Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization
 Aviad Kipnis,
 Adi Shamir
 … show all 2 hide
Abstract
The RSA public key cryptosystem is based on a single modular equation in one variable. A natural generalization of this approach is to consider systems of several modular equations in several variables. In this paper we consider Patarin’s Hidden Field Equations (HFE) scheme, which is believed to be one of the strongest schemes of this type. We represent the published system of multivariate polynomials by a single univariate polynomial of a special form over an extension field, and use it to reduce the cryptanalytic problem to a system of ∈m ^{2} quadratic equations in m variables over the extension field. Finally, we develop a new relinearization method for solving such systems for any constant ∈ > 0 in expected polynomial time. The new type of attack is quite general, and in a companion paper we use it to attack other multivariate algebraic schemes, such as the Dragon encryption and signature schemes. However, we would like to emphasize that the polynomial time complexities may be infeasibly large for some choices of the parameters, and thus some variants of these schemes may remain practically unbroken in spite of the new attack.
 D. Coppersmith, J. Stern and S. Vaudenay, The Security of the Birational Permutation Signature Scheme, Journal of Cryptology, 1997, pp. 207–221.
 H. Fell and W. Diffe, Analysis of a Public Key Approach Based on Polynomial Substitution, Crypto 85, Springer Verlag, pp. 340–349.
 A. Kipnis and A. Shamir, Cryptanalysis of the Oil and Vinegar Signature Scheme, Crypto 98, Springer Verlag, pp. 257–266.
 N. Koblitz Algebraic Aspects of Cryptography, Springer Verlag, 1998.
 T. Matsumoto and H. Imai, Public Quadratic Polynomial Tuples for Efficient Signature Verification and Message Encryption, Eurocrypt 88, Springer Verlag, pp. 419–453.
 H. Ong, C. P. Schnorr, and A. Shamir A Fast Signature Scheme Based on Quadratic Equations, Proc. 16th ACM Symp. Theory of Computation, 1984, pp. 208–216.
 J. Patarin, Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt 88, Crypto 95, Springer Verlag, pp.248–261.
 J. Patarin, Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms, Eurocrypt 96, Springer Verlag, pp.33–48.
 J. Patarin, Asymmetric Cryptography with a Hidden Monomial, Crypto 96, Springer Verlag, pp. 45–60.
 J. Patarin, The Oil and Vinegar Algorithm for Signatures, presented at the Dagstuhl Workshop on Cryptography, September 97.
 J. M. Pollard and C. P. Schnorr, An Efficient Solution of the Congruence x2 + ky2 = m(mod n), IEEE Trans. Information Theory, vol. IT33, no. 5, 1987, pp. 702–709. CrossRef
 A. Shamir Efficient Signature Schemes Based on Birational Permutations, Crypto 93, Springer Verlag, pp.1–12.
 Title
 Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization
 Book Title
 Advances in Cryptology — CRYPTO’ 99
 Book Subtitle
 19th Annual International Cryptology Conference Santa Barbara, California, USA, August 15–19, 1999 Proceedings
 Pages
 pp 1930
 Copyright
 1999
 DOI
 10.1007/3540484051_2
 Print ISBN
 9783540663478
 Online ISBN
 9783540484059
 Series Title
 Lecture Notes in Computer Science
 Series Volume
 1666
 Series ISSN
 03029743
 Publisher
 Springer Berlin Heidelberg
 Copyright Holder
 Springer Berlin Heidelberg
 Additional Links
 Topics
 Industry Sectors
 eBook Packages
 Editors

 Michael Wiener ^{(4)}
 Editor Affiliations

 4. Entrust Technologies
 Authors

 Aviad Kipnis ^{(5)}
 Adi Shamir ^{(6)}
 Author Affiliations

 5. NDS Technologies, Jerusalem, Israel
 6. Computer Science Dept., The Weizmann Institute, Rehovot, Israel
Continue reading...
To view the rest of this content please follow the download PDF link above.