### 抄録

ZHFE, proposed by Porras et al. at PQCrypto'14, is one of the very few existing multivariate encryption schemes and a very promising candidate for post-quantum cryptosystems. The only one drawback is its slow key generation. At PQCrypto'16, Baena et al. proposed an algorithm to construct the private ZHFE keys, which is much faster than the original algorithm, but still inefficient for practical parameters. Recently, Zhang and Tan proposed another private key generation algorithm, which is very fast but not necessarily able to generate all the private ZHFE keys. In this paper we propose a new efficient algorithm for the private key generation and estimate the number of possible keys generated by all existing private key generation algorithms for the ZHFE scheme. Our algorithm generates as many private ZHFE keys as the original and Baena et al.'s ones and reduces the complexity from O(n2ω+1) by Baena et al. to O(nω+3), where n is the number of variables and ω is a linear algebra constant. Moreover, we also analyze when the decryption of the ZHFE scheme does not work.

元の言語 | 英語 |
---|---|

ページ（範囲） | 29-38 |

ページ数 | 10 |

ジャーナル | IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences |

巻 | E101A |

発行部数 | 1 |

DOI | |

出版物ステータス | 出版済み - 1 1 2018 |

### Fingerprint

### All Science Journal Classification (ASJC) codes

- Signal Processing
- Computer Graphics and Computer-Aided Design
- Electrical and Electronic Engineering
- Applied Mathematics

### これを引用

*IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences*,

*E101A*(1), 29-38. https://doi.org/10.1587/transfun.E101.A.29

**An efficient key generation of ZHFE public key cryptosystem.** / Ikematsu, Yasuhiko; Duong, Dung Hoang; Petzoldt, Albrecht; Takagi, Tsuyoshi.

研究成果: ジャーナルへの寄稿 › 記事

*IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences*, 巻. E101A, 番号 1, pp. 29-38. https://doi.org/10.1587/transfun.E101.A.29

}

TY - JOUR

T1 - An efficient key generation of ZHFE public key cryptosystem

AU - Ikematsu, Yasuhiko

AU - Duong, Dung Hoang

AU - Petzoldt, Albrecht

AU - Takagi, Tsuyoshi

PY - 2018/1/1

Y1 - 2018/1/1

N2 - ZHFE, proposed by Porras et al. at PQCrypto'14, is one of the very few existing multivariate encryption schemes and a very promising candidate for post-quantum cryptosystems. The only one drawback is its slow key generation. At PQCrypto'16, Baena et al. proposed an algorithm to construct the private ZHFE keys, which is much faster than the original algorithm, but still inefficient for practical parameters. Recently, Zhang and Tan proposed another private key generation algorithm, which is very fast but not necessarily able to generate all the private ZHFE keys. In this paper we propose a new efficient algorithm for the private key generation and estimate the number of possible keys generated by all existing private key generation algorithms for the ZHFE scheme. Our algorithm generates as many private ZHFE keys as the original and Baena et al.'s ones and reduces the complexity from O(n2ω+1) by Baena et al. to O(nω+3), where n is the number of variables and ω is a linear algebra constant. Moreover, we also analyze when the decryption of the ZHFE scheme does not work.

AB - ZHFE, proposed by Porras et al. at PQCrypto'14, is one of the very few existing multivariate encryption schemes and a very promising candidate for post-quantum cryptosystems. The only one drawback is its slow key generation. At PQCrypto'16, Baena et al. proposed an algorithm to construct the private ZHFE keys, which is much faster than the original algorithm, but still inefficient for practical parameters. Recently, Zhang and Tan proposed another private key generation algorithm, which is very fast but not necessarily able to generate all the private ZHFE keys. In this paper we propose a new efficient algorithm for the private key generation and estimate the number of possible keys generated by all existing private key generation algorithms for the ZHFE scheme. Our algorithm generates as many private ZHFE keys as the original and Baena et al.'s ones and reduces the complexity from O(n2ω+1) by Baena et al. to O(nω+3), where n is the number of variables and ω is a linear algebra constant. Moreover, we also analyze when the decryption of the ZHFE scheme does not work.

UR - http://www.scopus.com/inward/record.url?scp=85040177459&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85040177459&partnerID=8YFLogxK

U2 - 10.1587/transfun.E101.A.29

DO - 10.1587/transfun.E101.A.29

M3 - Article

VL - E101A

SP - 29

EP - 38

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

SN - 0916-8508

IS - 1

ER -