C−+* and HM: Variations Around Two Schemes of T. Matsumoto and H. Imai
In , H. Imai and T. Matsumoto presented new candidate trapdoor one-way permutations with a public key given as multivariate polynomials over a finite field. One of them, based on the idea of hiding a monomial field equation, was later presented in  under the name C *. It was broken by J. Patarin in . J. Patarin and L. Goubin then suggested (, , , ) some schemes to repair C *, but with slightly more complex public key or secret key computations. In part I, we study some very simple variations of C * — such as C −+ * — where the attack of  is avoided, and where the very simple secret key computations are kept. We then design some new cryptanalysis that are efficient against some of — but not all — these variations.
[C] is another scheme of , very different from C * (despite the name), and based on the idea of hiding a monomial matrix equation. In part II, we show how to attack it (no cryptanalysis had been published so far). We then study more general schemes, still using the idea of hiding matrix equations, such as HM.
An extended version of this paper can be obtained from the authors.
- 2.J.C. Faugere, Rough evaluation (personal communication).Google Scholar
- 3.F.R. Gantmacher, The Theory of Matrices, volume 1, Chelsae Publishing Company, New-York.Google Scholar
- 4.H. Imai, T. Matsumoto, Algebraic Methods for Constructing Asymmetric Cryptosystems, Algebraic Algorithms and Error Correcting Codes (AAECC-3), Grenoble, 1985, Lectures Notes in Computer Science nℴ 229, pp.108–119.Google Scholar
- 5.N. Koblitz, Algebraic Aspects of Cryptography, Algorithms and Computation in Mathematics, Volume 3, Springer, 1998.Google Scholar
- 6.R. Lidl, H. Niederreiter, Finite Fields, Encyclopedia of Mathematics and its applications, Volume 20, Cambridge University Press.Google Scholar
- 7.T. Matsumoto, H. Imai, Public Quadratic Polynomial-Tuples for Efficient Signature-Verification and Message-Encryption, Advances in Cryptology, Proceedings of EUROCRYPT’88, Springer-Verlag, pp. 419–453.Google Scholar
- 8.J. Patarin, Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt’88, Advances in Cryptology, Proceedings of CRYPTO’95, Springer, pp. 248–261.Google Scholar
- 9.J. Patarin, Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms, Advances in Cryptology, Proceedings of EUROCRYPT’96, Springer, pp. 33–48.Google Scholar
- 10.J. Patarin, Asymmetric Cryptography with a Hidden Monomial, Advances in Cryptology, Proceedings of CRYPTO’96, Springer, pp. 45–60.Google Scholar
- 11.J. Patarin, L. Goubin, Trapdoor One-way Permutations and Multivariate Polynomials, Proceedings of ICICS’97, Springer, LNCS nℴ 1334, pp. 356–368.Google Scholar
- 12.J. Patarin, L. Goubin, Asymmetric Cryptography with S-Boxes, Proceedings of ICICS’97, Springer, LNCS nℴ1334, pp. 369–380.Google Scholar