Abstract
The security of several recent digital signature schemes is based on the difficulty of solving large systems of quadratic multivariate polynomial equations over a finite field F. This problem, sometimes called MQ, is known to be NP-hard. When the number m of equations is equal to the number n of variables, and if n < 15, Gröbner base algorithms have been applied to solve MQ. In the overdefined case n 《 m, the techniques of relinearization and XL, due to A. Shamir et. al., have shown to be successful for solving MQ. In signature schemes, we usually have n 》 m. For example signature schemes Flash and Sflash submitted to Nessie call for primitives or the UOV scheme published at Eurocrypt 1999. Little is known about the security of such underdefined systems. In this paper, three new and different methods are presented for solving underdefined multivariate systems of quadratic equations. As already shown at Eurocrypt 1999, the problem MQ becomes polynomial when n ≥ m(m+1) for fields F of characteristic 2. We show that for any field, for about n ≥ 2m/7(m + 1), exponential but quite small in practice, the problem becomes polynomial in n.
When n → m the complexity of all our 3 algorithms tends to q m. However for practical instances of cryptosystems with n ≈ O(m), we show how to achieve complexities significantly lower than exhaustive search. For example we are able break Unbalanced Oil and Vinegar signature schemes for some “bad” choices of the parameters (but not for the parameters proposed in [4]).
Chapter PDF
Similar content being viewed by others
References
N. Courtois, A. Klimov, J. Patarin, A. Shamir, Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations, Advances in Cryptology — EUROCRYPT’2000, Proceedings, B. Preneel (Ed.), Lecture Notes in Computer Science, Springer Verlag, vol. 1807, pp. 392–407.
J.-Ch. Faugère, A new efficient algorithm for computing Gröbner bases (F 4), Journal of Pure and Applied Algebra 139 (1999), pp. 61–88. See http://www.elsevier.com/locate/jpaa.
M. R. Garey, D. S. Johnson, Computers and Intractability, A Guide to the Theory of NP-completeness, W. H. Freeman and Company, New York, 1979.
A. Kipnis, J. Patarin, L. Goubin, Unbalanced Oil and Vinegar Signature Schemes, Advances in Cryptology — EUROCRYPT’99, Proceedings, J. Stern (Ed.), Lecture Notes in Computer Science, Springer Verlag, vol. 1592, pp. 206–222.
A. Kipnis, A. Shamir, Cryptanalysis of the Oil and Vinegar Signature Scheme, Advances in Cryptology — CRYPTO’98, Proceedings, H. Krawczyk (Ed.), Lecture Notes in Computer Science, Springer Verlag, vol. 1462, pp. 257–266.
A. Kipnis, A. Shamir, Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization, Advances in Cryptology — CRYPTO’99, Proceedings, M. Wiener (Ed.), Lecture Notes in Computer Science, Springer Verlag, vol. 1666, pp. 19–30.
R. Lidl, R. Niederreiter, Finite fields, Encyclopedia of mathematics and its applications, vol. 20, 1997.
A.J. Menezes, P.C. van Oorschot, S.A. Vanstone, Handbook of applied cryptography, CRC Press, 1996.
J. Patarin, N. Courtois, L. Goubin, FLASH, a Fast Multivariate Signature Algorithm, in Progress in Cryptology—CT-RSA 2001, D. Nacchache, ed., vol 2020, Springer Lecture Notes in Computer Science, pp. 298–307.
J. Patarin, L. Goubin, N. Courtois, Quartz, 128-bit long digital signatures, Cryptographers’ Track RSA Conference 2001, San Francisco 8–12 Avril 2001, LNCS2020, Springer-Verlag. Also published in Proceedings of the First Open NESSIE Workshop, 13-14 November 2000, Leuven, Belgium.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Courtois, N., Goubin, L., Meier, W., Tacier, JD. (2002). Solving Underdefined Systems of Multivariate Quadratic Equations. In: Naccache, D., Paillier, P. (eds) Public Key Cryptography. PKC 2002. Lecture Notes in Computer Science, vol 2274. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45664-3_15
Download citation
DOI: https://doi.org/10.1007/3-540-45664-3_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43168-8
Online ISBN: 978-3-540-45664-3
eBook Packages: Springer Book Archive
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.