The Degree of Regularity of HFE Systems

Vivien Dubois1 and Ni olas Gama2 1 DGA-MI, Fran e vivien.dubois m4x.org 2 EPFL, Switzerland ni olas.gama ens.fr Abstra t. HFE is a publi key s heme introdu ed by Patarin in 1996. An HFE publi key is a large system of polynomials in many variables over a small nite eld. This system results from some se ret omposition, based on whi h the owner an solve it to any arbitrary ve tor. While the se urity of the ryptosystem relies on the di ulty of solving the publi system without the trapdoor information, in 2002 Faugère found experimentally that Gröbner basis omputations perform mu h better on ertain HFE instan es than on random systems. More spe i ally, Faugère observed that the regular behaviour of the Gröbner basis omputation ollapses at a mu h lower degree than expe ted for random systems, letting the omputation nish mu h earlier. A ounting for this distin tive property, Faugère and Joux showed in 2003 that mapping HFE systems to some other multivariate ring exhibits the parti ular algebrai stru ture of these systems. Nevertheless, they did not o er the a tual omputation of the degree of regularity of HFE systems. Later, in 2006, Granboulan, Joux and Stern showed an asymptoti upper bound on the degree of regularity of HFE systems over GF (2) using independent results on overdetermined systems of equations. The ase of larger ground elds has remained however ompletely unsolved. In this paper, we exhibit an additional property of HFE systems that is in reasingly signi ant as the size of the ground eld grows. Using this property with a standard ombinatorial al ulation yields an arguably tight numeri al bound on the degree of regularity of HFE systems for any parameters.