An INDCPA Analysis of a Cryptosystem Based on Bivariate Polynomial Reconstruction Problem
Abstract
:1. Introduction
2. Materials and Methods
2.1. Polynomial Reconstruction Problem (PRP)
2.2. PRP Computational Complexity
2.3. Vandermonde Method
 Write the general formula of the bivariate polynomial of degree $n1$.
 Evaluate the polynomial at points $({x}_{1},{y}_{1}),({x}_{2},{y}_{2}),\dots ,({x}_{n},{y}_{n})$.
 Solve the linear equation system.
2.4. AAKCryptosystem
Algorithm 1 Key Generation Process 
Input: Parameters (${x}_{i},{y}_{i},q,n,k,W,w$) Output: Public Key, $PK$ and secret key pair $(C,E)$

Algorithm 2 Encryption Process 
Input: Message, $\mu \in {\mathbb{F}}_{q}$ Output: Ciphertext, $CT$

Algorithm 3 Decryption Process 
Input: Ciphertext, $CT$ Output: Message polynomial, $\mu (X,Y)$

Proof of Correctness
2.5. Indistinguishable under ChosenPlaintext Attack (INDCPA)
 The random oracle initializes a cryptographic scheme and generates $(PK,SK)=Gen\left({1}^{n}\right)$ as well as choosing random $b\in \{0,1\}$ and publishing public key $PK$, while secret key $SK$ is kept secret.
 The PPTA chooses two messages, ${\mu}_{0}$ and ${\mu}_{1}$, and sends them to the random oracle.
 The random oracle randomly chooses one out of the two messages and encrypts it; then, it sends ciphertext $C=enc({\mu}_{b},PK)$ to the PPTA.
 The PPTA determines ${b}^{\prime}$. If ${b}^{\prime}=b$, then it outputs 1; else, 0.
3. The Attack
3.1. Cryptanalysis of AAKCryptosystem
 (i)
 When $r>s$, if $\mathrm{rank}\phantom{\rule{4pt}{0ex}}M\left(0\right)=s$, then there exists subsquare matrix ${M}^{\prime}\left(\lambda \right)$ in $M\left(\lambda \right)$.
 (ii)
 When $r<s$, if $\mathrm{rank}\phantom{\rule{4pt}{0ex}}M\left(0\right)=r$, then there exists subsquare matrix ${M}^{\prime}\left(\lambda \right)$ in $M\left(\lambda \right)$.
3.2. Algorithm for Theorem 1
Algorithm 4 Listing all possible candidates of secret key $\alpha $ via Theorem 1 
Input: Public key, $PK$ and ciphertext, $CT$ Output: Secret key, $\alpha $

3.3. Numerical Illustration of Theorem 1
 $M{\left(\lambda \right)}_{i,a,b}=(C{T}_{i}\lambda \xb7P{K}_{i})\xb7{\left({x}_{i}\right)}^{a}\xb7{\left({y}_{i}\right)}^{b}$
 $M{\left(\lambda \right)}_{i,a,b}={\left({x}_{i}\right)}^{a}\xb7{\left({y}_{i}\right)}^{b}$
3.4. Indistinguishable under Chosen Plaintext Attack on AAKCryptosystem
 It chooses two messages, ${\mu}_{0}$ and ${\mu}_{1}$, in which identical elements do not share the same position in the vector and sends it to the random oracle.
 The random oracle relays the ciphertext, where $CT={\mu}_{b}+\alpha \times PK+e$.
 It computes $\alpha $ based on Theorem 1.
 It computes $CT\alpha \times PK={\mu}_{b}+e$.
 Since the PPTA knows about secret key $\alpha $, the PPTA can check the ${\mu}_{b}+e$ vector entry positions. Due to the fact that e has vector elements equal to 0 totaling $nw$, the PPTA can identify b.
3.4.1. Algorithm for Theorem 2
Algorithm 5 IND CPA on the AAKCryptosystem using Theorem 2 
Input: Messages pair $({\mu}_{0},{\mu}_{1})$ Output:b where $b\in \{0,1\}$

3.4.2. Numerical Illustration of Theorem 2
4. Discussion
5. Conclusions
Author Contributions
Funding
Data Availability Statement
Acknowledgments
Conflicts of Interest
Abbreviations
PRP  Polynomial Reconstruction Problem 
INDCPA  Indistinguishable under Chosen Plaintext Attack 
PPTA  Probabilistic Polynomial Time Adversary 
Appendix A
References
 Brassard, G.; Lutkenhaus, N.; Mor, T.; Sanders, B.C. Security Aspects of Practical Quantum Cryptography. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Bruges, Belgium, 14–18 May 2000; pp. 289–299. [Google Scholar]
 Cambou, B.; Gowanlock, M.; Yildiz, B.; Ghanaimiandoab, D.; Lee, K.; Nelson, S.; Philabaum, C.; Stenberg, A.; Wright, J. Post Quantum Cryptographic Keys Generated with Physical Unclonable Functions. Appl. Sci. 2021, 11, 2801. [Google Scholar] [CrossRef]
 Shor, P.W. Algorithms for Quantum Computation: Discrete Logarithms and Factoring. In Proceedings of the 35th Annual Symposium on Foundations of Computer Science, Santa Fe, NM, USA, 20–22 November 1994; pp. 124–134. [Google Scholar]
 Song, B.; Zhao, Y. Provably Secure IdentityBased Identification and Signature Schemes From Code Assumptions. PLoS ONE 2017, 12, e018289. [Google Scholar] [CrossRef] [PubMed] [Green Version]
 Shi, J.; Chen, S.; Lu, Y.; Feng, Y.; Shi, R.; Yang, Y.; Li, J. An approach to cryptography based on continuousvariable quantum neural network. Sci. Rep. 2020, 10, 2107. [Google Scholar] [CrossRef] [PubMed] [Green Version]
 Jordan, S. Quantum Algorithm Zoo. 2011. Available online: https://quantumalgorithmzoo.org/ (accessed on 5 January 2023).
 Gaborit, P.; Otmani, A.; Kalachi, H.T. PolynomialTime Key Recovery Attack on the Faure–Loidreau Scheme Based on Gabidulin Codes. Des. Codes Cryptogr. 2018, 86, 1391–1403. [Google Scholar] [CrossRef] [Green Version]
 Imran, M.; Abideen, Z.U.; Pagliarini, S. An Experimental Study of Building Blocks of LatticeBased NIST PostQuantum Cryptographic Algorithms. Electronics 2020, 9, 1953. [Google Scholar] [CrossRef]
 Naor, M.; Pinkas, B. Oblivious Transfer and Polynomial Evaluation. In Proceedings of the ThirtyFirst Annual ACM Symposium on Theory of Computing, Atlanta, GA, USA, 1–4 May 1999; pp. 245–254. [Google Scholar]
 Kiayias, A.; Yung, M. Directions in Polynomial Reconstruction Based Cryptography. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 2004, 87, 978–985. [Google Scholar]
 Guruswami, V.; Sudan, M. Improved decoding of ReedSolomon and AlgebraicGeometry Codes. IEEE Trans. Inf. Theory 1999, 45, 1757–1767. [Google Scholar] [CrossRef] [Green Version]
 Augot, D.; Finiasz, M. A Public Key Encryption Scheme Based on the Polynomial Reconstruction Problem. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Warsaw, Poland, 4–8 May 2003; pp. 229–240. [Google Scholar]
 Kiayias, A.; Yung, M. Polynomial Reconstruction Based Cryptography. In Proceedings of the International Workshop on Selected Areas in Cryptography, Toronto, ON, Canada, 16–17 August 2001; pp. 129–133. [Google Scholar]
 Kiayias, A.; Yung, M. Cryptanalyzing the PolynomialReconstruction Based PublicKey System under Optimal Parameter Choice. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Jeju, Republic of Korea, 5–9 December 2004; pp. 401–416. [Google Scholar]
 Coron, J.S. Cryptanalysis of a PublicKey Encryption Scheme Based on the Polynomial Reconstruction Problem. In Proceedings of the International Workshop on Theory and Practice in Public Key Cryptography, Singapore, 1–4 March 2004; pp. 14–27. [Google Scholar]
 Ajeena, R.K.; Kamarulhaili, H.; Almaliky, S.B. Bivariate Polynomials Public Key Encryption Schemes. Int. J. Cryptol. Res. 2013, 4, 73–83. [Google Scholar]
 Lin, C.Y.; Wu, J.L. Cryptanalysis and Improvement of a Chaotic MapBased Image Encryption System Using Both Plaintext Related Permutation and Diffusion. Entropy 2020, 22, 589. [Google Scholar] [CrossRef] [PubMed]
 Kuwakado, H.; Morii, M. Quantum Distinguisher between the 3Round Feistel Cipher and the Random Permutation. In Proceedings of the IEEE International Symposium on Information Theory, Austin, TX, USA, 13–18 June 2010; pp. 2682–2685. [Google Scholar]
 Yusof, S.N.; Kamel Ariffin, M.R. An Empirical Attack on a Polynomial Reconstruction Problem Potential Cryptosystem. Int. J. Cryptol. Res. 2021, 11, 31–48. [Google Scholar]
 Bleichenbacher, D.; Nguyen, P.Q. Noisy Polynomial Interpolation and Noisy Chinese Remaindering. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Bruges, Belgium, 14–18 May 2000; Volume 1807, pp. 53–69. [Google Scholar]
 Sadkhan, S.B.; Ruma, K.H. Evaluation of Polynomial Reconstruction Problem using Lagrange Interpolation Method. In Proceedings of the 2006 2nd International Conference on Information and Communication Technologies, Damascus, Syria, 24–28 April 2006; Volume 1, pp. 1399–1403. [Google Scholar]
 Augot, D.; Finiasz, M.; Loidreau, P. Using the Trace Operator to Repair the Polynomial Reconstruction Based Cryptosystem Presented at Eurocrypt 2003. Int. Assoc. Cryptologic Res. 2003, 209. [Google Scholar]
 Zhu, S.; Han, Y. Generative Trapdoors for Public Key Cryptography Based on Automatic Entropy Optimization. China Commun. 2021, 18, 35–46. [Google Scholar] [CrossRef]
 Carstens, T.V.; Ebrahimi, E.; Tabia, G.N.; Unruh, D. On Quantum Indistinguishability Under Chosen Plaintext Attack. Int. Assoc. Cryptologic Res. 2020, 596. [Google Scholar]
 Abdalla, M.; Benhamouda, F.; Pointcheval, D. PublicKey Encryption Indistinguishable Under PlaintextCheckable Attacks. IET Inf. Secur. 2016, 10, 288–303. [Google Scholar] [CrossRef] [Green Version]
Parameter  Remark 

X  Input ${x}_{i}$ 
Y  Input ${y}_{i}$ 
${\mathbb{F}}_{q}$  Finite field with size q 
n  The number of elements in a vector 
k  Its dimension 
W  The weight of big error vector E when the PRP is hard, that is, $W>\frac{nk}{2}$ [16] 
w  The weight of small error e, which results in the PRP being able to decrypt the ciphertext such that $w\le \frac{nk}{2}$ [15] 
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. 
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Yusof, S.N.; Kamel Ariffin, M.R.; Lau, T.S.C.; Salim, N.R.; Yip, S.C.; Yap, T.T.V. An INDCPA Analysis of a Cryptosystem Based on Bivariate Polynomial Reconstruction Problem. Axioms 2023, 12, 304. https://doi.org/10.3390/axioms12030304
Yusof SN, Kamel Ariffin MR, Lau TSC, Salim NR, Yip SC, Yap TTV. An INDCPA Analysis of a Cryptosystem Based on Bivariate Polynomial Reconstruction Problem. Axioms. 2023; 12(3):304. https://doi.org/10.3390/axioms12030304
Chicago/Turabian StyleYusof, Siti Nabilah, Muhammad Rezal Kamel Ariffin, Terry Shue Chien Lau, Nur Raidah Salim, SookChin Yip, and Timothy Tzen Vun Yap. 2023. "An INDCPA Analysis of a Cryptosystem Based on Bivariate Polynomial Reconstruction Problem" Axioms 12, no. 3: 304. https://doi.org/10.3390/axioms12030304