{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T07:50:16Z","timestamp":1771573816083,"version":"3.50.1"},"reference-count":51,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2021,4,18]],"date-time":"2021-04-18T00:00:00Z","timestamp":1618704000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,4,18]],"date-time":"2021-04-18T00:00:00Z","timestamp":1618704000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Des. Codes Cryptogr."],"published-print":{"date-parts":[[2021,6]]},"DOI":"10.1007\/s10623-021-00873-9","type":"journal-article","created":{"date-parts":[[2021,4,18]],"date-time":"2021-04-18T14:02:37Z","timestamp":1618754557000},"page":"1335-1364","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Cryptanalysis of the extension field cancellation cryptosystem"],"prefix":"10.1007","volume":"89","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0396-908X","authenticated-orcid":false,"given":"Olive","family":"Chakraborty","sequence":"first","affiliation":[]},{"given":"Jean-Charles","family":"Faug\u00e8re","sequence":"additional","affiliation":[]},{"given":"Ludovic","family":"Perret","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,4,18]]},"reference":[{"key":"873_CR1","unstructured":"Bardet M., Faugere J.-C., Salvy B.: On the complexity of gr\u00f6bner basis computation of semi-regular overdetermined algebraic equations. In: Proceedings of the International Conference on Polynomial System Solving, pp. 71\u201374 (2004)."},{"key":"873_CR2","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1016\/j.jsc.2014.09.025","volume":"70","author":"M Bardet","year":"2015","unstructured":"Bardet M., Faug\u00e8re J.-C., Salvy B.: On the complexity of the f5 gr\u00f6bner basis algorithm. J. Symb. Comput. 70, 49\u201370 (2015).","journal-title":"J. Symb. Comput."},{"key":"873_CR3","unstructured":"Bardet M., Faugere J.-C., Salvy B., Yang B.-Y.: Asymptotic behaviour of the index of regularity of quadratic semi-regular polynomial systems. In: Gianni, P. (ed.) The Effective Methods in Algebraic Geometry Conference (MEGA\u201905), pp. 1\u201314. Citeseer (2005)."},{"key":"873_CR4","first-page":"131A","volume":"800","author":"E Barker","year":"2011","unstructured":"Barker E., Roginsky A.: Transitions: recommendation for transitioning the use of cryptographic algorithms and key lengths. NIST Spec. Publ. 800, 131A (2011).","journal-title":"NIST Spec. Publ."},{"key":"873_CR5","doi-asserted-by":"crossref","unstructured":"Berbain C., Billet O., Gilbert H.: Efficient implementations of multivariate quadratic systems. In: International Workshop on Selected Areas in Cryptography, pp. 174\u2013187. Springer (2006).","DOI":"10.1007\/978-3-540-74462-7_13"},{"key":"873_CR6","unstructured":"Bettale L.: Cryptanalyse alg\u00e9brique: outils et applications. PhD thesis, Paris 6 (2011)."},{"issue":"3","key":"873_CR7","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1515\/JMC.2009.009","volume":"3","author":"L Bettale","year":"2009","unstructured":"Bettale L., Faugere J.-C., Perret L.: Hybrid approach for solving multivariate systems over finite fields. J. Math. Cryptol. 3(3), 177\u2013197 (2009).","journal-title":"J. Math. Cryptol."},{"issue":"1","key":"873_CR8","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10623-012-9617-2","volume":"69","author":"L Bettale","year":"2013","unstructured":"Bettale L., Faug\u00e8re J.-C., Perret L.: Cryptanalysis of HFE, multi-HFE and variants for odd and even characteristic. Des. Codes Cryptogr. 69(1), 1\u201352 (2013).","journal-title":"Des. Codes Cryptogr."},{"key":"873_CR9","doi-asserted-by":"crossref","unstructured":"Beullens W., Preneel B.: Field lifting for smaller UOV public keys. In: International Conference on Cryptology in India, pp. 227\u2013246. Springer (2017).","DOI":"10.1007\/978-3-319-71667-1_12"},{"key":"873_CR10","doi-asserted-by":"crossref","unstructured":"Bouillaguet C., Fouque P.-A., Macario-Rat G.: Practical key-recovery for all possible parameters of sflash. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 667\u2013685. Springer (2011).","DOI":"10.1007\/978-3-642-25385-0_36"},{"key":"873_CR11","unstructured":"Buchberger B.: An algorithm for finding the base elements of the residual class ring after a zero-dimensional polynomial ideal. PhD thesis, Universitat Insbruck (1965)."},{"key":"873_CR12","doi-asserted-by":"publisher","first-page":"374","DOI":"10.1007\/BF01844169","volume":"4","author":"B Buchberger","year":"1970","unstructured":"Buchberger B.: An algorithmical criteria for the solvability of algebraic systems of equations. Aequationes Math. 4, 374\u2013383 (1970).","journal-title":"Aequationes Math."},{"key":"873_CR13","doi-asserted-by":"crossref","unstructured":"Buchberger B.: A criterion for detecting unnecessary reductions in the construction of gr\u00f6bner-bases. In: International Symposium on Symbolic and Algebraic Manipulation, pp. 3\u201321. Springer (1979).","DOI":"10.1007\/3-540-09519-5_52"},{"key":"873_CR14","doi-asserted-by":"crossref","unstructured":"Buchberger B.: Grobner bases: an algorithmic method in polynomial ideal theory. Multidimensional systems theory (1985).","DOI":"10.1007\/978-94-009-5225-6_6"},{"key":"873_CR15","unstructured":"Buchmann J.A., Ding J., Mohamed M.S.E., Mohamed W.S.E.: Mutantxl: solving multivariate polynomial equations for cryptanalysis. In: Dagstuhl Seminar Proceedings. Schloss Dagstuhl-Leibniz-Zentrum f\u00fcr Informatik (2009)."},{"key":"873_CR16","unstructured":"Cabarcas D., Smith-Tone D., Verbel J.A.: Practical key recovery attack for ZHFE."},{"key":"873_CR17","doi-asserted-by":"crossref","unstructured":"Cartor R., Smith-Tone D.: Eflash: a new multivariate encryption scheme. In: International Conference on Selected Areas in Cryptography, pp. 281\u2013299. Springer (2018).","DOI":"10.1007\/978-3-030-10970-7_13"},{"key":"873_CR18","unstructured":"Casanova A., Faug\u00e8re J.-C., Macario-Rat G., Patarin J., Perret L., Ryckeghem J.: Gemss: a great multivariate short signature. Submission to NIST (2017)."},{"key":"873_CR19","doi-asserted-by":"crossref","unstructured":"Chen L., Chen L., Jordan S., Liu Y.-K., Moody D., Peralta R., Perlner R., Smith-Tone D.: Report on Post-quantum Cryptography. US Department of Commerce, National Institute of Standards and Technology (2016).","DOI":"10.6028\/NIST.IR.8105"},{"key":"873_CR20","unstructured":"Chen M.-S., Yang B.-Y., Smith-Tone D.: Pflash-secure asymmetric signatures on smart cards. In: Lightweight Cryptography Workshop (2015)."},{"key":"873_CR21","doi-asserted-by":"crossref","unstructured":"Courtois N.T.: The security of hidden field equations (HFE). In: Cryptographers\u2019 Track at the RSA Conference, pp. 266\u2013281. Springer (2001).","DOI":"10.1007\/3-540-45353-9_20"},{"issue":"6124","key":"873_CR22","doi-asserted-by":"publisher","first-page":"1169","DOI":"10.1126\/science.1231930","volume":"339","author":"MH Devoret","year":"2013","unstructured":"Devoret M.H., Schoelkopf R.J.: Superconducting circuits for quantum information: an outlook. Science 339(6124), 1169\u20131174 (2013).","journal-title":"Science"},{"key":"873_CR23","doi-asserted-by":"crossref","unstructured":"Ding J., Schmidt D.: Rainbow, a new multivariable polynomial signature scheme. In: International Conference on Applied Cryptography and Network Security, pp. 164\u2013175. Springer (2005).","DOI":"10.1007\/11496137_12"},{"issue":"1","key":"873_CR24","doi-asserted-by":"publisher","first-page":"65","DOI":"10.3934\/amc.2020043","volume":"15","author":"J Ding","year":"2021","unstructured":"Ding J., Zhang Z., Deaton J.: The singularity attack to the multivariate signature scheme HIMQ-3. Adv. Math. Commun. 15(1), 65 (2021).","journal-title":"Adv. Math. Commun."},{"key":"873_CR25","unstructured":"Ding J., Zhang Z., Deaton J., Schmidt K., Vishakha F.: New attacks on lifted unbalanced oil vinegar. In: The 2nd NIST PQC Standardization Conference (2019)."},{"key":"873_CR26","doi-asserted-by":"crossref","unstructured":"Dubois V., Fouque P.-A., Shamir A., Stern J.: Practical cryptanalysis of SFLASH. In: Annual International Cryptology Conference, pp. 1\u201312. Springer (2007).","DOI":"10.1007\/978-3-540-74143-5_1"},{"issue":"1\u20133","key":"873_CR27","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1016\/S0022-4049(99)00005-5","volume":"139","author":"J-C Faugere","year":"1999","unstructured":"Faugere J.-C.: A new efficient algorithm for computing gr\u00f6bner bases (f4). J. Pure Appl. Algebra 139(1\u20133), 61\u201388 (1999).","journal-title":"J. Pure Appl. Algebra"},{"key":"873_CR28","doi-asserted-by":"crossref","unstructured":"Faug\u00e8re J.C.: A new efficient algorithm for computing gr\u00f6bner bases without reduction to zero (f 5). In: Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation, pp. 75\u201383. ACM (2002).","DOI":"10.1145\/780506.780516"},{"key":"873_CR29","doi-asserted-by":"crossref","unstructured":"Faugere J.-C., Joux A.: Algebraic cryptanalysis of hidden field equation (hfe) cryptosystems using gr\u00f6bner bases. In: Annual International Cryptology Conference, pp. 44\u201360. Springer (2003).","DOI":"10.1007\/978-3-540-45146-4_3"},{"key":"873_CR30","doi-asserted-by":"crossref","unstructured":"Faugere J.-C., Joux A., Perret L., Treger J.: Cryptanalysis of the hidden matrix cryptosystem. In: International Conference on Cryptology and Information Security in Latin America, pp. 241\u2013254. Springer (2010).","DOI":"10.1007\/978-3-642-14712-8_15"},{"issue":"2","key":"873_CR31","doi-asserted-by":"publisher","first-page":"117","DOI":"10.7146\/math.scand.a-12092","volume":"56","author":"R Fr\u00f6berg","year":"1985","unstructured":"Fr\u00f6berg R.: An inequality for Hilbert series of graded algebras. Math. Scand. 56(2), 117\u2013144 (1985).","journal-title":"Math. Scand."},{"key":"873_CR32","volume-title":"Computers and Intractability","author":"MR Garey","year":"1979","unstructured":"Garey M.R., Johnson D.S.: Computers and Intractability, vol. 174. Freeman, San Francisco (1979)."},{"key":"873_CR33","unstructured":"http:\/\/magma.maths.usyd.edu.au. Magma: High performace software for algebra, number theory and geometry."},{"key":"873_CR34","doi-asserted-by":"crossref","unstructured":"Jao D., De\u00a0Feo L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: International Workshop on Post-quantum Cryptography, pp. 19\u201334. Springer (2011).","DOI":"10.1007\/978-3-642-25405-5_2"},{"key":"873_CR35","doi-asserted-by":"crossref","unstructured":"Kipnis A., Patarin J., Goubin L.: Unbalanced oil and vinegar signature schemes. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 206\u2013222. Springer (1999).","DOI":"10.1007\/3-540-48910-X_15"},{"key":"873_CR36","doi-asserted-by":"crossref","unstructured":"Lazard D.: Gr\u00f6bner bases, Gaussian elimination and resolution of systems of algebraic equations. In: European Conference on Computer Algebra, pp. 146\u2013156. Springer (1983).","DOI":"10.1007\/3-540-12868-9_99"},{"key":"873_CR37","doi-asserted-by":"crossref","unstructured":"Matsumoto T., Imai H: Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In: Workshop on the Theory and Application of of Cryptographic Techniques, pp. 419\u2013453. Springer (1988).","DOI":"10.1007\/3-540-45961-8_39"},{"key":"873_CR38","doi-asserted-by":"crossref","unstructured":"Mus K., Islam S., Sunar B.: QuantumHammer: a practical hybrid attack on the LUOV signature scheme. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 1071\u20131084 (2020).","DOI":"10.1145\/3372297.3417272"},{"key":"873_CR39","doi-asserted-by":"crossref","unstructured":"Overbeck R., Sendrier N.: Code-based cryptography. In: Post-quantum Cryptography, pp. 95\u2013145. Springer (2009).","DOI":"10.1007\/978-3-540-88702-7_4"},{"key":"873_CR40","doi-asserted-by":"crossref","unstructured":"Patarin J.: Cryptanalysis of the Matsumoto and Imai public key scheme of eurocrypt\u201988. In: Annual International Cryptology Conference, pp. 248\u2013261. Springer (1995).","DOI":"10.1007\/3-540-44750-4_20"},{"key":"873_CR41","doi-asserted-by":"crossref","unstructured":"Patarin J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): two new families of asymmetric algorithms. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 33\u201348. Springer (1996).","DOI":"10.1007\/3-540-68339-9_4"},{"key":"873_CR42","doi-asserted-by":"crossref","unstructured":"Patarin J., Courtois N., Goubin L.: Quartz, 128-bit long digital signatures. In: Cryptographers\u2019 Track at the RSA Conference, pp. 282\u2013297. Springer (2001).","DOI":"10.1007\/3-540-45353-9_21"},{"key":"873_CR43","doi-asserted-by":"crossref","unstructured":"Petzoldt A., Chen M.S., Yang B.Y., Tao C., Ding J.: Design principles for HFEv based signature schemes. In: ASIACRYPT 2015-part 1, LNCS vol. 9452, (2015).","DOI":"10.1007\/978-3-662-48797-6_14"},{"key":"873_CR44","unstructured":"Petzoldt A., Chen M.S., Yang B.Y., Tao C., Ding J.: GUI documentation, https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions (2017)."},{"key":"873_CR45","doi-asserted-by":"crossref","unstructured":"Regev O.: Lattice-based cryptography. In: Annual International Cryptology Conference, pp. 131\u2013141. Springer (2006).","DOI":"10.1007\/11818175_8"},{"key":"873_CR46","doi-asserted-by":"crossref","unstructured":"Shamir A., Kipnis A.: Cryptanalysis of the HFE public key cryptosystem. In: Advances in Cryptology, Proceedings of Crypto, vol. 99 (1999).","DOI":"10.1007\/3-540-48405-1_2"},{"key":"873_CR47","unstructured":"Shim K.-A., Park C.-M., Kim A.: Himq-3: A high speed signature scheme based on multivariate quadratic equations, NIST submission (2017). [on-line]. https:\/\/csrc.nist.gov\/Projects\/Post-Quantum-Cryptography\/Round-1-Submissions."},{"key":"873_CR48","doi-asserted-by":"crossref","unstructured":"Smith-Tone D.: Properties of the discrete differential with cryptographic applications. In: International Workshop on Post-Quantum Cryptography, pp. 1\u201312. Springer (2010).","DOI":"10.1007\/978-3-642-12929-2_1"},{"key":"873_CR49","doi-asserted-by":"crossref","unstructured":"Szepieniec A., Ding J., Preneel B.: Extension field cancellation: a new central trapdoor for multivariate quadratic systems. In: International Workshop on Post-quantum Cryptography, pp. 182\u2013196. Springer (2016).","DOI":"10.1007\/978-3-319-29360-8_12"},{"key":"873_CR50","doi-asserted-by":"crossref","unstructured":"Vates J., Smith-Tone D.: Key recovery attack for all parameters of HFE. In: International Workshop on Post-Quantum Cryptography, pp. 272\u2013288. Springer (2017).","DOI":"10.1007\/978-3-319-59879-6_16"},{"key":"873_CR51","doi-asserted-by":"crossref","unstructured":"Zhang W., Tan C.H.: On the security and key generation of the ZHFE encryption scheme. In: International Workshop on Security, pp. 289\u2013304. Springer (2016).","DOI":"10.1007\/978-3-319-44524-3_17"}],"container-title":["Designs, Codes and Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-021-00873-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10623-021-00873-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-021-00873-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,26]],"date-time":"2021-05-26T15:25:14Z","timestamp":1622042714000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10623-021-00873-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,18]]},"references-count":51,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2021,6]]}},"alternative-id":["873"],"URL":"https:\/\/doi.org\/10.1007\/s10623-021-00873-9","relation":{},"ISSN":["0925-1022","1573-7586"],"issn-type":[{"value":"0925-1022","type":"print"},{"value":"1573-7586","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,4,18]]},"assertion":[{"value":"24 January 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 March 2021","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 March 2021","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 April 2021","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}