Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Efficient Key Recovery for all HFE Signature Variants

June 7, 2021


Albrecht Petzoldt - FAU Erlangen Nuremberg


The HFE cryptosystem is one of the best known multivariate schemes. Especially in the area of digital signatures, the  HFEv- variant offers short signatures and high performance. Recently, an instance of the HFEv- signature scheme called GeMSS was elected as one of the alternative candidates for signature schemes in the third round of the
NIST Post Quantum Crypto (PQC) Standardization Project. In this paper, we propose a new key recovery attack on the HFEv- signature scheme. Our attack shows that both the Minus and the Vinegar modication do not enhance the security of the basic HFE scheme significantly. This shows that it is very difficult to build a secure and efficient signature scheme on the basis of HFE. In particular, we use our attack to show that the proposed parameters of the GeMSS scheme are not as secure as claimed.

Event Details



Related Topics

Security and Privacy: post-quantum cryptography

Created June 07, 2021, Updated June 10, 2021