Skip to main content
SpringerLink
Log in

On the security of biquadratic C public-key cryptosystems and its generalizations

  • Published:
Cryptography and Communications Aims and scope Submit manuscript

Abstract

Public key cryptosystems based on multivariate polynomials have been studied since the eighties. One of them, called C, was introduced in 1988 by Imai and Matsumoto, and broken in 1993 by Dobbertin in classified work he did for the German Federal Office for Information Security and later by Patarin (see Dobbertin et al. 2005, Patarin 1995). Since then, the construction of multivariate systems sharing a great deal of the C properties have become of particular interest. Dobbertin introduced in a series of classified papers and later in a challenge of the MysteryTwister-Competition hosted by the Horst-Görtz-Institute in 2005, (see Dobbertin et al. 2005) together with the author, a system where the central mapping is a power mapping of degree 4 and shares almost all the properties of C. It was therefore called biquadratic C. The challenge remained unbroken and the security of these systems an open problem. As its key size is rather large, the interest in such systems became low during the last years. Due to the initiative of the European Telecommunications Standards Institute and the National Institute for Standards and Technology in creating standards for post-quantum cryptography, systems with bigger key sizes have become of interest for practical applications. In this paper we will consider biquadratic C and more general systems based on hidden monomials of degree k called k-ary C. We will prove a lower bound for the running time of attacks based on Gröbner basis algorithms like F4 or F5. We will compute the first fall degree for k-ary C and give a counterexample to the first fall degree assumption. We will derive an estimate for the complexity of breaking the above mentioned cryptochallenge and give parameter sizes for secure systems by taking into account all known types of attacks. It will turn out that the security requirements yield systems with impractical key sizes even for applications in post-quantum cryptography. Although k-ary C is not of practical interest the results presented here give some insight in understanding the complexity of attacks on multivariate cryptosystems, especially based on Gröbner basis algorithms, and show that these systems are very promising objects for conducting further research in this direction.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Baena, J., Cabarcas, D., Escudero, D.E., Khathuria, K., Verbel, J.: Rank Analysis of Cubic Multivariate Cryptosystems. In: Lange T., Steinwandt R. (eds.) Post-Quantum Cryptography. PQCrypto 2018, LNCS, vol. 10786, pp. 355–374. Springer (2018)

  2. Bouillaguet, C., Fouque, P.A., Macario-Rat, G.: Practical Key-Recovery for All Possible Parameters of SFLASH. In: Lee, D.H., Wang, X (eds.) Advances in Cryptology, ASIACRYPT 2011.LNCS, vol. 7073, pp. 667–685. Springer, Berlin (2011)

  3. Daniels, T., Smith-Tone, D.: Differential Properties of the HFE Cryptosystem. In: Mosca, M (ed.) Post-Quantum Cryptography. PQCrypto 2014. LNCS, p 8772. Springer, Cham (2014)

  4. Ding J., Hodges, T.J.: Inverting HFE Systems Is Quasi-Polynomial for All Fields. In: Rogaway P. (ed.) Advances in Cryptology, CRYPTO 2011, LNCS, vol. 6841, pp. 724–742. Springer, Berlin (2011)

  5. Dobbertin, H., Faugère, J., Felke, P.: Mystery Twister CryptoCHallenge 11, https://www-polsys.lip6.fr/~jcf/Papers/CC11_twister.pdf (2005)

  6. Faugère, J. C.: Comparison of XL and gröbner Basis Algorithms over Finite Fields. In: Lee, P.J. (ed.) ASIACRYPT 2004, LNCS, vol. 3329, pp. 338–353 (2004)

  7. Faugère, J.C.: A new efficient algorithm for computing gröbner bases (F 4). J. Pure Appl. Algebra 139, 61–88 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  8. Faugère, J. C.: A new effcient algorithm for computing gröbner basis without reduction to zero (F 5). In: Mora, T. (ed.) Proceeding of ISSAC, pp. 75–83. ACM Press (2002)

  9. Faugère, J., Joux, A.: Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases. In: Boneh, D. (ed.) CRYPTO 2003, LNCS, vol. 2729, pp. 44–60 (2003)

  10. Felke, P.: On the Affine Transformations of HFE-cryptosystems and Systems with Branches. In: Ytrehus, Ø. (ed.) WCC 2005, LNCS, vol. 3696, pp. 229–241 (2005)

  11. Hodges, T.J., Petit, C., Schlather, J.: First fall degree and Weil descent. Finite Fields Their Appl. 30, 155–177 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  12. Matsumoto, T., Imai, H., et al.: Public Quadratic Polynomial-Tuples for Efficient Signature-Verification and Message-Encryption. In: Barstow, D. (ed.) Advances in Cryptology, EUROCRYPT ’88, LNCS, vol. 330, pp. 419–453. Springer, Berlin, Heidelberg (1988)

  13. Kipnis, A., Shamir, A.: Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization. In: Wiener, M (ed.) Advances in Cryptology, CRYPTO ’99, LNCS, vol. 1666, pp. 19–30. Springer, Berlin (1999)

  14. Koblitz, N.: Algebraic Aspects of Cryptography, Algorithms and Computation in Mathematics, pp. 53–79. Springer, Berlin (1998)

    Google Scholar 

  15. Huang, M.D.A., Kosters, M., Yeo, S.L.: Last Fall Degree, HFE, and Weil Descent Attacks on ECDLP. In: Gennaro, R., Robshaw, M. (eds.) Advances in Cryptology, CRYPTO 2015, LNCS, vol. 9215, pp. 581–600. Springer, Berlin (2015)

  16. Lidl, R., Niederreiter, H.: Finite fields. Cambridge University Press, Cambridge (1997)

    MATH  Google Scholar 

  17. Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt ’88. In: Coppersmith, D. (ed.) Advances in Cryptology, CRYPT0 ’95, LNCS, vol. 963, pp. 248–261. Springer, Berlin (1995)

  18. Patarin, J.: Asymmetric Cryptography with a Hidden Monomial. In: Koblitz, N. (ed.) Advances in Cryptology, Crypto ’96, LNCS, vol. 1109, pp. 45–60. Springer, Berlin (1996)

  19. Patarin, J., Goubin, L.: Asymmetric Cryptography with S-Boxes. Is It Easier than Expected to Design Efficient Asymmetric Cryptosystems?. In: Han, Y., Okamoto, T., Qing, S. (eds.) Information and Communications Security, ICICS 1997, LNCS, vol. 1334, pp. 369–380. Springer, Berlin (1997)

  20. Petit, C., Quisquater, J.: On Polynomial Systems Arising from a Weil Descent. In: Wang, X., Sako, K (eds.) Advances in Cryptology - ASIACRYPT 2012, LNCS, vol. 7658, pp. 451–466. Springer, Berlin (2012)

Download references

Acknowledgments

We would like to thank Timothy Hodges for fruitfull discussions on the first fall degree as well as Gavin Kane and the anonymous reviewers for their valuable comments.

Author information

Authors and Affiliations

  1. University of Applied Sciences Emden-Leer, Constantiaplatz 4, 26723, Emden, Germany

    Patrick Felke

Authors
  1. Patrick Felke
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Patrick Felke.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the Topical Collection on Special Issue: Mathematical Methods for Cryptography

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Felke, P. On the security of biquadratic C public-key cryptosystems and its generalizations. Cryptogr. Commun. 11, 427–442 (2019). https://doi.org/10.1007/s12095-018-0337-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12095-018-0337-y

Keywords

Mathematics Subject Classification (2010)

Search

Navigation