摘要
通过对SFLASH的中心映射进行扰动,最近Wang等人提出了一个新的多变量公钥系统pSFLASH.pSFLASH的设计者认为,扰动后的中心映射可以破坏SFLASH公钥潜在的数学结构,从而抵抗针对SFLASH的差分代数攻击[2-3].然而对于以(T-1,U-1,β,γ)为私钥的任一pSFLASH实例,一定存在一个可逆仿射变换U,使它变成一个以(T-1,■1)为私钥的SFLASH实例,因此利用对SFLASH的差分代数攻击[2-3],在几秒钟的时间内可以实际地伪造出任意消息的合法的pSFLASH签名.
Recently,a new multivariate public key cryptosystem named pSFLASH is proposed by Wang in 2010 by inserting a perturbation into the central map of the SFLASH cryptosystem.The designers of pSFLASH claim that the potential mathematical structure of the public key of SFLASH will be destroyed,if the central map is perturbed in such a way.Therefore,pSFLASH could resist the differential algebraic attack.This paper points out that,for every pSFLASH instance with private key(T-1,U-1,β,γ),there must exist a SFLASH instance with private key(T-1,■1),such that the pSFASH instance can be converted into that sFLASH instance.As a result,by applying the differential algebraic attack on SFLASH,we can practically forge a valid pSFLASH signature in seconds.
出处
《计算机学报》
EI
CSCD
北大核心
2011年第7期1284-1290,共7页
Chinese Journal of Computers
基金
国家自然科学基金(61070172
10990011)
国家"九七三"重点基础研究发展规划项目基金(2007CB311201)资助
