On the security and key generation of the ZHFE encryption scheme

Abstract

At PQCrypto’14 Porras, Baena and Ding proposed a new interesting construction to overcome the security weakness of the HFE encryption scheme, and called their new encryption scheme ZHFE. They provided experimental evidence for the security of ZHFE, and proposed the parameter set (q, n,D) = (7, 55, 105) with claimed security level 280 estimated by experiment. However there is an important gap in the stateof- the-art cryptanalysis of ZHFE, i.e., a sound theoretical estimation for the security level of ZHFE is missing. In this paper we fill in this gap by computing upper bounds for the Q-Rank and for the degree of regularity of ZHFE in terms of logq D, and thus providing such a theoretical estimation. For instance the security level of ZHFE(7,55,105) can now be estimated theoretically as at least 296. Moreover for the inefficient key generation of ZHFE, we also provide a solution to improve it significantly, making almost no computation needed.