Paper 2014/398

Differential Properties of the HFE Cryptosystem

Taylor Daniels and Daniel Smith-Tone


Multivariate Public Key Cryptography (MPKC) has been put forth as a possible post-quantum family of cryptographic schemes. These schemes lack provable security in the reduction theoretic sense, and so their security against yet undiscovered attacks remains uncertain. The effectiveness of differential attacks on various field-based systems has prompted the investigation of differential properties of multivariate schemes to determine the extent to which they are secure from differential adversaries. Due to its role as a basis for both encryption and signature schemes we contribute to this investigation focusing on the HFE cryptosystem. We derive the differential symmetric and invariant structure of the HFE central map and that of HFE- and provide a collection of parameter sets which make these HFE systems provably secure against a differential symmetric or differential invariant attack.

Note: Reasonable Version

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
HFEdifferentialprovable securitysymmetryinvariant
Contact author(s)
daniel smith @ nist gov
2014-06-04: revised
2014-06-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Taylor Daniels and Daniel Smith-Tone},
      title = {Differential Properties of the HFE Cryptosystem},
      howpublished = {Cryptology ePrint Archive, Paper 2014/398},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.