Extended algorithm for solving underdefined multivariate quadratic equations

Hiroyuki Miura, Yasufumi Hashimoto, Tsuyoshi Takagi

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called "Underdefined"). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m + 1). Therefore, it is important to estimate the hardness of theMQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m + 3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m = 28 and n = 504, and it takes 78.7 seconds on a common PC.

Original languageEnglish
Pages (from-to)1418-1425
Number of pages8
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
VolumeE97-A
Issue number6
DOIs
Publication statusPublished - Jan 1 2014

Fingerprint

Quadratic equation
Cryptography
Public-key Cryptosystem
Polynomials
Galois field
Polynomial time
Computational complexity
Hardness
NP-complete problem
Unknown
Evaluate
Estimate
Range of data

All Science Journal Classification (ASJC) codes

  • Signal Processing
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering
  • Applied Mathematics

Cite this

Extended algorithm for solving underdefined multivariate quadratic equations. / Miura, Hiroyuki; Hashimoto, Yasufumi; Takagi, Tsuyoshi.

In: IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E97-A, No. 6, 01.01.2014, p. 1418-1425.

Research output: Contribution to journalArticle

@article{de47d51a85204a55a71b01e7ab74f74b,
title = "Extended algorithm for solving underdefined multivariate quadratic equations",
abstract = "It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called {"}Underdefined{"}). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m + 1). Therefore, it is important to estimate the hardness of theMQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m + 3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m = 28 and n = 504, and it takes 78.7 seconds on a common PC.",
author = "Hiroyuki Miura and Yasufumi Hashimoto and Tsuyoshi Takagi",
year = "2014",
month = "1",
day = "1",
doi = "10.1587/transfun.E97.A.1418",
language = "English",
volume = "E97-A",
pages = "1418--1425",
journal = "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences",
issn = "0916-8508",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "6",

}

TY - JOUR

T1 - Extended algorithm for solving underdefined multivariate quadratic equations

AU - Miura, Hiroyuki

AU - Hashimoto, Yasufumi

AU - Takagi, Tsuyoshi

PY - 2014/1/1

Y1 - 2014/1/1

N2 - It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called "Underdefined"). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m + 1). Therefore, it is important to estimate the hardness of theMQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m + 3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m = 28 and n = 504, and it takes 78.7 seconds on a common PC.

AB - It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called "Underdefined"). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m + 1). Therefore, it is important to estimate the hardness of theMQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m + 3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m = 28 and n = 504, and it takes 78.7 seconds on a common PC.

UR - http://www.scopus.com/inward/record.url?scp=84901774655&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84901774655&partnerID=8YFLogxK

U2 - 10.1587/transfun.E97.A.1418

DO - 10.1587/transfun.E97.A.1418

M3 - Article

AN - SCOPUS:84901774655

VL - E97-A

SP - 1418

EP - 1425

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 6

ER -