Cryptology ePrint Archive: Report 2011/431

Roots of Square: Cryptanalysis of Double-Layer Square and Square+

Enrico Thomae and Christopher Wolf

Abstract: Square is a multivariate quadratic encryption scheme proposed in 2009. It is a specialization of Hidden Field Equations by using only odd characteristic fields and also X^2 as its central map. In addition, it uses embedding to reduce the number of variables in the public key. However, the system was broken at Asiacrypt 2009 using a differential attack. At PQCrypto 2010 Clough and Ding proposed two new variants named Double-Layer Square and Square+. We show how to break Double-Layer Square using a refined MinRank attack in 2^45 field operations. A similar fate awaits Square+ as it will be broken in 2^32 field operations using a mixed MinRank attack over both the extension and the ground field. Both attacks recover the private key, given access to the public key. We also outline how possible variants such as Square- or multi-Square can be attacked.

Category / Keywords: Multivariate Cryptography, Algebraic Cryptanalysis, Square, Double-Layer Square, Square+, MinRank, Key Recovery

Publication Info: PQCrypto 2011

Date: received 10 Aug 2011, last revised 4 Oct 2011

Contact author: enrico thomae at rub de; christopher wolf@rub de

Available format(s): PDF | BibTeX Citation

Version: 20111004:092727 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]