Security Analysis and Key Modification for ZHFE

  • Ray Perlner
  • Daniel Smith-ToneEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9606)


ZHFE, designed by Porras et al., is one of the few promising candidates for a multivariate public-key encryption algorithm. In this article we extend and expound upon the existing security analysis on this scheme. We prove security against differential adversaries, complementing a more accurate and robust discussion of resistance to rank and algebraic attacks. We further suggest a modification, \(ZHFE^-\), a multivariate encryption scheme which retains the security and performance properties of ZHFE while optimizing key size in this theoretical framework.


Multivariate cryptography HFE ZHFE Discrete differential MinRank Q-rank 


  1. 1.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Sci. Stat. Comp. 26, 1484 (1997)CrossRefMathSciNetzbMATHGoogle Scholar
  2. 2.
    Yang, B.-Y., Lee, F.Y.-S., Cheng, C.-M., Chen, A.I.-T., Kuo, E.L.-H., Ding, J., Chen, T.-R., Chen, M.-S.: SSE Implementation of Multivariate PKCs on Modern x86 CPUs. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 33–48. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Chen, A.I.-T., Chen, C.-H.O., Chen, M.-S., Cheng, C.-M., Yang, B.-Y.: Practical-Sized instances of multivariate PKCs: rainbow, TTS, and \(\ell \)IC-derivatives. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 95–108. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Cheng, C.-M., Chen, J.-M., Yang, B.-Y., Chen, B.-R.: Implementing minimized multivariate PKC on low-resource embedded systems. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds.) SPC 2006. LNCS, vol. 3934, pp. 73–88. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Chen, M.S., Yang, B.Y., Smith-Tone, D.: Pflash - secure asymmetric signatures on smart cards. Lightweight Cryptography Workshop 2015 (2015).
  7. 7.
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 206. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. 8.
    Patarin, J., Courtois, N.T., Goubin, L.: QUARTZ, 128-Bit long digital signatures. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, p. 282. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Tao, C., Diene, A., Tang, S., Ding, J.: Simple matrix scheme for encryption. In: [35], pp. 231–242Google Scholar
  10. 10.
    Ding, J., Petzoldt, A., Wang, L.: The cubic simple matrix encryption scheme. In: [34], pp. 76–87Google Scholar
  11. 11.
    Porras, J., Baena, J., Ding, J.: Zhfe, a new multivariate public key encryption scheme. In: [34], pp. 229–245Google Scholar
  12. 12.
    Moody, D., Perlner, R.A., Smith-Tone, D.: An asymptotically optimal structural attack on the ABC multivariate encryption scheme. In: [34], pp. 180–196Google Scholar
  13. 13.
    Smith-Tone, D.: On the differential security of multivariate public key cryptosystems. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 130–142. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Perlner, R.A., Smith-Tone, D.: A classification of differential invariants for multivariate post-quantum cryptosystems. In: [35], pp. 165–173Google Scholar
  15. 15.
    Daniels, T., Smith-Tone, D.: Differential properties of the HFE cryptosystem. In: [34], pp. 59–75Google Scholar
  16. 16.
    Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): two new families of asymmetric Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  17. 17.
    Patarin, J.: Cryptanalysis of the matsumoto and imai public key scheme of eurocrypt ’88. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)Google Scholar
  18. 18.
    Matsumoto, T., Imai, H.: Public quadratic polynominal-tuples for efficient signature-verification and message-encryption. In: EUROCRYPT, pp. 419–453 (1988)Google Scholar
  19. 19.
    Berlekamp, E.R.: Factoring polynomials over large finite fields. Math. Comput. 24, 713–735 (1970)CrossRefMathSciNetGoogle Scholar
  20. 20.
    Kipnis, A., Shamir, A.: Cryptanalysis of the HFE public key cryptosystem by relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 19. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  21. 21.
    Bettale, L., Faugère, J., Perret, L.: Cryptanalysis of hfe, multi-hfe and variants for odd and even characteristic. Des. Codes Crypt. 69, 1–52 (2013)CrossRefzbMATHGoogle Scholar
  22. 22.
    Gama, N., Dubois, V.: The degree of regularity of HFE systems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 557–576. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    Hodges, T.J., Ding, J.: Inverting HFE systems is quasi-polynomial for all fields. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 724–742. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  24. 24.
    Ding, J., Yang, B.Y.: Degree of regularity for hfev and hfev-. In: [35], pp. 52–66Google Scholar
  25. 25.
    Fouque, P.-A., Shamir, A., Stern, J., Dubois, V.: Practical cryptanalysis of SFLASH. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 1–12. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  26. 26.
    Faugère, J.-C., Joux, A.: Algebraic cryptanalysis of hidden field equation (HFE) cryptosystems using gröbner bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  27. 27.
    Ding, J., Kleinjung, T.: Degree of regularity for HFE-. IACR Cryptology ePrint Archive 2011, 570 (2011)Google Scholar
  28. 28.
    Smith-Tone, D.: Discrete geometric foundations for multivariate public key cryptography. (In Submission)Google Scholar
  29. 29.
    Goubin, L., Courtois, N.T.: Cryptanalysis of the TTM cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 44. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  30. 30.
    Gligoroski, D., Perret, L., Samardjiska, S., Faugère, J.-C., Thomae, E.: A Polynomial-Time Key-Recovery attack on MQQ cryptosystems. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 150–174. Springer, Heidelberg (2015)Google Scholar
  31. 31.
    Buss, J.F., Frandsen, G.S., Shallit, J.O.: The computational complexity of some problems of linear algebra. J. Comput. Syst. Sci. 58, 572–596 (1999)CrossRefMathSciNetzbMATHGoogle Scholar
  32. 32.
    Wolf, C., Preneel, B.: Equivalent keys in multivariate quadratic public key systems. J. Math. Crypt. 4, 375–415 (2011)MathSciNetGoogle Scholar
  33. 33.
    Baena, J., Cabarcas, D., Escudero, D., Porras-Barrera, J., Verbel, J.: Efficient zhfe key generation. In: Post-Quantum Cryptography - 7th International Conference, PQCrypto 2016, Fukuoka, Japan, February 24–26, 2016, Proceedings (2016)Google Scholar
  34. 34.
    Mosca, M. (ed.): Post-Quantum Cryptography. LNCS, vol. 8772. Springer, Switzerland (2014)zbMATHGoogle Scholar
  35. 35.
    Gaborit, P. (ed.): Post-Quantum Cryptography. LNCS, vol. 7932. Springer, Heidelberg (2013)zbMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.National Institute of Standards and TechnologyGaithersburgUSA
  2. 2.Department of MathematicsUniversity of LouisvilleLouisvilleUSA

Personalised recommendations