Public-Key Identification Schemes Based on Multivariate Cubic Polynomials

Solving a system of multivariate polynomials over a finite field is a promising problem in cryptography. Recently, Sakumoto et al. proposed public-key identification schemes based on the quadratic version of the problem, which is called the MQ problem. However, it is still an open question whether or not it is able to build efficient constructions of public-key identification based on multivariate polynomials of degree greater than two. In this paper, we tackle the cubic case of this question and construct public-key identification schemes based on the cubic version of the problem, which is called the MC problem. The MQ problem is a special case of the MC problem. Our schemes consist of a protocol which is zero-knowledge argument of knowledge for the MC problem under the assumption of the existence of a non-interactive commitment scheme. For a practical parameter choice, the efficiency of our scheme is highly comparable to that of the schemes based on the MQ problem. Furthermore, the parallel version of our scheme also achieves the security under active attack with some additional cost.

[1]  Bo-Yin Yang,et al.  Multivariates Polynomials for Hashing , 2007, Inscrypt.

[2]  Hideki Imai,et al.  Public Quadratic Polynominal-Tuples for Efficient Signature-Verification and Message-Encryption , 1988, EUROCRYPT.

[3]  Chanathip Namprempre,et al.  From Identification to Signatures via the Fiat-Shamir Transform: Minimizing Assumptions for Security and Forward-Security , 2002, EUROCRYPT.

[4]  Adi Shamir,et al.  Fast Exhaustive Search for Polynomial Systems in F2 , 2010, IACR Cryptol. ePrint Arch..

[5]  E. Kushilevitz Foundations of Cryptography Foundations of Cryptography , 2014 .

[6]  Taizo Shirai,et al.  Public-Key Identification Schemes Based on Multivariate Quadratic Polynomials , 2011, CRYPTO.

[7]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[8]  Chanathip Namprempre,et al.  Security Proofs for Identity-Based Identification and Signature Schemes , 2008, Journal of Cryptology.

[9]  David Pointcheval,et al.  A New NP-Complete Problem and Public-Key Identification , 2003, Des. Codes Cryptogr..

[10]  Kwok-Yan Lam,et al.  Cryptanalysis of "2 R" Schemes , 1999, CRYPTO.

[11]  Olivier Billet,et al.  Compact FPGA implementations of QUAD , 2007, ASIACCS '07.

[12]  Jacques Stern,et al.  Designing Identification Schemes with Keys of Short Size , 1994, CRYPTO.

[13]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[14]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[15]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[16]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 1, Basic Tools , 2001 .

[17]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[18]  Jean-Charles Faugère,et al.  Complexity of Gröbner basis computation for Semi-regular Overdetermined sequences over F_2 with solutions in F_2 , 2002 .

[19]  Louis Goubin,et al.  Asymmetric cryptography with S-Boxes , 1997, ICICS.

[20]  Louis Goubin,et al.  Trapdoor one-way permutations and multivariate polynominals , 1997, ICICS.

[21]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[22]  Jacques Stern,et al.  A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.

[23]  Jacques Patarin,et al.  QUAD: A Practical Stream Cipher with Provable Security , 2006, EUROCRYPT.

[24]  David Pointcheval,et al.  A New $$\mathcal{N}\mathcal{P} $$ -Complete Problem and Public-Key Identification , 2003 .

[25]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[26]  Jacques Patarin,et al.  Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms , 1996, EUROCRYPT.

[27]  Luk Bettale,et al.  Hybrid approach for solving multivariate systems over finite fields , 2009, J. Math. Cryptol..

[28]  Sidi Mohamed El Yousfi Alaoui,et al.  A Zero-Knowledge Identification Scheme Based on the q-ary Syndrome Decoding Problem , 2010, Selected Areas in Cryptography.

[29]  Uriel Feige,et al.  Proceedings of the 39th Annual ACM Symposium on Theory of Computing, San Diego, California, USA, June 11-13, 2007 , 2007, STOC.

[30]  Luk Bettale,et al.  Security Analysis of Multivariate Polynomials for Hashing , 2009, Inscrypt.

[31]  Rafael Pass,et al.  An efficient parallel repetition theorem for Arthur-Merlin games , 2007, STOC '07.

[32]  Adi Sbamir,et al.  An Efficient Identification Scheme Based on Permuted Kernels ( extended abstract ) , 2022 .

[33]  Louis Goubin,et al.  Unbalanced Oil and Vinegar Signature Schemes , 1999, EUROCRYPT.

[34]  Ye Ding-Feng,et al.  Cryptanalysis of 2R schemes , 1999, CRYPTO 1999.

[35]  David Pointcheval,et al.  A New Identification Scheme Based on the Perceptrons Problem , 1995, EUROCRYPT.

[36]  Jacques Stern,et al.  A new paradigm for public key identification , 1996, IEEE Trans. Inf. Theory.