Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases

Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases (2003)

Cached

Download Links

Other Repositories/Bibliography

DBLP

by Jean-charles Faugère , Antoine Joux

Venue:	In Advances in Cryptology — CRYPTO 2003
Citations:	80 - 22 self

BibTeX

@INPROCEEDINGS{Faugère03algebraiccryptanalysis,
    author = {Jean-charles Faugère and Antoine Joux},
    title = {Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases},
    booktitle = {In Advances in Cryptology — CRYPTO 2003},
    year = {2003},
    pages = {44--60},
    publisher = {Springer}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Abstract. In this paper, we review and explain the existing algebraic cryptanalysis of multivariate cryptosystems from the hidden field equation (HFE) family. These cryptanalysis break cryptosystems in the HFE family by solving multivariate systems of equations. In this paper we present a new and efficient attack of this cryptosystem based on fast algorithms for computing Gröbner basis. In particular it was was possible to break the first HFE challenge (80 bits) in only two days of CPU time by using the new algorithm F5 implemented in C. From a theoretical point of view we study the algebraic properties of the equations produced by instance of the HFE cryptosystems and show why they yield systems of equations easier to solve than random systems of quadratic equations of the same sizes. Moreover we are able to bound the maximal degree occuring in the Gröbner basis computation. As a consequence, we gain a deeper understanding of the algebraic cryptanalysis against these cryptosystems. We use this understanding to devise a specific algorithm based on sparse linear algebra. In general, we conclude that the cryptanalysis of HFE can be performed in polynomial time. We also revisit the security estimates for existing schemes in the HFE family. 1

Citations

307	Using algebraic geometry - Cox, Little, et al. - 2005
197	A new efficient algorithm for computing Gröbner bases without reduction to zero (F5 - Faugère - 2002
189	Ein Algorithmus zum Auffinden der Basiselemente des Restklassenrings nach einem nulldimensionalen Polynomideal” Universität - Buchberger - 1965
106	Efficient algorithms for solving overdefined systems of multivariate polynomial equations - Courtois, Klimov, et al. - 2000
69	A.: Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization - Kipnis, Shamir - 1999
65	A criterion for detecting unnecessary reductions in the construction of Groebner bases - Buchberger - 1979
64	Public quadratic polynomial-tuples for efficient signature-verification and message-encryption - Matsumoto, Imai - 1988
46	Solving homogeneous linear equations over GF(2) via block Wiedemann algorithm - Coppersmith - 1994
36	An algorithmic criterion for the solvability of algebraic systems of equations, Aequat - Buchberger - 1970
20	The Security of Hidden Field Equations (HFE - Courtois
16	gaussian elimination and resolution of systems of algebraic equations - Lazard - 1983
11	M.: Cryptanalysis of SFLASH - Gilbert, Minier - 2002
8	Cryptanalysis of the oil & vinegar signature scheme - Kipnis, Shamir - 1998
7	Complexity of Grobner Basis Computations for Regular Overdetermined Systems, Preprint and private communication - Bardet, Faugère, et al. - 2003
7	Groebner Bases, a Computationnal Approach to Commutative Algebra. Graduate Texts in Mathematics - Becker, Weispfenning - 1993
6	The algebraic theory of modular systems., volume xxxi - Macaulay - 1916
4	Algebraic cryptanalysis of HFE using Gröbner bases - Faugère