MQQ-SIG: an ultra-fast and provably CMA resistant digital signature scheme

Authors:
Danilo Gligoroski;Rune Steinsmo Ødegård;Rune Erlend Jensen;Ludovic Perret;Jean-Charles Faugère;Svein Johan Knapskog;Smile Markovski
Affiliations:
Department of Telematics, The Norwegian University of Science and Technology (NTNU), Trondheim, Norway;Centre for Quantifiable Quality of Service in Communication Systems, NTNU, Trondheim, Norway;Centre for Quantifiable Quality of Service in Communication Systems, NTNU, Trondheim, Norway;INRIA, Paris-Rocquencourt Center, SALSA Project, UPMC Univ. Paris 06, UMR 7606, LIP6, Paris, France,CNRS, UMR 7606, LIP6, Paris, France;INRIA, Paris-Rocquencourt Center, SALSA Project, UPMC Univ. Paris 06, UMR 7606, LIP6, Paris, France,CNRS, UMR 7606, LIP6, Paris, France;Centre for Quantifiable Quality of Service in Communication Systems, NTNU, Trondheim, Norway;Faculty of Natural Sciences and Mathematics, Institute of Informatics, "Ss Cyril and Methodius" University, Skopje, Macedonia
Venue:
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Year:
2011

Citing 23
Cited 0

Use of elliptic curves in cryptography

Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Public quadratic polynomial-tuples for efficient signature-verification and message-encryption

Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Efficient computation of zero-dimensional Gro¨bner bases by change of ordering

Journal of Symbolic Computation
Efficient signature schemes based on birational permutations

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Cryptanalysis of the Matsumoto and Imai Public Key Schemeof Eurocrypt‘98

Designs, Codes and Cryptography
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Computers and Intractability: A Guide to the Theory of NP-Completeness

Computers and Intractability: A Guide to the Theory of NP-Completeness
Algebraic Methods for Constructing Asymmetric Cryptosystems

AAECC-3 Proceedings of the 3rd International Conference on Algebraic Algorithms and Error-Correcting Codes
Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of the TTM Cryptosystem

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On the security of stepwise triangular systems

Designs, Codes and Cryptography
Multivariate quadratic trapdoor functions based on multivariate quadratic quasigroups

MATH'08 Proceedings of the American Conference on Applied Mathematics
Algebraic Attack on the MQQ Public Key Cryptosystem

CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Hidden fields equations (HFE) and isomorphisms of polynomials (IP): Two new families of asymmetric algorithms

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
l-invertible cycles for multivariate quadratic (MQ) public key cryptography

PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
New differential-algebraic attacks and reparametrization of rainbow

ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Cryptanalysis of multivariate and odd-characteristic HFE variants

PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Practical cryptanalysis of the identification scheme based on the isomorphism of polynomial with one secret problem

PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Building secure tame-like multivariate public-key cryptosystems: the new TTS

ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Differential cryptanalysis for multivariate schemes

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
A fast cryptanalysis of the isomorphism of polynomials with one secret problem

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Polynomial equivalence problems: algorithmic and theoretical aspects

EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Implementing minimized multivariate PKC on low-resource embedded systems

SPC'06 Proceedings of the Third international conference on Security in Pervasive Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present MQQ-SIG, a signature scheme based on "Multivariate Quadratic Quasigroups". The MQQ-SIG signature scheme has a public key consisting of $\frac{n}{2}$ quadratic polynomials in n variables where n=160, 192, 224 or 256. Under the assumption that solving systems of $\frac{n}{2}$ MQQ's equations in n variables is as hard as solving systems of random quadratic equations, we prove that in the random oracle model our signature scheme is CMA (Chosen-Message Attack) resistant. From efficiency point of view, the signing and verification processes of MQQ-SIG are three orders of magnitude faster than RSA or ECDSA. Compared with other MQ signing schemes, MQQ-SIG has both advantages and disadvantages. Advantages are that it has more than three times smaller private keys (from 401 to 593 bytes), and the signing process is an order of magnitude faster than other MQ schemes. That makes it very suitable for implementation in smart cards and other embedded systems. However, MQQ-SIG has a big public key (from 125 to 512 Kb) and it is not suitable for systems where the size of the public key has to be small.