# Generic Attacks and the Security of Quartz

@inproceedings{Courtois2003GenericAA, title={Generic Attacks and the Security of Quartz}, author={Nicolas T. Courtois}, booktitle={Public Key Cryptography}, year={2003} }

The signature scheme Quartz is based on a trapdoor function G belonging to a family called HFEv-. It has two independent security parameters, and we claim that if d is big enough, no better method to compute an inverse of G than the exhaustive search is known. Such a (quite strong) assumption, allows to view Quartz as a general construction, that transforms a trapdoor function into a short signature scheme. The main object of this paper is the concrete security of this construction. On one hand…

## 20 Citations

### On the Security of HFE, HFEv- and Quartz

- Mathematics, Computer SciencePublic Key Cryptography
- 2003

It is shown that even modified HFE systems can be successfully attacked and it seems that the complexity of the attack increases by at least a factor of qtot with tot being the total number of perturbations in HFE.

### On Provable Security of UOV and HFE Signature Schemes against Chosen-Message Attack

- Computer Science, MathematicsPQCrypto
- 2011

It is shown that the UOV and the HFE signature schemes can be modified into ones achieving the EUF-CMA in the random oracle model, without changing each underlying trapdoor function.

### A Generic Scheme Based on Trapdoor One-Way Permutations with Signatures as Short as Possible

- Computer Science, MathematicsPublic Key Cryptography
- 2005

This work answers the open question of the possibility of building a digital signature scheme with proven security based on the one-wayness of a trapdoor permutation and with signatures as short as possible and shows that the k-rounds GCC based on a k-bit one- way permutation with k-bits security generates k- bit signatures with almost k-Bit security.

### Proposal of Enhancement for Quartz Digital Signature

- Computer Science, MathematicsIEEE Latin America Transactions
- 2016

Based on Quartz, a new digital signature scheme is presented, achieving the adaptive chosen message attacks that make calls to the random oracle, with a security level estimated at 2112.

### MQ Signature and Proxy Signature Schemes with Exact Security Based on UOV Signature

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2013

This paper proposes a combined MQ signature scheme based on the yet unbroken UOV (Unbalanced Oil and Vinegar) signature if parameters are properly chosen, which can not only reduce the public key size of the UOV signature, but also provide more tighter bound of security against chosen-message attack in the random oracle model.

### Post quantum proxy signature scheme based on the multivariate public key cryptographic signature

- Computer Science, MathematicsInt. J. Distributed Sens. Networks
- 2020

The proxy signature in the post-quantum setting is investigated so that it can resist against the potential attacks from the quantum adversaries and is used to construct practical proxy signature schemes for three well-known and promising multivariate public key cryptographic signature schemes.

### Multivariate Signature using Algebraic Techniques

- Computer Science, Mathematics2006 IEEE International Symposium on Information Theory
- 2006

An algebraic framework for designing trap-door one-way functions with applications in multivariate signature schemes and a practical instance of the paraunitary digital-signature scheme that is as efficient as the hidden-field equations (HFE) scheme.

### GeMSS: A Great Multivariate Short Signature

- Computer Science, Mathematics
- 2017

The purpose of this document is to present GeMSS : a Great Multivariate Signature Scheme, a multivariate-based signature scheme producing small signatures and a fast verification process, and a medium/large public-key.

### Practical Cryptanalysis of a Public Key Cryptosystem Based on the Morphism of Polynomials Problem

- Computer Science, Mathematics
- 2018

This work presents a proposition that reduces the DMDH problem to an easy example of the MP problem, and proposes an efficient algorithm for the Key Recover Attack (KRA) on the schemes of the public key cryptosystem.

### Public-key cryptography using paraunitary matrices

- Computer Science, MathematicsIEEE Transactions on Signal Processing
- 2006

Comparing complexities of the PAC to those in the hidden-field equation (HFE) family, it is shown that the PAC is faster in public-key generation and decryption and that the attacks developed for the HFE are not applicable on the PAC.

## References

SHOWING 1-10 OF 32 REFERENCES

### QUARTZ, 128-Bit Long Digital Signatures

- Computer Science, MathematicsCT-RSA
- 2001

This paper presents a first well defined algorithm and signature scheme, with concrete parameter choice, that gives 128-bit signatures while the best known attack to forge a signature is in 280.

### A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks

- Computer Science, MathematicsSIAM J. Comput.
- 1988

A digital signature scheme based on the computational difficulty of integer factorization possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice cannot later forge the signature of even a single additional message.

### The Security of Hidden Field Equations (HFE)

- Computer Science, MathematicsCT-RSA
- 2001

We consider the basic version of the asymmetric cryptosystem HFE from Eurocrypt 96.We propose a notion of non-trivial equations as a tentative to account for a large class of attacks on one-way…

### Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization

- Mathematics, Computer ScienceCRYPTO
- 1999

This paper considers Patarin's Hidden Field Equations (HFE) scheme, which is believed to be one of the strongest schemes of this type, and develops a new relinearization method for solving such systems for any constant Ɛ > 0 in expected polynomial time.

### How to Achieve a McEliece-Based Digital Signature Scheme

- Computer ScienceASIACRYPT
- 2001

This paper disproves the belief that code-based cryptosystems like McEliece do not allow practical digital signatures, and shows a way to build a practical signature scheme based on coding theory.

### FLASH, a Fast Multivariate Signature Algorithm

- Computer ScienceCT-RSA
- 2001

The particular parameter choice and implementation details of one of the rare published, but not broken signature schemes, that allow signatures to be computed and checked by a low-cost smart card are described.

### Short Signatures from the Weil Pairing

- Computer Science, MathematicsJ. Cryptol.
- 2004

A short signature scheme based on the Computational Diffie–Hellman assumption on certain elliptic and hyperelliptic curves is introduced for systems where signatures are typed in by a human or are sent over a low-bandwidth channel.

### Unbalanced Oil and Vinegar Signature Schemes

- Computer Science, MathematicsEUROCRYPT
- 1999

It is shown that (in characteristic 2) when v ≥ n2, finding a solution is generally easy and it is very easy to combine the Oil and Vinegar idea and the HFE schemes of [14], and the resulting scheme, called HFEV, looks at the present also very interesting both from a practical and theoretical point of view.

### C*-+ and HM: Variations Around Two Schemes of T. Matsumoto and H. Imai

- Computer Science, MathematicsASIACRYPT
- 1998

This paper studies some very simple variations of C• - such as C• +• - where the attack of [8] is avoided, and where the very simple secret key computations are kept, and designs some new cryptanalysis that are efficient against some of - but not all - these variations.

### Solving Underdefined Systems of Multivariate Quadratic Equations

- Mathematics, Computer SciencePublic Key Cryptography
- 2002

The security of several recent digital signature schemes is based on the difficulty of solving large systems of quadratic multivariate polynomial equations over a finite field F. This problem,…