Efficient Implementations of Multivariate Quadratic Systems

  • Côme Berbain
  • Olivier Billet
  • Henri Gilbert
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4356)


This work investigates several methods to achieve efficient software implementations of systems of multivariate quadratic equations. Such systems of equations appear in several multivariate cryptosystems such as the signature schemes sflash, Rainbow, the encryption scheme pmi  + , or the stream cipher quad. We describe various implementation strategies. These strategies were combined to implement the public computations of three asymmetric schemes as well as the stream cipher quad. We conducted extensive benchmarks on our implementations which are exposed in the final section of this paper. The obtained figures support the claim that when some care is taken, multivariate schemes can be efficiently implemented in software.


multivariate systems quadratic equations efficient software implementation 


  1. 1.
    Akkar, M.-L., Courtois, N.T., Goubin, L., Duteuil, R.: A Fast and Secure Implementation of SFLASH. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 267–278. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Berbain, C., Gilbert, H., Patarin, J.: QUAD: a Practical Stream Cipher with Provable Security. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Billet, O., Gilbert, H.: Cryptanalysis of Rainbow. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Ding, J., Gower, J.E.: Inoculating multivariate schemes against differential attacks. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 290–301. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Ding, J., Schmidt, D.: Rainbow, a New Multivariable Polynomial Signature Scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    ECRYPT. eSTREAM: ECRYPT Stream Cipher Project, IST-2002-507932 (2005) (accessed September 29, 2005), Available at
  7. 7.
    Imai, H., Matsumoto, T.: Algebraic Methods for Constructing Asymmetric Cryptosystems. In: Calmet, J. (ed.) Algebraic Algorithms and Error-Correcting Codes. LNCS, vol. 229, pp. 108–119. Springer, Heidelberg (1986)Google Scholar
  8. 8.
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced Oil and Vinegar Signature Schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999)Google Scholar
  9. 9.
    Matsui, M.: How Far Can We Go on the x64 Processors? In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Matsumoto, T., Imai, H.: A Class of Asymmetric Cryptosystems Based on Polynomials over Finite Rings. In: IEEE International Symposium on Information Theory, pp. 131–132 (1983)Google Scholar
  11. 11.
    Matsumoto, T., Imai, H.: Public Quadratic Polynominal-Tuples for Efficient Signature-Verification and Message-Encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)Google Scholar
  12. 12.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: The case of aes. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Patarin, J.: Cryptoanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt ’88. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)Google Scholar
  14. 14.
    Patarin, J.: Asymmetric Cryptography with a Hidden Monomial. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 45–60. Springer, Heidelberg (1996)Google Scholar
  15. 15.
    Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)Google Scholar
  16. 16.
    Patarin, J., Goubin, L., Courtois, N.T.: C*-+ and HM: Variations Around Two Schemes of T. Matsumoto and H. Imai. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 35–49. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Yang, B.-Y., Chen, J.-M., Chen, Y.-H.: TTS: High-Speed Signatures on a Low-Cost Smart Card. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, p. 371. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Côme Berbain
    • 1
  • Olivier Billet
    • 1
  • Henri Gilbert
    • 1
  1. 1.France Télécom R&D, 38–40, rue du Général Leclerc, 92794 Issy les Moulineaux Cedex 9France

Personalised recommendations