Documente Academic
Documente Profesional
Documente Cultură
Part 1: Basics
Albrecht Petzoldt
Definition
Two polynomial systems G : Fn → Fm and H : Fn → Fm are called
isomorphic
⇒ The central map F and the public key P of an MPKC are isomorphic.
Important Schemes
PMI+, IPHFE+
ZHFE ( → this conference)
Simple Matrix (→ this conference)
Important Schemes
UOV, Rainbow
HFEv-, Gui
MQDSS
pFLASH ( → this conference), TTS
A. Petzoldt Multivariate Cryptography PQCrypto Summer School 9 / 24
Signature Schemes (m ≤ n)
Signature Generation: Given message d, use a hash function
H : {0, 1}? → Fm to compute w = H(d) ∈ Fm . Compute recursively
x = S −1 (w) ∈ Fm , y = F −1 (x) ∈ Fn and z = T −1 (y). The signature of
the message d is z ∈ Fn .
The condition (m ≤ n) is needed for the surjectivity of the map F, i.e.
every message has a signature.
Important Schemes
UOV, Rainbow
HFEv-, Gui
MQDSS
pFLASH (→ this conference), TTS
A. Petzoldt Multivariate Cryptography PQCrypto Summer School 10 / 24
Workflow
!2 !
n + dreg n
Complexity = 3 · ·
dreg 2
!ω
n+r
Complexity(MinorsModelling) = O
r
with 2 < ω ≤ 3.
Multivariate Cryptography
deals with systems of nonlinear (usually quadratic) multivariate
polynomials
one of the main candidates for post-quantum cryptosystems
very efficient signature schemes (e.g. Rainbow, HFEv-) with short
signatures
not so good for encryption schemes
large public key sizes, no security proofs
But: Theoretical Security estimates match very well with
experimental data