Cryptanalysis of enhanced TTS, STS and all its variants, or: why cross-terms are important

Authors:
Enrico Thomae;Christopher Wolf
Affiliations:
Horst Görtz Institute for IT-security, Faculty of Mathematics, Ruhr-University of Bochum, Bochum, Germany;Horst Görtz Institute for IT-security, Faculty of Mathematics, Ruhr-University of Bochum, Bochum, Germany
Venue:
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Year:
2012

Citing 12
Cited 0

Efficient signature schemes based on birational permutations

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Computers and Intractability: A Guide to the Theory of NP-Completeness

Computers and Intractability: A Guide to the Theory of NP-Completeness
Cryptanalysis of the Oil & Vinegar Signature Scheme

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of MinRank

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
New differential-algebraic attacks and reparametrization of rainbow

ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Gröbner bases of bihomogeneous ideals generated by polynomials of bidegree (1,1): Algorithms and complexity

Journal of Symbolic Computation
Small public keys and fast verification for multivariate quadratic public key systems

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Equivalent keys in HFE, c*, and variations

Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Building secure tame-like multivariate public-key cryptosystems: the new TTS

ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Efficient cryptanalysis of RSE(2)PKC and RSSE(2)PKC

SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
Cryptanalysis of rainbow

SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Proposal of a signature scheme based on STS trapdoor

PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

We show that the two multivariate signature schemes Enhanced STS, proposed at PQCrypto 2010, and Enhanced TTS, proposed at ACISP 2005, are vulnerable due to systematically missing cross-terms. To this aim, we generalize equivalent keys to so-called good keys for an improved algebraic key recovery attack. In particular, we demonstrate that it is impossible to choose both secure and efficient parameters for Enhanced STS and break all current parameters of both schemes. Since 2010, many variants of Enhanced STS, such as Check Equations or Hidden Pair of Bijections were proposed. We break all these variants and show that making STS secure will either lead to a variant known as the Oil, Vinegar and Salt signature scheme or, if we also require the signing algorithm to be efficient, to the well-known Rainbow signature scheme. We show that our attack is more efficient than any previously known attack.