Hybrid Approach : a Tool for Multivariate Cryptography

In this paper, we present an algorithmic tool to cryptanalysis multivariate cryptosystems. The presented algorithm is a hybrid approach that mixes exhaustive search with classical Gröbner bases computation to solve multivariate polynomial systems over a finite field. Depending on the size of the field, our method is an improvement on existing techniques. For usual parameters of multivariate schemes, our method is effective. We give theoretical evidences on the efficiency of our approach as well as practical cryptanalysis of several multivariate signature schemes (TRMS, UOV) that were considered to be secure. For instance, on TRMS, our approach allow to forge a valid signature in 267 operations instead of 2160 with exhaustive search or 283 with only Gröbner bases. Our algorithm is general as its efficiency is demonstrated on random systems of equations. As the structure of the cryptosystem is not involved, our algorithm provides a generic tool to calibrate the parameters of any multivariate scheme. These results were already published in [5]. We also present an extended version of our hybrid approach, suitable for polynomials of higher degree. To easily access our tools, we provide a MAGMA package available at http://www-salsa.lip6.fr/~bettale/hybrid.html that provide all the necessary material to use our hybrid approach and to compute the complexities.