TY - GEN

T1 - Extended algorithm for solving underdefined multivariate quadratic equations

AU - Miura, Hiroyuki

AU - Hashimoto, Yasufumi

AU - Takagi, Tsuyoshi

PY - 2013/9/26

Y1 - 2013/9/26

N2 - It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called "Underdefined"). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m + 1). Therefore, it is important to estimate the hardness of the MQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m + 3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m = 28 and n = 504, and it takes 78.7 seconds on a common PC.

AB - It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called "Underdefined"). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m + 1). Therefore, it is important to estimate the hardness of the MQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m + 3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m = 28 and n = 504, and it takes 78.7 seconds on a common PC.

UR - http://www.scopus.com/inward/record.url?scp=84884489930&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84884489930&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-38616-9_8

DO - 10.1007/978-3-642-38616-9_8

M3 - Conference contribution

AN - SCOPUS:84884489930

SN - 9783642386152

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 118

EP - 135

BT - Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, Proceedings

T2 - 5th International Workshop on Post-Quantum Cryptography, PQCrypto 2013

Y2 - 4 June 2013 through 7 June 2013

ER -