Algebraic Attack on the MQQ Public Key Cryptosystem

  • Mohamed Saied Emam Mohamed
  • Jintai Ding
  • Johannes Buchmann
  • Fabian Werner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5888)


In this paper, we present an efficient attack on the multivariate Quadratic Quasigroups (MQQ) public key cryptosystem. Our cryptanalysis breaks the MQQ cryptosystem by solving a system of multivariate quadratic polynomial equations using both the MutantXL algorithm and the F4 algorithm. We present the experimental results that show that MQQ systems is broken up to size n equal to 300. Based on these results we show also that MutantXL solves MQQ systems with much less memory than the F4 algorithm implemented in Magma.


Algebraic Cryptanalysis MQQ public key cryptosystem MutantXL algorithm F4 algorithm 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bard, G.V.: Accelerating cryptanalysis with the Method of Four Russians. Report 251, Cryptology ePrint Archive (2006)Google Scholar
  2. 2.
    Braeken, A., Wolf, C., Preneel, B.: A study of the security of Unbalanced Oil and Vinegar signature schemes. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 29–43. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Ding, J., Buchmann, J., Mohamed, M.S.E., Moahmed, W.S.A., Weinmann, R.-P.: MutantXL. In: Proceedings of the 1st international conference on Symbolic Computation and Cryptography (SCC 2008), Beijing, China, pp. 16–22. LMIB (April 2008)Google Scholar
  5. 5.
    Ding, J., Gower, J.E., Schmidt, D.S.: Zhuang-Zi: A New Algorithm for Solving Multivariate Polynomial Equations over a Finite Field. Technical Report 038, Cryptology ePrint Archive (2006)Google Scholar
  6. 6.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases (F4). Journal of Pure and Applied Algebra 139(1-3), 61–88 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Faugère, J.-C., Joux, A.: Algebraic Cryptoanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases. In: Proceedings of the International Association for Cryptologic Research 2003, pp. 44–60. Springer, Heidelberg (2003)Google Scholar
  8. 8.
    Gligoroski, D.: Candidate One-Way Functions and One-Way Permutations Based on Quasigroup String Transformations. Report 352, Cryptology ePrint Archive (2005)Google Scholar
  9. 9.
    Gligoroski, D., Markovski, S., Knapskog, S.J.: Multivariate Quadratic Trapdoor Functions Based on Multivariate Quadratic Quasigroups. In: Proceedings of The American Conference on Applied Mathematics (MATH 2008), Cambridge, Massachusetts, USA (March 2008)Google Scholar
  10. 10.
    Gligoroski, D., Markovski, S., Knapskog, S.J.: Public Key Block Cipher Based on Multivariate Quadratic Quasigroups. Report 320, Cryptology ePrint Archive (2008)Google Scholar
  11. 11.
    Kipnis, A., Hotzvim, H.S.H., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999)Google Scholar
  12. 12.
    Matsumoto, T., Imai, H.: Public Quadratic Polynomial-Tuples for Efficient Signature-Verification and Message-Encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)Google Scholar
  13. 13.
    Mohamed, M.S.E., Mohamed, W.S.A.E., Ding, J., Buchmann, J.: MXL2: Solving Polynomial Equations over GF(2) using an Improved Mutant Strategy. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 203–215. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)Google Scholar
  15. 15.
    Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): two new families of Asymmetric Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)Google Scholar
  16. 16.
    Wolf, C., Preneel, B.: Superfluous keys in multivariate quadratic asymmetric systems. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 275–287. Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Mohamed Saied Emam Mohamed
    • 1
  • Jintai Ding
    • 2
  • Johannes Buchmann
    • 1
  • Fabian Werner
    • 1
  1. 1.TU Darmstadt, FB InformatikDarmstadtGermany
  2. 2.Department of Mathematical SciencesUniversity of CincinnatiCincinnatiUSA

Personalised recommendations