Secure PRNGs from Specialized Polynomial Maps over Any \(\mathbb{F}_{q}\)

  • Feng-Hao Liu
  • Chi-Jen Lu
  • Bo-Yin Yang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5299)


Berbain, Gilbert, and Patarin presented QUAD, a pseudo random number generator (PRNG) at Eurocrypt 2006. QUAD (as PRNG and stream cipher) may be proved secure based on an interesting hardness assumption about the one-wayness of multivariate quadratic polynomial systems over \(\mathbb{F}_{2}\).

The original BGP proof only worked for \(\mathbb{F}_{2}\) and left a gap to general \(\mathbb{F}_{q}\). We show that the result can be generalized to any arbitrary finite field \(\mathbb{F}_{q}\), and thus produces a stream cipher with alphabets in \(\mathbb{F}_{q}\).

Further, we generalize the underlying hardness assumption to specialized systems in \(\mathbb{F}_{q}\) (including \(\mathbb{F}_{2}\)) that can be evaluated more efficiently. Barring breakthroughs in the current state-of-the-art for system-solving, a rough implementation of a provably secure instance of our new PRNG is twice as fast and takes 1/10 the storage of an instance of QUAD with the same level of provable security.

Recent results on specialization on security are also examined. And we conclude that our ideas are consistent with these new developments and complement them. This gives a clue that we may build secure primitives based on specialized polynomial maps which are more efficient.


sparse multivariate polynomial map PRNG hash function provable security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aumasson, J.-P., Meier, W.: Analysis of multivariate hash functions. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 309–323. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Bard, G.V., Courtois, N.T., Jefferson, C.: Efficient methods for conversion and solution of sparse systems of low-degree multivariate polynomials over gf(2) via sat-solvers. Cryptology ePrint Archive, Report 2007/024 (2007),
  3. 3.
    Bardet, M., Faugère, J.-C., Salvy, B.: On the complexity of Gröbner basis computation of semi-regular overdetermined algebraic equations. In: Proceedings of the International Conference on Polynomial System Solving, pp. 71–74 (2004) (Previously INRIA report RR-5049)Google Scholar
  4. 4.
    Bardet, M., Faugère, J.-C., Salvy, B., Yang, B.-Y.: Asymptotic expansion of the degree of regularity for semi-regular systems of equations. In: Gianni, P. (ed.) MEGA 2005 Sardinia (Italy) (2005)Google Scholar
  5. 5.
    Berbain, C., Billet, O., Gilbert, H.: Efficient implementations of multivariate quadratic systems. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 174–187. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Berbain, C., Gilbert, H.: On the security of IV dependent stream ciphers. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 254–273. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Berbain, C., Gilbert, H., Patarin, J.: QUAD: A practical stream cipher with provable security. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 109–128. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Billet, O., Robshaw, M.J.B., Peyrin, T.: On building hash functions from multivariate quadratic equations. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 82–95. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Biryukov, A. (ed.): FSE 2007. LNCS, vol. 4593. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  10. 10.
    Blum, L., Blum, M., Shub, M.: Comparison of two pseudo-random number generators. In: Rivest, R.L., Sherman, A., Chaum, D. (eds.) CRYPTO 1982, pp. 61–78. Plenum Press, New York (1983)Google Scholar
  11. 11.
    Buchberger, B.: Ein Algorithmus zum Auffinden der Basiselemente des Restklassenringes nach einem nulldimensionalen Polynomideal. PhD thesis, Innsbruck (1965)Google Scholar
  12. 12.
    Courtois, N.T., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000), CrossRefGoogle Scholar
  13. 13.
    Courtois, N.T., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Diem, C.: The XL-algorithm and a conjecture from commutative algebra. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Ding, J., Yang, B.-Y.: Multivariate polynomials for hashing. In: Inscrypt. LNCS. Springer, Heidelberg (2007), Google Scholar
  16. 16.
    Farashahi, R.R., Schoenmakers, B., Sidorenko, A.: Efficient pseudorandom generators based on the ddh assumption. In: Public Key Cryptography, pp. 426–441 (2007)Google Scholar
  17. 17.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases (F 4). Journal of Pure and Applied Algebra 139, 61–88 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F 5). In: International Symposium on Symbolic and Algebraic Computation — ISSAC 2002, pp. 75–83. ACM Press, New York (2002)CrossRefGoogle Scholar
  19. 19.
    Garey, M.R., Johnson, D.S.: Computers and Intractability — A Guide to the Theory of NP-Completeness. W.H. Freeman and Company, New York (1979)zbMATHGoogle Scholar
  20. 20.
    Gennaro, R.: An improved pseudo-random generator based on the discrete logarithm problem. Journal of Cryptology 18, 91–110 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Goldreich, O., Rubinfeld, R., Sudan, M.: Learning polynomials with queries: The highly noisy case. SIAM Journal on Discrete Mathematics 13(4), 535–570 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Jiang, S.: Efficient primitives from exponentiation in z\(_{\mbox{p}}\). In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 259–270. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Koblitz, N., Menezes, A.: Another look at provable security (part 2). In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 148–175. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  24. 24.
    Lazard, D.: Gröbner-bases, Gaussian elimination and resolution of systems of algebraic equations. In: van Hulzen, J.A. (ed.) ISSAC 1983 and EUROCAL 1983. LNCS, vol. 162, pp. 146–156. Springer, Heidelberg (1983)CrossRefGoogle Scholar
  25. 25.
    Levin, L., Goldreich, O.: A hard-core predicate for all one-way functions. In: Johnson, D.S. (ed.) 21st ACM Symposium on the Theory of Computing — STOC 1989, pp. 25–32. ACM Press, New York (1989)Google Scholar
  26. 26.
    Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature verification and message-encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–545. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  27. 27.
    Raddum, H., Semaev, I.: New technique for solving sparse equation systems. Cryptology ePrint Archive, Report 2006/475 (2006),
  28. 28.
    Semaev, I.: On solving sparse algebraic equations over finite fields (part ii). Cryptology ePrint Archive, Report 2007/280 (2007),
  29. 29.
    Steinfeld, R., Pieprzyk, J., Wang, H.: On the provable security of an efficient rsa-based pseudorandom generator. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 194–209. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  30. 30.
    Wolf, C.: Multivariate Quadratic Polynomials in Public Key Cryptography. PhD thesis, Katholieke Universiteit Leuven (2005),
  31. 31.
    Yang, B.-Y., Chen, J.-M.: All in the XL family: Theory and practice. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 67–86. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  32. 32.
    Yang, B.-Y., Chen, J.-M.: Theoretical analysis of XL over small fields. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 277–288. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  33. 33.
    Yang, B.-Y., Chen, O.C.-H., Bernstein, D.J., Chen, J.-M.: Analysis of QUAD. In: Biryukov [9], pp. 290–307Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Feng-Hao Liu
    • 1
  • Chi-Jen Lu
    • 2
  • Bo-Yin Yang
    • 2
  1. 1.Department of Computer ScienceBrown UniversityProvidence RIUSA
  2. 2.Institute of Information ScienceAcademia SinicaTaipeiTaiwan

Personalised recommendations