Field Lifting for Smaller UOV Public Keys

Most Multivariate Quadratic (MQ) signature schemes have a very large public key, which makes them unsuitable for many applications, despite attractive features such as speed and small signature sizes. In this paper we introduce a modification of the Unbalanced Oil and Vinegar (UOV) signature scheme that has public keys which are an order of magnitude smaller than other MQ signature schemes. The main idea is to choose UOV keys over the smallest field \(\mathbb {F}_2\) in order to achieve small keys, but to lift the keys to a large extension field, where solving the MQ problem is harder. The resulting Lifted UOV signature scheme is very competitive with other post-quantum signature schemes in terms of key sizes, signature sizes and speed.

[1]  Bo-Yin Yang,et al.  Design Principles for HFEv- Based Multivariate Signature Schemes , 2015, ASIACRYPT.

[2]  Léo Ducas,et al.  Lattice Signatures and Bimodal Gaussians , 2013, IACR Cryptol. ePrint Arch..

[3]  Jean-Charles Faugère,et al.  On the Security of UOV , 2008, IACR Cryptol. ePrint Arch..

[4]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[5]  Peter Schwabe,et al.  SPHINCS: Practical Stateless Hash-Based Signatures , 2015, EUROCRYPT.

[6]  Luk Bettale,et al.  Hybrid approach for solving multivariate systems over finite fields , 2009, J. Math. Cryptol..

[7]  Christof Zalka GROVER'S QUANTUM SEARCHING ALGORITHM IS OPTIMAL , 1997, quant-ph/9711070.

[8]  Claus Diem,et al.  The XL-Algorithm and a Conjecture from Commutative Algebra , 2004, ASIACRYPT.

[9]  Bo-Yin Yang,et al.  HMFEv - An Efficient Multivariate Signature Scheme , 2017, PQCrypto.

[10]  Antoine Joux,et al.  A Crossbred Algorithm for Solving Boolean Polynomial Systems , 2017, NuTMiC.

[11]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[12]  Antoine Joux,et al.  Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases , 2003, CRYPTO.

[13]  Adi Shamir,et al.  Fast Exhaustive Search for Polynomial Systems in F2 , 2010, IACR Cryptol. ePrint Arch..

[14]  Magali Bardet,et al.  Étude des systèmes algébriques surdéterminés. Applications aux codes correcteurs et à la cryptographie , 2004 .

[15]  Ariel Shamir,et al.  Cryptanalysis of the oil and vinegar signature scheme , 1998 .

[16]  Adi Shamir,et al.  Cryptanalysis of the Oil & Vinegar Signature Scheme , 1998, CRYPTO.

[17]  Luk Bettale,et al.  Solving polynomial systems over finite fields: improved analysis of the hybrid approach , 2012, ISSAC.

[18]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[19]  Louis Goubin,et al.  Unbalanced Oil and Vinegar Signature Schemes , 1999, EUROCRYPT.

[20]  Stanislav Bulygin,et al.  Fast Verification for Improved Versions of the UOV and Rainbow Signature Schemes , 2013, PQCrypto.

[21]  Albrecht Petzoldt,et al.  Selecting and reducing key sizes for multivariate cryptography , 2013 .

[22]  Christopher Wolf,et al.  Solving Underdetermined Systems of Multivariate Quadratic Equations Revisited , 2012, Public Key Cryptography.

[23]  Jean-Charles Faugère,et al.  On the complexity of solving quadratic Boolean systems , 2011, J. Complex..

[24]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[25]  Chen-Mou Cheng,et al.  New Differential-Algebraic Attacks and Reparametrization of Rainbow , 2008, ACNS.