Cryptanalysis of HFEv and Internal Perturbation of HFE
نویسندگان
چکیده
Hidden field equation (HFE) multivariable cryptosystems were first suggested by Patarin. Kipnis and Shamir showed that to make the cryptosystem secure, a special parameter D of any HFE cryptosystem can not be too small. Consequently Kipnis, Patarin and Goubin proposed an enhanced variant of the HFE cryptosystem by combining the idea of Oil and Vinegar construction with the HFE construction. Essentially they “perturb” the HFE system with some external variables. In this paper, we will first present a new cryptanalysis method for the HFEv schemes. We then use the idea of internal perturbation to build a new cryptosystem, an internally perturbed HFE cryptosystem (IPHFE).
منابع مشابه
Equivalent Keys in HFE, C*, and Variations
In this article, we investigate the question of equivalent keys for two Multivariate Quadratic public key schemes HFE and C∗−− and improve over a previously known result, to appear at PKC 2005. Moreover, we show a new non-trivial extension of these results to the classes HFE, HFEv, HFEv-, and C∗−−, which are cryptographically stronger variants of the original HFE and C∗ / MIA schemes. In partic...
متن کاملCryptanalysis of HFE with Internal Perturbation
Multivariate Cryptography has been an active line of research for almost twenty years. While most multivariate cryptosystems have been under attack, variations of the basic schemes came up as potential repairs. In this paper, we study the Internal Perturbation variation of HFE recently proposed by Ding and Schmidt. Although several results indicate that HFE is vulnerable against algebraic attac...
متن کاملDegree of Regularity for HFEv and HFEv-
In this paper, we rst prove an explicit formula which bounds the degree of regularity of the family of HFEv ( HFE with vinegar ) and HFEv( HFE with vinegar and minus ) multivariate public key cryptosystems over a nite eld of size q. The degree of regularity of the polynomial system derived from an HFEvsystem is less than or equal to (q − 1)(r + v + a− 1) 2 + 2 if q is even and r + a is odd,
متن کاملGeMSS: A Great Multivariate Short Signature
The purpose of this document is to present GeMSS : a Great Multivariate Signature Scheme. As suggested by its name, GeMSS is a multivariate-based [14, 22, 4, 2, 20, 19] signature scheme producing small signatures. It has a fast verification process, and a medium/large public-key. GeMSS is in direct lineage from QUARTZ [18] and borrows some design rationale of the Gui multivariate signature sche...
متن کاملImproved Cryptanalysis of HFEv- via Projection
The HFEvsignature scheme is one of the most studied multivariate schemes and one of the major candidates for the upcoming standardization of post-quantum digital signature schemes. In this paper, we propose three new attack strategies against HFEv-, each of them using the idea of projection. Especially our third attack is very effective and is, for some parameter sets, the most efficient known ...
متن کامل