Handling Vinegar Variables to Shorten Rainbow Key Pairs

  • Gustavo ZamboninEmail author
  • Matheus S. P. Bittencourt
  • Ricardo Custódio
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11627)


Multivariate quadratic equations are the basis of one of the main mathematical techniques for the creation of digital signatures that are quantum-resistant. In these schemes, the creation and verification of signatures is highly efficient. However, key sizes are quite impractical and orders of magnitude greater than conventional schemes. One of the best-known signature schemes built upon multivariate equations is called Rainbow, which is based on the Oil-Vinegar principle. We observe that the reuse of vinegar variables in the signature generation step of the Rainbow scheme leads to a shorter representation of its central map, and thus, of the entire private key. We analyse the security implications of this strategy and present a modification to the Rainbow scheme, enabling a private key size reduction of up to \(85\%\) with secure parameters. Additionally, this framework can be applied on top of already existing schemes that shorten either private or public keys, spawning derivatives that reduce the total key pair size by a factor of 3.5.


Multivariate cryptography Digital signatures Rainbow 



This study was financed in part by the Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - Brasil (CAPES) - Finance Code 001. Additionally, we thank the anonymous referees for their suggestions.


  1. 1.
    Alagic, G., et al.: Status Report on the First Round of the NIST Post-Quantum Cryptography Standardization Process. Internal Report 8240, National Institute of Standards and Technology (NIST), January 2019.
  2. 2.
    Bernstein, D.J., Buchmann, J., Dahmen, E.: Post Quantum Cryptography, 1st edn. Springer, Heidelberg (2008)Google Scholar
  3. 3.
    Bettale, L., Faugére, J.C., Perret, L.: Solving polynomial systems over finite fields: improved analysis of the hybrid approach. In: Proceedings of the 37th International Symposium on Symbolic and Algebraic Computation, pp. 67–74, July 2012.
  4. 4.
    Billet, O., Gilbert, H.: Cryptanalysis of Rainbow. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 336–347. Springer, Heidelberg (2006). Scholar
  5. 5.
    Czypek, W.: Implementing Multivariate Quadratic Public Key Signature Schemes on Embedded Devices. Master’s thesis, Ruhr-Universität Bochum, April 2012Google Scholar
  6. 6.
    Ding, J., Chen, M.S., Petzoldt, A., Schmidt, D., Yang, B.Y.: Rainbow - Algorithm Specification and Documentation. Round 1 Submission, NIST Post-Quantum Cryptography Standardisation Process, December 2017Google Scholar
  7. 7.
    Ding, J., Gower, J., Schmidt, D.: Multivariate Public Key Cryptosystems, 1st edn. Springer, Boston (2006). Scholar
  8. 8.
    Ding, J., Petzoldt, A.: Current state of multivariate cryptography. IEEE Secur. Priv. 15(4), 28–36 (2017). Scholar
  9. 9.
    Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005). Scholar
  10. 10.
    Ding, J., Schmidt, D., Yin, Z.: Cryptanalysis of the new TTS scheme in CHES 2004. Int. J. Inf. Secur. 5(4), 231–240 (2006). Scholar
  11. 11.
    Ding, J., Yang, B.-Y., Chen, C.-H.O., Chen, M.-S., Cheng, C.-M.: New differential-algebraic attacks and reparametrization of rainbow. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 242–257. Springer, Heidelberg (2008). Scholar
  12. 12.
    von zur Gathen, J.: CryptoSchool, 1st edn. Springer, Heidelberg (2015). Scholar
  13. 13.
    Goldreich, O.: Foundations of Cryptography: Volume 2, Basic Applications, 1st edn. Cambridge University Press (2004)Google Scholar
  14. 14.
    Hashimoto, Y.: Cryptanalysis of the quaternion rainbow. In: Sakiyama, K., Terada, M. (eds.) IWSEC 2013. LNCS, vol. 8231, pp. 244–257. Springer, Heidelberg (2013). Scholar
  15. 15.
    Hashimoto, Y.: On the security of Circulant UOV/Rainbow. Cryptology ePrint Archive, Report 2018/847, October 2018.
  16. 16.
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999). Scholar
  17. 17.
    Kipnis, A., Shamir, A.: Cryptanalysis of the oil and vinegar signature scheme. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 257–266. Springer, Heidelberg (1998). Scholar
  18. 18.
    Peng, Z., Tang, S.: Circulant rainbow: a new rainbow variant with shorter private key and faster signature generation. IEEE Access 5, 11877–11886 (2017). Scholar
  19. 19.
    Petzoldt, A.: Selecting and Reducing Key Sizes for Multivariate Cryptography. Ph.D. thesis, Technische Universität Darmstadt, July 2013Google Scholar
  20. 20.
    Petzoldt, A., Bulygin, S.: Linear recurring sequences for the UOV key generation revisited. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 441–455. Springer, Heidelberg (2013). Scholar
  21. 21.
    Petzoldt, A., Bulygin, S., Buchmann, J.: A multivariate signature scheme with a partially cyclic public key. In: Faugëre, J.C., Cid, C. (eds.) International Conference on Symbolic Computation and Cryptography, pp. 229–235, June 2010Google Scholar
  22. 22.
    Petzoldt, A., Bulygin, S., Buchmann, J.: CyclicRainbow – a multivariate signature scheme with a partially cyclic public key. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 33–48. Springer, Heidelberg (2010). Scholar
  23. 23.
    Petzoldt, A., Bulygin, S., Buchmann, J.: Selecting parameters for the rainbow signature scheme. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 218–240. Springer, Heidelberg (2010). Scholar
  24. 24.
    Petzoldt, A., Bulygin, S., Buchmann, J.: Linear recurring sequences for the UOV key generation. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 335–350. Springer, Heidelberg (2011). Scholar
  25. 25.
    Shim, K.-A., Park, C.-M., Baek, Y.-J.: Lite-Rainbow: lightweight signature schemes based on multivariate quadratic equations and their secure implementations. In: Biryukov, A., Goyal, V. (eds.) INDOCRYPT 2015. LNCS, vol. 9462, pp. 45–63. Springer, Cham (2015). Scholar
  26. 26.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997). Scholar
  27. 27.
    Tang, S., Yi, H., Ding, J., Chen, H., Chen, G.: High-speed hardware implementation of rainbow signature on FPGAs. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 228–243. Springer, Heidelberg (2011). Scholar
  28. 28.
    Thomae, E., Wolf, C.: Cryptanalysis of enhanced TTS, STS and all its variants, or: why cross-terms are important. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 188–202. Springer, Heidelberg (2012). Scholar
  29. 29.
    Wolf, C., Preneel, B.: Taxonomy of Public Key Schemes based on the problem of \(\cal{M}\)ultivariate \(\cal{Q}\)uadratic equations. Cryptology ePrint Archive, Report 2005/077, March 2005.
  30. 30.
    Yasuda, T., Ding, J., Takagi, T., Sakurai, K.: A variant of rainbow with shorter secret key and faster signature generation. In: Chen, K., Xie, Q., Qiu, W., Xu, S., Zhao, Y. (eds.) ACM Workshop on Asia Public-Key Cryptography, pp. 57–62, May 2013.
  31. 31.
    Yasuda, T., Sakurai, K., Takagi, T.: Reducing the key size of rainbow using non-commutative rings. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 68–83. Springer, Heidelberg (2012). Scholar
  32. 32.
    Yasuda, T., Takagi, T., Sakurai, K.: Efficient variant of Rainbow using sparse secret keys. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. 5(3), 3–13 (2014)Google Scholar
  33. 33.
    Yasuda, T., Takagi, T., Sakurai, K.: Efficient variant of rainbow without triangular matrix representation. In: Mahendra, M.S., Neuhold, E.J., Tjoa, M.A., You, I. (eds.) Information and Communication Technology. LNCS, vol. 8407, pp. 532–541. Springer, Heidelberg (2014). Scholar
  34. 34.
    Yi, H., Tang, S.: Very small FPGA processor for multivariate signatures. Comput. J. 59(7), 1091–1101 (2016). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Gustavo Zambonin
    • 1
    Email author
  • Matheus S. P. Bittencourt
    • 1
  • Ricardo Custódio
    • 1
  1. 1.Departamento de Informática e EstatísticaUniversidade Federal de Santa CatarinaFlorianópolisBrazil

Personalised recommendations