Large Superfluous Keys in \(\mathcal{M}\)ultivariate \(\mathcal{Q}\)uadratic Asymmetric Systems

  • Christopher Wolf
  • Bart Preneel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3386)


In this article, we show that public key schemes based on multivariate quadratic equations allow many equivalent, and hence superfluous private keys. We achieve this result by investigating several transformations to identify these keys and show their application to Hidden Field Equations (HFE), C*, and Unbalanced Oil and Vinegar schemes (UOV). In all cases, we are able to reduce the size of the private – and hence the public – key space by at least one order of magnitude. We see applications of our technique both in cryptanalysis of these schemes and in memory efficient implementations.


Multivariate Quadratic Equations Public Key Schemes 


  1. 1.
    Biryukov, A., De Canniére, C., Braeken, A., Preneel, B.: A toolbox for cryptanalysis: Linear and affine equivalence algorithms. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, pp. 33–50. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Courtois, N., Goubin, L., Patarin, J.: Quartz: Primitive specification (second revised version), 18 pages (October 2001),
  3. 3.
    Courtois, N., Goubin, L., Patarin, J.: SFlash v3, a fast asymmetric signature scheme – Revised Specificatoin of SFlash, version 3.0. ePrint Report 2003/211, 14 pages, October 17 (2003),
  4. 4.
    Garay, M.R., Johnson, D.S.: Computers and Intractability – A Guide to the Theory of NP-Completeness. W.H. Freeman and Company, New York (1979) ISBN 0-7167-1044-7 or 0-7167-1045-5Google Scholar
  5. 5.
    Geiselmann, W., Steinwandt, R., Beth, T.: Attacking the affine parts of SFlash. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 355–359. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999)Google Scholar
  7. 7.
    Kipnis, A., Shamir, A.: Cryptanalysis of the HFE public key cryptosystem by relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999),,
  8. 8.
    Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)Google Scholar
  9. 9.
    Patarin, J.: Cryptanalysis of the matsumoto and imai public key scheme of eurocrypt ’88. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)Google Scholar
  10. 10.
    Patarin, J.: Asymmetric cryptography with a hidden monomial. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 45–60. Springer, Heidelberg (1996)Google Scholar
  11. 11.
    Patarin, J.: Hidden Field Equations (HFE) and Isomorphisms of Polynomials (IP): two new families of asymmetric algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996); Extended Version:
  12. 12.
    Patarin, J., Goubin, L.: Trapdoor one-way permutations and multivariate polynomials. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 356–368. Springer, Heidelberg (1997); Extended Version:
  13. 13.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Journal on Computing 26(5), 1484–1509 (1997)MATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Toli, I.: Cryptanalysis of HFE, arXiv preprint server, 7 pages (June 2003),
  15. 15.
    Wolf, C., Preneel, B.: Asymmetric cryptography: Hidden field equations. In: Neittaanmäki, P., Rossi, T., Korotov, S., Oñate, E., Périaux, J., Knörzer, D. (eds.) European Congress on Computational Methods in Applied Sciences and Engineering 2004. Jyväskylä University, 20 pages (2004); Extended version:
  16. 16.
    Yang, B.-Y., Chen, J.-M.: Rank attacks and defence in Tame-like multivariate PKC’s. Cryptology ePrint Archive, Report 2004/061, 21 pages (March 23, 2004),

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Christopher Wolf
    • 1
  • Bart Preneel
    • 1
  1. 1.K.U.Leuven, ESAT-COSICLeuven-HeverleeBelgium

Personalised recommendations