Cryptanalysis of HFEv and Internal Perturbation of HFE

  • Jintai Ding
  • Dieter Schmidt
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3386)


Hidden field equation (HFE) multivariable cryptosystems were first suggested by Patarin. Kipnis and Shamir showed that to make the cryptosystem secure, a special parameter D of any HFE cryptosystem can not be too small. Consequently Kipnis, Patarin and Goubin proposed an enhanced variant of the HFE cryptosystem by combining the idea of Oil and Vinegar construction with the HFE construction. Essentially they “perturb” the HFE system with some external variables. In this paper, we will first present a new cryptanalysis method for the HFEv schemes. We then use the idea of internal perturbation to build a new cryptosystem, an internally perturbed HFE cryptosystem (IPHFE).


Public-key multivariable quadratic polynomials Hidden field equation internal perturbation 


  1. [ACDG03]
    Akkar, M.-L., Courtois, N.T., Duteuil, R., Goubin, L.: A fast and secure implementation of Sflash. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 267–278. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. [AFI+04]
    Ars, G., Faugère, J.-C., Imai, H., Kawazoe, M., Sugita, M.: Comparison between XL and gröbner basis algorithms. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 338–353. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. [CGP03]
    Courtois, N., Goubin, L., Patarin, J.: Sflash v3, a fast asymmetric signature scheme (2003),
  4. [Cou01]
    Courtois, N.T.: The security of hidden field equations (HFE). In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 266–281. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. [Din04]
    Ding, J.: A new variant of the matsumoto-imai cryptosystem through perturbation. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 305–318. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. [FJ03]
    Faugère, J.-C., Joux, A.: Algebraic cryptanalysis of hidden field equation (HFE) cryptosystems using Gröbner bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. [GJ79]
    Garey, M.R., Johnson, D.S.: Computers and intractability, A Guide to the theory of NP-completeness. W.H. Freeman, New York (1979)MATHGoogle Scholar
  8. [KPG99]
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999)Google Scholar
  9. [KS99]
    Kipnis, A., Shamir, A.: Cryptanalysis of the HFE public key cryptosystem by relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999)Google Scholar
  10. [MI88]
    Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature-verification and message encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)Google Scholar
  11. [Pat95]
    Patarin, J.: Cryptanalysis of the Matsumoto and Imai public key scheme of Eurocrypt’88. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)Google Scholar
  12. [Pat96a]
    Patarin, J.: Asymmetric cryptography with a hidden monomial. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 45–60. Springer, Heidelberg (1996)Google Scholar
  13. [Pat96b]
    Patarin, J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): Two new families of asymmetric algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)Google Scholar
  14. [Pat97]
    Patarin, J.: The oil and vinegar signature scheme. In: Dagstuhl Workshop on Cryptography (September 1997)Google Scholar
  15. [PCG01]
    Patarin, J., Courtois, N.T., Goubin, L.: FLASH, a fast multivariate signature algorithm. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 298–307. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. [PGC98]
    Patarin, J., Goubin, L., Courtois, N.T.: \(C^{*}_{-}+\) and HM: Variations around two schemes of T. Matsumoto and H. Imai. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 35–50. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. [Sha98]
    Shamir, A.: Efficient signature schemes based on birational permutations. In: CRYPTO 1998. LNCS, vol. 1462, pp. 257–266. Springer, Heidelberg (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Jintai Ding
    • 1
  • Dieter Schmidt
    • 2
  1. 1.Department of Mathematical SciencesUniversity of CincinnatiCincinnatiUSA
  2. 2.Department of Electrical & Computer Engineering and Computer ScienceUniversity of CincinnatiCincinnatiUSA

Personalised recommendations