Results 1 
4 of
4
Multivariate public key cryptography
, 2009
"... A multivariate public key cryptosystem (MPKCs for short) have a set of (usually) quadratic polynomials over a finite field as its public map. Its main security assumption is backed by the NPhardness of the problem to solve nonlinear equations over a nite eld. This family is considered as one of th ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
(Show Context)
A multivariate public key cryptosystem (MPKCs for short) have a set of (usually) quadratic polynomials over a finite field as its public map. Its main security assumption is backed by the NPhardness of the problem to solve nonlinear equations over a nite eld. This family is considered as one of the major families of PKCs that could resist potentially even the powerful quantum computers of the future. There has been fast and intensive development in Multivariate Public Key Cryptography in the last two decades. Some constructions are not as secure as was claimed initially, but others are still viable. The paper gives an overview of multivariate public key cryptography and discusses the current status of the research in this area.
Secure PRNGs from Specialized Polynomial Maps over Any Fq
"... Abstract. Berbain, Gilbert, and Patarin presented QUAD, a pseudo random number generator (PRNG) at Eurocrypt 2006. QUAD (as PRNG and stream cipher) may be proved secure based on an interesting hardness assumption about the onewayness of multivariate quadratic polynomial systems over F2. The origina ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Berbain, Gilbert, and Patarin presented QUAD, a pseudo random number generator (PRNG) at Eurocrypt 2006. QUAD (as PRNG and stream cipher) may be proved secure based on an interesting hardness assumption about the onewayness of multivariate quadratic polynomial systems over F2. The original BGP proof only worked for F2 and left a gap to general Fq. We show that the result can be generalized to any arbitrary finite field Fq, and thus produces a stream cipher with alphabets in Fq. Further, we generalize the underlying hardness assumption to specialized systems in Fq (including F2) that can be evaluated more efficiently. Barring breakthroughs in the current stateoftheart for systemsolving, a rough implementation of a provably secure instance of our new PRNG is twice as fast and takes 1/10 the storage of an instance of QUAD with the same level of provable security. Recent results on specialization on security are also examined. And we conclude that our ideas are consistent with these new developments and complement them. This gives a clue that we may build secure primitives based on specialized polynomial maps which are more efficient.
On the security of multivariate hash functions
"... Abstract Multivariate hash functions are a type of hash functions whose compression function is explicitly defined as a sequence of multivariate equations. Olivier Billet etc. have designed the hash function MQHASH and Jintai Ding etc. also propose a similar construction, which the security depends ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract Multivariate hash functions are a type of hash functions whose compression function is explicitly defined as a sequence of multivariate equations. Olivier Billet etc. have designed the hash function MQHASH and Jintai Ding etc. also propose a similar construction, which the security depends on the difficulty of solving randomly drawn systems of multivariate equations over a finite field. Finding preimage and collision can be reduced to solve the multivariate equations, which is a well known NPhard problem. To prove the security of MQHASH, the designer assume that a multivariate hash function is a pseudorandom number generator. In this paper, we analyze the security of multivariate hash functions and conclude that low degree multivariate functions such as MQHASH are neither pseudorandom nor unpredictable. There may be trivial collisions and fixed point attacks if the parameter of the compression function has been chosen. And they are also not computationresistance, which makes MAC forgery easily.
Secure PRNGs from Specialized Polynomial Maps over Any Fq
, 2007
"... We prove that a random map drawn from any class C of polynomial maps from (Fq) n to (Fq) n+r that is (i) totally random in the a ne terms, and (ii) has a negligible chance of being not strongly oneway, provides a secure PRNG (hence a secure stream cipher) for any q. Plausible choices for C are semi ..."
Abstract
 Add to MetaCart
(Show Context)
We prove that a random map drawn from any class C of polynomial maps from (Fq) n to (Fq) n+r that is (i) totally random in the a ne terms, and (ii) has a negligible chance of being not strongly oneway, provides a secure PRNG (hence a secure stream cipher) for any q. Plausible choices for C are semisparse (i.e., the a ne terms are truly random) systems and other systems that are easy to evaluate from a small (compared to a generic map) number of parameters. To our knowledge, there are no other positive results for provable security of specialized polynomial systems, in particular sparse ones (which are natural candidates to investigate for speed). We can build a family of provably secure stream ciphers a rough implementation of which at the same security level can be more than twice faster than an optimized QUAD (and any other provably secure stream ciphers proposed so far), and uses much less storage. This may also help build faster provably secure hashes. We also examine the e ects of recent results on specialization on security, e.g., AumassonMeier (ICISC 2007), which precludes MerkleDamgård compression using polynomials systems uniformly very sparse in every degree from being universally collisionfree. We conclude that our ideas are consistent with and complements these new results. We think that we can build secure primitives based on specialized (versus generic) polynomial maps which are more e cient.