It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called “Underdefined”). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m+1). Therefore, it is important to estimate the hardness of the MQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m+3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m=28 and n=504, and it takes 78.7 seconds on a common PC.
Hiroyuki MIURA
Kyushu University
Yasufumi HASHIMOTO
University of the Ryukyus
Tsuyoshi TAKAGI
Kyushu University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Hiroyuki MIURA, Yasufumi HASHIMOTO, Tsuyoshi TAKAGI, "Extended Algorithm for Solving Underdefined Multivariate Quadratic Equations" in IEICE TRANSACTIONS on Fundamentals,
vol. E97-A, no. 6, pp. 1418-1425, June 2014, doi: 10.1587/transfun.E97.A.1418.
Abstract: It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called “Underdefined”). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m+1). Therefore, it is important to estimate the hardness of the MQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m+3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m=28 and n=504, and it takes 78.7 seconds on a common PC.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E97.A.1418/_p
Copy
@ARTICLE{e97-a_6_1418,
author={Hiroyuki MIURA, Yasufumi HASHIMOTO, Tsuyoshi TAKAGI, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Extended Algorithm for Solving Underdefined Multivariate Quadratic Equations},
year={2014},
volume={E97-A},
number={6},
pages={1418-1425},
abstract={It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called “Underdefined”). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m+1). Therefore, it is important to estimate the hardness of the MQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m+3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m=28 and n=504, and it takes 78.7 seconds on a common PC.},
keywords={},
doi={10.1587/transfun.E97.A.1418},
ISSN={1745-1337},
month={June},}
Copy
TY - JOUR
TI - Extended Algorithm for Solving Underdefined Multivariate Quadratic Equations
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1418
EP - 1425
AU - Hiroyuki MIURA
AU - Yasufumi HASHIMOTO
AU - Tsuyoshi TAKAGI
PY - 2014
DO - 10.1587/transfun.E97.A.1418
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E97-A
IS - 6
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - June 2014
AB - It is well known that solving randomly chosen Multivariate Quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of Multivariate Public Key Cryptosystems (MPKCs) is based on the MQ-Problem. However, this problem can be solved efficiently when the number of unknowns n is sufficiently greater than that of equations m (This is called “Underdefined”). Indeed, the algorithm by Kipnis et al. (Eurocrypt'99) can solve the MQ-Problem over a finite field of even characteristic in a polynomial-time of n when n ≥ m(m+1). Therefore, it is important to estimate the hardness of the MQ-Problem to evaluate the security of Multivariate Public Key Cryptosystems. We propose an algorithm in this paper that can solve the MQ-Problem in a polynomial-time of n when n ≥ m(m+3)/2, which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-Problem of m=28 and n=504, and it takes 78.7 seconds on a common PC.
ER -