Summary: It is well known that solving randomly chosen multivariate quadratic equations over a finite field (MQ-Problem) is NP-hard, and the security of multivariate public key cryptosystems (MPKCs) is based on the MQ-problem. However, this problem can be solved efficiently when the number of unknowns \(n\) is sufficiently greater than that of equations \(m\) (this is called “underdefined”). Indeed, the algorithm by A. Kipnis et al. [Eurocrypt 1999, Lect. Notes Comput. Sci. 1592, 206–222 (1999; Zbl 0933.94031)] can solve the MQ-problem over a finite field of even characteristic in a polynomial-time of \(n\) when \(n \geq m(m + 1)\). Therefore, it is important to estimate the hardness of the MQ-problem to evaluate the security of multivariate public key cryptosystems. We propose an algorithm in this paper that can solve the MQ-problem in a polynomial-time of \(n\) when \(n \geq \frac{m(m + 3)}{2}\), which has a wider applicable range than that by Kipnis et al. We will also compare our proposed algorithm with other known algorithms. Moreover, we implemented this algorithm with Magma and solved the MQ-problem of \(m = 28\) and \(n = 504\), and it takes 78.7 seconds on a common PC.
For the entire collection see [Zbl 1263.94004].