On the affine transformations of HFE-cryptosystems and systems with branches

Abstract

We show how to recover the affine parts of the secret, key for a certain class of HFE-Cryptosystems. Further we will show that any system with branches can be decomposed in its single branches in polynomial time on average. The attack on the affine parts generalizes the results from [1, 11] to a bigger class of systems and is achieved by a different approach. Despite the fact that systems with branches are not used anymore (see [11, 6]), our second attack is a still of interest, as it shows that branches belong to the list of algebraic properties, which cannot be hidden by composition with secret affine transformations. We derived both algorithms by considering the cryptosystem as objects from the theory of nonassociative algebras and applying classical techniques from this theory. This general framework might be a useful tool for future investigations of HFE-Cryptosystems, e.g. to detect further invariants, which are not hidden by composition with affine transformations. © Springer-Verlag Berlin Heidelberg 2006.