Journal of Mathematical Cryptology (Jan 2007)

Weil sum for birthday attack in multivariate quadratic cryptosystem

  • Harayama Tomohiro,
  • Friesen Donald K.

DOI
https://doi.org/10.1515/JMC.2007.006
Journal volume & issue
Vol. 1, no. 1
pp. 79 – 104

Abstract

Read online

We propose a new cryptanalytic application of a number theoretic tool Weil sum to birthday attack against multivariate quadratic trapdoor function. This new customization of birthday attack is developed by evaluating the explicit Weil sum of the underlying univariate polynomial and the exact number of solutions of the associated bivariate equation. We designed and implemented a new algorithm for computing Weil sum values so that we could explicitly identify some class of weak Dembowski-Ostrom polynomials and their equivalent forms in multivariate quadratic trapdoor function. Our customized attack can be also regarded as an equation solving algorithm for the system of some special quadratic equations over finite fields, and it is fundamentally different from the Gröbner basis methods. Both theoretical observation and experiment show that the required computational complexity of the attack on these weak polynomial instances can be asymptotically less than the square root complexity of the common birthday attack by factor of as large as 2n/8 in terms of the extension degree n of . We also suggest a few open problems that any MQ-based short signature scheme must explicitly take into account for the basic design principles.

Keywords