A Polynomial-Time Key-Recovery Attack on MQQ Cryptosystems

4 years 1 months ago
A Polynomial-Time Key-Recovery Attack on MQQ Cryptosystems
Abstract. We investigate the security of the family of MQQ public key cryptosystems using multivariate quadratic quasigroups (MQQ). These cryptosystems show especially good performance properties. In particular, the MQQ-SIG signature scheme is the fastest scheme in the ECRYPT benchmarking of cryptographic systems (eBACS). We show that both the signature scheme MQQ-SIG and the encryption scheme MQQ-ENC, although using different types of MQQs, share a common algebraic structure that introduces a weakness in both schemes. We use this weakness to mount a successful polynomial time key-recovery attack. Our key-recovery attack finds an equivalent key using the idea of so-called good keys that reveals the structure gradually. In the process we need to solve a MinRank problem that, because of the structure, can be solved in polynomial-time assuming some mild algebraic assumptions. We highlight that our theoretical results work in characteristic 2 which is known to be the most difficult case ...
Jean-Charles Faugère, Danilo Gligoroski, Lu
Added 16 Apr 2016
Updated 16 Apr 2016
Type Journal
Year 2015
Where PKC
Authors Jean-Charles Faugère, Danilo Gligoroski, Ludovic Perret, Simona Samardjiska, Enrico Thomae
Comments (0)