3 Hits in 4.6 sec

A family of weak keys in HFE and the corresponding practical key-recovery

Charles Bouillaguet, Pierre-Alain Fouque, Antoine Joux, Joana Treger
2012 Journal of Mathematical Cryptology  
The HFE (Hidden Field Equations) cryptosystem is one of the most interesting public-key multivariate scheme.  ...  Even though for schemes such as SFLASH or C * the hardness of key-recovery relies on the hardness of the IP problem, this is normally not the case for HFE, since the internal polynomial is kept secret.  ...  Our Results In this paper, we consider the key recovery problem on a class of weak keys for HFE.  ... 
doi:10.1515/jmc.2011.012 fatcat:4qbffxamcrg6hgbcld6b3pehmi

Post-Quantum Cryptography [chapter]

Qijun Gu, Pascal Paillier, Tanja Lange, Edlyn Teske, Darrel Hankerson, Alfred Menezes, David Zhang, Feng Yue, Wangmeng Zuo, Jean-Jacques Quisquater, Gildas Avoine, Gerald Brose (+73 others)
2011 Encyclopedia of Cryptography and Security  
We hope that it serves as an introduction to the field, as an overview of the state of the art, and as an encouragement for many more scientists to join us in investigating post-quantum cryptography.  ...  future of the Internet.  ...  Acknowledgements We thank Phong Nguyen and Markus Rückert for helpful discussions on the practical security of lattice-based cryptography.  ... 
doi:10.1007/978-1-4419-5906-5_386 fatcat:ucdkilta7zc3voq7nqctmjkcr4

Multivariate Public Key Cryptography [chapter]

Jintai Ding, Bo-Yin Yang
Post-Quantum Cryptography  
A multivariate public key cryptosystem (MPKCs for short) have a set of (usually) quadratic polynomials over a nite eld as its public map.  ...  Keywords: Gröbner basis, multivariate public key cryptosystem, linear algebra, dierential attack Cipher block or Message digest Size: m elements of F q Plaintext block or Signature Size: n elements of  ...  As mentioned in Sec. 3.3 , instead of using for Q the monomial used by C * , we would substitute the extended Dembowski-Ostrom polynomial map: Q : x ∈ L = F n q −→ y = 0≤i≤j<r a ij x q i +q j + 0≤i<r  ... 
doi:10.1007/978-3-540-88702-7_6 fatcat:675sdc5ytbfllbqlslhvehirgy