TY - JOUR
T1 - The secure parameters and efficient decryption algorithm for multivariate public key cryptosystem EFC
AU - Wang, Yacheng
AU - Ikematsu, Yasuhiko
AU - Duong, Dung Hoang
AU - Takagi, Tsuyoshi
N1 - Funding Information:
The first author thanks the Japanese Society for the Promotion of Science (JSPS) for financial support under grant KAKENHI 18J20866. The second and fourth authors were supported by JST CREST (Grant Number JPMJCR14D6).
Publisher Copyright:
Copyright © 2019 The Institute of Electronics, Information and Communication Engineers.
PY - 2019
Y1 - 2019
N2 - At PQCrypto 2016, Szepieniec et al. proposed a new type of trapdoor called Extension Field Cancellation (EFC) for constructing secure multivariate encryption cryptosystems. They also specifically suggested two schemes EFC− p and EFC− pt2 that apply this trapdoor and some modifiers. Although both of them seem to avoid all attacks used for cryptanalysis on multivariate cryptography, their decryption efficiency has room for improvement. On the other hand, their security was analyzed mainly through an algebraic attack of computing the Gröbner basis of the public key, and there possibly exists more effective attacks. In this paper, we introduce a more efficient decryption approach for EFC− p and EFC− pt2, which manages to avoid all redundant computation involved in the original decryption algorithms without altering their public key. In addition, we estimate the secure parameters for EFC− p and EFC− pt2 through a hybrid attack of algebraic attack and exhaustive search.
AB - At PQCrypto 2016, Szepieniec et al. proposed a new type of trapdoor called Extension Field Cancellation (EFC) for constructing secure multivariate encryption cryptosystems. They also specifically suggested two schemes EFC− p and EFC− pt2 that apply this trapdoor and some modifiers. Although both of them seem to avoid all attacks used for cryptanalysis on multivariate cryptography, their decryption efficiency has room for improvement. On the other hand, their security was analyzed mainly through an algebraic attack of computing the Gröbner basis of the public key, and there possibly exists more effective attacks. In this paper, we introduce a more efficient decryption approach for EFC− p and EFC− pt2, which manages to avoid all redundant computation involved in the original decryption algorithms without altering their public key. In addition, we estimate the secure parameters for EFC− p and EFC− pt2 through a hybrid attack of algebraic attack and exhaustive search.
UR - http://www.scopus.com/inward/record.url?scp=85072680889&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85072680889&partnerID=8YFLogxK
U2 - 10.1587/transfun.E102.A.1028
DO - 10.1587/transfun.E102.A.1028
M3 - Article
AN - SCOPUS:85072680889
VL - E102A
SP - 1028
EP - 1036
JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
SN - 0916-8508
IS - 9
ER -