Volume 9, Issue 1

In this paper we present a new method of choosing primitive elements for Brezing–Weng families of pairing-friendly elliptic curves with small rho-values, and we improve on previously known best rho-values of families [J. Cryptology 23 (2010), 224–280], [Lecture Notes in Comput. Sci. 5209, Springer (2008), 126–135] for the embedding degrees k=16$k=16$, 22, 28, 40 and 46. We consider elements of the form (a+b-D)ζk$(a+b\sqrt{-D})\zeta _k$ for rational numbers a , b and a square-free positive integer D , where ζk$\zeta _k$ is a primitive k -th root of unity. We also investigate the conditions for an element of the proposed form to be suitable for our construction. Our construction uses fixed discriminants.

T. Harayama and D. K. Friesen [J. Math. Cryptol. 1 (2007), 79–104] proposed the linearized binomial attack for multivariate quadratic cryptosystems and introduced weak Dembowski–Ostrom (DO) polynomials in this framework over the finite field 𝔽 2 . We extend the linearized binomial attack to multivariate quadratic cryptosystems over 𝔽 p for any prime p and redefine the weak DO polynomials for general case. We identify infinite classes of weak DO polynomials for these systems by considering highly degenerate quadratic forms over algebraic function fields and Artin–Schreier type curves to achieve our results. This gives a general answer to the conjecture stated by Harayama and Friesen and also a partial enumeration of weak DO polynomials over finite fields.

We show that the round functions of the KASUMI block cipher for odd and even round type generate the alternating group on the message space. Moreover, under the assumption of independent round keys, we prove that also the KASUMI two-round functions and the KASUMI encryption functions generate the alternating group.

The Anshel–Anshel–Goldfeld (AAG) key-exchange protocol was implemented and studied with the braid groups as its underlying platform. The length-based attack, introduced by Hughes and Tannenbaum, has been used to cryptanalyze the AAG protocol in this setting. Eick and Kahrobaei suggest to use the polycyclic groups as a possible platform for the AAG protocol. In this paper, we apply several known variants of the length-based attack against the AAG protocol with the polycyclic group as the underlying platform. The experimental results show that, in these groups, the implemented variants of the length-based attack are unsuccessful in the case of polycyclic groups having high Hirsch length. This suggests that the length-based attack is insufficient to cryptanalyze the AAG protocol when implemented over this type of polycyclic groups. This implies that polycyclic groups could be a potential platform for some cryptosystems based on conjugacy search problem, such as non-commutative Diffie–Hellman, El Gamal and Cramer–Shoup key-exchange protocols. Moreover, we compare for the first time the success rates of the different variants of the length-based attack. These experiments show that, in these groups, the memory length-based attack introduced by Garber, Kaplan, Teicher, Tsaban and Vishne does better than the other variants proposed thus far in this context.

Rotation symmetric Boolean functions have been extensively studied in the last 15 years or so because of their importance in cryptography and coding theory. Until recently, very little was known about such basic questions as when two such functions are affine equivalent. This question in important in applications, because almost all important properties of Boolean functions (such as Hamming weight, nonlinearity, etc.) are affine invariants, so when searching a set for functions with useful properties, it suffices to consider just one function in each equivalence class. This can greatly reduce computation time. Even for quadratic functions, the analysis of affine equivalence was only completed in 2009. The much more complicated case of cubic functions was completed in the special case of affine equivalence under permutations for monomial rotation symmetric functions in two papers from 2011 and 2014. There has also been recent progress for some special cases for functions of degree >3${> 3}$. In 2007 it was found that functions satisfying a new notion of k -rotation symmetry for k > 1 (where the case k = 1 is ordinary rotation symmetry) were of substantial interest in cryptography and coding theory. Since then several researchers have used these functions for k = 2 and 3 to study such topics as construction of bent functions, nonlinearity and covering radii of various codes. In this paper we develop a detailed theory for the monomial 3-rotation symmetric cubic functions, extending earlier work for the case k = 2 of these functions.