Cryptanalysis of a multivariate CCZ scheme
Alessio Caminata, Elisa Gorla, Madison Mabe, Martina Vigorito, Irene Villa
TL;DR
This paper demonstrates that the multivariate Pesto scheme's public key, initially degree 4, can be efficiently reduced to quadratic polynomials, challenging assumptions about the security benefits of CCZ transformations.
Contribution
We show that the public degree 4 polynomial system in Pesto can be efficiently reduced to quadratic polynomials, questioning the security advantage of CCZ transformations.
Findings
Degree 4 polynomial system reducible to quadratic polynomials
CCZ transformation may not significantly enhance security
Implications for multivariate cryptography security assumptions
Abstract
We consider the multivariate scheme Pesto, which was introduced by Calderini, Caminata, and Villa. In this scheme, the public polynomials are obtained by applying a CCZ transformation to a set of quadratic secret polynomials. As a consequence, the public key consists of polynomials of degree 4. In this work, we show that the public degree 4 polynomial system can be efficiently reduced to a system of quadratic polynomials. This seems to suggest that the CCZ transformation may not offer a significant increase in security, contrary to what was initially believed.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.