Annual International Cryptology Conference

CRYPTO 1999: Advances in Cryptology — CRYPTO’ 99 pp 19-30

Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization

  • Aviad Kipnis
  • Adi Shamir
Conference paper

DOI: 10.1007/3-540-48405-1_2

Volume 1666 of the book series Lecture Notes in Computer Science (LNCS)

Abstract

The RSA public key cryptosystem is based on a single modular equation in one variable. A natural generalization of this approach is to consider systems of several modular equations in several variables. In this paper we consider Patarin’s Hidden Field Equations (HFE) scheme, which is believed to be one of the strongest schemes of this type. We represent the published system of multivariate polynomials by a single univariate polynomial of a special form over an extension field, and use it to reduce the cryptanalytic problem to a system of ∈m2 quadratic equations in m variables over the extension field. Finally, we develop a new relinearization method for solving such systems for any constant > 0 in expected polynomial time. The new type of attack is quite general, and in a companion paper we use it to attack other multivariate algebraic schemes, such as the Dragon encryption and signature schemes. However, we would like to emphasize that the polynomial time complexities may be infeasibly large for some choices of the parameters, and thus some variants of these schemes may remain practically unbroken in spite of the new attack.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Aviad Kipnis
    • 1
  • Adi Shamir
    • 2
  1. 1.NDS TechnologiesJerusalemIsrael
  2. 2.Computer Science Dept.The Weizmann InstituteRehovotIsrael