Public quadratic polynomial-tuples for efficient signature-verification and message-encryption
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Efficient signature schemes based on birational permutations
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
FLASH, a Fast Multivariate Signature Algorithm
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Cryptoanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Cryptanalysis of Patarin's 2-round public key system with S boxes (2R)
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Cryptanalysis of HFE with internal perturbation
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
l-invertible cycles for multivariate quadratic (MQ) public key cryptography
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
A toolbox for cryptanalysis: linear and affine equivalence algorithms
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Practical cryptanalysis of SFLASH
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Total break of the l-IC signature scheme
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
An efficient provable distinguisher for HFE
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Equivalent keys in HFE, c*, and variations
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Differential cryptanalysis for multivariate schemes
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Polynomial equivalence problems: algorithmic and theoretical aspects
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Cryptanalysis of the Square Cryptosystems
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Constructing linear transformations of MPKC by generalized central symmetric matrices
ASID'09 Proceedings of the 3rd international conference on Anti-Counterfeiting, security, and identification in communication
Public-key identification schemes based on multivariate quadratic polynomials
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Practical key-recovery for all possible parameters of SFLASH
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
In this paper, we study the key recovery problem for the C* scheme and generalisations where the quadratic monomial of C* (the product of two linearized monomials) is replaced by a product of three or more linearized monomials. This problem has been further generalized to any system of multivariate polynomials hidden by two invertible linear maps and named the Isomorphism of Polynomials (IP) problem by Patarin. Some cryptosystems have been built on this apparently hard problem such as an authentication protocol proposed by Patarin and a traitor tracing scheme proposed by Billet and Gilbert. Here we show that if the hidden multivariate system is the projection of a quadratic monomial on a base finite field, as in C*, or a cubic (or higher) monomial as in the traitor tracing scheme, then it is possible to recover an equivalent secret key in polynomial time O(nd) where n is the number of variables and d is the degree of the public polynomials.