Algebraic Attack on HFE Revisited

  • Jintai Ding
  • Dieter Schmidt
  • Fabian Werner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5222)

Abstract

In this paper, we study how the algebraic attack on the HFE multivariate public key cryptosystem works if we build an HFE cryptosystem on a finite field whose characteristic is not two. Using some very basic algebraic geometry we argue that when the characteristic is not two the algebraic attack should not be polynomial in the range of the parameters which are used in practical applications. We further support our claims with extensive experiments using the Magma implementation of F4, which is currently the best publicly available implementation of the Gröbner basis algorithm. We present a new variant of the HFE cryptosystems, where we project the public key of HFE to a space of one dimension lower. This protects the system from the Kipnis-Shamir attack and makes the decryption process avoid multiple candidates for the plaintext. We propose an example for a practical application on GF(11) and suggest a test challenge on GF(7).

Keywords

HFE Gröbner basis multivariate public key cryptosystem 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Buchberger, B.: Ein Algorithmus zum Auffinden der Basiselemente des Restklassenringes nach einem nulldimensionalen Polynomideal, Mathematical Institute, University of Innsbruck, Austria. Dissertation (1965)Google Scholar
  2. 2.
    Courtois, N.T.: The security of hidden field equations (HFE). In: Naccache, C. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 266–281. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Courtois, N.T.: The Minrank Problem. MinRank, a new zero-knowledge scheme based on the NP-complete problem. Presented at the rump session of Crypto 2000, http://www.minrank.org
  4. 4.
    Ding, J., Gower, J., Schmidt, D.: Multivariate Public Key Cryptosystems. In: Advances in Information Security, Springer, Heidelberg (2006) (ISBN 0-387-32229-9)Google Scholar
  5. 5.
    Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner Bases (F 4). Journal of Pure and Applied Algebra 139, 61–88 (1999)MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner Bases without Reduction to Zero( F 5). In: Mora, T. (ed.) Proceeding of ISSAC, pp. 75–83. ACM Press, New York (2002)Google Scholar
  7. 7.
    Faugère, J.-C., Joux, A.: Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)Google Scholar
  8. 8.
    Garey, M.R., Johnson, D.S.: Computers and Intractability – A Guide to the Theory of NP-Completeness. W.H. Freeman and Company (1979) (ISBN 0-7167-1044-7 or 0-7167-1045-5)Google Scholar
  9. 9.
    Granboulan, L., Joux, A., Stern, J.: Inverting HFE Is Quasipolynomial. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 345–356. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Jiang, X., Ding, J., Hu, L.: Kipnis-Shamir’s attack on HFE revisited Cryptology ePrint Archive (2007)Google Scholar
  11. 11.
    Kipnis, A., Shamir, A.: Cryptanalysis of the HFE public key cryptosystem by relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999)Google Scholar
  12. 12.
    MAGMA Computational Algebra System, http://magma.maths.usyd.edu.au/magma/
  13. 13.
    Matsumoto, T., Imai, H.: Tsutomu Matsumoto and Hideki Imai. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)Google Scholar
  14. 14.
    Moh, T.-T.: On the method of “XL” and its inefficiency to TTM Cryptology ePrint Archive, Report 2001/047, http://eprint.iacr.org/
  15. 15.
    Patarin, J.: Hidden field equations (HFE) and isomorphism of polynomials (IP): Two new families of asymmetric algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070. Springer, Heidelberg (1996)Google Scholar
  16. 16.
    Wolf, C., Preneel, B.: Taxonomy of public key schemes based on the problem of multivariate quadratic equations. Cryptology ePrint Archive, Report,2005/077, 12th of May 2005. 64 pages (2005), http://eprint.iacr.org/2005/077/

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Jintai Ding
    • 1
  • Dieter Schmidt
    • 1
  • Fabian Werner
    • 2
  1. 1.University of Cincinnati 
  2. 2.Technical University of Darmstadt 

Personalised recommendations