Abstract
In [16], J. Patarin designed a new scheme, called “Oil and Vinegar”, for computing asymmetric signatures. It is very simple, can be computed very fast (both in secret and public key) and requires very little RAM in smartcard implementations. The idea consists in hiding quadratic equations in n unknowns called “oil” and v = n unknowns called “vinegar” over a finite field K, with linear secret functions. This original scheme was broken in [10] by A. Kipnis and A. Shamir. In this paper, we study some very simple variations of the original scheme where v > n (instead of v = n). These schemes are called “Unbalanced Oil and Vinegar” (UOV), since we have more “vinegar” unknowns than “oil” unknowns. We show that, when v ⋍ n, the attack of [10] can be extended, but when v ≥ 2n for example, the security of the scheme is still an open problem. Moreover, when \( v \simeq \tfrac{{n^2 }} {2}\) , the security of the scheme is exactly equivalent (if we accept a very natural but not proved property) to the problem of solving a random set of n quadratic equations in \( \tfrac{{n^2 }} {2}\) unknowns (with no trapdoor). However, we show that (in characteristic 2) when v ≥ n 2, finding a solution is generally easy. Then we will see that it is very easy to combine the Oil and Vinegar idea and the HFE schemes of [14]. The resulting scheme, called HFEV, looks at the present also very interesting both from a practical and theoretical point of view. The length of a UOV signature can be as short as 192 bits and for HFEV it can be as short as 80 bits.
Chapter PDF
References
Anonymous, Cryptanalysis of the HFE Public Key Cryptosystem, not yet published.
Anonymous, Practical cryptanalysis of Hidden Field Equations (HFE), not yet published.
Anonymous, Cryptanalysis of Patarin’s 2-Round Public Key System with S Boxes, not yet published.
D. Coppersmith, personal communication, e-mail.
Z. Dai, D. Ye, K.-Y. Lam, Factoring-attacks on Asymmetric Cryptography Based on Mapping-compositions, not yet published.
J.-C. Faugere, personal communication.
H. Fell, W. Diffie, Analysis of a public key approach based on polynomial substitutions, Proceedings of CRYPTO’85, Springer-Verlag, vol. 218, pp. 340–349
M. Garey, D. Johnson, Computers and Intractability, a Guide to the Theory of NP-Completeness, Freeman, p. 251.
H. Imai, T. Matsumoto, Algebraic Methods for Constructing Asymmetric Cryptosystems, Algebraic Algorithms and Error Correcting Codes (AAECC-3), Grenoble, 1985, Springer-Verlag, LNCS no229.
A. Kipnis, A. Shamir, Cryptanalysis of the Oil and Vinegar Signature Scheme, Proceedings of CRYPTO’98, Springer, LNCS no1462, pp. 257–266.
R. Lidl, H. Niederreiter, Finite Fields, Encyclopedia of Mathematics and its applications, volume 20, Cambridge University Press.
T. Matsumoto, H. Imai, Public Quadratic Polynomial-tuples for efficient signature-verification and message-encryption, Proceedings of EUROCRYPT’88, Springer-Verlag, pp. 419–453.
Jacques Patarin, Cryptanalysis of the Matsumoto and Imai public Key Scheme of Eurocrypt’88, Proceedings of CRYPTO’95, Springer-Verlag, pp. 248–261.
J. Patarin, Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms, Proceedings of EUROCRYPT’96, Springer, pp. 33–48.
Jacques Patarin, Asymmetric Cryptography with a Hidden Monomial, Proceedings of CRYPTO’96, Springer, pp. 45–60.
J. Patarin, The Oil and Vinegar Signature Scheme, presented at the Dagstuhl Workshop on Cryptography, september 1997 (transparencies).
J. Patarin, L. Goubin, Trapdoor One-way Permutations and Multivariate Polynomials, Proceedings of ICICS’97, Springer, LNCS no1334, pp. 356–368.
J. Patarin, L. Goubin, Asymmetric Cryptography with S-Boxes, Proceedings of ICICS’97, Springer, LNCS no1334, pp. 369–380.
J. Patarin, L. Goubin, N. Courtois, Improved Algorithms for Isomorphisms of Polynomials, Proceedings of EUROCRYPT’98, Springer, pp. 184–200.
J. Patarin, L. Goubin, N. Courtois, C *−+ and HM: Variations Around Two Schemes of T. Matsumoto and H. Imai, Proceedings of ASIACRYPT’98, Springer, pp. 35–49.
A. Shamir, A simple scheme for encryption and its cryptanalysis found by D. Coppersmith and J. Stern, presented at the Luminy workshop on cryptography, september 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kipnis, A., Patarin, J., Goubin, L. (1999). Unbalanced Oil and Vinegar Signature Schemes. In: Stern, J. (eds) Advances in Cryptology — EUROCRYPT ’99. EUROCRYPT 1999. Lecture Notes in Computer Science, vol 1592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48910-X_15
Download citation
DOI: https://doi.org/10.1007/3-540-48910-X_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65889-4
Online ISBN: 978-3-540-48910-8
eBook Packages: Springer Book Archive