Security Analysis and Key Modification for ZHFE

  • Ray Perlner
  • Daniel Smith-Tone
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9606)


ZHFE, designed by Porras et al., is one of the few promising candidates for a multivariate public-key encryption algorithm. In this article we extend and expound upon the existing security analysis on this scheme. We prove security against differential adversaries, complementing a more accurate and robust discussion of resistance to rank and algebraic attacks. We further suggest a modification, \(ZHFE^-\), a multivariate encryption scheme which retains the security and performance properties of ZHFE while optimizing key size in this theoretical framework.


Multivariate cryptography HFE ZHFE Discrete differential MinRank Q-rank 


  1. 1.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Sci. Stat. Comp. 26, 1484 (1997)CrossRefMathSciNetzbMATHGoogle Scholar
  2. 2.
    Yang, B.-Y., Lee, F.Y.-S., Cheng, C.-M., Chen, A.I.-T., Kuo, E.L.-H., Ding, J., Chen, T.-R., Chen, M.-S.: SSE Implementation of Multivariate PKCs on Modern x86 CPUs. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 33–48. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Chen, A.I.-T., Chen, C.-H.O., Chen, M.-S., Cheng, C.-M., Yang, B.-Y.: Practical-Sized instances of multivariate PKCs: rainbow, TTS, and \(\ell \)IC-derivatives. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 95–108. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Cheng, C.-M., Chen, J.-M., Yang, B.-Y., Chen, B.-R.: Implementing minimized multivariate PKC on low-resource embedded systems. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds.) SPC 2006. LNCS, vol. 3934, pp. 73–88. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Chen, M.S., Yang, B.Y., Smith-Tone, D.: Pflash - secure asymmetric signatures on smart cards. Lightweight Cryptography Workshop 2015 (2015).
  7. 7.
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 206. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. 8.
    Patarin, J., Courtois, N.T., Goubin, L.: QUARTZ, 128-Bit long digital signatures. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, p. 282. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Tao, C., Diene, A., Tang, S., Ding, J.: Simple matrix scheme for encryption. In: [35], pp. 231–242Google Scholar
  10. 10.
    Ding, J., Petzoldt, A., Wang, L.: The cubic simple matrix encryption scheme. In: [34], pp. 76–87Google Scholar
  11. 11.
    Porras, J., Baena, J., Ding, J.: Zhfe, a new multivariate public key encryption scheme. In: [34], pp. 229–245Google Scholar
  12. 12.
    Moody, D., Perlner, R.A., Smith-Tone, D.: An asymptotically optimal structural attack on the ABC multivariate encryption scheme. In: [34], pp. 180–196Google Scholar
  13. 13.
    Smith-Tone, D.: On the differential security of multivariate public key cryptosystems. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 130–142. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Perlner, R.A., Smith-Tone, D.: A classification of differential invariants for multivariate post-quantum cryptosystems. In: [35], pp. 165–173Google Scholar
  15. 15.
    Daniels, T., Smith-Tone, D.: Differential properties of the HFE cryptosystem. In: [34], pp. 59–75Google Scholar
  16. 16.
    Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): two new families of asymmetric Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  17. 17.
    Patarin, J.: Cryptanalysis of the matsumoto and imai public key scheme of eurocrypt ’88. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)Google Scholar
  18. 18.
    Matsumoto, T., Imai, H.: Public quadratic polynominal-tuples for efficient signature-verification and message-encryption. In: EUROCRYPT, pp. 419–453 (1988)Google Scholar
  19. 19.
    Berlekamp, E.R.: Factoring polynomials over large finite fields. Math. Comput. 24, 713–735 (1970)CrossRefMathSciNetGoogle Scholar
  20. 20.
    Kipnis, A., Shamir, A.: Cryptanalysis of the HFE public key cryptosystem by relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 19. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  21. 21.
    Bettale, L., Faugère, J., Perret, L.: Cryptanalysis of hfe, multi-hfe and variants for odd and even characteristic. Des. Codes Crypt. 69, 1–52 (2013)CrossRefzbMATHGoogle Scholar
  22. 22.
    Gama, N., Dubois, V.: The degree of regularity of HFE systems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 557–576. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    Hodges, T.J., Ding, J.: Inverting HFE systems is quasi-polynomial for all fields. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 724–742. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  24. 24.
    Ding, J., Yang, B.Y.: Degree of regularity for hfev and hfev-. In: [35], pp. 52–66Google Scholar
  25. 25.
    Fouque, P.-A., Shamir, A., Stern, J., Dubois, V.: Practical cryptanalysis of SFLASH. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 1–12. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  26. 26.
    Faugère, J.-C., Joux, A.: Algebraic cryptanalysis of hidden field equation (HFE) cryptosystems using gröbner bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  27. 27.
    Ding, J., Kleinjung, T.: Degree of regularity for HFE-. IACR Cryptology ePrint Archive 2011, 570 (2011)Google Scholar
  28. 28.
    Smith-Tone, D.: Discrete geometric foundations for multivariate public key cryptography. (In Submission)Google Scholar
  29. 29.
    Goubin, L., Courtois, N.T.: Cryptanalysis of the TTM cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 44. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  30. 30.
    Gligoroski, D., Perret, L., Samardjiska, S., Faugère, J.-C., Thomae, E.: A Polynomial-Time Key-Recovery attack on MQQ cryptosystems. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 150–174. Springer, Heidelberg (2015)Google Scholar
  31. 31.
    Buss, J.F., Frandsen, G.S., Shallit, J.O.: The computational complexity of some problems of linear algebra. J. Comput. Syst. Sci. 58, 572–596 (1999)CrossRefMathSciNetzbMATHGoogle Scholar
  32. 32.
    Wolf, C., Preneel, B.: Equivalent keys in multivariate quadratic public key systems. J. Math. Crypt. 4, 375–415 (2011)MathSciNetGoogle Scholar
  33. 33.
    Baena, J., Cabarcas, D., Escudero, D., Porras-Barrera, J., Verbel, J.: Efficient zhfe key generation. In: Post-Quantum Cryptography - 7th International Conference, PQCrypto 2016, Fukuoka, Japan, February 24–26, 2016, Proceedings (2016)Google Scholar
  34. 34.
    Mosca, M. (ed.): Post-Quantum Cryptography. LNCS, vol. 8772. Springer, Switzerland (2014)zbMATHGoogle Scholar
  35. 35.
    Gaborit, P. (ed.): Post-Quantum Cryptography. LNCS, vol. 7932. Springer, Heidelberg (2013)zbMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.National Institute of Standards and TechnologyGaithersburgUSA
  2. 2.Department of MathematicsUniversity of LouisvilleLouisvilleUSA

Personalised recommendations