@article{17721,
  author = {Morten {\O}ygarden and Patrick Felke and H{\r a}vard Raddum},
  title = {Analysis of Multivariate Encryption Schemes: Application to Dob and C*},
  abstract = {A common strategy for constructing multivariate encryption schemes is to use a central map that is easy to invert over an extension field, along with a small number of modifications to thwart potential attacks. In this work, we study the effectiveness of these modifications, by deriving estimates for the number of degree fall polynomials. After developing the necessary tools, we focus on encryption schemes using the C* and Dobbertin central maps, with the internal perturbation (ip), and Q+ modifications. For these constructions, we are able to accurately predict the number of degree fall polynomials produced in a Gr{\"o}bner basis attack, up to and including degree 5 for the Dob encryption scheme and four for C*. The predictions remain accurate even when fixing variables. Based on this new theory, we design a novel attack on Dob, which completely recovers the secret key for the parameters suggested by its designers. Due to the generality of the presented techniques, we also believe that they are of interest to the analysis of other big-field schemes.},
  year = {2024},
  journal = {Journal of Cryptology},
  volume = {37},
  number = {20},
  month = {04/2024},
  publisher = {Springer},
  issn = {1432-1378},
  url = {https://doi.org/10.1007/s00145-024-09501-w},
  doi = {10.1007/s00145-024-09501-w},
}