Cryptanalysis of the Oil & Vinegar Signature Scheme
نویسندگان
چکیده
Several multivariate algebraic signature schemes had been proposed in recent years, but most of them had been broken by exploiting the fact that their secret trapdoors are low rank algebraic structures. One of the few remaining variants is Patarin’s ”Oil & Vinegar” scheme, which is based on a system of n quadratic forms in 2n variables of two flavors (n ”oil” variables and n ”vinegar” variables). The security of the scheme depends on the difficulty of distinguishing between the two types, and does not seem to be susceptible to known low rank attacks. In this paper we describe two novel algebraic attacks which can efficiently separate the oil and vinegar variables, and thus forge arbitrary signatures.
منابع مشابه
Hidden Pair of Bijection Signature Scheme
A new signature system of multivariate public key cryptosystem is proposed. The new system, Hidden Pair of Bijection (HPB), is the advanced version of the Complementary STS system. This system realized both high security and quick signing. Experiments showed that the cryptanalysis of HPB by Gröbner bases has no less complexity than the random polynomial systems. It is secure against other way o...
متن کاملRainbow, a New Multivariable Polynomial Signature Scheme
Balanced Oil and Vinegar signature schemes and the unbalanced Oil and Vinegar signature schemes are public key signature schemes based on multivariable polynomials. In this paper, we suggest a new signature scheme, which is a generalization of the Oil-Vinegar construction to improve the efficiency of the unbalanced Oil and Vinegar signature scheme. The basic idea can be described as a construct...
متن کاملCryptanalysis of the Square Cryptosystems
Following the cryptanalyses of the encryption scheme HFE and of the signature scheme SFLASH, no serious alternative multivariate cryptosystems remained, except maybe the signature schemes UOV and HFE−−. Recently, two proposals have been made to build highly efficient multivariate cryptosystems around a quadratic internal transformation: the first one is a signature scheme called square-vinegar ...
متن کاملQuo Vadis Quaternion? Cryptanalysis of Rainbow over Non-commutative Rings
The Rainbow Signature Scheme is a non-trivial generalization of the well known Unbalanced Oil and Vinegar Signature Scheme (Eurocrypt '99) minimizing the length of the signatures. Recently a new variant based on non-commutative rings, called NC-Rainbow, was introduced at CT-RSA 2012 to further minimize the secret key size. We disprove the claim that NC-Rainbow is as secure as Rainbow in general...
متن کاملUnbalanced Oil and Vinegar Signature Schemes -extended Version
In 16], J. Patarin designed a new scheme, called \Oil and Vinegar", for computing asymmetric signatures. It is very simple, can be computed very fast (both in secret and public key) and requires very little RAM in smartcard implementations. The idea consists in hiding quadratic equations in n unknowns called \oil" and v = n unknowns called \vinegar" over a nite eld K, with linear secret functio...
متن کامل