Efficient Inversion of Rational Maps Over Finite Fields

  • Antonio Cafure
  • Guillermo Matera
  • Ariel Waissbein
Part of the The IMA Volumes in Mathematics and its Applications book series (IMA, volume 146)


We study the problem of finding the inverse image of a point in the image of a rational map F : \( \mathbb{F}_q^n \to \mathbb{F}_q^n \) over a finite field \( \mathbb{F}_q \). Our interest mainly stems from the case where F encodes a permutation given by some public-key cryptographic scheme. Given an element y (0)F(\( \mathbb{F}_q^n \)), we are able to compute the set of values x (0)\( \mathbb{F}_q^n \) for which F(x (0)= y (0) holds with O(Tn 4.38 D 2.38δlog2 q) bit operations, up to logarithmic terms. Here T is the cost of the evaluation of F 1,..., F n, D is the degree of F and δ is the degree of the graph of F.

Key words

Finite fields polynomial system solving public-key cryptography matrices of fixed displacement rank 

AMS(MOS) subject classifications

14G05 68W30 11T71 8Q25 47B35 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    M. ALONSO, E. BECKER, M.-F. ROY, AND T. WÖRMANN, Zeroes, multiplicities and idempotents for zerodimensional systems, in Proceedings of MEGA’94, Vol. 143 of Progr. Math., Boston, 1996, Birkhäuser, pp. 1–15.Google Scholar
  2. [2]
    J. BALCAZÁR, J. DÍAZ, AND J. GABARRÓ, Structural complexity I, Vol. 11 of Monogr. Theoret. Comput. Sci. EATCS Ser., Springer, Berlin, 1988.Google Scholar
  3. [3]
    M. BARDET, Etude des systèmes algébriques surdétermines. Applications aux codes correcteurs et á la cryptographie, PhD thesis, Université Paris 6, 2004.Google Scholar
  4. [4]
    M. BARDET, J.-C. FAUGÈRE, AND B. SALVY, Complexity of Gröbner basis computation for semi-regular overdetermined sequences over \( \mathbb{F}_2 \) with solutions in \( \mathbb{F}_2 \). Rapport de Recherche INRIA RR-5049,, 2003.Google Scholar
  5. [5]
    W. BAUR AND V. STRASSEN, The complexity of partial derivatives, Theoret. Com-put. Sci., 22 (1983), pp. 317–330.zbMATHCrossRefMathSciNetGoogle Scholar
  6. [6]
    E. BIHAM AND A. SHAMIR, Differential cryptanalysis of DES-like cryptosystems, J. Cryptology, 4 (1991), pp. 3–72.zbMATHCrossRefMathSciNetGoogle Scholar
  7. [7]
    D. BINI AND V. PAN, Polynomial and matrix computations, Progress in Theoretical Computer Science, Birkhäuser, Boston, 1994.Google Scholar
  8. [8]
    A. BOSTAN, C.-P. JEANNEROD, AND E. SCHOST, Solving Toeplitz-and Vandermonde-like linear systems with large displacement rank. To appear in Proceedings ISSAC’07,, 2007.Google Scholar
  9. [9]
    P. BÜRGISSER, M. CLAUSEN, AND M. SHOKROLLAHI, Algebraic Complexity Theory, Vol. 315 of Grundlehren Math. Wiss., Springer, Berlin, 1997.zbMATHGoogle Scholar
  10. [10]
    A. CAFURE AND G. MATERA, Fast computation of a rational point of a variety over a finite field, Math. Comp., 75 (2006), pp. 2049–2085.zbMATHCrossRefMathSciNetGoogle Scholar
  11. [11]
    -, Improved explicit estimates on the number of solutions of equations over a finite field, Finite Fields Appl., 12 (2006), pp. 155–185.zbMATHCrossRefMathSciNetGoogle Scholar
  12. [12]
    A. CAFURE, G. MATERA, AND A. WAISSBEIN, Inverting bijective polynomial maps over finite fields, in Proceedings of the 2006 Information Theory Workshop, ITW2006, G. Seroussi and A. Viola, eds., IEEE Information Theory Society, 2006, pp. 27–31.Google Scholar
  13. [13]
    D. CASTRO, M. GIUSTI, J. HEINTZ, G. MATERA, AND L.M. PARDO, The hardness of polynomial equation solving, Found. Comput. Math., 3 (2003), pp. 347–420.zbMATHCrossRefMathSciNetGoogle Scholar
  14. [14]
    N. COURTOIS, A. KLIMOV, J. PATARIN, AND A. SHAMIR, Efficient algorithms for solving overdefined systems of multivariate polynomial equations, in EURO-CRYPT 2000, B. Preneel, ed., Vol. 1807 of Lecture Notes in Comput. Sci., Berlin, 2000, Springer, pp. 71–79.Google Scholar
  15. [15]
    C. DE CANNIÈRE, A. BIRYUKOV, AND B. PRENEEL, An introduction to block cipher cryptanalysis, Proc. IEEE, 94 (2006), pp. 346–356.CrossRefGoogle Scholar
  16. [16]
    J.-C. FAUGÈRE, A new efficient algorithm for computing Gröbner bases without reduction to zero (F5), Proceedings ISSAC’02, T. Mora, ed., New York, 2002, ACM Press, pp. 75–83.Google Scholar
  17. [17]
    S. GAO, Factoring multivariate polynomials via partial differential equations, Math. Comp., 72 (2003), pp. 801–822.zbMATHCrossRefMathSciNetGoogle Scholar
  18. [18]
    J. VON ZUR GATHEN AND J. GERHARD, Modern computer algebra, Cambridge Univ. Press, Cambridge, 1999.zbMATHGoogle Scholar
  19. [19]
    M. GAREY AND D. JOHNSON, Computers and Intractability: A Guide to the Theory of NP-Completeness, Freeman, San Francisco, 1979.zbMATHGoogle Scholar
  20. [20]
    M. GIUSTI, K. HÄGELE, J. HEINTZ, J.E. MORAIS, J.L. MONTAÑA, AND L.M. PARDO, Lower bounds for Diophantine approximation, J. Pure Appl. Algebra, 117, 118 (1997), pp. 277–317.CrossRefMathSciNetGoogle Scholar
  21. [21]
    M. GIUSTI, G. LECERF, AND B. SALVY, A Grobner free alternative for polynomial system solving, J. Complexity, 17 (2001), pp. 154–211.zbMATHCrossRefMathSciNetGoogle Scholar
  22. [22]
    J. HEINTZ, Definability and fast quantifier elimination in algebraically closed fields, Theoret. Comput. Sci., 24 (1983), pp. 239–277.zbMATHCrossRefMathSciNetGoogle Scholar
  23. [23]
    M.-D. HUANG AND Y.-C. WONG, Solvability of systems of polynomial congruences modulo a large prime, Comput. Complexity, 8 (1999), pp. 227–257.zbMATHCrossRefMathSciNetGoogle Scholar
  24. [24]
    H. IMAI AND T. MATSUMOTO, Public quadratic polynomial-tuples for efficient signature-verification and message-encryption, in Advances in Cryptology — EUROCRYPT’ 88, C. Günther, ed., Vol. 330 of Lecture Notes in Comput. Sci., Berlin, 1988, Springer, pp. 419–453.Google Scholar
  25. [25]
    J.-R. JOLY, Equations et variétés algébriques sur un corps fini, Enseign. Math., 19 (1973), pp. 1–117.zbMATHMathSciNetGoogle Scholar
  26. [26]
    E. KALTOFEN, Asymptotically fast solution of Toeplitz-like singular linear systems, in Proceedings ISSAC’94, J. von zur Gathen and M. Giesbrecht, eds., New York, 1994, ACM Press, pp. 297–304.Google Scholar
  27. [27]
    , Analysis of Coppersmith’s block Wiedemann algorithm for the parallel solution of sparse linear systems, Math. Comp., 64 (1995), pp. 777–806.zbMATHMathSciNetGoogle Scholar
  28. [28]
    , Effective Noether irreducibility forms and applications, J. Comput. System Sci., 50 (1995), pp. 274–295.zbMATHCrossRefMathSciNetGoogle Scholar
  29. [29]
    A. KIPNIS AND A. SHAMIR, Cryptanalysis of the HFE Public Key Cryptosystem by relinearization, in Advances in Cryptology — CRYPTO’99, M. Wiener, ed., Vol. 1666 of Lecture Notes in Comput. Sci., Berlin, 1999, Springer, pp. 19–30.Google Scholar
  30. [30]
    N. KOBLITZ, Algebraic aspects of cryptography, Vol. 3 of Algorithms Comput. Math., Springer, Berlin Heidelberg New York, corrected 2nd printing ed., 1999.Google Scholar
  31. [31]
    G. LECERF, Improved dense multivariate polynomial factorization algorithms, J. Symbolic Comput., 42 (2007), pp. 477–494.zbMATHCrossRefMathSciNetGoogle Scholar
  32. [32]
    R. LIDL AND H. NIEDERREITER, Finite fields, Addison-Wesley, Reading, Massachusetts, 1983.zbMATHGoogle Scholar
  33. [33]
    V. PAN, Structured matrices and polynomials. Unified superfast algorithms, Birkhäuser, Boston, 2001.zbMATHGoogle Scholar
  34. [34]
    L.M. PARDO AND J. SAN MARTÍN, Deformation techniques to solve generalized Pham systems, Theoret. Comput. Sci., 315 (2004), pp. 593–625.zbMATHCrossRefMathSciNetGoogle Scholar
  35. [35]
    J. PATARIN, Cryptoanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt’88, in Advances in Cryptology — CRYPTO’ 95, D. Coppersmith, ed., Vol. 963 of Lecture Notes in Comput. Sci., Springer, 1995, pp. 248–261.Google Scholar
  36. [36]
    , Asymmetric cryptography with a hidden monomial, in Advances in Cryptology — CRYPTO’ 96, N. Koblitz, ed., Vol. 1109 of Lecture Notes in Comput. Sci., Springer, 1996, pp. 45–60.Google Scholar
  37. [37]
    F. ROUILLIER, Solving zero-dimensional systems through rational univariate representation, Appl. Algebra Engrg. Comm. Comput., 9 (1997), pp. 433–461.CrossRefMathSciNetGoogle Scholar
  38. [38]
    J. SAVAGE, Models of Computation. Exploring the Power of Computing, Addison Wesley, Reading, Massachussets, 1998.zbMATHGoogle Scholar
  39. [39]
    E. SCHOST, Computing parametric geometric resolutions, Appl. Algebra Engrg. Comm. Comput., 13 (2003), pp. 349–393.CrossRefMathSciNetGoogle Scholar
  40. [40]
    I. SHAPAREVICH, Basic Algebraic Geometry: Varieties in Projective Space, Springer, Berlin Heidelberg New York, 1994.Google Scholar
  41. [41]
    C. STURTIVANT AND Z.-L. ZHANG, Efficiently inverting bijections given by straight line programs, in Proceedings of the 31st Annual Symp. Found. Comput. Science, FOCS’90, Vol. 1, IEEE Computer Society Press, 1990, pp. 327–334.CrossRefMathSciNetGoogle Scholar
  42. [42]
    L.-C. WANG AND F.-H. CHANG, Tractable rational map cryptosystem. Cryptology ePrint Archive, Report 2004/046,, 2004.Google Scholar
  43. [43]
    C. WOLF AND B. PRENEEL, Taxonomy of public key schemes based on the problem of multivariate quadratic equations. Cryptology ePrint Archive, Report 2005/077,, 2005.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Antonio Cafure
    • 3
    • 4
  • Guillermo Matera
    • 1
    • 4
  • Ariel Waissbein
    • 2
    • 5
  1. 1.CONICETArgentina
  2. 2.ITBACdad. de Buenos AiresArgentina
  3. 3.Depto. de Matemática, Facultad de Ciencias Exactas y NaturalesUniversidad de Buenos AiresBuenos AiresArgentina
  4. 4.Instituto del Desarrollo HumanoUniversidad Nacional de General SarmientoLos PolvorinesArgentina
  5. 5.CoreLabsCore Security TechnologiesCiudad de Buenos AiresArgentina

Personalised recommendations