An Estimate of the Complexity of the Section Finding Problem on Algebraic Surfaces

Abstract

Researching post-quantum cryptography has been an important task in cryptography. The section finding problem on algebraic surfaces (AS-SFP) is considered to be intractable also after building quantum computers. Thus AS-SFP is used as a basis of the security of the Algebraic Surface Cryptosystem (ASC), which is a candidate of post-quantum cryptosystems, and it is important for designing parameters which make ASC secure to estimate the complexity of AS-SFP. Solving AS-SFP is reduced to solving certain multivariate equation systems (section equation systems) of high degrees, and one can solve such equation systems by using the Grobner basis technique. Although estimating the complexity of computing a Grobner basis associated with an equation system is difficult in general, it becomes easy if the equation system is semi-regular. In this paper, we experimentally estimate the complexity of AS-SFP. From our experimental results, although we see that section equation systems do not become semi-regular in most cases for small parameters, we can infer parameters closely related to the difficulty of computing Grobner bases associated with section equation systems. According to our inference, we estimate the complexity of AS-SFP and parameters which make ASC 128-bit security against the attack by the Grobner basis technique. We also consider a brute-force attack against AS-SFP and conjecture that the brute-force attack is more efficient than the attack by the Grobner basis technique. Finally, we estimate parameters and sizes of public keys such that ASC has 128-bit security against the brute-force attack. Its size (876 bits) is much smaller than sizes of public keys in other efficient candidates of PQC.