MQQ-SIG: An ultra-fast and provably CMA resistant digital signature scheme

Abstract

We present MQQ-SIG, a signature scheme based on "Multivariate Quadratic Quasigroups". The MQQ-SIG signature scheme has a public key consisting of quadratic polynomials in n variables where n = 160, 192, 224 or 256. Under the assumption that solving systems of MQQ's equations in n variables is as hard as solving systems of random quadratic equations, we prove that in the random oracle model our signature scheme is CMA (Chosen-Message Attack) resistant. From efficiency point of view, the signing and verification processes of MQQ-SIG are three orders of magnitude faster than RSA or ECDSA. Compared with other MQ signing schemes, MQQ-SIG has both advantages and disadvantages. Advantages are that it has more than three times smaller private keys (from 401 to 593 bytes), and the signing process is an order of magnitude faster than other MQ schemes. That makes it very suitable for implementation in smart cards and other embedded systems. However, MQQ-SIG has a big public key (from 125 to 512 Kb) and it is not suitable for systems where the size of the public key has to be small. © 2012 Springer-Verlag.