On the Security and Key Generation of the ZHFE Encryption Scheme

At PQCrypto’14 Porras, Baena and Ding proposed a new interesting construction to overcome the security weakness of the HFE encryption scheme, and called their new encryption scheme ZHFE. They provided experimental evidence for the security of ZHFE, and proposed the parameter set \((q,n,D)= (7,55,105)\) with claimed security level \(2^{80}\) estimated by experiment. However there is an important gap in the state-of-the-art cryptanalysis of ZHFE, i.e., a sound theoretical estimation for the security level of ZHFE is missing. In this paper we fill in this gap by computing upper bounds for the Q-Rank and for the degree of regularity of ZHFE in terms of \(\log _q D\), and thus providing such a theoretical estimation. For instance the security level of ZHFE(7,55,105) can now be estimated theoretically as at least \(2^{96}\). Moreover for the inefficient key generation of ZHFE, we also provide a solution to improve it significantly, making almost no computation needed.

[1]  Bo-Yin Yang,et al.  Degree of Regularity for HFEv and HFEv- , 2013, PQCrypto.

[2]  Jintai Ding,et al.  New candidates for multivariate trapdoor functions , 2015, IACR Cryptol. ePrint Arch..

[3]  Jintai Ding,et al.  Multivariate Public Key Cryptosystems (Advances in Information Security) , 2006 .

[4]  Antoine Joux,et al.  Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases , 2003, CRYPTO.

[5]  Luk Bettale,et al.  Cryptanalysis of HFE, multi-HFE and variants for odd and even characteristic , 2012, Designs, Codes and Cryptography.

[6]  Adi Shamir,et al.  Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization , 1999, CRYPTO.

[7]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[8]  John Baena,et al.  Efficient ZHFE Key Generation , 2016, PQCrypto.

[9]  Antoine Joux,et al.  Inverting HFE Is Quasipolynomial , 2006, CRYPTO.

[10]  Nicolas Gama,et al.  The Degree of Regularity of HFE Systems , 2010, ASIACRYPT.

[11]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[12]  Jacques Patarin,et al.  Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms , 1996, EUROCRYPT.

[13]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[14]  Bart Preneel,et al.  Equivalent Keys in Hfe, C * , and Variations , 2005 .

[15]  Daniel Smith-Tone,et al.  Security Analysis and Key Modification for ZHFE , 2016, PQCrypto.

[16]  Jintai Ding,et al.  Inverting HFE Systems Is Quasi-Polynomial for All Fields , 2011, CRYPTO.

[17]  Nicolas Courtois,et al.  The Security of Hidden Field Equations (HFE) , 2001, CT-RSA.

[18]  Bo-Yin Yang,et al.  Design Principles for HFEv- Based Multivariate Signature Schemes , 2015, ASIACRYPT.

[19]  Louis Goubin,et al.  QUARTZ, 128-Bit Long Digital Signatures , 2001, CT-RSA.

[20]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[21]  Jintai Ding,et al.  ZHFE, a New Multivariate Public Key Encryption Scheme , 2014, PQCrypto.