본문 바로가기 메뉴바로가기

Papers

An Existential Unforgeable Signature Scheme Based on Multivariate Quadratic Equations

https://doi.org/10.1007/978-3-319-70694-8_2

  • Research Fields산업수학전략연구부
  • AuthorKyung-Ah Shim*, Cheol-Min Park, Namhun Koo
  • JournalInternational Conference on the Theory and Application of Cryptology and Information Security(ASIACRYPT 2017) 10624 (2017
  • Link https://doi.org/10.1007/978-3-319-70694-8_2
  • KeywordIsomorphism of polynomials problem, Direct attack, Existential unforgeability, Key recovery attack, Multivariate-quadratic problem

A multivariate quadratic public-key cryptography (MQ-PKC) is one of the most promising alternatives for classical PKC after the eventual coming of a quantum computer. We propose a new MQ-signature scheme, ELSA, based on a hidden layer of quadratic equations which is an important role in dramatically reducing the secret key size and computational complexity in signing. We prove existential unforgeability of our scheme against an adaptive chosen-message attack under the hardness of the MQ-problem induced by a public key of ELSA with a specific parameter set in the random oracle model. We analyze the security of ELSA against known attacks and derive a concrete parameter based on the security analysis. Performance of ELSA on a recent Intel processor is the fastest among state-of-the-art signature schemes including classical ones and Post-Quantum ones. It takes 6.3   μ s and 13.39   μ s for signing and verification, respectively. Compared to Rainbow, the secret size of the new scheme has reduced by a factor of 88% maintaining the same public key size.

A multivariate quadratic public-key cryptography (MQ-PKC) is one of the most promising alternatives for classical PKC after the eventual coming of a quantum computer. We propose a new MQ-signature scheme, ELSA, based on a hidden layer of quadratic equations which is an important role in dramatically reducing the secret key size and computational complexity in signing. We prove existential unforgeability of our scheme against an adaptive chosen-message attack under the hardness of the MQ-problem induced by a public key of ELSA with a specific parameter set in the random oracle model. We analyze the security of ELSA against known attacks and derive a concrete parameter based on the security analysis. Performance of ELSA on a recent Intel processor is the fastest among state-of-the-art signature schemes including classical ones and Post-Quantum ones. It takes 6.3   μ s and 13.39   μ s for signing and verification, respectively. Compared to Rainbow, the secret size of the new scheme has reduced by a factor of 88% maintaining the same public key size.