Dimension of the Linearization Equations of the Matsumoto-Imai Cryptosystems
The Matsumoto-Imai (MI) cryptosystem was the first multivariate public key cryptosystem proposed for practical use. Though MI is now considered insecure due to Patarin’s linearization attack, the core idea of MI has been used to construct many variants such as Sflash, which has recently been accepted for use in the New European Schemes for Signatures, Integrity, and Encryption project. Linearization attacks take advantage of the algebraic structure of MI to produce a set of equations that can be used to recover the plaintext from a given ciphertext. In our paper, we present a solution to the problem of finding the dimension of the space of linearization equations, a measure of how much work the attack will require.
KeywordsLinearization Equation Label Vertex Algebraic Attack Spacing Option Cryptology ePrint Archive
Unable to display preview. Download preview PDF.
- 4.Ding, J., Gower, J.E.: Innoculating Multivariate Schemes against Differential Attacks, in Cryptology ePrint archive, report 2005/255 (2005), http://eprint.iacr.org/
- 9.Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt ’88. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)Google Scholar