Public-key cryptographic techniques are widely used for encryption and authentication of electronic documents. Such techniques use a mathematically-related key pair: a secret private key and a freely-distributed public key. For authentication, the sender uses a private key to compute an electronic signature over a given message, and then transmits the message together with the signature. The recipient verifies the signature against the message using the corresponding public key, and thus confirms that the document originated with the holder of the private key and not an impostor.
Commonly-used public-key cryptographic techniques, such as the Rivest Shamir Adleman (RSA) algorithm, rely on numerical computations over large finite fields. To ensure security against cryptanalysis, these techniques require the use of large signatures, which are costly, in terms of memory and computing power, to store and compute. These demands can be problematic in applications such as smart cards, in which computing resources are limited.
Various alternative public-key signature schemes have been developed in order to reduce the resource burden associated with cryptographic operations. One class of such schemes is based on solution of multivariate polynomial equations over finite fields. These schemes can offer enhanced security while operating over relatively small finite fields. Most attention in this area has focused on multivariate quadratic (MQ) equations. A useful survey of work that has been done in this area is presented by Wolf and Preneel in “Taxonomy of Public Key Schemes Based on the Problem of Multivariate Quadratic Equations,” Cryptology ePrint Archive, Report 2005/077 (2005), which is incorporated herein by reference.
U.S. Pat. No. 7,100,051, whose disclosure is incorporated by reference, describes an “Unbalanced Oil and Vinegar” scheme for enhancing the security of public-key signature methods. In the private key representation of the UOV scheme, the variables are divided into two groups: an “Oil” group and a “Vinegar” group. The Oil variables interact with all other variables, while the Vinegar variables do not interact among themselves. In the public key representation, this special structure is concealed using certain linear transformations.