Probabilistic Multivariate Cryptography.

Aline Gouget, Jacques Patarin

Abstract

In public key schemes based on multivariate cryptography, the public key is a finite set of m (generally quadratic) polynomial equations and the private key is a trapdoor allowing the owner of the private key to invert the public key. In existing schemes, a signature or an answer to an authentication is valid if all the m equations of the public key are satisfied. In this paper, we study the idea of probabilistic multivariate cryptography, i.e., a signature or an authentication value is valid when at least α equations of the m equations of the public key are satisfied, where α is a fixed parameter of the scheme. We show that many new public key signature and authentication schemes can be built using this concept. We apply this concept on some known multivariate schemes and we show how it can improve the security of the schemes.