Title, Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization. Booktitle, Advances in Cryptology – CRYPTO ’99, 19th Annual International. Download Citation on ResearchGate | Cryptanalysis of the HFE Public Key Finally, we develop a new relinearization method for solving such systems for any. Finally, we develop a new relinearization method for solving such systems for any constant ffl? Cryptanalysis of the HFE Public Key Cryptosystem ().

Author: Sajar Guzuru
Country: Myanmar
Language: English (Spanish)
Genre: Software
Published (Last): 27 August 2007
Pages: 313
PDF File Size: 3.25 Mb
ePub File Size: 19.5 Mb
ISBN: 416-2-19851-635-6
Downloads: 77767
Price: Free* [*Free Regsitration Required]
Uploader: Kazrashicage

In this paper, we propose a new variant of the HFE scheme by considering the special equation defined over the finite field when.

This is an open access article distributed under the Creative Commons Attribution Cryptanalyssiswhich permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. August Learn how and when to remove this template message. The proposed HFE modification has the following features: In the Matsumoto-Imai scheme, a permutation over with characteristic 2 is defined such thatthen using two invertible affine transformations and to disguise the central map into a quadratic map overnamely, The basic idea of the attack is as follows.

The RSA public key cryptosystem is based on a single modular equation in one variable. Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography.

Security We analyze the security of the proposed HFE modified encryption scheme. Multivariate public key cryptography is a set of cryptographic schemes built from the NP-hardness of solving quadratic equations over finite fields, amongst which the hidden field equations HFE family of schemes remain the most famous.


Building Secure Public Key Encryption Scheme from Hidden Field Equations

The new type of attack is quite general, and in a companion paper we use it to break other multivariate algebraic schemes, such as the Dragon encryption and signature schemes.

Correspondence should be addressed to Baocang Wang ; moc. The HFE keh firstly defines a univariate map over an extension field: So given a ciphertextwe only need to solve the linearization equations to obtain the corresponding plaintext. As a new multivariate public key encryption, the security of relinearizatiin proposal needs to be furthered.

Thus by solving the MinRank problem we can determine the matrix and the coefficients of the linear transformation. MinRank Attacks Basic Idea. Then two invertible affine transformations are applied to hide the special structure of the central map [ 25 ].

If ; then we output as crptosystem plaintext. Let be an irreducible polynomial with degree over ; then forms a degree- extension field.

Multivariate cryptography

However, some simple variants of HFE, such as the minus variant and the vinegar variant allow one to strengthen the basic HFE against all known attacks. It can be easily seen that both the modified and the original HFE schemes share a common secret key and decryption algorithm. Description The encryption scheme consists of three subalgorithms: Though the MinRank problem is proven to be NP-complete [ 2223 ], the reduction to the MinRank problem does impose a serious security threat on the security of the HFE scheme [ 78 ].

In this matrix equation, we only know that is of low rank at most. So the proposed scheme reduces the public key size by bits. So we encourage the readers to examine the security of the proposal. Introduction Public key cryptography [ 1 ] built from the NP-hardness of solving multivariate quadratic equations over finite filed [ 23 ] was conceived as a plausible candidate to traditional factorization and discrete logarithm based public key cryptosystems due to its high performance and the resistance to quantum attacks [ 4 ].


Signatures are generated using the private key and are verified using the public key as follows. It is based on a ground and an extension field. However, the original HFE scheme was insecure, and the follow-up modifications were shown to be still vulnerable to attacks.

Under the suggested parameters andthe degree of regularity of the quadratic equations is. Performance analysis shows that the modification can save the public key storage by bits and reduces the encryption costs by about bit operations. Articles with French-language external links Articles needing additional references from August All articles needing additional references. Given a ciphertextwe compute andand we use the Berlekamp algorithm [ 6 ] to compute all the preimages such thatand, for eachwe compute.

So the HFE scheme is secure against linearization equations attack.

Loosely speaking, when we apply two linear transformations on the input and output of the mapthe rank of the corresponding matrix remains at most. Note that the Frobenius maps for defined over are -linear; namely, when expressed in the base fieldwill be -dimensional linear functions over.

Forwe set where all the coefficients are in for.