許多公開金鑰系統是值基於單變數低次多項式,但多項式的反函數為高次的多項式。因此計算此多項式的反元素是相當費時的,而多變數公開金鑰系統(MQPKC)可以克服此類的問題。第一個多變數公開金鑰系統被Fell 和Diffe[33]所提出。到目前為止,有數十個多變數公開金鑰系統已經被提出,然而大多數都被破解了。 如何設計一個安全又有效率的MQPKC 仍是一個未知的問題。為了瞭解如何設計MQPKC,我們研究了目前已提出的MQPKC 及已知的攻擊方法。藉由學習兩個已知的解方程組的演算法的過程中,我們發展出另一個更有效率的解方程組演算法,此外這個方法也可以檢驗MQPKC 可能的弱點。 同時我們也提出攻擊Multi-Sets UOV 類簽章的方法;也發展目前最有效率的解多變數二次方程組的演算法,因此我們算出為了達到2 的80 次方的安全性,在有限體個數為256 的條件下,至少要30 個變數及方程式,在有限體個數為16 的條件下,至少要34 個變數及方程式。 最後我們推論出設計MQPKC 的準則,以使得所設計的MQPKC 可以被有系統的檢驗及不會再被已知的方法所攻擊。
Many public key cryptosystems are based on univariate polynomials with low degree but the inverse of the polynomials are high degree polynomials. Thus it is time consuming to compute the inverse of the polynomials. Multivariate Quadratic Public Key Cryptosystem (MQPKC) can overcome this problem. The first MQPKC was proposed by Fell and Diffie [33]. Until now, there have been dozens of MQPKCs proposed. However most of them were broken. How to design a secure and practical MQPKC is still unknown. In order to study how to design a MQPKC, we survey the multivariate public key cryptosystems and the attacks against these cryptosystems. By studying the two algorithms for equations solving, we develop a more efficient algorithm for equations solving. Moreover, this algorithm can be used for examining the possible defects of MQPKCs. We also propose the attack against Multi-Sets UOV, e.g. TRMS, TTS, and Rainbow, and study the more efficient algorithm, XFLT , for solving the quadratic equations. Consequently, the minimum numbers of equations and variables for the security level 280 are 30 over GF(256) and 34 over GF(16). Finally we deduce and study criteria for building MQPKCs such that the new MQPKCs are examined systematically and are not attacked by the previous methods.