MQ Signatures for PKI

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10346)


It is well known that multivariate quadratic (MQ) digital signature schemes have small signatures but huge public keys. However, in some settings, such as public key infrastructure (PKI), both variables are important. This paper explains how to transform any MQ signature scheme into one with a much smaller public key at the cost of a larger signature. The transformation aims to reduce the combined size of the public key and signature and this metric is improved significantly. The security of our transformation reduces to that of the underlying MQ signature scheme in the random oracle model. It is possible to decrease signature sizes even further but then its security is related to the conjectured hardness of a new problem, the Approximate MQ Problem (AMQ).


Multivariate quadratic Public key infrastructure Signature Random oracle Post-quantum Hard problem 



The authors would like to thank the reviewers for their helpful feedback. This work was supported in part by the Research Council KU Leuven: C16/15/058. In addition, this work was supported by the European Commission through the ICT programme under contract FP7-ICT-2013-10-SEP-210076296 PRACTICE, through the Horizon 2020 research and innovation programme under grant agreement No. H2020-ICT-2014-644371 WITDOM and H2020-ICT-2014-645622 PQCRYPTO. Alan Szepieniec is being supported by a doctoral grant from the Flemish Agency for Innovation and Entrepreneurship (VLAIO, formerly IWT).


  1. 1.
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: Holz, T., Savage, S. (eds.) 25th USENIX Security Symposium, USENIX Security 2016, Austin, TX, USA, 10–12 August 2016, pp. 327–343. USENIX Association (2016).
  2. 2.
    Bernstein, D.J., Buchmann, J., Ding, J., Goubin, L., Lange, T., Nguyen, P., Okamoto, T., Salvail, L., Silverberg, A., Silverman, J., Stam, M., Wolf, C. (eds.): Proceedings of International Workshop on Post-Quantum Cryptography, PQCrypto 2006, Leuven, Belgium, 23–26 May 2006 (2006).
  3. 3.
    Bernstein, D.J., et al.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015). Google Scholar
  4. 4.
    Bettale, L., Faugère, J., Perret, L.: Hybrid approach for solving multivariate systems over finite fields. J. Math. Cryptol. 3(3), 177–197 (2009). MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Bettale, L., Faugère, J., Perret, L.: Solving polynomial systems over finite fields: improved analysis of the hybrid approach. In: van der Hoeven, J., van Hoeij, M. (eds.) International Symposium on Symbolic and Algebraic Computation, ISSAC 2012, Grenoble, France, 22–25 July 2012, pp. 67–74. ACM (2012).
  6. 6.
    Brassard, G., Hoyer, P., Mosca, M., Tapp, A.: Quantum amplitude amplification and estimation (2000). arXiv preprint quant-ph/0005055
  7. 7.
    Chen, M.-S., Hülsing, A., Rijneveld, J., Samardjiska, S., Schwabe, P.: From 5-pass \(\cal{MQ}\)-based identification to \(\cal{MQ}\)-based signatures. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 135–165. Springer, Heidelberg (2016). CrossRefGoogle Scholar
  8. 8.
    Courtois, N.T., Finiasz, M., Sendrier, N.: How to achieve a McEliece-based digital signature scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 157–174. Springer, Heidelberg (2001). CrossRefGoogle Scholar
  9. 9.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000). CrossRefGoogle Scholar
  10. 10.
    Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  11. 11.
    Faugère, J.C.: A new efficient algorithm for computing Gröbner bases (F 4). J. Pure Appl. Algebra 139(1), 61–88 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988). MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Miller, G.L. (ed.) Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, 22–24 May 1996, pp. 212–219. ACM (1996).
  14. 14.
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced Oil and Vinegar Signature Schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999). CrossRefGoogle Scholar
  15. 15.
    Braithwaite, M.: Google: Experimenting with post-quantum cryptography (2016).
  16. 16.
    Maurer, U.M. (ed.): EUROCRYPT 1996. LNCS, vol. 1070. Springer, Heidelberg (1996). doi: 10.1007/3-540-68339-9 zbMATHGoogle Scholar
  17. 17.
  18. 18.
    National Institute for Standards and Technology (NIST): Post-quantum crypto standardization (2016).
  19. 19.
    Patarin, J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): two new families of asymmetric algorithms. In: Maurer [16], pp. 33–48.
  20. 20.
    Petzoldt, A.: Selecting and reducing key sizes for multivariate cryptography, July 2013.
  21. 21.
    Petzoldt, A., Chen, M.-S., Yang, B.-Y., Tao, C., Ding, J.: Design principles for HFEv- based multivariate signature schemes. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 311–334. Springer, Heidelberg (2015). CrossRefGoogle Scholar
  22. 22.
    Petzoldt, A., Thomae, E., Bulygin, S., Wolf, C.: Small public keys and fast verification for \(\cal{M}\)ultivariate \(\cal{Q}\)uadratic public key systems. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 475–490. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  23. 23.
    Rogaway, P. (ed.): CRYPTO 2011. LNCS, vol. 6841. Springer, Heidelberg (2011). zbMATHGoogle Scholar
  24. 24.
    Sakumoto, K., Shirai, T., Hiwatari, H.: Public-key identification schemes based on multivariate quadratic polynomials. In: Rogaway [23], pp. 706–723.
  25. 25.
    Shor, P.W.: Polynomial time algorithms for discrete logarithms and factoring on a quantum computer. In: Adleman, L.M., Huang, M.-D. (eds.) ANTS 1994. LNCS, vol. 877, pp. 289–289. Springer, Heidelberg (1994). CrossRefGoogle Scholar
  26. 26.
    Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. IACR Cryptology ePrint Archive 2004/332 (2004).
  27. 27.
    Stern, J.: A new identification scheme based on syndrome decoding. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 13–21. Springer, Heidelberg (1994). CrossRefGoogle Scholar
  28. 28.
    PQCRYPTO ICT-645622 (2015).

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.imec-COSIC KU LeuvenLeuvenBelgium

Personalised recommendations