Lie algebras and the security of cryptosystems based on classical varieties in disguise

In 2006, de Graaf et al. proposed a strategy based on Lie algebras for finding a linear transformation in the projective linear group that connects two linearly equivalent projective varieties defined over the rational numbers. Their method succeeds for several families of “classical” varieties, such as Veronese varieties, which are known to have large automorphism groups.

In this talk, we explain how to extend their Lie algebra method to finite fields, which introduces additional technical difficulties because of the positive characteristic. We show that the method works for Veronese varieties of dimension at least two over finite fields whose characteristic is greater than three and does not divide the dimension plus one.

We demonstrate that this leads to polynomial-time attacks against two candidate post-quantum key exchange protocols that are based on disguised Veronese surfaces and threefolds, which were recently proposed by Alzati et al. Furthermore, we provide strong evidence for the vulnerability of a digital signature scheme that relies on secant varieties of Grassmannians of projective lines, although for now this does not amount to a complete attack because the scheme operates over finite fields of characteristic two.