Extended Algorithm for Solving Underdefined Multivariate Quadratic Equations

  • Hiroyuki Miura
  • Yasufumi Hashimoto
  • Tsuyoshi Takagi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7932)


It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called “Underdefined”). Indeed, the algorithm by Kipnis et al. (Eurocrypt’99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m + 1). Therefore, it is important to estimate the hardness of the MQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m + 3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m = 28 and n = 504, and it takes 78.7 seconds on a common PC.


Multivariate Public Key Cryptosystems (MPKCs) Multivariate Quadratic Equations MQ-Problem 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bardet, M., Faugère, J.-C., Salvy, B., Yang, B.-Y.: Asymptotic Behaviour of the Degree of Regularity of Semi-Regular Polynomial Systems, MEGA 2005 (2005),
  2. 2.
    Bettale, L., Faugère, J.-C., Perret, L.: Hybrid Approach for Solving Multivariate Systems over Finite Fields. Journal of Mathematical Cryptology 3, 177–197 (2009)MathSciNetzbMATHCrossRefGoogle Scholar
  3. 3.
    Braeken, A., Wolf, C., Preneel, B.: A Study of the Security of Unbalanced Oil and Vinegar Signature Schemes. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 29–43. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Computational Algebra Group, University of Sydney. The MAGMA Computational Algebra System for Algebra, Number Theory, and GeometryGoogle Scholar
  5. 5.
    Courtois, N.T., Klimov, A.B., Patarin, J., Shamir, A.: Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000), CrossRefGoogle Scholar
  6. 6.
    Courtois, N.T., Goubin, L., Meier, W., Tacier, J.-D.: Solving Underdefined Systems of Multivariate Quadratic Equations. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 211–227. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Ding, J., Schmidt, D.: Rainbow, a New Multivariate Polynomial Signature Scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Ding, J., Gower, J.E., Schmidt, D.S.: Multivariate Public Key Cryptosystems. Springer (2006)Google Scholar
  9. 9.
    Ding, J., Hodges, T.J.: Inverting HFE Systems Is Quasi-Polynomial for All Fields. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 724–742. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Faugère, J.-C.: “A New Efficient Algorithm for Computing Gröbner bases (F 4)”. Journal of Pure and Applied Algebra 139, 61–88 (1999)Google Scholar
  11. 11.
    Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner bases without reduction to zero (F 5). In: Proceedings of ISSAC 2002, pp. 75–83. ACM Press (2002)Google Scholar
  12. 12.
    Faugère, J.-C., Perret, L.: On the Security of UOV. In: Proceedings of SCC 2008, pp. 103–109 (2008)Google Scholar
  13. 13.
    Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W.H.Freeman (1979)Google Scholar
  14. 14.
    Hashimoto, Y.: Algorithms to Solve Massively Under-Defined Systems of Multivariate Quadratic Equations. IEICE Trans. Fundamentals E94-A(6), 1257–1262 (2011)Google Scholar
  15. 15.
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced Oil and Vinegar Signature Schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Matsumoto, T., Imai, H.: Public Quadratic Polynomial-Tuples for Efficient Signature-Verification and Message-Encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  17. 17.
    Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt ’88. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)Google Scholar
  18. 18.
    Patarin, J.: Hidden Field Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  19. 19.
    Shor, P.W.: Algorithms for Quantum Computation: Discrete Logarithms and Factoring. In: Proceedings of 35th Annual Symposium on Foundations of Computer Science, pp. 124–134. IEEE Computer Society Press (1994)Google Scholar
  20. 20.
    Thomae, E., Wolf, C.: Solving Underdetermined Systems of Multivariate Quadratic Equations Revisited. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 156–171. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Hiroyuki Miura
    • 1
  • Yasufumi Hashimoto
    • 2
  • Tsuyoshi Takagi
    • 3
  1. 1.Graduate School of MathematicsKyushu UniversityFukuokaJapan
  2. 2.Department of Mathematical SciencesUniversity of the RyukyusOkinawaJapan
  3. 3.Institute of Mathematics for IndustryKyushu UniversityFukuokaJapan

Personalised recommendations