Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
Essential Algebraic Structure within the AES
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Solving Underdefined Systems of Multivariate Quadratic Equations
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
On the Security of HFE, HFEv- and Quartz
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
A new efficient algorithm for computing Gröbner bases without reduction to zero (F5)
Proceedings of the 2002 international symposium on Symbolic and algebraic computation
Efficient algorithms for solving overdefined systems of multivariate polynomial equations
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Higher order correlation attacks, XL algorithm and cryptanalysis of Toyocrypt
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Small public keys and fast verification for multivariate quadratic public key systems
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Equivalent keys in HFE, c*, and variations
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
A study of the security of unbalanced oil and vinegar signature schemes
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Algebraic cryptanalysis of mceliece variants with compact keys
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Algebraic cryptanalysis of 58-round SHA-1
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Algebraic immunity of S-boxes and augmented functions
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Efficient implementations of MQPKS on constrained devices
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Quo vadis quaternion? cryptanalysis of rainbow over non-commutative rings
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Linear recurring sequences for the UOV key generation revisited
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Hi-index | 0.00 |
Solving systems of m $\mathcal M$ ultivariate $\mathcal Q$ uadratic ( $\mathcal{MQ}$ ) equations in n variables is one of the main challenges of algebraic cryptanalysis. Although the associated $\mathcal{MQ}$ -problem is proven to be NP-complete, we know that it is solvable in polynomial time over fields of even characteristic if either m ≥n (n −1)/2 (overdetermined ) or n ≥m (m +1) (underdetermined ). It is widely believed that m =n has worst case complexity. Actually in the overdetermined case Gröbner Bases algorithms show a gradual decrease in complexity from m =n to m ≥n (n −1)/2 as more and more equations are available. For the underdetermined case no similar behavior was known. Up to now the best way to deal with the case m n m (m +1) was to randomly guess variables until m =n . This article shows how to smartly use additional variables and thus obtain a gradual change of complexity over even characteristics also for the underdetermined case. Namely, we show how a linear change of variables can be used to reduce the overall complexity of solving a $\mathcal{MQ}$ -system with m equations and n =ωm variables for some ω ∈ℚ1 to the complexity of solving a $\mathcal{MQ}$ -system with only $(m-\left\lfloor \omega\right\rfloor+1)$ equations and variables, respectively. Our algorithm can be seen as an extension of the previously known algorithm from Kipnis-Patarin-Goubin (extended version of Eurocrypt '99) and improves an algorithm of Courtois et al. which eliminates $\left\lfloor \mbox{log}_2\omega\right\rfloor$ variables. For small ω we also adapt our algorithm to fields of odd characteristic. We apply our result to break current instances of the Unbalanced Oil and Vinegar public key signature scheme that uses n =3m and hence ω =3.