Title, Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization. Booktitle, Advances in Cryptology – CRYPTO ’99, 19th Annual International. Download Citation on ResearchGate | Cryptanalysis of the HFE Public Key Finally, we develop a new relinearization method for solving such systems for any. Finally, we develop a new relinearization method for solving such systems for any constant ffl? Cryptanalysis of the HFE Public Key Cryptosystem ().
|Published (Last):||19 April 2015|
|PDF File Size:||4.37 Mb|
|ePub File Size:||19.80 Mb|
|Price:||Free* [*Free Regsitration Required]|
The construction admits a standard isomorphism between the extension field and the vector space ; namely, for an elementwe have. To make a comparison between the proposed HFE modification and the original HFE schemes in a uniform platform, we consider ov HFE scheme defined over and its extension field. It can be easily seen that both the modified and the original HFE schemes share a common secret key and decryption algorithm. To illustrate why the proposed modification of the HFE scheme is secure against the MinRank attack [ 78 ], we just need to show that when lifted to the extension fieldthe quadratic part of the public key is not connected with a low-rank cryptanxlysis.
Thus we have some additional equations that associate with the plaintext ; namely, forwe have. Solving systems of multivariate polynomial equations is proven to be NP-hard or NP-complete.
Multivariate Quadratics involves a public and a private key. We define the quadratic part of asnamely, forNote that can be expressed as homogeneous quadratic polynomials over the base field ; then the application of two linear transformations on the input and output of will also give homogeneous quadratic polynomials over the base field. Please help improve this section by adding citations to reliable sources.
Public Key Cryptography (Spring ) course
Therefore, we cannot hope to derive linearization equations from the modified HFE scheme. Linearization equations attack [ 18 ] was found by Patarin on the Matsumoto-Imai scheme [ 19 ]. View at MathSciNet V. It is shown that the proposed public key encryption scheme is secure against known attacks including the MinRank attack, the algebraic attacks, and the linearization equations attacks.
Abstract Multivariate public key cryptography is a set of cryptographic schemes built from the NP-hardness of solving quadratic equations over finite fields, amongst which the hidden field equations HFE family of schemes remain the most famous.
A natural generalization of this approach is to consider systems of several modular equations in several variables. Patarin developed other schemes. This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. It is shown that the modification can defend the known attacks including the MinRank attack, the linearization equations attack, and the direct algebraic attacks.
Then we merge the coefficients of the square and linear terms oftelinearization is, forand get the public key of the modified HFE scheme, namely, quadratic polynomialswhere, forThe secret key consists of, and.
So and satisfy the following equations derived from the bilinear equations, cryptanallysis, where and all the coefficients in.
In fact, the relinarization polynomial map is exactly the public key of the original HFE scheme, and the secret key of the original scheme also consists of, and. Subscribe to Table of Contents Alerts. So the computational overhead is about bit operations. However, we can derive the field equations from the equations.
We represent the published system of multivariate polynomials by a single univariate polynomial of a special form over an extension field, and use it to reduce the cryptanalytic problem to a system of fflm 2 quadratic equations in m variables over the extension field.
We then can look at as a quadratic form publkc then we associate with a symmetric -dimensional square matrix such that The symmetric matrix is of low rank, and it is the special structure of the symmetric matrix that makes the original HFE scheme insecure.
That’s why those schemes are often considered to be good candidates for post-quantum cryptography.
Security and Communication Networks
The proposed HFE modification has the following features: Firstly, we define an HFE map in 1 and randomly choose two invertible affine transformations and. Schmidt, Multivariate Public Key Cryptosystemsvol. However, some simple variants of HFE, such as the minus variant and the vinegar variant allow one to strengthen the basic HFE against all known attacks.
In this paper, we proposed a novel modified HFE encryption scheme. The plaintext space is. So both schemes have the same secret key sizes and decryption costs.
In this matrix equation, we only know that is of low rank at most. Hence, forSo. We can see from the security analysis that the proposed HFE modification encryption scheme can obtain a security level of 80 bits under the suggested parameters.
The proposal gains some advantages over the original HFE scheme with respect to the encryption speed and public key size. Conclusions In this paper, we proposed a novel modified HFE encryption scheme.
We impose some restrictions on the plaintext space and can use the restriction to merge the coefficients of the linear part and the square part.