Jíntai Ding,Joshua D. Deaton,Kurt Schmidt,Vishakha ...,Zheng Zhang

DOI: https://doi.org/10.1007/978-3-030-56877-1_10

2020-01-01

Abstract:In 2017, Ward Beullens et al. submitted Lifted Unbalanced Oil and Vinegar (LUOV) [4], a signature scheme based on the famous multivariate public key cryptosystem (MPKC) called Unbalanced Oil and Vinegar (UOV), to NIST for the competition for post-quantum public key scheme standardization. The defining feature of LUOV is that, though the public key $$\mathscr {P}$$ works in the extension field of degree r of $$\mathbb {F}_2$$ , the coefficients of $$\mathscr {P}$$ come from $$\mathbb {F}_2$$ . This is done to significantly reduce the size of $$\mathscr {P}$$ . The LUOV scheme is now in the second round of the NIST PQC standardization process. In this paper we introduce a new attack on LUOV. It exploits the “lifted” structure of LUOV to reduce direct attacks on it to those over a subfield. We show that this reduces the complexity below the targeted security for the NIST post-quantum standardization competition.

Jintai Ding,Joshua Deaton,Vishakha,Bo-Yin Yang

DOI: https://doi.org/10.1007/978-3-030-77870-5_12

2021-01-01

Abstract:In 2017, Ward Beullens et al. submitted Lifted Unbalanced Oil and Vinegar [3], which is a modification to the Unbalanced Oil and Vinegar Scheme by Patarin. Previously, Ding et al. proposed the Subfield Differential Attack [22] which prompted a change of parameters by the authors of LUOV for the second round of the NIST post quantum standardization competition [4]. In this paper we propose a modification to the Subfield Differential Attack called the Nested Subset Differential Attack which fully breaks half of the parameter sets put forward. We also show by experimentation that this attack is practically possible to do in under 210 min for the level I security parameters and not just a theoretical attack. The Nested Subset Differential attack is a large improvement of the Subfield differential attack which can be used in real world circumstances. Moreover, we will only use what is called the "lifted" structure of LUOV, and our attack can be thought as a development of solving "lifted" quadratic systems.

Wuqiang Shen,Shaohua Tang,Lingling Xu

DOI: https://doi.org/10.1109/CSE.2013.66

2013-01-01

Abstract:Multivariate Public Key Cryptosystem (MPKC) is one of post-quantum cryptosystems which can potentially resist quantum computer attacks. It has increasingly been seen by some as a possible alternative to public key cryptosystems RSA, ECC, etc., which are widely in use today. Moreover, MPKC schemes are in general much more computationally efficient than number theoretic-based schemes. However, the oversize key poses obstacle on the calculation and transmission in MPKC. We notice the feature and benefit of the identity-based cryptography - the public key is directly gained from the user's identity information. Based on this, we consider introducing the identity-based semantics to MPKC, and it can cut down the size of public key of MPKC. Using the idea of constructing certificate-based Identity-Based Signature (IBS), we propose a novel and secure Identity-Based Unbalanced Oil-Vinegar (IBUOV) signature scheme based on the ordinary Unbalanced Oil-Vinegar (UOV) signature scheme. We provide the provable security to explain that our proposal is secure.

Anindya Ganguly,Angshuman Karmakar,Nitin Saxena

2023-12-15

Abstract:Hard lattice problems are predominant in constructing post-quantum cryptosystems. However, we need to continue developing post-quantum cryptosystems based on other quantum hard problems to prevent a complete collapse of post-quantum cryptography due to a sudden breakthrough in solving hard lattice problems. Solving large multivariate quadratic systems is one such quantum hard problem. Unbalanced Oil-Vinegar is a signature scheme based on the hardness of solving multivariate equations. In this work, we present a post-quantum digital signature algorithm VDOO (Vinegar-Diagonal-Oil-Oil) based on solving multivariate equations. We introduce a new layer called the diagonal layer over the oil-vinegar-based signature scheme Rainbow. This layer helps to improve the security of our scheme without increasing the parameters considerably. Due to this modification, the complexity of the main computational bottleneck of multivariate quadratic systems i.e. the Gaussian elimination reduces significantly. Thus making our scheme one of the fastest multivariate quadratic signature schemes. Further, we show that our carefully chosen parameters can resist all existing state-of-the-art attacks. The signature sizes of our scheme for the National Institute of Standards and Technology's security level of I, III, and V are 96, 226, and 316 bytes, respectively. This is the smallest signature size among all known post-quantum signature schemes of similar security.

Cryptography and Security

Ward Beullens

DOI: https://doi.org/10.1007/978-3-030-99277-4_17

2022-01-01

Abstract:The Oil and Vinegar signature scheme, proposed in 1997 by Patarin, is one of the oldest and best understood multivariate quadratic signature schemes. It has excellent performance and signature sizes but suffers from large key sizes on the order of 50 KB, which makes it less practical as a general-purpose signature scheme. To solve this problem, this paper proposes MAYO, a variant of the UOV signature scheme whose public keys are two orders of magnitude smaller. MAYO works by using a UOV map P:Fqn→Fqn$$\mathcal {P}:\mathbb {F}_q^n \rightarrow \mathbb {F}_q^n$$ with an unusually small oil space, which makes it possible to represent the public key very compactly. The usual UOV signing algorithm fails if the oil space is too small, but MAYO works around this problem by “whipping up” the oil and vinegar map P$$\mathcal {P}$$ into a larger map P⋆:Fqkn→Fqm$$\mathcal {P}^\star :\mathbb {F}_q^{kn} \rightarrow \mathbb {F}_q^m$$, that does have a sufficiently large oil space. With parameters targeting NISTPQC security level I, MAYO has a public key size of only 614 Bytes and a signature size of 392 Bytes. This makes MAYO more compact than state-of-the-art lattice-based signature schemes such as Falcon and Dilithium. Moreover, we can choose MAYO parameters such that, unlike traditional UOV signatures, signatures provably only leak a negligible amount of information about the private key.

Weiwei Cao,Lei Hu,Jintai Ding,Zhijun Yin

DOI: https://doi.org/10.1007/978-3-642-21031-0_13

2011-01-01

Abstract:The public key of the Oil-Vinegar scheme consists of a set of m quadratic equations in m + n variables over a finite field F-q. Kipnis and Shamir broke the balanced Oil-Vinegar scheme where d = n - m = 0 by finding equivalent keys of the cryptosytem. Later their method was extended by Kipnis et al to attack the unbalanced case where 0 < d < m and d is small with a complexity of O(q(d-1) m(4)). This method uses the matrices associated with the quadratic polynomials in the public key, which needs to be symmetric and invertible. In this paper, we give an optimized search method for Kipnis el al's attack. Moreover, for the case that the finite field is of characteristic 2, we find the situation becomes very subtle, which, however, was totally neglected in the original work of Kipnis et al. We show that the Kipnis-Shamir method does not work if the field characteristic is 2 and d is a small odd number, and we fix the situation by proposing an alternative method and give an equivalent key recovery attack of complexity O(q(d+1) m(4)). We also prove an important experimental observation by Ding et al for the Kipnis-Shamir attack on balanced Oil-Vinegar schemes in characteristic 2.

Jintai Ding,Zhijun Yin

2012-01-01

Abstract:We explore ideas for oil-vinegar signature schemes in the multivariate polynomial cryptography.In the first half, we focus on TTS (Tame Transformation Signature) systems. We find a structure attack to defeat a family of TTS systems. Then we have the related complexity analysis to claim that a family of TTS systems can be broken in the time complexity O(261). In the second half, we discuss the algebraic attack for the randomly built unbalanced oil-vinegar signature systems with different characteristics. Then we explore the security of those general oil-vinegar systems under F4 algorithm attack.

Zhiniang Peng,Shaohua Tang

DOI: https://doi.org/10.3837/tiis.2018.03.022

2018-01-01

KSII Transactions on Internet and Information Systems

Abstract:UOV is one of the most important signature schemes in Multivariate Public Key Cryptography (MPKC). It has a strong security guarantee and is considered to be quantum-resistant. However, it suffers from large key size and its signing procedure is relatively slow. In this paper, we propose a new secure UOV variant (Circulant UOV) with shorter private key and higher signing efficiency. We estimate that the private key size of Circulant UOV is smaller by about 45% than that of the regular UOV and its signing speed is more than 14 times faster than that of the regular UOV. We also give a practical implementation on modern x64 CPU, which shows that Circulant UOV is comparable to many other signature schemes.

Jiahui Chen,Shaohua Tang,Xinglin Zhang

DOI: https://doi.org/10.3837/tiis.2017.06.020

2017-01-01

KSII Transactions on Internet and Information Systems

Abstract:For "generic" multivariate public key cryptography (MPKC) systems, experts believe that the Unbalanced Oil-Vinegar (UOV) scheme is a feasible signature scheme with good efficiency and acceptable security. In this paper, we address two problems that are to find inversion solution of quadratic multivariate equations and find another structure with some random Oil-Oil terms for UOV, then propose a novel signature scheme based on hyper-sphere (HS-Sign for short) which directly answers these two problems. HS-Sign is characterized by its adding Oil-Oil terms and more advantages compared to UOV. On the one side, HS-Sign is based on a new inversion algorithm from hyper-sphere over finite field, and is shown to be a more secure UOV-like scheme. More precisely, according to the security analysis, HS-Sign achieves higher security level, so that it has larger security parameters choice ranges. On the other side, HS-Sign is beneficial from both the key side and computing complexity under the same security level compared to many baseline schemes. To further support our view, we have implemented 5 different attack experiments for the security analysis and we make comparison of our new scheme and the baseline schemes with simulation programs so as to show the efficiencies. The results show that HS-Sign has exponential attack complexity and HS-Sign is competitive with other signature schemes in terms of the length of the message, length of the signature, size of the public key, size of the secret key, signing time and verification time.

Hao Guo,Yi Jin,Yuansheng Pan,Xiaoou He,Boru Gong,Jintai Ding

DOI: https://doi.org/10.1007/978-3-031-62746-0_9

2024-01-01

Abstract:VOX is a UOV-like hash-and-sign signature scheme from the Multivariate Quadratic (MQ) family, which has been submitted to NIST Post-Quantum Cryptography Project, in response to NIST's Call for Additional Digital Signature Schemes for the PQC Standardization Process. In 2023, the submitters of VOX updated the sets of recommended parameters of VOX, due to the rectangular MinRank attack proposed by Furue and Ikematsu. In this work we demonstrate the insecurity of the updated VOX from both the practical and the theoretical aspects. First, we conduct a practical MinRank attack against VOX, which uses multiple matrices from matrix deformation of public key to form a large rectangular matrix and evaluate the rank of this new matrix. By using Kipnis-Shamir method and Grobner basis calculation only instead of support-minors method, our experiment shows it could recover, within two seconds, the secret key of almost every updated recommended instance of VOX. Moreover, we propose a theoretical analysis on VOX by expressing public/secret key as matrices over a smaller field to find a low-rank matrix, resulting in a more precise estimation on the concrete hardness of VOX; for instance, the newly recommended VOX instance claimed to achieve NIST security level 3 turns out to be 69-bit-hard, as our analysis shows.

Jiahui Chen,Jianting Ning,Jie Ling,Terry Shue Chien Lau,Yacheng Wang

DOI: https://doi.org/10.1016/j.tcs.2019.12.032

IF: 1.002

2020-01-01

Theoretical Computer Science

Abstract:It is regarded as a difficult task to design a secure MPKC fundamental schemes such as an encryption scheme. In this paper we introduce a new central trapdoor for multivariate quadratic (MQ) public-key cryptosystems that allows for encryption, in contrast to time-tested MQ primitives such as Unbalanced Oil and Vinegar or Rainbow which only allow for signatures. The same as UOV or Rainbow, our construction is single field scheme where the central polynomial system is chosen to have a particular structure that enables efficient inversion. After applying this transformation, the plaintext can be recovered by solving a linear system. Our new central trapdoor can use to replace the broken extension field calculation trapdoor and simple matrix encryption trapdoor, thereafter, we use the minus and plus modifiers to inoculate our scheme against known attacks. It is highlight that our encryption scheme is a good explore in the area of multivariate cryptography. Finally, a straightforward Magma implementation confirms the efficient operation of the public key algorithms.

Yang Tan,Shaohua Tang

DOI: https://doi.org/10.1007/978-3-319-38898-4_4

2016-01-01

Abstract:UOV is one of the earliest signature schemes in Multivariate Public Key Cryptography (MPKC). It also poses a strong security and none of the existing attacks can cause severe security threats to it. However, it suffers from a large key size. In this paper, we will propose two approaches to build variants of UOV with shorter private key size and faster signature generating process.

Jiahui Chen,Shaohua Tang,Daojing He,Yang Tan

DOI: https://doi.org/10.1007/s11276-016-1245-8

IF: 2.701

2016-01-01

Wireless Networks

Abstract:Being a member of the post quantum cryptography family, multivariate public key cryptographic (MPKC) system enjoys many useful properties such as fast implementation and moderate resources requirement, which is quite suitable for the wireless sensor network (WSN). However, MPKC system requires the usage of large public and private keys to ensure security which makes it inapplicable to wireless sensors with very limited system resources. In this paper, we propose an online/offline signature scheme based on a well known MPKC scheme: unbalanced oil and vinegar signature scheme for the wireless sensor network. Our scheme can reduce the cost of hardware running on signing process and the storage space of private key in the online signing phase. What is more, by combining a recent technique, the total storage requirement in a WSN node reduces by 85.8 % for the recommended parameters, which makes our new scheme feasible for the practical deployment on the WSN platforms.

Antonio Corbo Esposito,Rosa Fera,Francesco Romeo

2024-05-14

Abstract:In this paper, we present OliVier a new Public Key Exchange cryptosystem that is based on a multivariate quadratic polynomial system: Oil & Vinegar polynomials together with fully quadratic ones. We describe its designing process, usage, complexity

Commutative Algebra

Jintai Ding,Dieter Schmidt

DOI: https://doi.org/10.1007/11496137_12

2005-01-01

Abstract:Balanced Oil and Vinegar signature schemes and the unbalanced Oil and Vinegar signature schemes are public key signature schemes based on multivariable polynomials. In this paper, we suggest a new signature scheme, which is a generalization of the Oil-Vinegar construction to improve the efficiency of the unbalanced Oil and Vinegar signature scheme. The basic idea can be described as a construction of multi-layer Oil-Vinegar construction and its generalization. We call our system a Rainbow signature scheme. We propose and implement a practical scheme, which works better than Sflash$^{v_2}$, in particular, in terms of signature generating time.

Baokui Zhu,Xiaowen Jiang,Kai Huang,Miao Yu

DOI: https://doi.org/10.3390/s24010093

IF: 3.9

2024-01-01

Sensors

Abstract:Physical Unclonable Functions (PUFs) are significant in building lightweight Internet of Things (IoT) authentication protocols. However, PUFs are susceptible to attacks such as Machine-Learning(ML) modeling and statistical attacks. Researchers have conducted extensive research on the security of PUFs; however, existing PUFs do not always possess good statistical characteristics and few of them can achieve a balance between security and reliability. This article proposes a strong response-feedback PUF based on the Linear Feedback Shift Register (LFSR) and the Arbiter PUF (APUF). This structure not only resists existing ML modeling attacks but also exhibits good Strict Avalanche Criterion (SAC) and Generalized Strict Avalanche Criterion (GSAC). Additionally, we introduce a Two-Level Reliability Improvement (TLRI) method that achieves 95% reliability with less than 35% of the voting times and single-response generation cycles compared to the traditional pure majority voting method.

Jíntai Ding,Zheng Zhang,Joshua D. Deaton,Lih-Chung Wang

DOI: https://doi.org/10.1007/978-3-030-61078-4_24

2020-01-01

Abstract:In 2017 Kyung-Ah Shim et al. proposed a multivariate signature scheme called Himq-3 which is a submission to National Institute of Standards and Technology (NIST) standardization process of post-quantum cryptosystems. The Himq-3 signature scheme can be classified into the oil vinegar signature scheme family. Similar to the rainbow signature scheme, the Himq-3 signature scheme uses a multilayer structure to shorten the signature size. Moreover the signing process is very fast due to a special system called L-inveritble cycle system that is used to invert the central map. In this paper, we provide a complete cryptanalysis to the Himq-3 signature scheme. We describe a new attack method called the singularity attack. This attack is based on the observation that the variables in the L-invertible cycle system are not allowed to be zero in a valid signature. For the completeness, we show step by step how variables and layers can be separated so that signature forgery can be performed. We claim that the complexity of our attack is much lower than the proposed security level.

John Baena,Crystal Clough,Jíntai Ding

2011-01-01

Revista Colombiana de Matemáticas

Abstract:This paper proposes two ways to fix the broken Square-Vinegar signature scheme. We give heuristic arguments as well as experimental evidence to support the security claims. The first variant, Square-Vinegar with Embedding, uses a simple modification that nonetheless changes the nature of the public key polynomials. The second, 2-Square-Vinegar, is a more significant overhaul of the construction, using a bivariate secret map instead of a univariate one.

Peng Huang,Jingzheng Huang,Tao Wang,Huasheng Li,Duan Huang,Guihua Zeng

DOI: https://doi.org/10.1103/PhysRevA.95.052302

IF: 2.971

2017-01-01

Physical Review A

Abstract:Recently, several practical attacks on continuous-variable quantum key distribution (CVQKD) were proposed based on faking the estimated value of channel excess noise to hide the intercept-and-resend eavesdropping strategy, including the local oscillator (LO) fluctuation, calibration, wavelength, and saturation attacks. However, the known countermeasures against all these practical attacks will inevitably increase the complexity of the implementation of CVQKD and affect its performance. We develop here an asynchronous countermeasure strategy without structural modifications of the conventional CVQKD scheme. In particular, two robust countermeasures are proposed by adding peak-valley seeking and Gaussian postselection steps in conventional data postprocessing procedure. The analysis shows that the peak-valley seeking method naturally make the schemes immune to all known types of calibration attacks even when Eve simultaneously performs wavelength or LO fluctuation attacks and exhibit simpler implementation and better performance than the known countermeasures. Meanwhile, since the Gaussian postselection is able to resist the saturation attacks, the proposed schemes are secure against all known types of practical attacks.

NIE Xu-yun,LIU Bo,LU Gang,ZHONG Ting

DOI: https://doi.org/10.11959/j.issn.1000-436x.2015182

2015-01-01

Abstract:The novel extended multivariate public key cryptosystem is a new security enhancement method on multivariate public key cryptosystems,which is proposed by Qiao,et al.A nonlinear invertible transformation was used,named“tame transformation”,on the original multivariate public key cryptosystem to hide its weakness such as linearization equation.However,it is found that if there are many linearization equations satisfied by the original MPKC,there would be many quadratization equations (QE) satisfied by the improved scheme.Given a public key,after finding all QE,a valid cipheretext can be substituted into the QE to derive a set of quadratic equations on the plaintext variable.This exactly reduce the degree of the system wanted to solve.Then the corresponding plaintext can be recovered for a given valid ciphertext combining with Groebner basis method.