Multivariate public-key cryptosystems (sometimes polynomial-based PKC's or just multivariates) handle polynomials of many variables over relatively small fields instead of elements of a large ring or group. The "tame-like" or "sparse" class of multivariates are distinguished by the relatively few terms that they have per central equation. We explain how they differ from the "big-field" type of multivariates, represented by derivatives of C * and HFE, how they are better, and give basic security

more »

... criteria for them. The last is shown to be satisfied by efficient schemes called "Enhanced TTS" which is built on a combination of the Oil-and-Vinegar and Triangular ideas. Their security levels are estimated. In this process we summarize and in some cases, improve rank-based attacks, which seek linear combinations of certain matrices at given ranks. These attacks are responsible for breaking many prior multivariate designs. Research supported in part by Taiwan's National Science Council via twisc (Taiwan Information Security Center at NTUST) project and grant NSC93-M-2115-032-008 3 also "polynomial-based" along with lattice-based NTU, which differs fundamentally.