### Abstract

It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called "Underdefined"). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m + 1). Therefore, it is important to estimate the hardness of the MQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m + 3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m = 28 and n = 504, and it takes 78.7 seconds on a common PC.

Original language | English |
---|---|

Title of host publication | Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, Proceedings |

Pages | 118-135 |

Number of pages | 18 |

DOIs | |

Publication status | Published - Sep 26 2013 |

Event | 5th International Workshop on Post-Quantum Cryptography, PQCrypto 2013 - Limoges, France Duration: Jun 4 2013 → Jun 7 2013 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 7932 LNCS |

ISSN (Print) | 0302-9743 |

ISSN (Electronic) | 1611-3349 |

### Other

Other | 5th International Workshop on Post-Quantum Cryptography, PQCrypto 2013 |
---|---|

Country | France |

City | Limoges |

Period | 6/4/13 → 6/7/13 |

### Fingerprint

### All Science Journal Classification (ASJC) codes

- Theoretical Computer Science
- Computer Science(all)

### Cite this

*Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, Proceedings*(pp. 118-135). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7932 LNCS). https://doi.org/10.1007/978-3-642-38616-9_8

**Extended algorithm for solving underdefined multivariate quadratic equations.** / Miura, Hiroyuki; Hashimoto, Yasufumi; Takagi, Tsuyoshi.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, Proceedings.*Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7932 LNCS, pp. 118-135, 5th International Workshop on Post-Quantum Cryptography, PQCrypto 2013, Limoges, France, 6/4/13. https://doi.org/10.1007/978-3-642-38616-9_8

}

TY - GEN

T1 - Extended algorithm for solving underdefined multivariate quadratic equations

AU - Miura, Hiroyuki

AU - Hashimoto, Yasufumi

AU - Takagi, Tsuyoshi

PY - 2013/9/26

Y1 - 2013/9/26

N2 - It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called "Underdefined"). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m + 1). Therefore, it is important to estimate the hardness of the MQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m + 3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m = 28 and n = 504, and it takes 78.7 seconds on a common PC.

AB - It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called "Underdefined"). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m + 1). Therefore, it is important to estimate the hardness of the MQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m + 3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m = 28 and n = 504, and it takes 78.7 seconds on a common PC.

UR - http://www.scopus.com/inward/record.url?scp=84884489930&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84884489930&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-38616-9_8

DO - 10.1007/978-3-642-38616-9_8

M3 - Conference contribution

AN - SCOPUS:84884489930

SN - 9783642386152

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 118

EP - 135

BT - Post-Quantum Cryptography - 5th International Workshop, PQCrypto 2013, Proceedings

ER -