Two-Face: New Public Key Multivariate Schemes

  • Gilles Macario-Rat
  • Jacques Patarin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10831)


We present here new multivariate schemes that can be seen as HFE generalization having a property called ‘Two-Face’. Particularly, we present five such families of algorithms named ‘Dob’, ‘Simple Pat’, ‘General Pat’, ‘Mac’, and ‘Super Two-Face’. These families have connections between them, some of them are refinements or generalizations of others. Notably, some of these schemes can be used for public key encryption, and some for public key signature. We introduce also new multivariate quadratic permutations that may have interest beyond cryptography.


Multivariate cryptography HFE generalization New multivariate quadratic permutations (=new DO permutation 



We thank Ludovic Perret and Jean Charles Faugère, INRIA, for fruitful discussions and help for the experimental computations.


  1. 1.
    Gilbert, H., Minier, M.: Cryptanalysis of SFLASH. [36], pp. 288–298 (2002)Google Scholar
  2. 2.
    Fouque, P., Macario-Rat, G., Stern, J.: Key recovery on hidden monomial multivariate schemes. [37], pp. 19–30 (2008)Google Scholar
  3. 3.
    Ding, J., Dubois, V., Yang, B., Chen, C.O., Cheng, C.: Could SFLASH be repaired? IACR Cryptology ePrint Archive 2009, 596 (2009)Google Scholar
  4. 4.
    Faugère, J., Perret, L.: On the security of UOV. IACR Cryptology ePrint Archive 2009, 483 (2009)Google Scholar
  5. 5.
    Hamdi, O., Bouallegue, A., Harari, S.: Hidden field equations cryptosystem performances. In: AICCSA, pp. 308–311. IEEE Computer Society (2006)Google Scholar
  6. 6.
    Patarin, J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): two new families of asymmetric algorithms. [34], pp. 33–48 (1996)Google Scholar
  7. 7.
    Lidl, R., Niederreiter, H.: Finite Fields. Encyclopedia of Mathematics and its Applications, 2nd edn. Cambridge University Press, Cambridge (1996)CrossRefzbMATHGoogle Scholar
  8. 8.
    Dembowski, P., Ostrom, T.G.: Planes of order \(n\) with collineation groups of order \(n^2\). Math. Z. 103(3), 239–258 (1968)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Ding, J., Yang, B.-Y.: Degree of regularity for HFEv and HFEv-. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 52–66. Springer, Heidelberg (2013). Scholar
  10. 10.
    Dobbertin, H.: Almost perfect nonlinear power functions on GF(2\({}^{n}\)): the Welch case. IEEE Trans. Inf. Theory 45(4), 1271–1275 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Patarin, J.: Cryptanalysis of the Matsumoto and Imai public key scheme of eurocrypt’98. Des. Codes Crypt. 20(2), 175–209 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Fouque, P., Granboulan, L., Stern, J.: Differential cryptanalysis for multivariate schemes. [32], pp. 341–353 (2005)Google Scholar
  13. 13.
    Dubois, V., Granboulan, L., Stern, J.: Cryptanalysis of HFE with internal perturbation. [33]. pp. 249–265 (2007)Google Scholar
  14. 14.
    Bouillaguet, C., Fouque, P.-A., Macario-Rat, G.: Practical key-recovery for all possible parameters of SFLASH. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 667–685. Springer, Heidelberg (2011). Scholar
  15. 15.
    Dubois, V., Fouque, P.-A., Shamir, A., Stern, J.: Practical cryptanalysis of SFLASH. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 1–12. Springer, Heidelberg (2007). Scholar
  16. 16.
    Salmon, G.: Lessons Introductory to the Modern Higher Algebra. Elibron Classics Series. Adegi Graphics LLC, Rye Brook (1999)Google Scholar
  17. 17.
    Geddes, K.O., Czapor, S.R., Labahn, G.: Algorithms for Computer Algebra. Kluwer Academic Publishers, Norwell (1992)CrossRefzbMATHGoogle Scholar
  18. 18.
    Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I: the user language. J. Symb. Comput. 24(3–4), 235–265 (1997). Computational algebra and number theory (London, 1993)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Faugère, J.-C., Joux, A.: Algebraic cryptanalysis of hidden field equation (HFE) cryptosystems using Gröbner bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003). Scholar
  20. 20.
    Bettale, L., Faugère, J.-C., Perret, L.: Cryptanalysis of multivariate and odd-characteristic HFE variants. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 441–458. Springer, Heidelberg (2011). Scholar
  21. 21.
    Bettale, L., Faugère, J., Perret, L.: Cryptanalysis of HFE, multi-HFE and variants for odd and even characteristic. IACR Cryptology ePrint Archive 2011, 399 (2011)Google Scholar
  22. 22.
    Billet, O., Patarin, J., Seurin, Y.: Analysis of intermediate field systems. In: First Conference on Symbolic Computation and Cryptography, Beijing, China, 28–30 April 2008, pp. 110–117 (2008)Google Scholar
  23. 23.
    Goubin, L., Courtois, N.: Cryptanalysis of the TTM cryptosystem. [24], pp. 44–57 (2000)Google Scholar
  24. 24.
    Okamoto, T. (ed.) Advances in Cryptology - ASIACRYPT 2000. LNCS, vol. 1976. Springer, Heidelberg (2000).
  25. 25.
    Zhang, W., Tan, C.H.: A new perturbed Matsumoto-Imai signature scheme. [26], pp. 43–48 (2014)Google Scholar
  26. 26.
    Emura, K., Hanaoka, G., Zhao, Y. (eds.): Proceedings of the 2nd ACM Workshop on ASIA Public-Key Cryptography, ASIAPKC 2014, 3 June, 2014, Kyoto, Japan. ACM (2014)Google Scholar
  27. 27.
    Zhang, W., Tan, C.H.: MI-T-HFE, a new multivariate signature scheme. Cryptology ePrint Archive, Report 2015/890 (2015).
  28. 28.
    Ding, J., Gower, J.E., Schmidt, D., Wolf, C., Yin, Z.: Complexity estimates for the F4 attack on the perturbed Matsumoto-Imai cryptosystem. [29], pp. 262–277 (2005)Google Scholar
  29. 29.
    Smart, N.P. (ed.): Cryptography and Coding 2005. LNCS, vol. 3796. Springer, Heidelberg (2005).
  30. 30.
    Ding, J.: A new variant of the Matsumoto-Imai cryptosystem through perturbation. [31], pp. 305–318 (2004)Google Scholar
  31. 31.
    Bao, F., Deng, R.H., Zhou, J. (eds.): Public Key Cryptography-PKC 2004. LNCS, vol. 2947. Springer, Heidelberg (2004).
  32. 32.
    Cramer, R. (ed.): Advances in Cryptology - EUROCRYPT 2005. vol.3494. LNCS, Springer, Heidelberg (2005).
  33. 33.
    Okamoto, T., Wang, X. (eds.): Public Key Cryptography - PKC 2007. LNCS, vol. 4450. Springer, Heidelberg (2007).
  34. 34.
    Maurer, U.M. (ed.): Advances in Cryptology - EUROCRYPT 1996. LNCS, vol. 1070. Springer, Heidelberg (1996).
  35. 35.
    MacAulay, F.S.: Some formulæ in elimination. Proc. Lond. Math. Soc. s1–35(1), 3–27 (1902)CrossRefzbMATHGoogle Scholar
  36. 36.
    Knudsen, L.R. (ed.): Advances in Cryptology - EUROCRYPT 2002. LNCS, vol. 2332. Springer, Heidelberg (2002).
  37. 37.
    Smart, N.P. (ed.): Advances in Cryptology - EUROCRYPT 2008. LNCS, vol. 4965. Springer, Heidelberg (2008).
  38. 38.
    Hou, X.d.: Permutation polynomials over finite fields - a survey of recent advances. Finite Fields Appl. 32(C), 82–119 (2015)Google Scholar
  39. 39.
    Blokhuis, A., Coulter, R.S., Henderson, M., O’Keefe, C.M.: Permutations amongst the Dembowski-Ostrom polynomials. In: Jungnickel, D., Niederreiter, H. (eds.) Finite Fields and Applications, pp. 37–42. Springer, Heidelberg (2001).
  40. 40.
    Plût, J., Fouque, P., Macario-Rat, G.: Solving the “isomorphism of polynomials with two secrets” problem for all pairs of quadratic forms. CoRR abs/1406.3163 (2014)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.OrangeChâtillonFrance
  2. 2.Université Versailles Saint-QuentinVersaillesFrance

Personalised recommendations