TTM is NOT broken

Mr XXX put up a scandalous website claiming "TTM is broken" to fool the internet readers. After his two years mud-slinging, it is our duty to respond.

Why was Mr XXX doing these things? First, he wanted to bilk USDS Inc of $1,000. Second, he wanted a US job and worked for TTM. The trick was that if Mr XXX could not win according to the game rule, then he would bend the rule to make himself a winner!

The game rule of our Challenges was to obtain the private key for the solution. Although he clearly could not solve our Learner's Challenge II by showing us the private key, he declared himself a winner! Even after we repeatly requested the private key, he still had nothing to show and just wanted the money. It was a bad taste. We simply closed the Learner's Challenge II to avoid being hustled by Mr XXX.

The Learner's Challenges I and II(plus) had been open for everybody (including Mr XXX) contrary to what Mr XXX claimed in his infamous Website. The Learner's Challenge I was for pure fun and it had been there since July 31, 1997. It was not easy to have any pure fun for Mr XXX. The Learner's Challenge II(plus) was for pure fun and $1,000. It had been there since May 3, 2000.

The Challenge III had been damaged by a hacker. Mr XXX claimed in his e-mail:" I can only tell you I did not broke it, though I have a precise idea who might." Who is this criminal? Mr XXX pointed to someone else. Since those Challenges are mainly for fun, we do not plan to clean up after them at the time being.

He then looked for a job. He sent Prof T.Moh an e-mail at "Mon May 8 16:36:47 2000" as :

I must tell you that I'm completing my phd in France in about 2 months and I'm loking for a position in the US.
Do you have positions to work on TTM at your university ?

However, a known French Scientist who happened to be in Mr XXX's Ph. D. committee wrote (BTW, Mr XXX is not a French):

"Nobody trust Mr XXX, do not listen to him. He has not done anything for his Ph. D. yet."

There goes his US job and his chance to work for TTM.
Clearly, Mr XXX is a hustler!!

Scientifically, what are all about? Mr XXX disguises his nonsenses by quoting a paper of Goubin-Courtois which is a blunder. The said paper claims that TTM cryptosystem is a case of their TPM cryptosystem with r=2 and then crack TPM system with r=2.

The truth is that their attack on TPM is completely faulty with the strange way of using the theory of matrices for odd characteristic only to the situation of even characteristic (i.e., 1+1=0 in computer). In other words, they use the mathematical theory to represent quadratic forms by matrices in old characteristic to even characteristic. The mathematical theory is not a play dough which can be twisted. Furthermore, TTM is very flexible with r anything (in the paper below, an example is given to show that r can be 4). We shall simply quote the paper below to show that Mr XXX is talking nonsense.

In general, the comments from known cryptographers in comparing those two papers are as follows,

(a) it's true that quadratic forms cannot be represented by matrices over a field of even characteristic.
(b) The difference of r=2 versus r=4 is fundamental for the effectiveness of the Goubin-Courtois attack on the TTM public key crypto system.

The following is the abstract of a paper entitled "On the Goubin-Courtois Attack on TTM" written by T.Moh and J.M.Chen published by "Cryptology ePrint Archive (2001/72) which completely repudiates the above mentioned scandalous website.

[Abstract]

In the paper [1] published in ``Asiacrypt 2000", L. Goubin and N.T. Courtois propose an attack on the TTM cryptosystem. In paper [1], they mispresent TTM cryptosystem. Then they jump an attack from an example of TTM to the general TTM cryptosystem. Finally they conclude:"There is very little hope that a secure triangular system (Tame transformation system in our terminology) will ever be proposed". This is serious challenge to many people working in the field.
In this paper, we will show that their attack is full of gaps in section 5. Even their attack on one implementation of TTM is questionable. We write a lengthy introduction to restate TTM cryptosystem and point out many possible implementations. It will be clear that their attack on one implementation can not be generalized to attacks on other implementations. As one usually said: "truth is in the fine details", we quote and analysis their TPM system at the end of the introduction and § 2. We further state one implementations of TTM cryptosystem in § 3. We analysis their MinRank(r) attack in § 4 and show that is infeasible.
We conclude that the attack of [1] on the TTM cryptosystem is infeasible and full of gaps. There is no known attacks which can crack the TTM cryptosystem.