International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Equivalent Keys in HFE, C$^*$, and variations

Christopher Wolf
Bart Preneel
Search ePrint
Search Google
Abstract: In this article, we investigate the question of equivalent keys for two $\mathcal{M}$ultivariate $\mathcal{Q}$uadratic public key schemes HFE and C$^{*--}$ and improve over a previously known result, to appear at PKC 2005. Moreover, we show a new non-trivial extension of these results to the classes HFE-, HFEv, HFEv-, and C$^{*--}$, which are cryptographically stronger variants of the original HFE and C$^*$ schemes. In particular, we are able to reduce the size of the private --- and hence the public --- key space by at least one order of magnitude. While the results are of independent interest themselves, we also see applications both in cryptanalysis and in memory efficient implementations.
  title={Equivalent Keys in HFE, C$^*$, and variations},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / Multivariate Quadratic Equations, Public Key signature, Hidden Field Equations, HFE, HFE-, HFEv, HFEv-, C$^*$, C$^{*--}$},
  note={Proceedings of Mycrypt 2005, LNCS 3715, pages 33-49. Serge Vaudenay, editor, Springer, 2005. 13004 received 16 Dec 2004, last revised 9 Aug 2005},
  author={Christopher Wolf and Bart Preneel},