Cryptanalysis of two quartic encryption schemes and one improved MFE scheme

Authors:
Weiwei Cao;Xiuyun Nie;Lei Hu;Xiling Tang;Jintai Ding
Affiliations:
State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing, China;School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China;State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing, China;South China University of Technology, Guangzhou, China;Department of Mathematical Sciences, University of Cincinnati, OH
Venue:
PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography
Year:
2010

Citing 5
Cited 2

Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer

SIAM Journal on Computing
Cryptoanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Multivariate Public Key Cryptosystems (Advances in Information Security)

Multivariate Public Key Cryptosystems (Advances in Information Security)
High order linearization equation (HOLE) attack on multivariate public key cryptosystems

PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
A "medium-field" multivariate public-key encryption scheme

CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology

Security analysis of an improved MFE public key cryptosystem

CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
Cryptanalysis of an improved MFE public key cryptosystem

International Journal of Security and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

MFE, a multivariate public key encryption scheme proposed by Wang et al in CT-RSA 2006, was conquered by second order linearization equation (SOLE) attack by Ding et al in PKC 2007. To resist this attack, many improved schemes were proposed. Wang et al in [WFW09 and Wang in [Wan07] both modified MFE and raised the public key from quadratic to quartic equations. We call the two quartic schemes Quartic-1 and Quartic-2 respectively for convenience. They are indeed immune to the SOLE attack. However, we find that there exist many quadratization equations (QEs), which are quadratic in plaintext variables and linear in ciphertext variables and can be derived from the public keys of Quartic-1 and Quartic-2. In this paper, we utilize QEs to recover the corresponding plaintext for a given ciphertext. For Quartic-1, we firstly find there are at least 2r SOLEs, which was regarded as impossible by the original authors, furthermore, we can find at least 35r QEs with a complexity $\mathcal {O}((90r^2(15r+1)+180r^2+15r(15r+1)/2+27r+1)^w)$, where r is a small number denoting the degree of extension of finite fields and w≈2.732. The computational complexity of deriving these equations is about 237. But to find the original plaintext, there still needs 240 times Gröbner basis computations, which needs practically 1.328 seconds each time. For Quartic-2, we make a theoretical analysis and find 18r QEs with a computational complexity $\mathcal {O}((15r+1)6r(12r+1)+180r^2+27r+1)^w$. The complexity is 236 for the parameter proposed in [Wan07], and we can break the scheme practically in 3110.734 seconds. Finally, we show that another improved version of MFE in [WZY07] is insecure against the linearization equation attack although its authors claimed it is secure against high order linearization equation attack. Our attack on the two quartic schemes illustrates that non-linearization equations like quadratization equations which are not degree one in plaintext variables can also be used efficiently to analyze multivariate cryptosystems.