On the security of multivariate-based ring signature and other related primitives

Abstract

The multivariate public-key cryptography (MPKC) provides a promising class of post-quantum signature schemes. Its theoretical security comes from the intractability of the multivariate quadratic problem (MQ problem), which is an NP-hard problem [1]. Nevertheless, not every instance of MQ-problem is hard [2–6] while the problem itself is NP-hard. Thus, it is important to understand and analyze the nature of the quadratic systems used in existing MPKC so that the security of the multivariate schemes can be properly assessed. Herein, we present a detailed cryptanalysis of the multivariate based ‘ring’ signature scheme presented by Wang et al. [7]. We utilize the attacks on the underdetermined system of multivariate quadratic equations. We prove both theoretically and experimentally that the scheme (Wang et al. [7]) can be broken in polynomial time even for rings of small size. Additionally, we observed that the attack strategy we proposed in this work is not only limited to [7], but can also be applied to break the unforgeability of other multivariate based schemes such as verifiable ring signature scheme [8], multivariate group signature scheme [9], and Gui and GeMSS based ring signature scheme [10,11].