Extended algorithm for solving underdefined multivariate quadratic equations

Hiroyuki Miura, Yasufumi Hashimoto, Tsuyoshi Takagi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called "Underdefined"). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m + 1). Therefore, it is important to estimate the hardness of the MQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m + 3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m = 28 and n = 504, and it takes 78.7 seconds on a common PC.

Original languageEnglish
Title of host publicationPost-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, Proceedings
Pages118-135
Number of pages18
DOIs
Publication statusPublished - Sep 26 2013
Event5th International Workshop on Post-Quantum Cryptography, PQCrypto 2013 - Limoges, France
Duration: Jun 4 2013Jun 7 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7932 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other5th International Workshop on Post-Quantum Cryptography, PQCrypto 2013
CountryFrance
CityLimoges
Period6/4/136/7/13

Fingerprint

Quadratic equation
Cryptography
Public-key Cryptosystem
Polynomials
Galois field
Polynomial time
Computational complexity
Hardness
NP-complete problem
Unknown
Evaluate
Estimate
Range of data

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Miura, H., Hashimoto, Y., & Takagi, T. (2013). Extended algorithm for solving underdefined multivariate quadratic equations. In Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, Proceedings (pp. 118-135). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7932 LNCS). https://doi.org/10.1007/978-3-642-38616-9_8

Extended algorithm for solving underdefined multivariate quadratic equations. / Miura, Hiroyuki; Hashimoto, Yasufumi; Takagi, Tsuyoshi.

Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, Proceedings. 2013. p. 118-135 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7932 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Miura, H, Hashimoto, Y & Takagi, T 2013, Extended algorithm for solving underdefined multivariate quadratic equations. in Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7932 LNCS, pp. 118-135, 5th International Workshop on Post-Quantum Cryptography, PQCrypto 2013, Limoges, France, 6/4/13. https://doi.org/10.1007/978-3-642-38616-9_8
Miura H, Hashimoto Y, Takagi T. Extended algorithm for solving underdefined multivariate quadratic equations. In Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, Proceedings. 2013. p. 118-135. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-38616-9_8
Miura, Hiroyuki ; Hashimoto, Yasufumi ; Takagi, Tsuyoshi. / Extended algorithm for solving underdefined multivariate quadratic equations. Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, Proceedings. 2013. pp. 118-135 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{d56a77a81012424db9671e18fc74e574,
title = "Extended algorithm for solving underdefined multivariate quadratic equations",
abstract = "It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called {"}Underdefined{"}). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m + 1). Therefore, it is important to estimate the hardness of the MQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m + 3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m = 28 and n = 504, and it takes 78.7 seconds on a common PC.",
author = "Hiroyuki Miura and Yasufumi Hashimoto and Tsuyoshi Takagi",
year = "2013",
month = "9",
day = "26",
doi = "10.1007/978-3-642-38616-9_8",
language = "English",
isbn = "9783642386152",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "118--135",
booktitle = "Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, Proceedings",

}

TY - GEN

T1 - Extended algorithm for solving underdefined multivariate quadratic equations

AU - Miura, Hiroyuki

AU - Hashimoto, Yasufumi

AU - Takagi, Tsuyoshi

PY - 2013/9/26

Y1 - 2013/9/26

N2 - It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called "Underdefined"). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m + 1). Therefore, it is important to estimate the hardness of the MQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m + 3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m = 28 and n = 504, and it takes 78.7 seconds on a common PC.

AB - It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called "Underdefined"). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m + 1). Therefore, it is important to estimate the hardness of the MQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m + 3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m = 28 and n = 504, and it takes 78.7 seconds on a common PC.

UR - http://www.scopus.com/inward/record.url?scp=84884489930&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84884489930&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-38616-9_8

DO - 10.1007/978-3-642-38616-9_8

M3 - Conference contribution

AN - SCOPUS:84884489930

SN - 9783642386152

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 118

EP - 135

BT - Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, Proceedings

ER -