## Evaluation of solving time for multivariate quadratic equation system using XL algorithm over small finite fields on GPU.(English)Zbl 1327.94076

Mohapatra, Ram N. (ed.) et al., Mathematics and computing. Selected papers based on the presentations at the 2nd international conference, ICMC, Haldia, India, January 5–10, 2015. New Delhi: Springer (ISBN 978-81-322-2451-8/hbk; 978-81-322-2452-5/ebook). Springer Proceedings in Mathematics & Statistics 139, 349-361 (2015).
Summary: The security of multivariate public-key cryptography is largely determined by the complexity of solving multivariate quadratic equations over finite fields, a.k.a. the MQ problem. XL (eXtended Linearization) is an efficient algorithm for solving the MQ problem, so its running time is an important indicator for the complexity of solving the MQ problem. In this work, we implement XL on graphics processing unit (GPU) and evaluate its solving time for the MQ problem over several small finite fields, namely, $$\mathrm{GF}(2)$$, $$\mathrm{GF}(3)$$, $$\mathrm{GF}(5)$$, and $$\mathrm{GF}(7)$$. Our implementations can solve MQ instances of 74 equations in 37 unknowns over $$\mathrm{GF}(2)$$ in 36,972 s, 48 equations in 24 unknowns over $$\mathrm{GF}(3)$$ in 933 s, 42 equations in 21 unknowns over $$\mathrm{GF}(5)$$ in 347 s, as well as 42 equations in 21 unknowns over $$\mathrm{GF}(7)$$ in 387 s. Moreover, we can also solve the MQ instance of 48 equations in 24 unknowns over $$\mathrm{GF}(5)$$ in 34,882 s, whose complexity is about $$O(2^{67})$$ with exhaustive search.
For the entire collection see [Zbl 1325.00054].

### MSC:

 94A60 Cryptography 68W30 Symbolic computation and algebraic computation 11T71 Algebraic coding theory; cryptography (number-theoretic aspects)

### Keywords:

multivariate public-key cryptography; XL; GPGPU