On the weak key of post-quantum key agreement SAA-5

抄録

In this study, we show that a weak key exists with a high probability in Strongly Asymmetric Algorithm-5 (SAA-5), a post-quantum key agreement protocol based on matrix operations on finite field 𝔽_p. It has been claimed that only an exhaustive attack is possible for recovering a secret shared key. We propose a polynomial time recovery attack on the weak keys using the prime factorization of p – 1, the rank of matrices used in the protocol, and the Chinese remainder theorem. We also report the results of numerical experiments on SAA-5 using Magma against the recommended parameters, which can be recovered within a short time.