Kipnis-shamir attack on unbalanced oil-vinegar scheme

  • Authors:

  • Weiwei Cao;Lei Hu;Jintai Ding;Zhijun Yin

  • Affiliations:

  • State Key Laboratory of Information Security, Graduate School of Chinese Academy of Sciences, Beijing, China;State Key Laboratory of Information Security, Graduate School of Chinese Academy of Sciences, Beijing, China;University of Cincinnati, OH and South China University of Technology, Guangzhou, China;University of Cincinnati, OH

  • Venue:
  • ISPEC'11 Proceedings of the 7th international conference on Information security practice and experience
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

The public key of the Oil-Vinegar scheme consists of a set of m quadratic equations in m+n variables over a finite field Fq. Kipnis and Shamir broke the balanced Oil-Vinegar scheme where d = n-m = 0 by finding equivalent keys of the cryptosytem. Later their method was extended by Kipnis et al to attack the unbalanced case where 0 d m and d is small with a complexity of O(qd-1m4). This method uses the matrices associated with the quadratic polynomials in the public key, which needs to be symmetric and invertible. In this paper, we give an optimized search method for Kipnis el al's attack. Moreover, for the case that the finite field is of characteristic 2, we find the situation becomes very subtle, which, however, was totally neglected in the original work of Kipnis et al. We show that the Kipnis-Shamir method does not work if the field characteristic is 2 and d is a small odd number, and we fix the situation by proposing an alternative method and give an equivalent key recovery attack of complexity O(qd+1m4). We also prove an important experimental observation by Ding et al for the Kipnis-Shamir attack on balanced Oil-Vinegar schemes in characteristic 2.