**On Multivariate Algorithms of Digital Signatures Based on Maps of Unbounded Degree Acting on Secure El Gamal Type Mode.**

*V. Ustimenko *

**Abstract: **Multivariate cryptography studies applications of endomorphisms of K[x_1, x_2, …, x_n] where K is a finite commutative ring given in the standard form x_i →f_i(x_1, x_2,…, x_n), i=1, 2,…, n. The importance of this direction for the constructions of multivariate digital signatures systems is well known. Close attention of researchers directed towards studies of perspectives of quadratic rainbow oil and vinegar system and LUOV presented for NIST postquantum certification. Various cryptanalytic studies of these signature systems were completed.
Recently some options to modify theses algorithms as well as all multivariate signature systems which alow to avoid already known attacks were suggested. One of the modifications is to use protocol of noncommutative multivariate cryptography based on platform of endomorphisms of degree 2 and 3. The secure protocol allows safe transfer of quadratic multivariate map from one correspondent to another. So the quadratic map developed for digital signature scheme can be used in a private mode. This scheme requires periodic usage of the protocol with the change of generators and the modification of quadratic multivariate maps.
Other modification suggests combination of multivariate map of unbounded degree of size O(n) and density of each f_i of size O(1). The resulting map F in its standard form is given as the public rule.
We suggest the usage of the last algorithm on the secure El Gamal mode. It means that correspondents use protocols of Noncommutative Cryptography with two multivariate platforms to elaborate safely a collision endomorphism G: x_i → g_i of linear unbounded degree such that densities of each gi are of size O(n^2). One of correspondents generates mentioned above F and sends F+G to his/her partner.
The security of the protocol and entire digital signature scheme rests on the complexity of NP hard word problem of finding decomposition of given endomorphism G of K[x_1,x_2,…,x_n ] into composition of given generators 1^G, 2^G, …t^G, t>1 of the semigroup of End(K[x_1 ,x_2 ,…,x_n]). Differently from the usage of quadratic map on El Gamal mode the case of unbounded degree allows single usage of the protocol because the task to approximate F via interception of hashed messages and corresponding signatures is unfeasible in this case.

**Category / Keywords: **cryptographic protocols / Noncommutative Cryptography, Multivariate Cryptography, key exchange protocols, semigroups of transformations, decomposition problem, multivariate digital signature.

**Date: **received 15 Sep 2020

**Contact author: **vasyl at hektor umcs lublin pl

**Available format(s): **PDF | BibTeX Citation

**Version: **20200921:081409 (All versions of this report)

**Short URL: **ia.cr/2020/1116

[ Cryptology ePrint archive ]