The HFE cryptosystem was the subject of several cryptanalytic studies, sometimes successful, but always heuristic. To contrast with this trend, this work goes back to the beginnning and achieves in a provable way a first step of cryptanalysis which consists in distinguishing HFE public keys from random systems of quadratic equations. We provide two distinguishers: the first one has polynomial complexity and subexponential advantage; the second has subexponential complexity and advantage close to one. These distinguishers are built on the differential methodology introduced at Eurocrypt'05 by Fouque & al. Their rigorous study makes extensive use of combinatorics in binary vector spaces. This combinatorial approach is novel in the context of multivariate schemes. We believe that the alliance of both techniques provides a powerful framework for the mathematical analysis of multivariate schemes. © Springer-Verlag Berlin Heidelberg 2006.
CITATION STYLE
Dubois, V., Granboulan, L., & Stern, J. (2006). An efficient provable distinguisher for HFE. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4052 LNCS, pp. 156–167). Springer Verlag. https://doi.org/10.1007/11787006_14
Mendeley helps you to discover research relevant for your work.