Multivariate cryptography

Multivariate cryptography

Multivariate cryptography is the generic term for asymmetric cryptographic primitives based on multivariate polynomials over finite fields. In certain cases those polynomials could be defined over both a ground and an extension field. If the polynomials have the degree two, we talk about multivariate quadratics. Solving systems of multivariate polynomial equations is proven to be NP-Hard or NP-Complete. That's why those schemes are often considered to be good candidates for post-quantum cryptography, once quantum computers can break the current schemes. Today multivariate quadratics could be used only to build signatures. All attempts to build a secure encryption scheme have so far failed.

Contents

History

In 1988 T. Matsumoto and H. Imai presented their scheme "Matsumoto-Imai-Scheme" on the Eurocrypt conference. On later work the "Hidden Monomial Cryptosystems" was developed by (French) Jacques Patarin. It is based on a ground and an extension field. On this "Hidden Field Equations" was designed and presented in 1996. In the following years J. Patarin developed other schemes. In 1997 he presented “Balanced Oil & Vinegar” and 1999 “Unbalanced Oil and Vinegar” in cooperation with Aviad Kipnis and Louis Goubin.

Construction

Multivariate Quadratics involves a public and a private key. The private key consists of three affine transformations (S,P’,T). In this triple P' is the private transformation which is specially designed for each scheme. P’ maps elements from GFnGFm. S transforms from GFnGFn and T from GFmGFm. Each transformation must be invertible. Note that the elements are map in a field not in a group. Sometimes the triple is called a trapdoor. The public key results by linking the private transformation. Public key P can be stated as P=S • P' • T.

Signature

Signatures are generated using the private key and are verified using the public key. The flow chart below shows how it is done by each party. First the sender takes its message and interpret it as a vector in a small field (for example, if the field has only two elements, then a bit vector). By now S takes x = < x1,...,xn > as input. During S, x is multiplied with a matrix MS in addition a vector vs with length n is added. The dimension of MS is n x n. T is a similar transformation to S. Both transformation in a mathematically form are shown below

  1. S = MS * x + vS
  2. T = MT * y' + vT

The output of S is the new input for the private transformation P'. Since P' is applied the last transformation T could be performed and the signature is obtained.


A complete signature consists of the elements (x,y) as bit vectors. A potential receiver of this tupel must have the public key in possession. Since he has the key he is able to verify if y is a valid signature of x. Therefore the receiver fill the public equation set with the elements of the bit vectors. A public equations set could look like shown below.

y1 = x1x2 + x1x4 + x3x4
y2 = x1x3 + x2x4
y3 = x1x4 + x2x3 + x2x4 + x3x4
y4 = x1x2 + x1x3 + x1x4 + x2x3 + x2x4 + x3x4

Applications

References

  • J. Patarin, Hidden Field Equations (HFE) and Isomorphisms of Polynomials (IP): two new Families of Asymmetric Algorithms (extended version); Eurocrypt '96
  • Aviad Kipnis, Jacques Patarin, and Louis Goubin, Unbalanced Oil and Vinegar Signature Schemes - Extended Version; Eurocrypt'99
  • Christopher Wolf, and Bart Preneel, Taxonomy of Public Key Schemes based on the problem of

Multivariate Quadratic equations; Current Version: 2005-12-15

  • An Braeken, Christopher Wolf, and Bart Preneel, A Study of the Security of Unbalanced Oil and Vinegar Signature Schemes, Current Version: 2005-08-06
  • Jintai Ding, Research Project: Cryptanalysis on Rainbow and TTS multivariate public key signature scheme
  • Jacques Patarin, Nicolas Courtios, Louis Goubin, SFLASH, a fast asymmetric signature scheme for low-cost smartcards. Primitive specification and supporting documentation.
  • Bo-Yin Yang, Chen-Mou Cheng, Bor-Rong Chen, and Jiun-Ming Chen, Implementing Minimized Multivariate PKC on Low-Resource Embedded Systems, 2006
  • Bo-Yin Yang, Jiun-Ming Chen, and Yen-Hung Chen, TTS: High-Speed Signatures on a Low-Cost Smart Card, 2004
  • Nicolas T. Courtois, Short Signatures, Provable Security, Generic Attacks and Computational Security of Multivariate Polynomial Schemes such as HFE, Quartz and Sflash, 2005
  • Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone, Handbook of Applied Crypthography, 1997

External links

  • [1] The HFE public key encryption and signature

Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Multivariate Cryptography — is the generic term for asymmetric cryptographic primitives based on multivariate polynomials over finite fields. In certain cases those polynomials could be defined over both a ground and an extension field. If the polynomials have the degree… …   Wikipedia

  • Multivariate — may refer to: in Mathematics Multivariable calculus Multivariate division algorithm Multivariate interpolation Multivariate polynomial in Statistics Multivariate analysis Multivariate random variable Multivariate statistics in other areas… …   Wikipedia

  • Outline of cryptography — See also: Index of cryptography articles The following outline is provided as an overview of and topical guide to cryptography: Cryptography (or cryptology) – practice and study of hiding information. Modern cryptography intersects the… …   Wikipedia

  • Unbalanced Oil and Vinegar — The Unbalanced Oil and Vinegar scheme is a modified version of the Oil and Vinegar scheme designed by J. Patarin. Both are Digital signature schemes, used in Cryptography. They belong to the group of Multivariate Cryptography. The security of… …   Wikipedia

  • SFLASH — SFLASH  асимметричный алгоритм цифровой подписи рекомендованный проектом NESSIE European в 2003 году. SFLASH основан на Matsumoto Imai(MI) схеме, так же называемой C*. Алгоритм принадлежит к семейству многомерных схем с открытым ключом, то… …   Википедия

  • Jacques Patarin — est un cryptologue français né en 1965, ancien élève de l École Centrale (promotion 1987) et actuellement professeur à l université de Versailles Saint Quentin en Yvelines. Thèmes de recherche Jacques Patarin travaille à la fois aux problèmes… …   Wikipédia en Français

  • XSL attack — In cryptography, the XSL attack is a method of cryptanalysis for block ciphers. The attack was first published in 2002 by researchers Nicolas Courtois and Josef Pieprzyk. It has caused some controversy as it was claimed to have the potential to… …   Wikipedia

  • QUAD (cipher) — Infobox block cipher name = QUAD caption = designers = Côme Berbain, Henri Gilbert and Jacques Patarin publish date = May 28, 2006 (at Eurocrypt) derived from = derived to = related to = certification = key size = 80 bits structure = multivariate …   Wikipedia

  • Information theory — Not to be confused with Information science. Information theory is a branch of applied mathematics and electrical engineering involving the quantification of information. Information theory was developed by Claude E. Shannon to find fundamental… …   Wikipedia

  • List of academic disciplines — An academic discipline, or field of study, is a branch of knowledge that is taught and researched at the college or university level. Disciplines are defined (in part), and recognized by the academic journals in which research is published, and… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”