Cryptology ePrint Archive: Report 2020/914

Ultra-Short Multivariate Public Key Signatures

Jacques Patarin and Gilles Macario-Rat and Maxime Bros and Eliane Koussa

Abstract: In this paper we study multivariate public key signature schemes with "ultra"-short signatures. In order to do so, we consider that signing and verifying a signature could require about 1 minute of computation on a modern personal computer. Despite the fact that this time is way bigger than the time required by general purpose multivariate-based signature schemes, such as Quartz or GeMMS, it enables us to reach ultra-short signature length, for instance, around 70 bits long signatures for a security of 80 bits. Two main issues arise when one wants to build a signature scheme with ultra-short signatures: avoiding the birthday paradox attack and having the ability to sign arbitraly long messages, this paper gives ways to overcome both.

In a first part, we describe the attacks against multivariate public key signature and use them to compute the minimal parameters that an ultra-short signature scheme would have. In a second part, we give an explicit example of such an ultra-short signature scheme using HFE-like algorithms. In the end, we give parameters for several level of security: 80, 90, 100 bits and the classic 128, 192, and 256 bits; for each of them, we propose different choices of finite fields.

Category / Keywords: public-key cryptography / HFE, Multivariate Cryptography, Public Key Cryptography, Ultra-Short Signature.

Date: received 22 Jul 2020

Contact author: jpatarin at club-internet fr , ejkoussa@outlook com , maxime bros@unilim fr , gilles macariorat@orange com

Available format(s): PDF | BibTeX Citation

Version: 20200723:010530 (All versions of this report)

Short URL: ia.cr/2020/914