Rank Analysis of Cubic Multivariate Cryptosystems

In this work we analyze the security of cubic cryptographic constructions with respect to rank weakness. We detail how to extend the big field idea from quadratic to cubic, and show that the same rank defect occurs. We extend the min-rank problem and propose an algorithm to solve it in this setting. We show that for fixed small rank, the complexity is even lower than for the quadratic case. However, the rank of a cubic polynomial in $n$ variables can be larger than $n$, and in this case the algorithm is very inefficient. We show that the rank of the differential is not necessarily smaller, rendering this line of attack useless if the rank is large enough. Similarly, the algebraic attack is exponential in the rank, thus useless for high rank

UOV-Pepper: New Public Key Short Signature in Degree 3

In this paper, we present a new perturbation for the design of multivariate schemes that we call ``Pepper\u27\u27. From this idea, we present some efficient multivariate signature schemes with explicit parameters that resist all known attacks. In particular they resist the two main (and often very powerful) attacks in this area: the Gröbner attacks (to compute a solution of the system derived from the public key) and the MinRank attacks (to recover the secret key). Pepper can also be seen as a new perturbation that can be used to strengthen many other multivariate schemes. The ``Pepper\u27\u27 perturbation works only for public key equations of degree (at least) 3. Despite this, the size of the public key may still be reasonable since we can use larger fields (and also maybe non dense equations). Furthermore, the size of the signatures can be very short

Onyx: New Encryption and Signature Schemes with Multivariate Public Key in Degree 3

In this paper, we present a new secret trapdoor function for the design of multivariate schemes that we call ``Onyx\u27\u27, suitable for encryption and signature. It has been inspired by the schemes presented in Ariadne Thread and Pepper: New mul-tivariate cryptographic schemes with public keys in degree 3. . From this idea, we present some efficient encryption and signature multivariate schemes with explicit parameters that resist all known attacks. In particular they resist the two main (and often very powerful) attacks in this area: the Gröbner attacks (to compute a solution of the system derived from the public key) and the MinRank attacks (to recover the secret key). Specific attacks due to the properties of the function and its differential are also addressed in this paper. The ``Onyx\u27\u27 schemes have public key equations of degree 3. Despite this, the size of the public key may still be reasonable since we can use larger fields and smaller extension degrees. Onyx signatures can be as short as the ``birthday paradox\u27\u27 allows, i.e. twice the security level, or even shorter thanks to the Feistel-Patarin construction, like many other signatures schemes based on multivariate equations

Cubic multivariate cryptosystems based on big field constructions and their vulnerability to a min-rank attack

In this work we analyze the security of cubic cryptographic constructions with respect to rank weakness. We detail how to extend the big field idea from quadratic to cubic, and show that the same rank defect occurs. We extend the min-rank problem and propose an algorithm to solve it in this setting. We show that for fixed small rank, the complexity is even lower than for the quadratic case. However, the rank of a cubic polynomial in n variables can be larger than n, and in this case the algorithm is very inefficient. We show that the rank of the differential is not necessarily smaller, rendering this line of attack useless if the rank is large enough. Similarly, the algebraic attack is exponential in the rank, thus useless for high rank.Resumen: En este trabajo analizamos la seguridad de construcciones criptogr´aficas c´ubicas con respecto a la debilidad del rango. Detallamos c´omo extender la idea de campo grande de cuadr´atico a c´ubico, y mostramos que la misma ca´ıda de rango ocurre. Extendemos el problema de rango m´ınimo y proponemos un algoritmo para resolverlo en este contexto. Mostramos que para rango bajo fijo, la complejidad es incluso m´as baja que en el caso cuadr´atico. Sin embargo, el rando de un polinomio c´ubico en n variables puede ser m´as grande que n, y en este caso el algoritmo es muy ineficiente. Mostramos que el rango del diferencial no es necesariamente m´as peque˜no, lo cual vuelve in´util esta l´ınea de ataque si el rango es lo suficientemente grande. Similarmente, el ataque algebr´aico es exponencial en el rango, y por lo tanto es in´util para rango alto.Maestrí