Abstract
Multivariate public key cryptography is one of the most studied techniques used in post-quantum cryptography [21, 24, 28]. In [22] we introduced a new multivariate scheme DME that is based in the composition of linear and non linear maps as many other multivariate schemes, the main difference with other schemes is that the nonlinear components have very high degree and it can be used for KEM and signature. In this paper we present a new version of DME [23] that is simpler than the original in the sense that it uses only two fields \(\mathbb {F}_q\) and \(\mathbb {F}_{q^2}\) instead of three. The new design allows us to increase the number of exponentials to 3, 4 or more and it gives more resistance to decomposition attacks [18, 35] while keeping a moderate number of monomials in the public key. With this setup the composition of exponentials and linear maps gives a deterministic trapdoor one way permutation which can be used for KEM and signature when combined with the standard padding OAEP and PSS [2, 3] whose security is well understood.
In the paper we describe the setup of the scheme, the most important part of it is the Configuration Matrices (\(\mathcal{C}\mathcal{M}\)) and the algorithm for the reduction of monomials. We give a preliminary security analysis of the resistance against Gröbner basis, Weil descent and structural attacks but more research on the security of DME is needed. We describe also the \(\mathcal{C}\mathcal{M}\) that we have implemented with three and four rounds, 8 variables and \(q=2^{64}\). We provide the SUPERCOP timings of DME-OAEP and DME-PSS00 for them and a comparison with NIST finalists. For NIST security level 5 the size of our ciphertext and signature is only 64 bytes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Avendaño, M., Marco, M.: A structural attack to the DME-(3,2, q) cryptosystem. Finite Fields Their Appl. 71, 101810 (2021)
Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053428
Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and Rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_34
Bardet, M., et al.: Improvements of algebraic attacks for solving the rank decoding and MinRank problems. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 507–536. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_17
Bettale, L., Faugere, J.C., Perret, L.: Cryptanalysis of HFE, multi-HFE and variants for odd and even characteristic. Des. Codes Crypt. 69(1), 1–52 (2013)
Beullens, W.: Improved cryptanalysis of UOV and rainbow. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 348–373. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_13
Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symb. Comput. 24(3–4), 235–265 (1997)
Gorla, E., Caminata, A.: Solving degree, last fall degree, and related invariants (with A. Caminata). J. Symb. Comput. 114, 322–335 (2023)
Casanova, A., Faugere, J.C., Macario-Rat, G., Patarin, J., Perret, L., Ryckeghem, J.: GeMSS: a great multivariate short signature. NIST CSRC (2020). https://www-polsys.lip6.fr/Links/NIST/GeMSS-specification-round2.pdf
Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_27
Ding, J.: A new variant of the Matsumoto-Imai cryptosystem through perturbation. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 305–318. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24632-9_22
Ding, J., Wolf, C., Yang, B.-Y.: \(\ell \)-invertible cycles for \(\cal{M}\)ultivariate \(\cal{Q}\)uadratic (\({\cal{MQ}}\)) public key cryptography. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 266–281. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71677-8_18
Ding, J., Schmidt, D.: Solving degree and degree of regularity for polynomial systems over a finite fields. In: Fischlin, M., Katzenbeisser, S. (eds.) Number Theory and Cryptography. LNCS, vol. 8260, pp. 34–49. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42001-6_4
Ding, J., Chen, M.S., Petzoldt, A., Schmidt, D., Yang, B.Y.: Rainbow. NIST CSRC (2020). https://csrc.nist.gov/Projects/post-quantum-cryptography/round-3-submissions
Ding, J., Petzoldt, A., Wang, L.: The cubic simple matrix encryption scheme. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 76–87. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11659-4_5
Dubois, V., Fouque, P.-A., Shamir, A., Stern, J.: Practical cryptanalysis of SFLASH. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 1–12. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_1
Faugere, J.C.: A new efficient algorithm for computing Gröbner bases (F4). J. Pure Appl. Algebra 139, 61–88 (1999)
Faugere, J.C., Perret, L.: An efficient algorithm for decomposing multivariate polynomials and its applications to cryptography. J. Symb. Comput. 44, 1676–1689 (2009)
Faugère, J.-C., Perret, L.: High order derivatives and decomposition of multivariate polynomials. In: Proceedings of ISSAC, pp. 207–214. ACM press (2009)
Fouque, P.-A., Granboulan, L., Stern, J.: Differential cryptanalysis for multivariate schemes. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 341–353. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_20
Kipnis, A., Shamir, A.: Cryptanalysis of the HFE public key cryptosystem by relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_2
Luengo, I.: DME a public key, signature and KEM system based on double exponentiation with matrix exponents. https://csrc.nist.gov/CSRC/media/Presentations/DME/images-media/dme-April2018.pdf
I. Luengo, M. Avendaño : DME: a full encryption, signature and KEM multivariate public key cryptosystem. IACR preprint 2022/1538 (2022)
Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-45961-8_39
Mohamed, M.S.E., Ding, J., Buchmann, J.: Towards algebraic cryptanalysis of HFE challenge 2. In: Kim, T., Adeli, H., Robles, R.J., Balitanas, M. (eds.) ISA 2011. CCIS, vol. 200, pp. 123–131. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23141-4_12
NIST PQC Forum official comment. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/official-comments/DME-official-comment.pdf
Patarin, J.: Cryptanalysis of the Matsumoto and Imai public key scheme of Eurocrypt’88. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_20
Patarin, J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): two new families of asymmetric algorithms. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_4
Petzoldt, A., Chen, M.-S., Yang, B.-Y., Tao, C., Ding, J.: Design principles for HFEv- based multivariate signature schemes. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 311–334. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_14
Porras, J., Baena, J., Ding, J.: ZHFE, a new multivariate public key encryption scheme. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 229–245. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11659-4_14
Shamir, A.: Efficient signature schemes based on birational permutations. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 1–12. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_1
Smith-Tone, D.: On the differential security of multivariate public key cryptosystems. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 130–142. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_9
Tao, C., Petzoldt, A., Ding, J.: Efficient key recovery for All HFE signature variants. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 70–93. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_4
Wolf, C., Preneel, B.: Equivalent keys in multivariate quadratic public key systems. J. Math. Cryptol. 4(4), 375–415 (2011)
Zhao, S., Feng, R., Gao, X.: On functional decomposition of multivariate polynomials with differentiation and homogenization. J. Syst. Sci. Complexity 25(2), 329–347 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Luengo, I., Avendaño, M., Coscojuela, P. (2023). DME: A Full Encryption, Signature and KEM Multivariate Public Key Cryptosystem. In: Johansson, T., Smith-Tone, D. (eds) Post-Quantum Cryptography. PQCrypto 2023. Lecture Notes in Computer Science, vol 14154. Springer, Cham. https://doi.org/10.1007/978-3-031-40003-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-40003-2_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-40002-5
Online ISBN: 978-3-031-40003-2
eBook Packages: Computer ScienceComputer Science (R0)