Unbalanced oil and vinegar signature schemes

313Citations
Citations of this article
71Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

In [16], J. Patarin designed a new scheme, called “Oil and Vinegar", for computing asymmetric signatures. It is very simple, can be computed very fast (both in secret and public key) and requires very little RAM in smartcard implementations. The idea consists in hiding quadratic equations in n unknowns called “oil" and v = n unknowns called “vinegar" over a finite field K, with linear secret functions. This original scheme was broken in [10] by A. Kipnis and A. Shamir. In this paper, we study some very simple variations of the original scheme where v > n (instead of v = n). These schemes are called \Unbalanced Oil and Vinegar" (UOV), since we have more \vinegar" unknowns than \oil" unknowns.We show that, when v ' n, the attack of [10] can be extended, but when v _ 2n for example, the security of the scheme is still an open problem. Moreover, when v ' n2 2, the security of the scheme is exactly equivalent (if we accept a very natural but not proved property) to the problem of solving a random set of n quadratic equations in n2 2 unknowns (with no trapdoor). However, we show that (in characteristic 2) when v _ n2, _nding a solution is generally easy. Then we will see that it is very easy to combine the Oil and Vinegar idea and the HFE schemes of [14]. The resulting scheme, called HFEV, looks at the present also very interesting both from a practical and theoretical point of view. The length of a UOV signature can be as short as 192 bits and for HFEV it can be as short as 80 bits.

Cite

CITATION STYLE

APA

Kipnis, A., Patarin, J., & Goubin, L. (1999). Unbalanced oil and vinegar signature schemes. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1592, pp. 206–222). Springer Verlag. https://doi.org/10.1007/3-540-48910-X_15

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free