[Resource Topic] 2024/196: Subfield attack: leveraging composite-degree extensions in the Quotient Ring transform

Welcome to the resource topic for 2024/196

Title:
Subfield attack: leveraging composite-degree extensions in the Quotient Ring transform

Authors: Pierre Pébereau

Abstract:

In this note, we show that some of the parameters of the Quotient-Ring transform proposed for VOX are vulnerable.
More precisely, they were chosen to defeat an attack in the field extension \mathbb F_{q^l} obtained by quotienting \mathbb F_q[X] by an irreducible polynomial of degree l.
We observe that we may use a smaller extension \mathbb F_{q^{l'}} for any l'|l, in which case the attacks apply again.
We also introduce a simple algebraic attack without the use of the MinRank problem to attack the scheme.
These attacks concern a subset of the parameter sets proposed for VOX: I, Ic, III, IIIa, V, Vb.
We estimate the cost of our attack on these parameter sets and find costs of at most 2^{67} gates, and significantly lower in most cases.
In practice, our attack requires 0.3s, 1.35s, 0.56s for parameter sets I,III,V for the initial VOX parameters, and 56.7s, 6.11s for parameter sets IIIa, Vb proposed after the rectangular MinRank attack.

ePrint: https://eprint.iacr.org/2024/196

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .