TTS: High-Speed Signatures on a Low-Cost Smart Card

  • Bo-Yin Yang
  • Jiun-Ming Chen
  • Yen-Hung Chen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3156)


TTS is a genre of multivariate digital signature schemes first proposed in 2002. Its public map is composed of two affine maps sandwiching a Tame Map, which is a map invertible through serial substitution and solving linear equations. We implement the signing and key generation operations for a TTS instance with 20-byte hashes and 28-byte signatures, on popular extant microcontroller cores compatible to the Intel 8051. Our tests demonstrates that TTS can be even faster than SFLASH v2, which is known for its celerity. The sample scheme TTS(20,28) is fast enough for practical deployment on a low-end 8051-based embedded device. A really low-end part like a stock Intel 8051AH running at 3.57 MHz can sign in just 170ms. A better 8051-compatible chip will take a lot less time.

Security requirements today demand on-card key generation, and the big public keys of a multivariate PKC create a storage problem. TTS is unusual in that public keys can be synthesized on-card at a decent pace for block-by-block output, using some minimal information kept on-card. Since this does not take much more time than the I/O needed to transmit the public key to a reader, we can avoid holding the entire public key in the limited memory of a smart card. We show that this to be a gain for multivariate PKC’s with relatively few terms per central equation. The literature is not rich in this kind of detailed description of an implementation of a signature scheme — capable of fast on-card public key generation, on a low-cost smart card without a co-processor, and at NESSIE-approved security levels.

We look into other theory issues like safeguarding against side-channel attacks, and using unusual techniques for linear algebra under serious space restrictions, which may help implementations of other multivariate PKC’s such as SFLASH.


Multivariate public-key cryptosystem finite field smart card 8051 


  1. 1.
    Akkar, M., Courtois, N., Duteuil, R., Goubin, L.: A Fast and Secure Implementation of SFLASH. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 267–278. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Chen, J.-M., Yang, B.-Y.: A More Secure and Efficacious TTS Scheme. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 320–338. Springer, Heidelberg (2004), full version at
  3. 3.
    Coppersmith, D., Stern, J., Vaudenay, S.: The Security of the Birational Permutation Signature Schemes. Journal of Cryptology 10(3), 207–221 (1997)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Daemen, J., Rijmen, V.: The Design of Rijndael, AES - The Advanced Encryption Standard. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  5. 5.
    Fell, H., Diffie, W.: Analysis of a Public Key Approach Based on Polynomial Substitution. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 340–349. Springer, Heidelberg (1986)Google Scholar
  6. 6.
    Goubin, L., Courtois, N.: Cryptanalysis of the TTM Cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 44–57. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced Oil and Vinegar Signature Schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Kipnis, A., Shamir, A.: Cryptanalysis of the oil & vinegar signature scheme. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 257–266. Springer, Heidelberg (1998)Google Scholar
  9. 9.
    Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)Google Scholar
  10. 10.
    Moh, T.: A Public Key System with Signature and Master Key Functions. Communications in Algebra 27, 2207–2222 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    The NESSIE project webpage,
  12. 12.
    Patarin, J.: Cryptanalysis of the matsumoto and imai public key scheme of eurocrypt ’88. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)Google Scholar
  13. 13.
    Patarin, J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): Two new families of asymmetric algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)Google Scholar
  14. 14.
    Patarin, J., Goubin, L., Courtois, N.T.: \(C^{*}_{-+}\) and HM: Variations around two schemes of T. Matsumoto and H. Imai. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 35–50. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Patarin, J., Courtois, N., Goubin, L.: FLASH, a Fast Multivariate Signature Algorithm. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 298–307. Springer, Heidelberg (2001) Updated version available at [11]Google Scholar
  16. 16.
    Wolf, C.: Efficient Public Key Generation for Multivariate Cryptosystems, preprint, available at
  17. 17.
    Yang, B.-Y., Chen, J.-M.: Rank Attacks and Defence in Tame-Like Multivariate PKC’s, see

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Bo-Yin Yang
    • 1
  • Jiun-Ming Chen
    • 2
  • Yen-Hung Chen
    • 3
  1. 1.Mathematics DepartmentTamkang UniversityTamsuiTaiwan
  2. 2.Chinese Data Security Inc. & National, Taiwan University 
  3. 3.Comp. Sci. & Info. Eng.Nat’l Taiwan U.TaipeiTaiwan

Personalised recommendations