Cryptanalysis of MinRank

  • Jean-Charles Faugère
  • Françoise Levy-dit-Vehel
  • Ludovic Perret
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5157)


In this paper, we investigate the difficulty of one of the most relevant problems in multivariate cryptography – namely MinRank – about which no real progress has been reported since [9, 19]. Our starting point is the Kipnis-Shamir attack [19]. We first show new properties of the ideal generated by Kipnis-Shamir’s equations. We then propose a new modeling of the problem. Concerning the practical resolution, we adopt a Gröbner basis approach that permitted us to actually solve challenges A and B proposed by Courtois in [8]. Using the multi-homogeneous structure of the algebraic system, we have been able to provide a theoretical complexity bound reflecting the practical behavior of our approach. Namely, when r the dimension of the matrices minus the rank of the target matrix in the MinRank problem is constant, then we have a polynomial time attack \(\mathcal{O}\left( \ln\left( q\right) \,n^{3\,r^{\prime2}}\right) \). For the challenge C [8], we obtain a theoretical bound of 266.3 operations.


Authentication Scheme Polynomial System Quadratic System Matrix Pencil Rank Distance 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Adams, W.W., Loustaunau, P.: An Introduction to Gröbner Bases. Graduate Studies in Mathematics 3 (1994)Google Scholar
  2. 2.
    Bardet, M.: Étude des Systèmes Algébriques Surdéterminés. Applications aux Codes Correcteurs et à la Cryptographie. Thèse de doctorat, Université de Paris VI (2004)Google Scholar
  3. 3.
    Bardet, M., Faugère, J.-C., Salvy, B., Yang, B.-Y.: Asymptotic Behaviour of the Degree of Regularity of Semi-Regular Polynomial Systems. In: Proc. of MEGA 2005, Eighth International Symposium on Effective Methods in Algebraic Geometry (2005)Google Scholar
  4. 4.
    Bardet, M., Faugère, J.-C., Salvy, B.: On the Complexity of Gröbner Basis Computation of Semi-Regular Overdetermined Algebraic Equations. In: Proc. International Conference on Polynomial System Solving (ICPSS), pp. 71–75 (2004),
  5. 5.
    Buchberger, B., Collins, G.-E., Loos, R.: Computer Algebra Symbolic and Algebraic Computation, 2nd edn. Springer, Heidelberg (1982)zbMATHGoogle Scholar
  6. 6.
    Buchberger, B.: Gröbner Bases : an Algorithmic Method in Polynomial Ideal Theory. Recent trends in multidimensional systems theory. Reider ed. Bose (1985)Google Scholar
  7. 7.
    Courtois, N.: Decoding Linear and Rank-Distance Codes, MinRank problem and Multivariate Cryptanalysis. In: CLC 2006, Darmstadt (September 2006)Google Scholar
  8. 8.
    Courtois, N.: Efficient Zero-knowledge Authentication Based on a Linear Algebra Problem MinRank. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 402–421. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Courtois, N., Goubin, L.: Cryptanalysis of the TTM Cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 44–57. Springer, Heidelberg (2000)Google Scholar
  10. 10.
    Cox, D.A., Little, J.B., O’Shea, D.: Ideals, Varieties, and algorithms: an Introduction to Computational Algebraic Geometry and Commutative algebra. Undergraduate Texts in Mathematics. Springer, New York (1992)zbMATHGoogle Scholar
  11. 11.
    Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner Basis: F4. Journal of Pure and Applied Algebra 139, 61–68 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner Basis without Reduction to Zero: F5. In: Proceedings of ISSAC, pp. 75–83. ACM press, New York (2002)Google Scholar
  13. 13.
    Faugère, J.-C., Gianni, P., Lazard, D., Mora, T.: Efficient Computation of Zero-Dimensional Gröbner Basis by Change of Ordering. Journal of Symbolic Computation 16(4), 329–344 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Faugère, J.-C., Joux, A.: Algebraic Cryptanalysis of Hidden Field Equations (HFE) Cryptosystems using Gröbner Bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)Google Scholar
  15. 15.
    Faugère, J.-C., Perret, L.: Polynomial Equivalence Problems: Algorithmic and Theoretical Aspects. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 30–47. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Fouque, P.-A., Macario-Rat, G., Stern, J.: Key Recovery on Hidden Monomial Multivariate Schemes. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 19–30. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Garey, M.R., Johnson, D.B.: Computers and Intractability. A Guide to the Theory of NP-Completeness. W.H. Freeman, New York (1979)zbMATHGoogle Scholar
  18. 18.
    Jiang, X., Ding, J., Hu, L.: Kipnis-Shamir’s Attack on HFE Revisited. In: Proc. of Inscrypt 2007 (2007),
  19. 19.
    Kipnis, A., Shamir, A.: Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999)Google Scholar
  20. 20.
    Li, T., Lin, Z., Bai, F.: Heuristic Methods for Computing the Minimal Multi-homogeneous Bézout Number. Applied Mathematics and Computation 146, 237–256 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Malajovich, G., Meer, K.: Computing Minimal Multi-homogeneous Bézout Numbers Is Hard. In: Diekert, V., Durand, B. (eds.) STACS 2005. LNCS, vol. 3404, pp. 244–255. Springer, Heidelberg (2005)Google Scholar
  22. 22.
    Moh, T.: A Public Key System with Signature and Master Key Functions. Communications in Algebra 27(5), 2207–2222 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): two new families of asymmetric algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)Google Scholar
  24. 24.
    Safey El Din, M., Trébuchet, P.: Strong bi-homogeneous Bezout theorem and its use in effective real algebraic geometry. INRIA Research Report RR, 46 pages (2006),
  25. 25.
    Shafarevich, I.R.: Basic Algebraic Geometry. Springer Study edn. Springer, Berlin (1977)zbMATHGoogle Scholar
  26. 26.
    Shallit, J.O., Frandsen, G.S., Buss, J.F.: The Computational Complexity of some Problems of Linear Algebra. BRICS series report, Aarhus, Denmark, RS-96-33,
  27. 27.
    Ha, H.T., Van Tuyl, A.: The regularity of points in multi-projective spaces. Journal of Pure and Applied Algebra 187(1-3), 153–167 (2004)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Jean-Charles Faugère
    • 1
  • Françoise Levy-dit-Vehel
    • 2
  • Ludovic Perret
    • 1
  1. 1.SALSA Project INRIA, Centre Paris-Rocquencourt UPMC, Univ Paris 06, LIP6 CNRS, UMR 7606, LIP6ParisFrance
  2. 2.ENSTAParis cedex 15 

Personalised recommendations