Details:
Title  Cryptanalysis of two quartic encryption schemes and one improved MFE scheme.  Author(s)  Weiwei Cao, Jintai Ding, Lei Hu, Xiuyun Nie, Xiaoxian Tang  Type  Book, Chapter in Book, Conference Proceeding  Abstract  MFE, a multivariate public key encryption scheme proposed by Wang et al in CTRSA 2006, was conquered by second order linearization equation (SOLE) attack by Ding et al in PKC 2007. To resist this attack, many improved schemes were proposed. Wang et al in [WFW09 and Wang in [Wan07] both modified MFE and raised the public key from quadratic to quartic equations. We call the two quartic schemes Quartic1 and Quartic2 respectively for convenience. They are indeed immune to the SOLE attack. However, we find that there exist many quadratization equations (QEs), which are quadratic in plaintext variables and linear in ciphertext variables and can be derived from the public keys of Quartic1 and Quartic2. In this paper, we utilize QEs to recover the corresponding plaintext for a given ciphertext. For Quartic1, we firstly find there are at least 2r SOLEs, which was regarded as impossible by the original authors, furthermore, we can find at least 35r QEs with a complexity ((90r2(15r+1)+180r2+15r(15r+1)/2+27r+1)w), where r is a small number denoting the degree of extension of finite fields and w ≈ 2.732. The computational complexity of deriving these equations is about 237. But to find the original plaintext, there still needs 240 times Gröbner basis computations, which needs practically 1.328 seconds each time. For Quartic2, we make a theoretical analysis and find 18r QEs with a computational complexity ((15r+1)6r(12r+1)+180r2+27r+1)w. The complexity is 236 for the parameter proposed in [Wan07], and we can break the scheme practically in 3110.734 seconds. Finally, we show that another improved version of MFE in [WZY07] is insecure against the linearization equation attack although its authors claimed it is secure against high order linearization equation attack. Our attack on the two quartic schemes illustrates that nonlinearization equations like quadratization equations which are not degree one in plaintext variables can also be used efficiently to analyze multivariate cryptosystems.  Keywords  multivariate public key, encryption, quartic polynomial, quadratic polynomial, linearization attack, quadratization attack  ISBN  9783642129285/pbk 
URL 
http://link.springer.com/chapter/10.1007%2F9783642129292_4 
Language  English  Pages  4160  Publisher  Berlin: Springer  Year  2010  Edition  0  Translation 
No  Refereed 
No 
