Inoculating Multivariate Schemes Against Differential Attacks

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3958)


We demonstrate how to prevent differential attacks on multivariate public key cryptosystems using the Plus (+) method of external perturbation. In particular, we prescribe adding as few as 10 Plus polynomials to the Perturbed Matsumoto-Imai (PMI) cryptosystem when g=1 and r=6, where θ is the Matsumoto-Imai exponent, n is the message length, g = gcd(θ,n), and r is the internal perturbation dimension; or as few as g+10 when g ≠ 1. The external perturbation does not significantly decrease the efficiency of the system, and in fact has the additional benefit of resolving the problem of finding the true plaintext among several preimages of a given ciphertext. We call this new scheme the Perturbed Matsumoto-Imai-Plus (PMI+) cryptosystem.


multivariate public key cryptography Matsumoto-Imai perturbation plus differential 


  1. 1.
    Akkar, M.-L., Courtois, N.T., Duteuil, R., Goubin, L.: A Fast and Secure Implementation of Sflash. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 267–278. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Ding, J.: A New Variant of the Matsumoto-Imai Cryptosystem Through Perturbation. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 305–318. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Ding, J., Schmidt, D.: Cryptanalysis of HFEv and Internal Perturbation of HFE. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 288–301. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Ding, J., Gower, J.E., Schmidt, D., Wolf, C., Yin, Z.: Complexity Estimates for the F4 Attack on the Perturbed Matsumoto-Imai Cryptosystem. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 262–277. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Faugére, J.-C.: A New Efficient Algorithm for Computing Gröbner Bases (F4). Journal of Applied and Pure Algebra 139, 61–88 (1999)CrossRefzbMATHGoogle Scholar
  7. 7.
    Feller, W.: An Introduction to Probability Theory and Its Applications, 3rd edn., vol. I. Wiley & Sons, Chichester (1968)zbMATHGoogle Scholar
  8. 8.
    Fouque, P.-A., Granboulan, L., Stern, J.: Differential Cryptanalysis for Multivariate Schemes. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 341–353. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Kemeny, J.G., Snell, J.L.: Finite Markov Chains. D. Van Nostrand Company, Inc. (1960)Google Scholar
  10. 10.
    Matsumoto, T., Imai, H.: Public Quadratic Polynomial-Tuples for Efficient Signature-Verification and Message-Encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)Google Scholar
  11. 11.
    NESSIE. European project IST-1999-12324 on New European Schemes for Signature, Integrity and Encryption,
  12. 12.
    Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt 1988. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)Google Scholar
  13. 13.
    Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)Google Scholar
  14. 14.
    Patarin, J., Goubin, L., Courtois, N.: C ∗ - + and HM: Variations Around Two Schemes of T. Matsumoto and H. Imai. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 35–50. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Yang, B.-Y., Chen, J.-M., Chen, Y.-H.: Private communicationGoogle Scholar
  16. 16.
    Yang, B.-Y., Chen, J.-M., Courtois, N.: On Asymptotic Security Estimates in XL and Gröbner Bases-Related Algebraic Cryptanalysis. In: López, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 410–413. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  1. 1.Department of Mathematical SciencesUniversity of CincinnatiCincinnatiUSA

Personalised recommendations