## Cryptology ePrint Archive: Report 2018/539

Extracting Linearization Equations from Noisy Sources

Daniel Smith-Tone

Abstract: This note was originally written under the name On the Security of HMFEv'' and was submitted to PQCrypto 2018. The author was informed by the referees of his oversight of an eprint work of the same name by Hashimoto, see eprint article /2017/689/, that completely breaks HMFEv, rendering the result on HMFEv obsolete. Still, the author feels that the technique used here is interesting and that, at least in principal, this method could contribute to future cryptanalysis. Thus, with a change of title indicating the direction in which this work is leading, we present the original work with all of its oversights intact and with minimal correction (only references fixed).

At PQCRYPTO 2017, a new multivariate digital signature based on Multi-HFE and utilizing the vinegar modifier was proposed. The vinegar modifier increases the Q-rank of the central map, preventing a direct application of the MinRank attack that defeated Multi-HFE. The authors were, therefore, confident enough to choose aggressive parameters for the Multi-HFE component of the central map (with vinegar variables fixed). Their analysis indicated that the security of the scheme depends on the sum of the number of variables $k$ over the extension field and the number $v$ of vinegar variables with the individual values being unimportant as long as they are not too small.'' We analyze the consequences of this choice of parameters and derive some new attacks showing that the parameter $v$ must be chosen with care.

Category / Keywords: public-key cryptography / Multivariate Cryptography, HMFEv, Q-rank

Date: received 31 May 2018, last revised 15 Feb 2019

Contact author: daniel smith at nist gov

Available format(s): PDF | BibTeX Citation

Note: Revised to include footnotes.

Short URL: ia.cr/2018/539

[ Cryptology ePrint archive ]