Abstract
In this paper, we review and explain the existing algebraic cryptanalysis of multivariate cryptosystems from the hidden field equation (HFE) family. These cryptanalysis break cryptosystems in the HFE family by solving multivariate systems of equations. In this paper we present a new and efficient attack of this cryptosystem based on fast algorithms for computing Gröbner basis. In particular it was was possible to break the first HFE challenge (80 bits) in only two days of CPU time by using the new algorithm F5 implemented in C.
From a theoretical point of view we study the algebraic properties of the equations produced by instance of the HFE cryptosystems and show why they yield systems of equations easier to solve than random systems of quadratic equations of the same sizes. Moreover we are able to bound the maximal degree occuring in the Gröbner basis computation.
As a consequence, we gain a deeper understanding of the algebraic cryptanalysis against these cryptosystems. We use this understanding to devise a specific algorithm based on sparse linear algebra. In general, we conclude that the cryptanalysis of HFE can be performed in polynomial time. We also revisit the security estimates for existing schemes in the HFE family.
Chapter PDF
References
Buchberger, B.: Ein Algorithmus zum Auffinden der Basiselemente des Restklassenringes nach einem nulldimensionalen Polynomideal. PhD thesis, Innsbruck (1965)
Buchberger, B.: An Algorithmical Criterion for the Solvability of Algebraic Systems. Aequationes Mathematicae 4(3), 374–383 (1970) (German)
Buchberger, B.: A Criterion for Detecting Unnecessary Reductions in the Construction of Gröbner Basis. In: Ng, K.W. (ed.) EUROSAM 1979 and ISSAC 1979. LNCS, vol. 72, pp. 3–21. Springer, Heidelberg (1979)
Bardet, M., Faugère, J.-C., Salvy, B.: Complexity of Gröbner basis computation for regular, overdetermined (2003) (in preparation)
Becker, T., Weispfenning, V.: Groebner Bases, a Computationnal Approach to Commutative Algebra. Graduate Texts in Mathematics. Springer, Heidelberg (1993)
Coppersmith, D.: Solving homogeneous linear equations over GF(2) via block Wiedemann algorithm. Math. Comp. 62, 333–350 (1994)
Courtois, N.: The security of Hidden Field Equations (HFE). In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 266–281. Springer, Heidelberg (2001)
Courtois, N., Shamir, A., Patarin, J., Klimov, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)
Cox, D., Little, J., O’Shea, D.: Using Algebraic Geometry. Springer, New York (1998)
Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases (F4). Journal of Pure and Applied Algebra 139(1–3), 61–88 (1999)
Faugère, J.-C.: Algebraic cryptanalysis of HFE using Göbner bases. Technical Report 4738, INRIA (2003)
Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases without reduction to zero F5. In: Mora, T. (ed.) Proceedings of ISSAC, pp. 75–83. ACM Press, New York (2002)
Gilbert, H., Minier, M.: Cryptanalysis of SFLASH. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 288–298. Springer, Heidelberg (2002)
Kipnis, A., Shamir, A.: Cryptanalysis of the oil and vinegar signature scheme. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 257–266. Springer, Heidelberg (1998)
Kipnis, A., Shamir, A.: Cryptanalysis of the HFE Public Key Cryptosystem by R elinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999)
Lazard, D.: Gaussian Elimination and Resolution of Systems of Algebraic Equations. In: van Hulzen, J.A. (ed.) ISSAC 1983 and EUROCAL 1983. LNCS, vol. 162, pp. 146–157. Springer, Heidelberg (1983)
Macaulay, F.S.: The algebraic theory of modular systems. Cambridge Mathematical Library, vol. xxxi. Cambridge University Press, Cambridge (1916)
Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signatureveri fication and message-encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)
Montgomery, P.L.: A block Lanczos algorithm for finding dependencies over Gf(2). In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 106–120. Springer, Heidelberg (1995)
Patarin, J.: Cryptanalysis of the Matsumoto and Imai public key scheme o f Eurocrypt 1988. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)
Patarin, J.: HFE first challenge (1996), http://www.minrank.org/challenge1.txt
Patarin, J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): two new families of asymmetric algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)
Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms. Extended version (1996)
Patarin, J., Goubin, L., Courtois, N.: Quartz: An Asymetric Signature Scheme for Short Signatures on PC, submission to NESSIE (2000)
Shoup, V.: NTL 5.3.1, a Library for doing Number Theory (2003), http://www.shoup.net/ntl
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Faugère, JC., Joux, A. (2003). Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases. In: Boneh, D. (eds) Advances in Cryptology - CRYPTO 2003. CRYPTO 2003. Lecture Notes in Computer Science, vol 2729. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45146-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-45146-4_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40674-7
Online ISBN: 978-3-540-45146-4
eBook Packages: Springer Book Archive