Abstract
The public-key operation in multivariate encryption and signature schemes evaluates \begin{document}$ m $\end{document} quadratic polynomials in \begin{document}$ n $\end{document} variables. In this paper we analyze how fast this simple operation can be made. We optimize it for different finite fields on modern architectures. We provide an objective and inherent efficiency measure of our implementations, by comparing their performance with the peak performance of the CPU. In order to provide a fair comparison for different parameter sets, we also analyze the expected security based on the algebraic attack taking into consideration the hybrid approach. We compare the attack's efficiency for different finite fields and establish trends. We detail the role that the field equations play in the attack. We then provide a broad picture of efficiency of MQ-public-key operation against security.
Highlights
The quest for new hardness assumptions to support public-key cryptosystems is today more pertinent than ever
Several public-key encryption [20, 22, 26, 10] and signature schemes [18, 25, 11, 23, 24, 27] have been proposed based on the hardness of the multivariate quadratic (MQ) problem
The MQ problem is the problem of solving a random system of m quadratic equations in n variables over a finite field
Summary
The quest for new hardness assumptions to support public-key cryptosystems is today more pertinent than ever. We optimize implementations for the MQ-public-key operation for different finite fields for an Intel x86 64 architecture with SIMD instructions. For the other fields, the code was written in such a way that the compiler can vectorize it with SIMD instructions We evaluate their efficiency comparing the performance with the peak of the computer and comparing this with a highly efficient mathematical library for floats. Chen et al [9] provide a broad discussion on how to use modern CPUs to implement various MQ-cryptographic algorithms They favor the matrix-vector multiplication approach for the public-key operation, as we do, and discuss which intrinsics can be used to speed up this operation.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have