论文信息 - Cryptanalysis of the Oil & Vinegar Signature Scheme

Cryptanalysis of the Oil & Vinegar Signature Scheme

Several multivariate algebraic signature schemes had been proposed in recent years, but most of them had been broken by exploiting the fact that their secret trapdoors are low rank algebraic structures. One of the few remaining variants is Patarin's”Oil & Vinegar” scheme, which is based on a system of n quadratic forms in 2n variables of two flavors (n ”oil” variables and n ”vinegar” variables). The security of the scheme depends on the difficulty of distinguishing between the two types, and does not seem to be susceptible to known low rank attacks. In this paper we describe two novel algebraic attacks which can efficiently separate the oil and vinegar variables, and thus forge arbitrary signatures.

Adi Shamir | Aviad Kipnis | A. Shamir | A. Kipnis

[1] Adi Shamir,et al. Efficient Signature Schemes Based on Birational Permutations , 1993, CRYPTO.

[2] Adi Shamir,et al. An efficient signature scheme based on quadratic equations , 1984, STOC '84.

[3] Jacques Patarin,et al. Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms , 1996, EUROCRYPT.

[4] Jacques Patarin,et al. Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88 , 1995, CRYPTO.

[5] Hideki Imai,et al. Public Quadratic Polynominal-Tuples for Efficient Signature-Verification and Message-Encryption , 1988, EUROCRYPT.

[6] Claus-Peter Schnorr,et al. An efficient solution of the congruence x2+ky2=mpmod{n} , 1987, IEEE Trans. Inf. Theory.