Practical Algebraic Cryptanalysis for Dragon-Based Cryptosystems

  • Johannes Buchmann
  • Stanislav Bulygin
  • Jintai Ding
  • Wael Said Abd Elmageed Mohamed
  • Fabian Werner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6467)


Recently, the Little Dragon Two and Poly-Dragon multivariate based public-key cryptosystems were proposed as efficient and secure schemes. In particular, the inventors of the two schemes claim that Little Dragon Two and Poly-Dragon resist algebraic cryptanalysis. In this paper, we show that MXL2, an algebraic attack method based on the XL algorithm and Ding’s concept of Mutants, is able to break Little Dragon Two with keys of length up to 229 bits and Poly-Dragon with keys of length up to 299. This contradicts the security claim for the proposed schemes and demonstrates the strength of MXL2 and the Mutant concept. This strength is further supported by experiments that show that in attacks on both schemes the MXL2 algorithm outperforms the Magma’s implementation of F4.


Linear Polynomial Algebraic Attack Permutation Polynomial Gaussian Elimination Method Linearization Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman & Co., New York (1979)zbMATHGoogle Scholar
  2. 2.
    Ding, J., Gower, J.E., Schmidt, D.: Multivariate Public Key Cryptosystems (Advances in Information Security). Springer, New York (2006)zbMATHGoogle Scholar
  3. 3.
    Ding, J., Yang, B.Y.: Multivariate Public Key Cryptography. In: Bernstein, D.J., et al. (eds.) Post Quantum Cryptography, pp. 193–234. Springer, Heidelberg (2008)Google Scholar
  4. 4.
    Singh, R.P., Saikia, A., Sarma, B.K.: Little Dragon Two: An Efficient Multivariate Public Key Cryptosystem. International Journal of Network Security and Its Applications (IJNSA) 2, 1–10 (2010)CrossRefzbMATHGoogle Scholar
  5. 5.
    Jacques, P.: Asymmetric Cryptography with a Hidden Monomial. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 45–60. Springer, Heidelberg (1996)Google Scholar
  6. 6.
    Singh, R.P., Saikia, A., Sarma, B.: Poly-Dragon: An efficient Multivariate Public Key Cryptosystem. Cryptology ePrint Archive, Report 2009/587 (2009),
  7. 7.
    Ding, J., Buchmann, J., Mohamed, M.S.E., Moahmed, W.S.A., Weinmann, R.P.: MutantXL. In: Proceedings of the 1st International Conference on Symbolic Computation and Cryptography (SCC 2008), Beijing, China, pp. 16–22. LMIB (2008),
  8. 8.
    Mohamed, M.S., Ding, J., Buchmann, J., Werner, F.: Algebraic Attack on the MQQ Public Key Cryptosystem. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 392–401. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Lidl, R., Niederreiter, H.: Finite Fields, 2nd edn. Encyclopedia of Mathematics and its Applications, vol. 20. Cambridge University Press, Cambridge (1997)zbMATHGoogle Scholar
  10. 10.
    Mohamed, M.S.E., Mohamed, W.S.A.E., Ding, J., Buchmann, J.: MXL2: Solving Polynomial Equations over GF(2) Using an Improved Mutant Strategy. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 203–215. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Courtois, N.T., Klimov, A., Patarin, J., Shamir, A.: Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Ding, J.: Mutants and its Impact on Polynomial Solving Strategies and Algorithms. Privately distributed research note, University of Cincinnati and Technical University of Darmstadt (2006)Google Scholar
  13. 13.
    Ding, J., Cabarcas, D., Schmidt, D., Buchmann, J., Tohaneanu, S.: Mutant Gröbner Basis Algorithm. In: Proceedings of the 1st International Conference on Symbolic Computation and Cryptography (SCC 2008), Beijing, China, pp. 23–32. LMIB (2008)Google Scholar
  14. 14.
    Mohamed, M.S.E., Cabarcas, D., Ding, J., Buchmann, J., Bulygin, S.: MXL3: An Efficient Algorithm for Computing Gröbner Bases of Zero-dimensional Ideals. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 87–100. Springer, Heidelberg (2010)Google Scholar
  15. 15.
    Albrecht, M., Bard, G.: The M4RI Library– Linear Algebra over GF(2) (2008),
  16. 16.
    Bard, G.V.: Algebraic Cryptanalysis. Springer Publishing Company, Incorporated, Heidelberg (2009)CrossRefzbMATHGoogle Scholar
  17. 17.
    Wolf, C.: Efficient Public Key Generation for HFE and Variations. In: Dawson, E., Klemm, W. (eds.) Cryptographic Algorithms and their Uses, Queensland University of Technology, pp. 78–93 (2004)Google Scholar
  18. 18.
    Billet, O., Ding, J.: Overview of Cryptanalysis Techniques in Multivariate Public Key Cryptography. In: Sala, M., et al. (eds.) Gröbner Bases, Coding, and Cryptography, pp. 263–284. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Johannes Buchmann
    • 1
  • Stanislav Bulygin
    • 2
  • Jintai Ding
    • 3
  • Wael Said Abd Elmageed Mohamed
    • 1
  • Fabian Werner
    • 4
  1. 1.FB InformatikTU DarmstadtDarmstadtGermany
  2. 2.Center for Advanced Security Research Darmstadt (CASED)Germany
  3. 3.Department of Mathematical SciencesUniversity of CincinnatiCincinnatiUSA
  4. 4.TU DarmstadtGermany

Personalised recommendations