Albrecht Petzoldt

Design Principles for HFEv- Based Multivariate Signature Schemes

The Hidden Field Equations HFE Cryptosystem as proposed by Patarin is one of the best known and most studied multivariate schemes. While the security of the basic scheme appeared to be very weak, the HFEv- variant seems to be a good candidate for digital signature schemes on the basis of multivariate polynomials. However, the currently existing scheme of this type, the QUARTZ signature scheme, is hardly used in practice because of its poor efficiency. In this paper we analyze recent results from Ding and Yang about the degree of regularity of HFEv- systems and derive from them design principles for signature schemes of the HFEv- type. Based on these results we propose the new HFEv- based signature scheme Gui, which is more than 100 times faster than QUARTZ and therefore highly comparable with classical signature schemes such as RSA and ECDSA.

CyclicRainbow - A Multivariate Signature Scheme with a Partially Cyclic Public Key

Multivariate Cryptography is one of the alternatives to guarantee the security of communication in the post-quantum world. One major drawback of such schemes is the huge size of their keys. In [PB10] Petzoldt et al. proposed a way how to reduce the public key size of the UOV scheme by a large factor. In this paper we extend this idea to the Rainbow signature scheme of Ding and Schmidt [DS05]. By our construction it is possible to reduce the size of the public key by up to 62%.

Selecting parameters for the rainbow signature scheme

Multivariate public key cryptography is one of the main approaches to guarantee the security of communication in a post-quantum world. One of the most promising candidates in this area is the Rainbow signature scheme, which was first proposed by J. Ding and D. Schmidt in 2005. In this paper we develop a model of security for the Rainbow signature scheme. We use this model to find parameters which, under certain assumptions, guarantee the security of the scheme for now and the near future.

Securing the Internet of Things in a Quantum World

Currently, we rely on cryptographic algorithms such as elliptic curve cryptosystems (ECCs) as basic building blocks to secure the communication in the IoT. However, public key schemes like ECC can easily be broken by the upcoming quantum computers. Due to recent advances in quantum computing, we should act now to prepare the IoT for the quantum world. In this article, we focus on the current state of the art and recent developments in the area of quantum-resistant cryptosystems for securing the IoT. We first demonstrate the impacts of quantum computers on the security of the cryptographic schemes used today, and then give an overview of the recommendations for cryptographic schemes that can be secure under the attacks of both classical and quantum computers. After that, we present the existing implementations of quantum-resistant cryptographic schemes on constrained devices suitable for the IoT. Finally, we give an introduction to ongoing projects for quantum-resistant schemes that will help develop future security solutions for the IoT.

Linear recurring sequences for the UOV key generation

Multivariate public key cryptography is one of the main approaches to guarantee the security of communication in the post-quantum world. Due to its high efficiency and modest computational requirements, multivariate cryptography seems especially appropriate for signature schemes on low cost devices. However, multivariate schemes are not much used yet, mainly because of the large size of their public keys. In [PB10] Petzoldt et al. presented an idea how to create a multivariate signature scheme with a partially cyclic public key based on the UOV scheme of Kipnis and Patarin [KP99]. In this paper we use their idea to create a multivariate signature scheme whose public key is mainly given by a linear recurring sequence (LRS). By doing so, we are able to reduce the size of the public key by up to 86%. Moreover, we get a public key with good statistical properties.

The Cubic Simple Matrix Encryption Scheme

In this paper, we propose an improved version of the Simple Matrix encryption scheme of PQCrypto2013. The main goal of our construction is to build a system with even stronger security claims. By using square matrices with random quadratic polynomials, we can claim that breaking the system using algebraic attacks is at least as hard as solving a set of random quadratic equations. Furthermore, due to the use of random polynomials in the matrix A, Rank attacks against our scheme are not feasible.

Small Public Keys and Fast Verification for \(\mathcal{M}\)ultivariate \(\mathcal{Q}\)uadratic Public Key Systems

Security of public key schemes in a post-quantum world is a challenging task—as both RSA and ECC will be broken then. In this paper, we show how post-quantum signature systems based on \(\mathcal{M}\)ultivariate \(\mathcal{Q}\)uadratic (\(\mathcal{MQ}\)) polynomials can be improved up by about 9/10, and 3/5, respectively, in terms of public key size and verification time. The exact figures are 88% and 59%. This is particularly important for small-scale devices with restricted energy, memory, or computational power. In addition, we provide evidence that this reduction does not affect security and that it is also optimal in terms of possible attacks. We do so by combining the previously unrelated concepts of reduced and equivalent keys. Our new scheme is based on the so-called Unbalanced Oil and Vinegar class of \(\mathcal{MQ}\)-schemes. We have derived our results mathematically and verified the speed-ups through a C++ implementation.

Towards Provable Security of the Unbalanced Oil and Vinegar Signature Scheme under Direct Attacks

In this paper we show that solving systems coming from the public key of the Unbalanced Oil and Vinegar (UOV) signature scheme is on average at least as hard as solving a certain quadratic system with completely random quadratic part. In providing lower bounds on direct attack complexity we rely on the empirical fact that complexity of solving a non-linear polynomial system is determined by the homogeneous part of this system of the highest degree. Our reasoning explains, in particular, the results on solving the UOV systems presented by J.-C. Faugere and L. Perret at the SCC conference in 2008.

Fast Verification for Improved Versions of the UOV and Rainbow Signature Schemes

Multivariate cryptography is one of the main candidates to guarantee the security of communication in the post-quantum era. While multivariate signature schemes are fast and require only modest computational resources, the key sizes of such schemes are quite large. In [14] Petzoldt et al. proposed a way to reduce the public key size of certain multivariate signature schemes like UOV and Rainbow by a large factor. In this paper we show that by using this idea it is possible to speed up the verification process of these schemes, too. For example, we are able to speed up the verification process of UOV by a factor of 5.

Simple Matrix - A Multivariate Public Key Cryptosystem (MPKC) for Encryption

Proposal of a new multivariate encryption scheme.Improvement of the SimpleMatrix scheme of PQCrypto 2013.Faster decryption.Probability of decryption failures is reduced. Multivariate cryptography is one of the main candidates to guarantee the security of communication in the presence of quantum computers. While there exist a large number of secure and efficient multivariate signature schemes, the number of practical multivariate encryption schemes is somewhat limited. In this paper we present our results on creating a new multivariate encryption scheme, which is an extension of the original SimpleMatrix encryption scheme of PQCrypto 2013. Our scheme allows fast en- and decryption and resists all known attacks against multivariate cryptosystems. Furthermore, we present a new idea to solve the decryption failure problem of the original SimpleMatrix encryption scheme.