Abstract
HFE (Hidden Field Equations) is a public key cryptosystem using univariate polynomials over finite fields. It was proposed by J. Patarin in 1996. Well chosen parameters during the construction produce a system of quadratic multivariate polynomials over \({\mathbb{F}_2}\) as the public key. An enclosed trapdoor is used to decrypt messages. We propose a ciphertext-only attack which mainly consists in satisfying a boolean formula. Our algorithm is based on BDDs (Binary Decision Diagrams), introduced by Bryant in 1986, which allow to represent and manipulate, possibly efficiently, boolean functions. This paper is devoted to some experimental results we obtained while trying to solve the Patarin’s challenge. This approach was not successful, nevertheless it provided some interesting information about the security of HFE cryptosystem.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
R.E. Bryant. Graph-based algorithms for boolean function manipulation. In IEEE Transaction on Computers.C-35 volume 8 (1986). 677–691.
M.R. Carey and D.S. Johnson. Computers and intractability: a guide to the theory of NP-completeness. (1979). W.H. Freeman Company.
J. von zur Gathen and J. Gerhard. Modern computer algebra. (1999).Cambridge University Press.
A. Kipnis and A. Shamir. Cryptanalysis of the HFE public key cryptosystem by relinearization. In LNCS 1966, CRYPTO’99 (1999). Springer-Verlag. 19–30.
M. Krause. BDD-based cryptanalysis of keystram generators. In LNCS 2332,EUROCRYPT’2002 (2002).Springer-Verlag. 222–237.
T. Matsumoto and H. Imai. Public quadratic polynomial-tuples for efficient signature-verification and message encryption. In LNCS 330,Advances in Cryptology EUROCRYPT’88 (1988).Springer-Verlag. 419–453.
S.I. Minato, N. Ishiura, and S. Yajima . Shared binary decision diagram with attributed edges for efficient boolean function manipulation. In 27-th ACM/IEEE Design Automaton Conference (1990). 52–57.
J. Patarin. Cryptanalysis of the Matsumoto and Imai public key scheme of Eurocrypt’88. In LNCS 963, Advances in Cryptology CRYPTO’95 (1995). Springer-Verlag. 248–261.
J. Patarin. Hidden fields equations (HFE) and isomorphism of polynomials (IP): two new families of asymetric algorithms. In LNCS 1070, EUROCRYPT’96 (1996).Springer-Verlag. 33–48.
I. Wegener BDDs-design, analysis, complexity and applications http://www.cs.uni-dortmund.de/~wegener/papers/BDD-design.ps/~wegener/papers/BDD-design.ps
CMU package.http://www.cs.cm.edu/afs/cs/project/modck/pub/www/bdd.html
CuDD Package. ftp://vlsi.colorado.edu/pub/
HFE experiments web page.http://www.1iafa.jussieu.fr/-yunes/HFE//-yunes/HFE/
NTL Library http://www.shoup.net/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Basel AG
About this paper
Cite this paper
Michon, JF., Valarcher, P., Yunès, JB. (2004). HFE and BDDs: A Practical Attempt at Cryptanalysis. In: Feng, K., Niederreiter, H., Xing, C. (eds) Coding, Cryptography and Combinatorics. Progress in Computer Science and Applied Logic, vol 23. Birkhäuser, Basel. https://doi.org/10.1007/978-3-0348-7865-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-0348-7865-4_16
Publisher Name: Birkhäuser, Basel
Print ISBN: 978-3-0348-9602-3
Online ISBN: 978-3-0348-7865-4
eBook Packages: Springer Book Archive