Cryptanalysis of the oil and vinegar signature scheme

Aviad Kipnis¹ &
Adi Shamir²

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1462))

Included in the following conference series:

Annual International Cryptology Conference

2377 Accesses
109 Citations

Abstract

Several multivariate algebraic signature schemes had been proposed in recent years, but most of them had been broken by exploiting the fact that their secret trapdoors are low rank algebraic structures. One of the few remaining variants is Patarin's”Oil & Vinegar” scheme, which is based on a system of n quadratic forms in 2n variables of two flavors (n ”oil” variables and n ”vinegar” variables). The security of the scheme depends on the difficulty of distinguishing between the two types, and does not seem to be susceptible to known low rank attacks. In this paper we describe two novel algebraic attacks which can efficiently separate the oil and vinegar variables, and thus forge arbitrary signatures.

Download to read the full chapter text

Chapter PDF

Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

D. Coppersmith, J. Stern and S. Vaudenay, The Security of the Birational Permutation Signature Scheme, Journal of Cryptology, 1997, pp. 207–221.
Google Scholar
T. Matsumoto and H. Imai, Public Quadratic Polynomial Tuples for Efficient Signature Verification and Message Encryption, Eurocrypt 88, Springer Verlag, pp.419–453.
Google Scholar
H. Ong, C. P. Schnorr, and A. Shamir A Fast Signature Scheme Based on Quadratic Equations, Proc. 16-th ACM Symp. Theory of Computation, 1984, pp. 208–216.
Google Scholar
J.Patarin, Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt 88, Crypto 95, Springer Verlag, pp.248–261.
Google Scholar
J. Patarin, The Oil and Vinegar Algorithm for Signatures, presented at the Dagstuhl Workshop on Cryptography, September 97.
Google Scholar
J.Patarin, Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms, Eurocrypt 96, Springer Verlag, pp.33–48.
Google Scholar
J. M. Pollard and C. P. Schnorr, An Efficient Solution of the Congruence x2 + ky ² = m(mod n), IEEE Trans. Information Theory, vol. IT-33, no. 5, 1987, pp. 702–709.
Article MathSciNet Google Scholar
A. Shamir Efficient Signature Schemes Based on Birational Permutations, Crypto 93, Springer Verlag, pp.1–12.
Google Scholar

Download references

Author information

Authors and Affiliations

NDS Technologies, Israel
Aviad Kipnis
Dept. of Applied Math, Weizmann Institute, Israel
Adi Shamir

Authors

Aviad Kipnis
View author publications
You can also search for this author in PubMed Google Scholar
Adi Shamir
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Hugo Krawczyk

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kipnis, A., Shamir, A. (1998). Cryptanalysis of the oil and vinegar signature scheme. In: Krawczyk, H. (eds) Advances in Cryptology — CRYPTO '98. CRYPTO 1998. Lecture Notes in Computer Science, vol 1462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055733

Download citation

DOI: https://doi.org/10.1007/BFb0055733
Published: 28 May 2006
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64892-5
Online ISBN: 978-3-540-68462-6
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics