quantum proposals.
We will continue supporting it during the NIST competition. We are interested by the possibility of designing a signature scheme on top of the Mersenne hard problem.

III) Concerning lattice reduction, we started developing a new code, making use of interval arithmetic techniques in order to be able to reduce some lattices arising from number theory in a much more satisfactory way than classical programs that target integer lattices. We will continue developping this code during the rest of the project. It is publicly available for download from the project website.

Until the end of the project, we will also continue working on the fundamental algorithmic research on hard cryptographic problem which are at the heart of the proposal. Due to the disruptive nature of algorithmic advances, it is impossible to predict the forthcoming progress.