Skip to main content
Springer Nature Link
Log in

Revisiting the Cubic UOV Signature Scheme

  • Conference paper
  • First Online:
Information Security and Cryptology – ICISC 2016 (ICISC 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10157))

Included in the following conference series:

Abstract

As recently been emphasized by NSA and NIST, there is an increasing need for cryptographic schemes being secure against quantum computer attacks. Especially in the area of digital signature schemes, multivariate cryptography is one of the main candidates for this. At Inscrypt 2015, Nie et al. proposed a new multivariate signature scheme called CUOV [20], whose public key consists both of quadratic and cubic polynomials. However, the scheme was broken by an attack of Hashimoto [15]. In this paper we take a closer look on the CUOV scheme and its attack and propose two new multivariate signature schemes called CSSv and SVSv, which are secure against Hashimoto’s attack and all other known attacks on multivariate schemes. Especially our second construction SVSv is very efficient and outperforms current multivariate signature schemes such as UOV and Rainbow in terms of key and signature size.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    In contrast to the standard construction of multivariate cryptography (see above), Nie et al. did not use a second affine map \(\mathcal T\). The reason for this is that \(\mathcal T\) would turn the public key into a completely cubic map and therefore increase the key size drastically.

  2. 2.

    Our experiments showed that the same holds for the original CUOV scheme. In our comparison (see Table 1) we therefore changed the parameters compared to [20] to cover this fact.

  3. 3.

    By doing so, we do not have to distinguish between a quadratic form of rank v and a quadratic form in v variables.

  4. 4.

    The design of our scheme is inspired by the SimpleMatrix scheme [26]. Hence the name.

  5. 5.

    The reason for using the parameter r is to ensure that all components of the central map have the same rank (see Sect. 3.2). For the case of \((q \mathrm{~ mod~}2) = (v \mathrm{~mod~}2) =0\), we use \(r=2\), otherwise \(r=1\).

References

  1. Billet, O., Gilbert, H.: Cryptanalysis of rainbow. In: Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 336–347. Springer, Heidelberg (2006). doi:10.1007/11832072_23

    Chapter  Google Scholar 

  2. Bogdanov, A., Eisenbarth, T., Rupp, A., Wolf, C.: Time-area optimized public-key engines: \(\cal{MQ}\)-cryptosystems as replacement for elliptic curves? In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 45–61. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85053-3_4

    Chapter  Google Scholar 

  3. Bosma, W., Cannon, J., Playoust, C.: The magma algebra system I: the user language. J. Symbolic Comput. 24(3), 235–265 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  4. Chen, A.I.-T., Chen, M.-S., Chen, T.-R., Cheng, C.-M., Ding, J., Kuo, E.L.-H., Lee, F.Y.-S., Yang, B.-Y.: SSE implementation of multivariate PKCs on modern \(\times \)86 CPUs. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 33–48. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04138-9_3

    Chapter  Google Scholar 

  5. Chen, L., Jordan, S., Liu, Y.-K., Moody, D., Peralta, R., Perlner, R., Smith-Tone, D.: Report on post-quantum cryptography. National Institute of Standards and Technology Internal Report, 8105 (2016)

    Google Scholar 

  6. Coppersmith, D., Stern, J., Vaudenay, S.: Attacks on the birational permutation signature schemes. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 435–443. Springer, Heidelberg (1994). doi:10.1007/3-540-48329-2_37

    Chapter  Google Scholar 

  7. Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005). doi:10.1007/11496137_12

    Chapter  Google Scholar 

  8. Ding, J., Yang, B.-Y., Chen, C.-H.O., Chen, M.-S., Cheng, C.-M.: New differential-algebraic attacks and reparametrization of rainbow. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 242–257. Springer, Heidelberg (2008). doi:10.1007/978-3-540-68914-0_15

    Chapter  Google Scholar 

  9. Dubois, V., Fouque, P.-A., Shamir, A., Stern, J.: Practical cryptanalysis of SFLASH. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 1–12. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74143-5_1

    Chapter  Google Scholar 

  10. Faugere, J.-C.: A new efficient algorithm for computing Gröbner bases (f4). J. Pure Appl. Algebra 139(1), 61–88 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  11. Fouque, P.-A., Granboulan, L., Stern, J.: Differential cryptanalysis for multivariate schemes. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 341–353. Springer, Heidelberg (2005). doi:10.1007/11426639_20

    Chapter  Google Scholar 

  12. Garey, M.R., Johnson, D.S.: A Guide to the Theory of NP-Completeness. WH Freemann, New York (1979)

    MATH  Google Scholar 

  13. Goodin, D.: NSA preps quantum-resistant algorithms to head off cryptoapocalypse

    Google Scholar 

  14. Goubin, L., Courtois, N.T.: Cryptanalysis of the TTM cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 44–57. Springer, Heidelberg (2000). doi:10.1007/3-540-44448-3_4

    Chapter  Google Scholar 

  15. Hashimoto, Y.: On the security of cubic UOV

    Google Scholar 

  16. Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999). doi:10.1007/3-540-48910-X_15

    Google Scholar 

  17. Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  18. Kravitz, D.W.: Digital signature algorithm, 27 July 1993. US Patent 5,231,668

    Google Scholar 

  19. Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988). doi:10.1007/3-540-45961-8_39

    Google Scholar 

  20. Nie, X., Liu, B., Xiong, H., Lu, G.: Cubic unbalance oil and vinegar signature scheme. In: Lin, D., Wang, X.F., Yung, M. (eds.) Inscrypt 2015. LNCS, vol. 9589, pp. 47–56. Springer, Heidelberg (2016). doi:10.1007/978-3-319-38898-4_3

    Chapter  Google Scholar 

  21. Patarin, J.: Cryptanalysis of the matsumoto and imai public key scheme of eurocrypt 88. In Annual International Cryptology Conference, pp. 248–261. Springer, 1995

    Google Scholar 

  22. Patarin, J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): two new families of asymmetric algorithms. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996). doi:10.1007/3-540-68339-9_4

    Google Scholar 

  23. Patarin, J., Courtois, N., Goubin, L.: FLASH, a fast multivariate signature algorithm. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 298–307. Springer, Heidelberg (2001). doi:10.1007/3-540-45353-9_22

    Chapter  Google Scholar 

  24. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  25. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Rev. 41(2), 303–332 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  26. Tao, C., Diene, A., Tang, S., Ding, J.: Simple matrix scheme for encryption. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 231–242. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38616-9_16

    Chapter  Google Scholar 

Download references

Acknowledgments

The first and second author thank the Japanese Society for the Promotion of Science (JSPS) for financial support under grant KAKENHI 16K17644 and 15F15350.

Author information

Authors and Affiliations

  1. Institute of Mathematics for Industry, Kyushu University, 744 Motooka, Nishi-ku, Fukuoka, 819-0395, Japan

    Dung H. Duong, Albrecht Petzoldt & Tsuyoshi Takagi

  2. JST, CREST, 4-1-8 Honcho, Kawaguchi, Saitama, 332-0012, Japan

    Dung H. Duong & Tsuyoshi Takagi

  3. Graduate School of Mathematics, Kyushu University, Fukuoka, Japan

    Yacheng Wang

Authors
  1. Dung H. Duong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Albrecht Petzoldt
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yacheng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tsuyoshi Takagi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dung H. Duong .

Editor information

Editors and Affiliations

  1. CIST, Korea University, Seoul, Korea (Republic of)

    Seokhie Hong

  2. Sangmyung University, Seoul, Korea (Republic of)

    Jong Hwan Park

A Experiments with MAGMA

A Experiments with MAGMA

In this section we present the results of our experiments with the direct attack against the CSSv and SVSv schemes. For our experiments we created, for \(K=\) GF(256) and different values of o and v, public systems of CSSv and SVSv in MAGMA [3] code. We then fixed v (resp. \(v+r\) in the case of SVSv) of the variables to create determined systems and solved these using the F4 algorithm [10] integrated in MAGMA. Tables 2 and 3 show the degree of regularity of the corresponding systems. For each of the parameter sets listed in the table we performed 10 experiments.

Table 3. Experiments with the direct attack against CSSv
Full size table
Table 4. Experiments with the direct attack against the SVSv scheme
Full size table

As the experiments show, the public systems of both CSSv and SVSv behave, for \(o=2 \cdot v\), very similar to random systems. On the other hand, for smaller values of v, the public systems are significantly easier to solve.

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Duong, D.H., Petzoldt, A., Wang, Y., Takagi, T. (2017). Revisiting the Cubic UOV Signature Scheme. In: Hong, S., Park, J. (eds) Information Security and Cryptology – ICISC 2016. ICISC 2016. Lecture Notes in Computer Science(), vol 10157. Springer, Cham. https://doi.org/10.1007/978-3-319-53177-9_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-53177-9_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-53176-2

  • Online ISBN: 978-3-319-53177-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics