Paper 2022/1538

DME: a full encryption, signature and KEM multivariate public key cryptosystem

Ignacio Luengo, Universidad Complutense de Madrid
Martín Avendaño, Universidad Complutense de Madrid

DME is a multivariate public key cryptosystem based on the composition of linear and exponential maps that allow the polynomials of the public key to be of a very high degree. A previous version of DME was presented to the NIST call (in the KEM category). The new version of DME adds one or two extra rounds of exponentials to the original two rounds. With this setting the composition gives a deterministic trapdoor one way permutation, which can be combined with an OAEP padding scheme for KEM and PSS00 for signature. In this paper we give the SUPERCOP timing of DME-OAEP and DME-PSS00 for three and four exponentials and compare them with NIST finalists. For NIST security level 5 the size of ciphertext and signature is only 64 bytes.

Available format(s)
Public-key cryptography
Publication info
Multivariate PKC KEM signature NIST
Contact author(s)
iluengo @ ucm es
mavend01 @ ucm es
2023-04-18: last of 4 revisions
2022-11-06: received
See all versions
Short URL
No rights reserved


      author = {Ignacio Luengo and Martín Avendaño},
      title = {DME: a full encryption, signature and KEM multivariate public key cryptosystem},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1538},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.