Security Analysis of Multivariate Polynomials for Hashing

  • Luk Bettale
  • Jean-Charles Faugère
  • Ludovic Perret
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5487)


In this paper, we investigate the security of a hash function based on the evaluation of multivariate polynomials [17]. The security of such hash function is related to the difficulty of solving (under-defined) systems of algebraic equations. To solve these systems, we have used a general hybrid approach [8] mixing exhaustive search and Gröbner bases solving. This shows that this approach is general and can be used in several contexts. For the sparse construction, we have refined this strategy. From a practical point of view, we have been able to break several challenges proposed by Ding and Yang [17] in real time.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adams, W.W., Loustaunau, P.: An Introduction to Gröbner Bases. Graduate Studies in Mathematics, vol. 3, AMS (1994)Google Scholar
  2. 2.
    Aumasson, J.-P., Meier, W.: Analysis of multivariate hash functions. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 309–323. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Bardet, M.: Etude des systèmes algébriques surdéterminés. Applications aux codes correcteurs et à la cryptographie. Thèse de doctorat, Université de Paris VI (2004)Google Scholar
  4. 4.
    Bardet, M., Faugère, J.-C., Salvy, B.: On the complexity of Gröbner basis computation of semi-regular overdetermined algebraic equations. In: Proc. International Conference on Polynomial System Solving (ICPSS), pp. 71–75 (2004),
  5. 5.
    Bardet, M., Faugère, J.-C., Salvy, B.: Complexity Study of Gröbner Basis Computation. Technical report, INRIA (2002),
  6. 6.
    Bardet, M., Faugère, J.-C., Salvy, B., Yang, B.-Y.: Asymptotic Behaviour of the Degree of Regularity of Semi-Regular Polynomial Systems. In: Proc. of MEGA 2005, Eighth International Symposium on Effective Methods in Algebraic Geometry (2005)Google Scholar
  7. 7.
    Berbain, C., Gilbert, H., Patarin, J.: QUAD: A practical stream cipher with provable security. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 109–128. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Bettale, L., Faugère, J.-C., Perret, L.: Cryptanalysis of the TRMS signature scheme of PKC 2005. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 143–155. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Buchberger, B., Collins, G.-E., Loos, R.: Computer Algebra Symbolic and Algebraic Computation, 2nd edn. Springer, Heidelberg (1982)MATHGoogle Scholar
  10. 10.
    Buchberger, B.: Gröbner Bases : an Algorithmic Method in Polynomial Ideal Theory. In: Recent trends in multidimensional systems theory, Reider ed. Bose (1985)Google Scholar
  11. 11.
    Billet, O., Robshaw, M.J.B., Peyrin, T.: On building hash functions from multivariate quadratic equations. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 82–95. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Courtois, N.T., Klimov, A.B., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Courtois, N., Goubin, L., Patarin, J.: SFLASH, a Fast Symmetric Signature Scheme for low-cost Smartcards – Primitive Specification and Supporting documentation,
  14. 14.
    Cox, D.A., Little, J.B., O’Shea, D.: Ideals, Varieties, and algorithms: an Introduction to Computational Algebraic Geometry and Commutative algebra. Undergraduate Texts in Mathematics. Springer, New York (1992)Google Scholar
  15. 15.
    Diffie, W., Fell, H.J.: Analysis of a public key approach based on polynomial substitution. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 340–349. Springer, Heidelberg (1986)Google Scholar
  16. 16.
    Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT–22(6), 644–654 (1976)MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    Ding, J., Yang, B.-Y.: Multivariates Polynomials for Hashing. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds.) Inscrypt 2007. LNCS, vol. 4990, pp. 358–371. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Dubois, V., Fouque, P.-A., Shamir, A., Stern, J.: Practical cryptanalysis of SFLASH. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 1–12. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    Faugère, J.C., Gianni, P., Lazard, D., Mora, T.: Efficient Computation of Zero-Dimensional Gröbner Bases by Change of Ordering. Journal of Symbolic Computation 16(4), 329–344 (1993)MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner Basis: F4. Journal of Pure and Applied Algebra 139, 61–68 (1999)MathSciNetCrossRefMATHGoogle Scholar
  21. 21.
    Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner Basis without Reduction to Zero: F5. In: Proceedings of ISSAC, pp. 75–83. ACM press, New York (2002)Google Scholar
  22. 22.
    Faugère, J.-C., Perret, L.: On the Security of UOV. In: Proc. First International Conference on Symbolic Computation and Cryptography (SCC 2008), pp. 103–110 (2008)Google Scholar
  23. 23.
    Garey, M.R., Johnson, D.B.: Computers and Intractability. A Guide to the Theory of NP-Completeness. W.H. Freeman, New York (1979)MATHGoogle Scholar
  24. 24.
    Luo, Y., Lai, X.: Higher Order Differential Cryptanalysis of Multivariate Hash Functions Cryptology ePrint archive, Report 2008/350,
  25. 25.
    Macaulay, F.S.: The Algebraic Theory of Modular Systems. Cambrige University Press, Cambrige (1916)MATHGoogle Scholar
  26. 26.
    Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  27. 27.
    Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)MathSciNetCrossRefMATHGoogle Scholar
  28. 28.
    Shor, P.W.: Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM J. Computing 26, 1484–1509 (1997)MathSciNetCrossRefMATHGoogle Scholar
  29. 29.
    Szanto, A.: Multivariate subresultants using jouanolouõs resultant matrices. Journal of Pure and Applied Algebra (to appear)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Luk Bettale
    • 1
  • Jean-Charles Faugère
    • 1
  • Ludovic Perret
    • 1
  1. 1.INRIA, Centre Paris-Rocquencourt, SALSA Project, UPMC, Univ Paris 06, LIP6, CNRS, UMR 7606, LIP6ParisFrance

Personalised recommendations