On new multivariate cryptosystems with nonlinearity gap

Abstract

The pair of families of bijective multivariate maps of kind Fn and Fn⁻¹ on affine space Kⁿ over finite commutative ring K given in their standard forms has a nonlinearity gap if the degree of Fn is bounded from above by independent constant d and degree of F⁻¹ is bounded from below by cⁿ, c>1. We introduce examples of such pairs with invertible decomposition Fn=Gn¹Gn²…Gnk, i.e. the decomposition which allows to compute the value of Fⁿ⁻¹ in given point p=(p1,p2,…,pn) in a polynomial time O(n²). The pair of families Fn, F′n of nonbijective polynomial maps of affine space Kn such that composition FnF′n leaves each element of K∗n unchanged such that deg(Fn) is bounded by independent constant but deg(F′n) is of an exponential size and there is a decomposition Gn¹Gn²…Gnk of Fn which allows to compute the reimage of vector from F(K*ⁿ) in time 0(n²). We introduce examples of such families in cases of rings K=Fq and K=Zm