Linear Recurring Sequences for the UOV Key Generation

  • Albrecht Petzoldt
  • Stanislav Bulygin
  • Johannes Buchmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6571)


Multivariate public key cryptography is one of the main approaches to guarantee the security of communication in the post-quantum world. Due to its high efficiency and modest computational requirements, multivariate cryptography seems especially appropriate for signature schemes on low cost devices. However, multivariate schemes are not much used yet, mainly because of the large size of their public keys. In [PB10] Petzoldt et al. presented an idea how to create a multivariate signature scheme with a partially cyclic public key based on the UOV scheme of Kipnis and Patarin [KP99]. In this paper we use their idea to create a multivariate signature scheme whose public key is mainly given by a linear recurring sequence (LRS). By doing so, we are able to reduce the size of the public key by up to 86 %. Moreover, we get a public key with good statistical properties.


Multivariate Cryptography UOV Signature Scheme Key Size Reduction Linear Recurring Sequences 


  1. [BB08]
    Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.): Post-Quantum Cryptography. Springer, Heidelberg (2009)MATHGoogle Scholar
  2. [BC97]
    Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symbolic Comput. 24(3-4), 235–265 (1997)MathSciNetMATHCrossRefGoogle Scholar
  3. [BF08]
    Bettale, L., Faugére, J.C., Perret, L.: Hybrid approach for solving multivariate systems over finite fields. Journal Math. Crypt. 2, 1–22 (2008)CrossRefGoogle Scholar
  4. [BP10]
    Bulygin, S., Petzoldt, A., Buchmann, J.: Towards provable security of the UOV Signature Scheme under direct attacks. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 17–32. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. [CC08]
    Chen, A.I.-T., Chen, C.-H.O., Chen, M.-S., Cheng, C.M., Yang, B.-Y.: Practical-Sized Instances of Multivariate PKCs: Rainbow, TTS, and ℓIC-Derivatives. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 95–108. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. [DG06]
    Ding, J., Gower, J.E., Schmidt, D.: Multivariate Public Key Cryptosystems. Springer, Heidelberg (2006)MATHGoogle Scholar
  7. [Fa99]
    Faugére, J.C.: A new efficient algorithm for computing Groebner bases (F4). Journal of Pure and Applied Algebra 139, 61–88 (1999)MathSciNetMATHCrossRefGoogle Scholar
  8. [FP09]
    Faugére, J.C., Perret, L.: An efficient algorithm for decomposing multivariate polynomials and its applications to cryptography. Journal of Symbolic Computation 44(12), 1676–1689 (2009)MathSciNetMATHCrossRefGoogle Scholar
  9. [Go67]
    Golomb, S.W.: Shift Register Sequences. Holden Day, San Francisco (1967)MATHGoogle Scholar
  10. [GG05]
    Golomb, S.W., Gong, G.: Signal Design for Good Correlation. Cambridge University Press, New York (2005)MATHCrossRefGoogle Scholar
  11. [HW05]
    Hu, Y.-H., Wang, L.-C., Chou, C.-Y., Lai, F.: Similar Keys of Multivariate Quadratic Public Key Cryptosystems. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds.) CANS 2005. LNCS, vol. 3810, pp. 211–222. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. [KP99]
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced Oil and Vinegar Signature Schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999)Google Scholar
  13. [KS98]
    Kipnis, A., Shamir, A.: Cryptanalysis of the Oil & Vinegar Signature Scheme. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 257–266. Springer, Heidelberg (1998)Google Scholar
  14. [LN86]
    Lidl, R., Niederreiter, H.: Introduction to finite fields and their applications. Cambridge University Press, Cambridge (1986)MATHGoogle Scholar
  15. [Pa97]
    Patarin, J.: The oil and vinegar signature scheme, presented at the Dagstuhl Workshop on Cryptography (September 1997)Google Scholar
  16. [PB10]
    Petzoldt, A., Bulygin, S., Buchmann, J.: A Multivariate Signature Scheme with a partially cyclic public key. In: Proceedings of SCC, pp. 229–235 (2010)Google Scholar
  17. [Sh97]
    Shor, P.: Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM J. Comput. 26(5), 1484–1509Google Scholar
  18. [YC05]
    Yang, B.-Y., Chen, J.-M.: Building secure tame-like multivariate public-key cryptosystems: The new TTS. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 518–531. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Albrecht Petzoldt
    • 1
    • 2
  • Stanislav Bulygin
    • 1
    • 2
  • Johannes Buchmann
    • 1
    • 2
  1. 1.Department of Computer ScienceTechnische Universität DarmstadtDarmstadtGermany
  2. 2.Center for Advanced Security Research Darmstadt - CASEDDarmstadtGermany

Personalised recommendations