In this article, we present algebraic attacks against the Extension Field Cancellation ( $$\texttt {EFC}$$ ) scheme, a multivariate public-key encryption scheme which was published at PQCRYPTO’2016. First, we present a successful Grobner basis message-recovery attack on the first and second proposed parameters of the scheme. For the first challenge parameter, a Grobner-based hybrid attack has a $$2^{65}$$ bit complexity which beats the claimed 80 bit security level. We further show that the algebraic system arising from an $$\texttt {EFC}$$ public-key is much easier to solve than a random system of the same size. Briefly, this is due to the apparition of many lower degree equations during the Grobner basis computation. We present a polynomial-time method to recover such lower-degree relations and also show their usefulness in improving the Grobner basis attack complexity on $$\texttt {EFC}$$ . Thus, we show that there is an algebraic structural weakness in the system of equations coming from $$\texttt {EFC}$$ and hence makes the scheme not suitable for encryption.
Read full abstract