Design Principles for HFEv- Based Multivariate Signature Schemes

  • Albrecht Petzoldt
  • Ming-Shing Chen
  • Bo-Yin Yang
  • Chengdong Tao
  • Jintai Ding
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9452)


The Hidden Field Equations (HFE) Cryptosystem as proposed by Patarin is one of the best known and most studied multivariate schemes. While the security of the basic scheme appeared to be very weak, the HFEv- variant seems to be a good candidate for digital signature schemes on the basis of multivariate polynomials. However, the currently existing scheme of this type, the QUARTZ signature scheme, is hardly used in practice because of its poor efficiency. In this paper we analyze recent results from Ding and Yang about the degree of regularity of HFEv- systems and derive from them design principles for signature schemes of the HFEv- type. Based on these results we propose the new HFEv- based signature scheme Gui, which is more than 100 times faster than QUARTZ and therefore highly comparable with classical signature schemes such as RSA and ECDSA.


Multivariate cryptography Digital signatures HFEv- Design principles Security Performance 



We thank the anonymous reviewers of Asiacrypt for their comments which helped to improve the paper. Especially we want to thank the shepherd of our paper for his valuable advice. Due to this we included – Further remarks on the complexity of the Kipnis-Shamir attack on HFE and its variants (Sect. 3.3). – Additional experiments on the effect of the parameters a and v on the security of our scheme and the Hybrid approach (Sects. 4.2 and 4.4). – Remarks on side channel leakage and countermeasures (Sects. 6.1 and 6.2). – Implementation details of Gui on ARM platforms (Sect. 6.4). – Remarks on how Grover’s algorithm might affect our parameter choice (Sect. 6.5). We would like to thank for partial support from the Charles Phelps Taft Research Center, the Center for Advanced Security Research Darmstadt (CASED), ECSPRIDE, Academia Sinica, the CAS/SAFEA International Partnership Program for Creative Research Teams, Taiwan’s Ministry of Science and Technology, National Taiwan University and Intel Corporation under grands NIST 60NAN15D059, NSFC 61472054, MOST 103-2911-I-002-001, NTU-ICRP-104R7501 and NTU-ICRP-104R7501-1.


  1. 1.
    Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.): Post Quantum Cryptography. Springer, Heidelberg (2009)zbMATHGoogle Scholar
  2. 2.
    Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. J. Cryptographic Eng. 2(2), 77–89 (2012)CrossRefzbMATHGoogle Scholar
  3. 3.
    Bernstein, D.J., Lange, T. (eds.): eBACS: ECRYPT Benchmarking of Cryptographic Systems. Accessed 14 May 2014
  4. 4.
    Bettale, L., Faugère, J.C., Perret, L.: Hybrid approach for solving multivariate systems over finite fields. J. Math. Cryptol. 3, 177–197 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Bogdanov, A., Eisenbarth, T., Rupp, A., Wolf, C.: Time-area optimized public-key engines: \(\cal MQ\)-cryptosystems as replacement for elliptic curves? In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 45–61. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Chen, A.I.-T., Chen, M.-S., Chen, T.-R., Cheng, C.-M., Ding, J., Kuo, E.L.-H., Lee, F.Y.-S., Yang, B.-Y.: SSE implementation of multivariate PKCs on modern x86 CPUs. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 33–48. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  7. 7.
    Courtois, N.T., Daum, M., Felke, P.: On the security of HFE, HFEv- and QUARTZ. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 337–350. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Ding, J., Gower, J.E., Schmidt, D.S.: Multivariate Public Key Cryptosystems. Springer, New York (2006)zbMATHGoogle Scholar
  9. 9.
    Ding, J., Kleinjung, T.: Degree of regularity for HFE-. IACR eprint 2011/570Google Scholar
  10. 10.
    Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  11. 11.
    Ding, J., Yang, B.-Y.: Degree of regularity for HFEv and HFEv-. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 52–66. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  12. 12.
    Faugère, J.C.: A new efficient algorithm for computing Gröbner bases (F4). J. Pure Appl. Algebra 139, 61–88 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Faugère, J.C., Safey el Din, M., Spaenlehauer, P.J.: On the complexity of the generalized MinRank problem. J. Symbolic Comput. 55, 30–58 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Fog, A.: Instruction tables: Lists of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD and VIA CPUs, 7 December 2014.
  15. 15.
    Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W.H. Freeman and Company, New York (1979)zbMATHGoogle Scholar
  16. 16.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of STOC, pp. 212–219. ACM (1996)Google Scholar
  17. 17.
  18. 18.
    Jiang, X., Ding, J., Hu, L.: Kipnis-Shamir attack on HFE revisited. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds.) Inscrypt 2007. LNCS, vol. 4990, pp. 399–411. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  19. 19.
    Kravitz, D.: Digital Signature Algorithm. US patent 5231668, July 1991Google Scholar
  20. 20.
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  21. 21.
    Kipnis, A., Shamir, A.: Cryptanalysis of the HFE public key cryptosystem by relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  22. 22.
    Mohamed, M.S.E., Ding, J., Buchmann, J.: Towards algebraic cryptanalysis of HFE challenge 2. In: Kim, T., Adeli, H., Robles, R.J., Balitanas, M. (eds.) ISA 2011. CCIS, vol. 200, pp. 123–131. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  23. 23.
    Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988) CrossRefGoogle Scholar
  24. 24.
    Patarin, J., Courtois, N.T., Goubin, L.: QUARTZ, 128-bit long digital signatures. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 282–297. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  25. 25.
    Patarin, J., Courtois, N.T., Goubin, L.: FLASH, a fast multivariate signature algorithm. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 298–307. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  26. 26.
    Patarin, J.: Cryptanalysis of the Matsumoto and Imai public key scheme of Eurocrypt ’88. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995) Google Scholar
  27. 27.
    Richards, C.: Algorithms for factoring square-free polynomials over finite fields. Master thesis, Simon Fraser University, Canada (2009)Google Scholar
  28. 28.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Shor, P.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Taverne, J., Faz-Hernández, A., Aranha, D.F., Rodríguez-Henríquez, F., Hankerson, D., López, J.: Software implementation of binary elliptic curves: impact of the carry-less multiplier on scalar multiplication. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 108–123. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  31. 31.

Copyright information

© International Association for Cryptologc Research 2015

Authors and Affiliations

  • Albrecht Petzoldt
    • 1
  • Ming-Shing Chen
    • 2
    • 3
  • Bo-Yin Yang
    • 2
  • Chengdong Tao
    • 4
  • Jintai Ding
    • 5
    • 6
  1. 1.Technische Universität DarmstadtDarmstadtGermany
  2. 2.Academia SinicaTaipeiTaiwan
  3. 3.National Taiwan UniversityTaipeiTaiwan
  4. 4.South China University of TechnologyGuangzhouChina
  5. 5.ChongQing UniversityChongqingChina
  6. 6.University of CincinnatiCincinnatiUSA

Personalised recommendations