论文信息 - HFE and BDDs: A Practical Attempt at Cryptanalysis

HFE and BDDs: A Practical Attempt at Cryptanalysis

HFE (Hidden Field Equations) is a public key cryptosystem using univariate polynomials over finite fields. It was proposed by J. Patarin in 1996. Well chosen parameters during the construction produce a system of quadratic multivariate polynomials over \({\mathbb{F}_2}\) as the public key. An enclosed trapdoor is used to decrypt messages. We propose a ciphertext-only attack which mainly consists in satisfying a boolean formula. Our algorithm is based on BDDs (Binary Decision Diagrams), introduced by Bryant in 1986, which allow to represent and manipulate, possibly efficiently, boolean functions. This paper is devoted to some experimental results we obtained while trying to solve the Patarin’s challenge. This approach was not successful, nevertheless it provided some interesting information about the security of HFE cryptosystem.

Jean-Francis Michon | Jean-Baptiste Yunès | Pierre Valarcher

[1] Joachim von zur Gathen,et al. Modern Computer Algebra , 1998 .

[2] Matthias Krause. BDD-Based Cryptanalysis of Keystream Generators , 2002, EUROCRYPT.

[3] Adi Shamir,et al. Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization , 1999, CRYPTO.

[4] Nagisa Ishiura,et al. Shared binary decision diagram with attributed edges for efficient Boolean function manipulation , 1990, 27th ACM/IEEE Design Automation Conference.

[5] Ingo Wegener,et al. BDDs--design, analysis, complexity, and applications , 2004, Discret. Appl. Math..

[6] Hideki Imai,et al. Public Quadratic Polynominal-Tuples for Efficient Signature-Verification and Message-Encryption , 1988, EUROCRYPT.

[7] David S. Johnson,et al. Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[8] Jacques Patarin,et al. Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms , 1996, EUROCRYPT.

[9] Jacques Patarin,et al. Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88 , 1995, CRYPTO.

[10] Randal E. Bryant,et al. Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.