An existential unforgeable signature scheme based on multivariate quadratic equations

Abstract

A multivariate quadratic public-key cryptography (MQ-PKC) is one of the most promising alternatives for classical PKC after the eventual coming of a quantum computer. We propose a new MQ-signature scheme, ELSA, based on a hidden layer of quadratic equations which is an important role in dramatically reducing the secret key size and computational complexity in signing. We prove existential unforgeability of our scheme against an adaptive chosen-message attack under the hardness of the MQ-problem induced by a public key of ELSA with a specific parameter set in the random oracle model. We analyze the security of ELSA against known attacks and derive a concrete parameter based on the security analysis. Performance of ELSA on a recent Intel processor is the fastest among state-of-the-art signature schemes including classical ones and Post-Quantum ones. It takes 6.3 μs and 13.39 μs for signing and verification, respectively. Compared to Rainbow, the secret size of the new scheme has reduced by a factor of 88% maintaining the same public key size.