TY - GEN
T1 - Kipnis-shamir attack on unbalanced oil-vinegar scheme
AU - Cao, Weiwei
AU - Hu, Lei
AU - Ding, Jintai
AU - Yin, Zhijun
PY - 2011
Y1 - 2011
N2 - The public key of the Oil-Vinegar scheme consists of a set of m quadratic equations in m + n variables over a finite field . Kipnis and Shamir broke the balanced Oil-Vinegar scheme where d = n-m = 0 by finding equivalent keys of the cryptosytem. Later their method was extended by Kipnis et al to attack the unbalanced case where 0 < d < m and d is small with a complexity of O(q d-1 m 4). This method uses the matrices associated with the quadratic polynomials in the public key, which needs to be symmetric and invertible. In this paper, we give an optimized search method for Kipnis el al's attack. Moreover, for the case that the finite field is of characteristic 2, we find the situation becomes very subtle, which, however, was totally neglected in the original work of Kipnis et al. We show that the Kipnis-Shamir method does not work if the field characteristic is 2 and d is a small odd number, and we fix the situation by proposing an alternative method and give an equivalent key recovery attack of complexity O(q d+1 m 4). We also prove an important experimental observation by Ding et al for the Kipnis-Shamir attack on balanced Oil-Vinegar schemes in characteristic 2.
AB - The public key of the Oil-Vinegar scheme consists of a set of m quadratic equations in m + n variables over a finite field . Kipnis and Shamir broke the balanced Oil-Vinegar scheme where d = n-m = 0 by finding equivalent keys of the cryptosytem. Later their method was extended by Kipnis et al to attack the unbalanced case where 0 < d < m and d is small with a complexity of O(q d-1 m 4). This method uses the matrices associated with the quadratic polynomials in the public key, which needs to be symmetric and invertible. In this paper, we give an optimized search method for Kipnis el al's attack. Moreover, for the case that the finite field is of characteristic 2, we find the situation becomes very subtle, which, however, was totally neglected in the original work of Kipnis et al. We show that the Kipnis-Shamir method does not work if the field characteristic is 2 and d is a small odd number, and we fix the situation by proposing an alternative method and give an equivalent key recovery attack of complexity O(q d+1 m 4). We also prove an important experimental observation by Ding et al for the Kipnis-Shamir attack on balanced Oil-Vinegar schemes in characteristic 2.
KW - Kipnis-Shamir attack
KW - multivariate public key cryptosystem
KW - Oil-Vinegar scheme
KW - signature scheme
UR - http://www.scopus.com/inward/record.url?scp=79956308079&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-21031-0_13
DO - 10.1007/978-3-642-21031-0_13
M3 - Conference Proceeding
AN - SCOPUS:79956308079
SN - 9783642210303
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 168
EP - 180
BT - Information Security Practice and Experience - 7th International Conference, ISPEC 2011, Proceedings
T2 - 7th International Conference on Information Security Practice and Experience, ISPEC 2011
Y2 - 30 May 2011 through 1 June 2011
ER -