Cryptanalysis of Rational Multivariate Public Key Cryptosystems

  • Jintai Ding
  • John Wagner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5299)


In 1989, Tsujii, Fujioka, and Hirayama proposed a family of multivariate public key cryptosystems, where the public key is given as a set of multivariate rational functions of degree 4. These cryptosystems are constructed via composition of two quadratic rational maps. In this paper, we present the cryptanalysis of this family of cryptosystems. The key point of our attack is to transform a problem of decomposition of two rational maps into a problem of decomposition of two polynomial maps. We develop a new improved 2R decomposition method and other new techniques, which allows us to find an equivalent decomposition of the rational maps to break the system completely. For the example suggested for practical applications, it is very fast to derive an equivalent private key, and it requires only a few seconds on a standard PC.


Quadratic Polynomial Core Transformation Function Ring Inversion Function Quartic Polynomial 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    International Workshop on Post-Quantum Cryptography. Katholieke Universiteit Leuven, Belgium, May 24–26 (2006),
  2. 2.
    Faugere, J.-C., Perret, L.: Cryptanalysis of 2R- Schemes. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 357–372. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Fell, H., Diffie, W.: Analysis of a public key approach based on polynomial substitution. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 340–349. Springer, Heidelberg (1986)Google Scholar
  4. 4.
    Goubin, L., Patarin, J.: Asymmetric Cryptography with S-Boxes, Extended Version,
  5. 5.
    Tsujii, S., Fujioka, A., Hirayama, Y.: Generalization of the public key cryptosystem based on the difficulty of solving a system of non-linear equations. ICICE Transactions (A) J72-A 2, 390–397 (1989), Google Scholar
  6. 6.
    Tsujii, S., Tadaki, K., Fujita, R.: Piece In Hand Concept for Enhancing the Security of Multivariate Type Public Key Cryptosystems: Public Key Without Containing All the Information of Secret Key, Cryptology ePrint Archive, Report 2004/366 (2004),
  7. 7.
    Tsujii, S., Kurosawa, K., Itoh, T., Fujioka, A., Matsumoto, T.: A public key cryptosystem based on the difficulty of solving a system of nonlinear equations. ICICE Transactions (D) J69-D 12, 1963–1970 (1986)Google Scholar
  8. 8.
    Lih-Chung, W., Yuh-Hua, H., Lai, F., Chun-Yen, C., Bo-Yin, Y.: Tractable rational map signature. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 244–257. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Ye, D.F., Lam, K.Y., Dai, Z.D.: Cryptanalysis of 2R Schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 315–325. Springer, Heidelberg (1999)Google Scholar
  10. 10.
    Specifications of SFLASH, NESSIE documentation,

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Jintai Ding
    • 1
  • John Wagner
    • 1
  1. 1.Department of Mathematical SciencesUniversity of CincinnatiCincinnatiUSA

Personalised recommendations