New Differential-Algebraic Attacks and Reparametrization of Rainbow

  • Jintai Ding
  • Bo-Yin Yang
  • Chia-Hsin Owen Chen
  • Ming-Shing Chen
  • Chen-Mou Cheng
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5037)


A recently proposed class of multivariate Public-Key Cryptosystems, the Rainbow-Like Digital Signature Schemes, in which successive sets of central variables are obtained from previous ones by solving linear equations, seem to lead to efficient schemes (TTS, TRMS, and Rainbow) that perform well on systems of low computational resources. Recently SFLASH (C  ∗ −) was broken by Dubois, Fouque, Shamir, and Stern via a differential attack. In this paper, we exhibit similar algebraic and diffential attacks, that will reduce published Rainbow-like schemes below their security levels. We will also discuss how parameters for Rainbow and TTS schemes should be chosen for practical applications.

Note: Up-to-date version will be available at


rank differential attack algebraic attack oil-and-vinegar 


  1. 1.
    Bardet, M., Faugère, J.-C., Salvy, B.: On the complexity of Gröbner basis computation of semi-regular overdetermined algebraic equations. In: Proceedings of the International Conference on Polynomial System Solving, pp. 71–74 (2004); Previously INRIA report RR-5049Google Scholar
  2. 2.
    Bardet, M., Faugère, J.-C., Salvy, B., Yang, B.-Y.: Asymptotic expansion of the degree of regularity for semi-regular systems of equations. In: Gianni, P. (ed.) MEGA 2005, Sardinia (Italy) (2005)Google Scholar
  3. 3.
    Bernstein, D.J.: Curve25519: New diffie-hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Billet, O., Gilbert, H.: Cryptanalysis of rainbow. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 336–347. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Coppersmith, D., Stern, J., Vaudenay, S.: The security of the birational permutation signature schemes. Journal of Cryptology 10, 207–221 (1997)CrossRefMathSciNetzbMATHGoogle Scholar
  6. 6.
    Courtois, N.T., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000); Extended Version: CrossRefGoogle Scholar
  7. 7.
    Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Dubois, V., Fouque, P.-A., Shamir, A., Stern, J.: Practical cryptanalysis of sflash. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 1–12. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases (F 4). Journal of Pure and Applied Algebra 139, 61–88 (1999)CrossRefMathSciNetzbMATHGoogle Scholar
  10. 10.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F 5). In: International Symposium on Symbolic and Algebraic Computation — ISSAC 2002, pp. 75–83. ACM Press, New York (2002)Google Scholar
  11. 11.
    Faugère, J.-C., Perret, L.: Polynomial equivalence problems: Algorithmic and theoretical aspects. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 30–47. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Garey, M.R., Johnson, D.S.: Computers and Intractability — A Guide to the Theory of NP-Completeness. W.H. Freeman and Company (1979) ISBN 0-7167-1044-7 or 0-7167-1045-5Google Scholar
  13. 13.
    Geiselmann, W., Steinwandt, R., Beth, T.: Attacking the affine parts of SFlash. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 355–359. Springer, Heidelberg (2001); Extended version CrossRefGoogle Scholar
  14. 14.
    Goubin, L., Courtois, N.T.: Cryptanalysis of the TTM cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 44–57. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  15. 15.
    Joux, A., Kunz-Jacques, S., Muller, F., Ricordel, P.-M.: Cryptanalysis of the tractable rational map cryptosystem. In: PKC [19], pp. 258–274.Google Scholar
  16. 16.
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced Oil and Vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999)Google Scholar
  17. 17.
    Kipnis, A., Shamir, A.: Cryptanalysis of the oil and vinegar signature scheme. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 257–266. Springer, Heidelberg (1998)Google Scholar
  18. 18.
    Patarin, J., Goubin, L.: Trapdoor one-way permutations and multivariate polynomials. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 356–368. Springer, Heidelberg (1997); Extended Version CrossRefGoogle Scholar
  19. 19.
    Vaudenay, S. (ed.): PKC 2005. LNCS, vol. 3386. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  20. 20.
    L.-C. Wang, Y.-H. Hu, F. Lai, C.y. Chou, and B.-Y. Yang. Tractable rational map signature. In PKC [19], pp. 244–257. ISBN 3-540-24454-9Google Scholar
  21. 21.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full sha-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  22. 22.
    Wolf, C., Braeken, A., Preneel, B.: Efficient cryptanalysis of RSE(2)PKC and RSSE(2)PKC. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 294–309. Springer, Heidelberg (2005); Extended version Google Scholar
  23. 23.
    Wolf, C., Preneel, B.: Superfluous keys in \(\mathcal{M}\)ultivariate \(\mathcal{Q}\)uadratic asymmetric systems. In: PKC [19], pp. 275–287; Extended version
  24. 24.
    Yang, B.-Y., Chen, J.-M.: All in the XL family: Theory and practice. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 67–86. Springer, Heidelberg (2005)Google Scholar
  25. 25.
    Yang, B.-Y., Chen, J.-M.: Building secure tame-like multivariate public-key cryptosystems: The new TTS. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 518–531. Springer, Heidelberg (2005)Google Scholar
  26. 26.
    Yang, B.-Y., Chen, O.C.-H., Bernstein, D.J., Chen, J.-M.: Analysis of QUAD. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 290–307. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Jintai Ding
    • 1
  • Bo-Yin Yang
    • 2
  • Chia-Hsin Owen Chen
    • 2
  • Ming-Shing Chen
    • 2
  • Chen-Mou Cheng
    • 3
  1. 1.Dept.of Mathematical SciencesUniversity of CincinnatiUSA
  2. 2.IISAcademia SinicaTaiwan
  3. 3.Dept.of Elec. Eng.Nat’l Taiwan UniversityTaiwan

Personalised recommendations