General fault attacks on multivariate public key cryptosystems

Yasufumi Hashimoto, Tsuyoshi Takagi, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Citations (Scopus)


The multivariate public key cryptosystem (MPKC), which is based on the problem of solving a set of multivariate systems of quadratic equations over a finite field, is expected to be secure against quantum attacks. Although there are several existing schemes in MPKC that survived known attacks and are much faster than RSA and ECC, there have been few discussions on security against physical attacks, aside from the work of Okeya et al. (2005) on side-channel attacks against Sflash. In this study, we describe general fault attacks on MPKCs including Big Field type (e.g. Matsumoto-Imai, HFE and Sflash) and Stepwise Triangular System (STS) type (e.g. UOV, Rainbow and TTM/TTS). For both types, recovering (parts of) the secret keys S,T with our fault attacks becomes more efficient than doing without them. Especially, on the Big Field type, only single fault is sufficient to recover the secret keys.

Original languageEnglish
Title of host publicationPost-Quantum Cryptography - 4th International Workshop, PQCrypto 2011, Proceedings
Number of pages18
Publication statusPublished - 2011
Event4th International Workshop on Post-Quantum Cryptography, PQCrypto 2011 - Taipei, Taiwan, Province of China
Duration: Nov 29 2011Dec 2 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7071 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other4th International Workshop on Post-Quantum Cryptography, PQCrypto 2011
Country/TerritoryTaiwan, Province of China

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'General fault attacks on multivariate public key cryptosystems'. Together they form a unique fingerprint.

Cite this