HiMQ-3

From PQC WIKI
Revision as of 23:34, 12 May 2021 by Admin (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


HiMQ-3 - round 1

Variant
Description Multivariate Cryptography
Assumption Multivariate quadratic systems of equations, Extended Isomorphism of Polynomials, and Min Rank problems.
Functionality Signature ??? (CAUTION)
Public Key
(bytes)
L1 (HiMQ-3); 128744, L1 (HiMQ-3F);100878
Secret Key
(bytes)
L1 (HiMQ-3); 12074, L1 (HiMQ-3F);14878,
CIPH/SIG
(bytes)
L1 (HiMQ-3); 75, L1 (HiMQ-3F); 67 L3 (HiMQ-3)?; 131, L5 (HiMQ-3)?; 182
Attacks - Comment Originally submitted parameters at the 128-bit security level have been revised by th designers after an improved key recovery attack discussed in the comments by Ward Beullens and the designers: (GF(256), 31,15,15,14) → (GF(256), 36,15,15,15) and (GF(256),24,11,17,15) → (GF(256),36,13,17,15) for HiMQ-3 and HiMQ-3F, respectively.
Security Discussions EUF-CMA
Challenges
Notes The submission does not seem to be revised to reflect how the recommended changes in the parameter choices will affect the protocol size. (Signature sizes should probably change from 75 and 67 to 81).Signature sizes of 131 and 182 are just a guess.Protocol size for Level 3 and 5 do not seem to be explicitly reported on the proposal. Note 4: There seems to be some conflict between the protocol size numbers in “Limitations” paragraph and the tables.
Updated [