Kipnis-shamir attack on unbalanced oil-vinegar scheme

Abstract

The public key of the Oil-Vinegar scheme consists of a set of m quadratic equations in m + n variables over a finite field . Kipnis and Shamir broke the balanced Oil-Vinegar scheme where d = n-m = 0 by finding equivalent keys of the cryptosytem. Later their method was extended by Kipnis et al to attack the unbalanced case where 0 < d < m and d is small with a complexity of O(q d-1 m 4). This method uses the matrices associated with the quadratic polynomials in the public key, which needs to be symmetric and invertible. In this paper, we give an optimized search method for Kipnis el al's attack. Moreover, for the case that the finite field is of characteristic 2, we find the situation becomes very subtle, which, however, was totally neglected in the original work of Kipnis et al. We show that the Kipnis-Shamir method does not work if the field characteristic is 2 and d is a small odd number, and we fix the situation by proposing an alternative method and give an equivalent key recovery attack of complexity O(q d+1 m 4). We also prove an important experimental observation by Ding et al for the Kipnis-Shamir attack on balanced Oil-Vinegar schemes in characteristic 2. © 2011 Springer-Verlag Berlin Heidelberg.