Cybersecurity Research Institute TOP日本語

Security Evaluation Team

Cryptographic techniques are used in modern information communication systems to protect confidential information and to prevent tampering and spoofing.
In order to contribute to the appropriate implementation and secure use of various cryptographic techniques, our laboratory has conducted research and development of cryptographic infrastructure technology.

In particular, we are engaged in the research and development of security evaluation of lattice-based cryptography and multivariable public key cryptography, which are expected to become the world standard post-quantum cryptography, as well as RSA cryptography and elliptic curve cryptography, which are currently widely used.
Based on our research outcomes, we are contributing to CRYPTREC, which is a project to evaluate and monitor the security of the cryptography recommended for the digital government, and to investigate and study appropriate implementation and usage methods of cryptographic techniques.

CRYPTREC official website

Overview of the research

Evaluating threats of quantum computers to modern cryptosystems

In recent years, quantum computers have been actively developed around the world toward the popularization.
Despite the positive side of technological progress, popular cryptography (such as RSA, ECC, DH, DSA, etc.) are possibly compromised after a quantum computer with sufficient performance will be released.
One of the research activities in our laboratory is evaluating threats of the present quantum computers to the cryptosystems and providing the future prediction of the time when a cryptosystem will be updated.

Threats of quantum computers to modern cryptosystems

The security of public key cryptography highly depends on the hardness of a computational problem. With using a quantum computer with sufficient performance, the problem might be solved efficiently and it means the cryptography cannot keep the security.

Predict when a modern cryptosystem will not be able to keep the security.

In 2020, we conducted joint research with Keio University, Mitsubishi UFJ Financial Group, and Mizuho Financial Group.
We have succeeded in solving a discrete logarithm problem using a quantum computer.
The problem is a security base of DH and DSA, which are widely used public key cryptography.
With the experimental results, we have confirmed the present quantum computers have no threat to DH and DSA at that time.
Additionary, we will utilize the results to predict the time when DH, DSA, and ECC will be compromised.

We will continue conducting the experiments along with improvements of quantum computers to predict the time when the modern cryptosystem will be threatened as accurate as possible.
In addition, we provide feedback on the knowledge of the research activities to contribute in lectures at the NICT Quantum Camp (NQC) , a program for the development of ICT human resources.

Press releases

Conducting experiments to solve discrete logarithm problem using a quantum computer (December 9, 2020) (only in Japanese)

Security evaluation of post-quantum cryptography (PQC)

Toward the secure use of cryptography in the quantum computer era

In order to use information communication systems securely in the future, it is necessary to develop and disseminate cryptography that is difficult to be deciphered by both a quantum computer and a conventional computer before a quantum computer has sufficient performance. Such cryptography is called post-quantum cryptography (PQC).
In recent years, the research, development, and standardization of such cryptography is being promoted worldwide, especially in the United States, and our laboratory is also engaged in research and development.
One of these efforts is the security evaluation of multivariate public key cryptography (MPKC), which is a representative candidate for PQC.

The security of MPKC depends on the hardness of solving a system of multivariate quadratic equations

The security of MPKC depends on the hardness of solving a system of multivariate quadratic equations and the fact that the hardness increases with increasing numbers of variables.
In addition, the more variables there are, the more resources are required for cryptographic operations, and therefore, a measure of the number of variables that can guarantee security is required.

NICT sets a world record for solving a system of quadratic equations in 37 variables

Processing speed 5 times, Memory usage 1/8

World record: We succeeded in solving such systems with 37 variables

  • We proposed the algorithm for solving systems of multivariate quadratic equations
  • Our algorithm requires less computational time and memory for those systems than known efficient algorithms.
  • Applying this method to a system of quadratic equations in 37 variables would have taken 4 to 16 years using a general-purpose algorithm to solve it.
  • We succeeded in solving two kinds of those systems of Fukuoka MQ challenge using our algorithm when the number of variables was 37 in both problems.

* Fukuoka MQ Challenge

Press releases

NICT achieves a world record in the security evaluation of PQC (June 27, 2019) (only in Japanese)

We will continue to conduct research on security evaluation for the practical use of various types of PQC, including MPKC.

Security analysis of end-to-end encryption

Security analysis of end-to-end encryption (E2EE) for Zoom, Webex, etc

With the increase in teleworking, remote conference systems have become essential not only for business purposes but also for private, academic, and educational uses. Therefore, it is important to evaluate the security measures, such as E2EE, used in these systems. In collaboration with the University of Hyogo and the NEC Corporation, we evaluated the E2EE schemes for various remote conference systems, such as Zoom, Google Duo, Cisco Webex, and Jitsi Meet, and contributed to enabling the trusted and secure operation of these systems. In this study, we identified several vulnerabilities in the E2EE scheme for these systems, proposed various attacks (e.g., impersonation, tampering, and denial of service attacks) based on these vulnerabilities, and then quickly reported our findings and their countermeasures to each service provider. Following these vulnerability reports, the service providers immediately updated their E2EE specifications.

back to page top