Degree of Regularity for HFEv and HFEv-
- Cite this paper as:
- Ding J., Yang BY. (2013) Degree of Regularity for HFEv and HFEv-. In: Gaborit P. (eds) Post-Quantum Cryptography. PQCrypto 2013. Lecture Notes in Computer Science, vol 7932. Springer, Berlin, Heidelberg
In this paper, we first prove an explicit formula which bounds the degree of regularity of the family of HFEv (“HFE with vinegar”) and HFEv- (“HFE with vinegar and minus”) multivariate public key cryptosystems over a finite field of size q. The degree of regularity of the polynomial system derived from an HFEv- system is less than or equal to
where the parameters v, D, q, and a are parameters of the cryptosystem denoting respectively the number of vinegar variables, the degree of the HFE polynomial, the base field size, and the number of removed equations, and r is the “rank” paramter which in the general case is determined by D and q as \(r=\lfloor \log_q(D-1)\rfloor +1\). In particular, setting a = 0 gives us the case of HFEv where the degree of regularity is bound by
This formula provides the first solid theoretical estimate of the complexity of algebraic cryptanalysis of the HFEv- signature scheme, and as a corollary bounds on the complexity of a direct attack against the QUARTZ digital signature scheme. Based on some experimental evidence, we evaluate the complexity of solving QUARTZ directly using F4/F5 or similar Gröbner methods to be around 292.
KeywordsDegree of regularity HFE HFEv HFEv-
Unable to display preview. Download preview PDF.