On the Affine Transformations of HFE-Cryptosystems and Systems with Branches

  • Patrick Felke
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3969)


We show how to recover the affine parts of the secret key for a certain class of HFE-Cryptosystems. Further we will show that any system with branches can be decomposed in its single branches in polynomial time on average. The attack on the affine parts generalizes the results from [1, 11] to a bigger class of systems and is achieved by a different approach. Despite the fact that systems with branches are not used anymore (see [11, 6]), our second attack is a still of interest, as it shows that branches belong to the list of algebraic properties, which cannot be hidden by composition with secret affine transformations. We derived both algorithms by considering the cryptosystem as objects from the theory of nonassociative algebras and applying classical techniques from this theory. This general framework might be a useful tool for future investigations of HFE-Cryptosystems, e.g. to detect further invariants, which are not hidden by composition with affine transformations.


HFE finite fields branches nonassociative algebra mixed centralizer affine transformations 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Beth, T., Geiselmann, W., Steinwandt, R.: Revealing 441 Key Bits of SFLASHv2. In: Nessie Workshop Munich (November 2002)Google Scholar
  2. 2.
    Patarin, J., Courtois, N.T., Goubin, L.: QUARTZ, 128-bit long digital signatures. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 282–297. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Courtois, N., Goubin, L., Patarin, J.: SFLASHv3 a fast symmetric signature scheme. Cryptology ePrint Archive: Report 2003/211 (2003)Google Scholar
  4. 4.
    Dobbertin, H.: internal report 93/94, German Information Security AgencyGoogle Scholar
  5. 5.
    Dobbertin, H.: Analysis of HFE Schemes Based on Power Functions. In: Invited talk at YACC 2002, June 03-07 (2002)Google Scholar
  6. 6.
    Patarin, J., Goubin, L., Courtois, N.T.: Improved Algorithms for Isomorphisms of Polynomials. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 184–200. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  7. 7.
    Imai, H., Matsumoto, T.: Public Quadratic Polynomial-tuples for efficient signature-verification and message-encryption. In: McCurley, K.S., Ziegler, C.D. (eds.) Advances in Cryptology 1981 - 1997. LNCS, vol. 1440, pp. 419–453. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Kipnis, A., Shamir, A.: Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  9. 9.
    Kipnis, A., Shamir, A.: Cryptanalysis of the Oil & Vinegar Signature Scheme. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 206–222. Springer, Heidelberg (1998)Google Scholar
  10. 10.
    Lidl, R., Niederreiter, H.: Finite Fields, 2nd edn. Encyclopedia of Mathematics and its Applications, vol. 20. Cambridge University Press, Cambridge (1997)zbMATHGoogle Scholar
  11. 11.
    Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt 1988. In: McCurley, K.S., Ziegler, C.D. (eds.) Advances in Cryptology 1981 - 1997. LNCS, vol. 1440, pp. 248–261. Springer, Heidelberg (1999)Google Scholar
  12. 12.
    Patarin, J.: Asymmetric Cryptography with a Hidden Monomial. In: McCurley, K.S., Ziegler, C.D. (eds.) Advances in Cryptology 1981 - 1997. LNCS, vol. 1440, pp. 45–60. Springer, Heidelberg (1999)Google Scholar
  13. 13.
    Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials(IP): Two new families of Asymmetric Algorithms. In: McCurley, K.S., Ziegler, C.D. (eds.) Advances in Cryptology 1981 - 1997. LNCS, vol. 1440, pp. 33–48. Springer, Heidelberg (1999)Google Scholar
  14. 14.
    Schafer, R.: Introduction to Nonassociative Algebras. Academic Press, London (1966)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Patrick Felke
    • 1
  1. 1.CITS Research GroupRuhr-University BochumBochumGermany

Personalised recommendations