Graph-Theoretic Algorithms for the “Isomorphism of Polynomials” Problem

  • Charles Bouillaguet
  • Pierre-Alain Fouque
  • Amandine Véber
Conference paper

DOI: 10.1007/978-3-642-38348-9_13

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7881)
Cite this paper as:
Bouillaguet C., Fouque PA., Véber A. (2013) Graph-Theoretic Algorithms for the “Isomorphism of Polynomials” Problem. In: Johansson T., Nguyen P.Q. (eds) Advances in Cryptology – EUROCRYPT 2013. EUROCRYPT 2013. Lecture Notes in Computer Science, vol 7881. Springer, Berlin, Heidelberg


We give three new algorithms to solve the “isomorphism of polynomial” problem, which was underlying the hardness of recovering the secret-key in some multivariate trapdoor one-way functions. In this problem, the adversary is given two quadratic functions, with the promise that they are equal up to linear changes of coordinates. Her objective is to compute these changes of coordinates, a task which is known to be harder than Graph-Isomorphism. Our new algorithm build on previous work in a novel way. Exploiting the birthday paradox, we break instances of the problem in time q2n/3 (rigorously) and qn/2 (heuristically), where qn is the time needed to invert the quadratic trapdoor function by exhaustive search. These results are obtained by turning the algebraic problem into a combinatorial one, namely that of recovering partial information on an isomorphism between two exponentially large graphs. These graphs, derived from the quadratic functions, are new tools in multivariate cryptanalysis.

Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Charles Bouillaguet
    • 1
  • Pierre-Alain Fouque
    • 2
  • Amandine Véber
    • 3
  1. 1.University of Lille-1France
  2. 2.University of Rennes-1France
  3. 3.CMAP LabCNRS and Ecole PolytechniqueFrance

Personalised recommendations