Towards Provable Security of the Unbalanced Oil and Vinegar Signature Scheme under Direct Attacks

  • Stanislav Bulygin
  • Albrecht Petzoldt
  • Johannes Buchmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6498)


In this paper we show that solving systems coming from the public key of the Unbalanced Oil and Vinegar (UOV) signature scheme is on average at least as hard as solving a certain quadratic system with completely random quadratic part. In providing lower bounds on direct attack complexity we rely on the empirical fact that complexity of solving a non-linear polynomial system is determined by the homogeneous part of this system of the highest degree. Our reasoning explains, in particular, the results on solving the UOV systems presented by J.-C. Faugere and L. Perret at the SCC conference in 2008.


Multivariate Cryptography UOV Signature Scheme provable security security reduction semi-regular sequence 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bard, A.: Algebraic Cryptanalysis. Springer, Heidelberg (2009)CrossRefzbMATHGoogle Scholar
  2. 2.
    Braeken, A., Wolf, C., Preneel, B.: A Study of the Security of Unbalanced Oil and Vinegar Signature Schemes. Topics in Cryptology CT-RSA (2005)Google Scholar
  3. 3.
    Bardet, M., Faugère, J.-C., Salvy, B., Yang, B.-Y.: Asymptotic Behaviour of the Degree of Regularity of Semi-Regular Polynomial Systems. In: Proceedings of MEGA 2005, Eighth International Symposium on Effective Methods in Algebraic Geometry (2005)Google Scholar
  4. 4.
    Bettale, L., Faugère, J.-C., Perret, L.: Hybrid approach for solving multivariate systems over finite fields. Journal of Math. Cryptology, 177–197 (2009)Google Scholar
  5. 5.
    Cao, W., Niw, X., Hu, L., Tang, X., Ding, J.: Cryptanalysis of Two Quartic Encryption Schemes and One Improved MFE Scheme. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 41–60. Springer, Heidelberg (2010)Google Scholar
  6. 6.
    Courtois, N.: Short Signatures, Provable Security, Generic Attacks and Computational Security of Multivariate Polynomial Schemes such as HFE, Quartz and Sflash, available at eprint 2004/143 (2004)Google Scholar
  7. 7.
    Ding, J., Gower, J.E., Schmidt, D.: Multivariate Public Key Cryptosystems. Springer, Heidelberg (2006)zbMATHGoogle Scholar
  8. 8.
    Ding, J., Hu, L., Nie, X., Li, J., Wagner, J.: High Order Linearization Equation (HOLE) Attack on Multivariate Public Key Cryptosystems. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 233–248. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Ding, J., Schmidt, D.: Rainbow, a new multivariate polynomial signature scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Ding, J., Yang, B.-Y.: Multivariate Public Key Cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, Springer, Heidelberg (2009)Google Scholar
  11. 11.
    Ding, J., Yang, B.-Y., Chen, C.-H.O., Chen, M.-S., Cheng, C.M.: New Differential-Algebraic Attacks and Reparametrization of Rainbow. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 242–257. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F5). In: Mora, T. (ed.) Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation ISSAC, pp. 75–83. ACM Press, New York (July 2002)CrossRefGoogle Scholar
  13. 13.
    Faugère, J.-C., Joux, A.: Algebraic Cryptanalysis of Hidden Field Equations (HFE) using Gröbner Bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Faugère, J.-C., Perret, L.: On the Security of UOV. In: Proceedings of SCC 2008, pp. 103–109 (2008)Google Scholar
  15. 15.
    Kipnis, A., Patarin, L., Goubin, L.: Unbalanced Oil and Vinegar Schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Kipnis, A., Shamir, A.: Cryptanalysis of the Oil and Vinegar Signature scheme. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 257–266. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature verification and message-encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  18. 18.
    Mohamed, S.E.M., Ding, J., Buchmann, J., Werner, F.: Algebraic Attack on the MQQ Public Key Cryptosystem. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 392–401. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Mohamed, S.E.M., Cabarcas, D., Ding, J., Buchmann, J., Bulygin, S.: MXL3: An efficient algorithm for computing Gröbner bases of zero-dimensional ideals. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 87–100. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Patarin, J.: Cryptanalysis of the Matsumoto and Imai public key scheme of Eurocrypt 88. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)Google Scholar
  21. 21.
    Patarin, J.: Hidden Field Equations (HFE) and Isomorphism of Polynomials (IP): two new families of asymmetric algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  22. 22.
    Patarin, J.: The oil and vinegar signature scheme, presented at the Dagstuhl Workshop on Cryptography (September 1997)Google Scholar
  23. 23.
    Petzoldt, A., Bulygin, S., Buchmann, J.: A Multivariate Signature Scheme with a Partially Cyclic Public Key. In: Proceedings of SCC 2010, pp. 229–235 (2010)Google Scholar
  24. 24.
    Tsujii, S., Gotaishi, M., Tadaki, K., Fujita, R.: Proposal of a Signature Scheme based on STS Trapdoor. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 201–217. Springer, Heidelberg (2010)Google Scholar
  25. 25.
    Wang, X., Feng, F., Wang, X., Wang, Q.: A More Secure MFE Multivariate Public Key Encryption Scheme. International Journal of Computer Science and Applications 6(3), 1–9 (2009)MathSciNetGoogle Scholar
  26. 26.
    Wang, L., Yang, B., Hu, Y., Lai, F.: A Medium-Field Multivariate Public Key Encryption Scheme. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 132–149. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  27. 27.
    Yang, B.-Y., Chen, J.-M.: All in the XL family: Theory and practice. In: Park, C., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 67–86. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Stanislav Bulygin
    • 1
  • Albrecht Petzoldt
    • 2
  • Johannes Buchmann
    • 1
    • 2
  1. 1.Center for Advanced Security Research Darmstadt - CASEDDarmstadtGermany
  2. 2.Department of Computer ScienceTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations