Hybrid Approach for the Fast Verification for Improved Versions of the UOV and Rainbow Signature Schemes

Multivariate cryptography is one of the main candidates to guarantee the security of communication in the post-quantum era. Especially in the area of digital signatures, multivariate cryptography offers a wide range of practical schemes. In \cite{PB12} and \cite{PB13} Petzoldt et al. showed a way to speed up the verification process of improved variants of the UOV and Rainbow signature schemes. In this paper we show how we can do even better by a slight variation of their algorithms

Selecting and Reducing Key Sizes for Multivariate Cryptography

Cryptographic techniques are essential for the security of communication in modern society. As more and more business processes are performed via the Internet, the need for efficient cryptographic solutions will further increase in the future. Today, nearly all cryptographic schemes used in practice are based on the two problems of factoring large integers and solving discrete logarithms. However, schemes based on these problems will become insecure when large enough quantum computers are built. The reason for this is Shor's algorithm, which solves number theoretic problems such as integer factorization and discrete logarithms in polynomial time on a quantum computer. Therefore one needs alternatives to those classical public key schemes. Besides lattice, code and hash based cryptosystems, multivariate cryptography seems to be a candidate for this. Additional to their (believed) resistance against quantum computer attacks, multivariate schemes are very fast and require only modest computational resources, which makes them attractive for the use on low cost devices such as RFID chips and smart cards. However, there remain some open problems to be solved, such as the unclear parameter choice of multivariate schemes, the large key sizes and the lack of more advanced multivariate schemes like signatures with special properties and key exchange protocols. In this dissertation we address two of these open questions in the area of multivariate cryptography. In the first part we consider the question of the parameter choice of multivariate schemes. We start with the security model of Lenstra and Verheul, which, on the basis of certain assumptions like the development of the computing environment and the budget of an attacker, proposes security levels for now and the near future. Based on this model we study the known attacks against multivariate schemes in general and the Rainbow signature scheme in particular and use this analysis to propose secure parameter sets for these schemes for the years 2012 - 2050. In the second part of this dissertation we present an approach to reduce the public key size of certain multivariate signature schemes such as UOV and Rainbow. We achieve the reduction by inserting a structured matrix into the coefficient matrix of the public key, which enables us to store the public key in an efficient way. We propose several improved versions of UOV and Rainbow which reduce the size of the public key by factors of 8 and 3 respectively. Using the results of the first part, we show that using structured public keys does not weaken the security of the underlying schemes against known attacks. Furthermore we show how the structure of the public key can be used to speed up the verification process of the schemes. Hereby we get a speed up of factors of 6 for UOV and 2 for Rainbow. Finally we show how to apply our techniques to the QUAD stream cipher. By doing so we can increase the data throughput of QUAD by a factor of 7