Revista Matemática Iberoamericana

An Application of Algebraic Geometry to Encryption: Tame Transformation Method

T. Moh

Full-text: Open access


Let $K$ be a finite field of $2^{\ell}$ elements. Let $\phi_4,\phi_3, \phi_2,\phi_1$ be tame mappings of the $n\!+r$-dimensional affine space $K^{n+r}$. Let the composition $\phi_4\phi_3\phi_2\phi_1$ be $\pi$. The mapping $\pi$ and the $\phi_i$'s will be hidden. Let the component expression of $\pi$ be $(\pi_1(x_1,\dots,x_{n+r}),\dots \pi_{n+r}(x_1,\dots,x_{n+r}))$. Let the restriction of $\pi$ to a subspace be $\hat\pi$ as $\hat\pi=(\pi_1(x_1,\dots,x_n,0,\dots,0),\dots,\pi_{n+r}(x_1,\dots, x_n,0,\dots,0))=(f_1,\dots,f_{n+r}) : K^n\ mapsto K^{n+r}$. The field $K$ and the polynomial map ($f_1,\dots,f_{n+r}$) will be announced as the public key. Given a plaintext $(x'_1,\dots,x'_n)\in K^n$, let $y'_i=f_i(x'_1,\dots,x'_n)$, then the ciphertext will be $(y'_1,\dots,y'_{n+r})\in K^{n+r}$. Given $\phi_i$ and ($y'_1,\dots,y'_{n+r}$), it is easy to find $\phi_i^{-1}(y'_1,\dots,y'_{n+r})$. Therefore the plaintext can be recovered by $(x'_1,\dots,x'_n,0,\dots,0) = \phi_1^{-1}\phi_2^{-1} \phi_3^{-1}\phi_4^{-1}\,\hat\pi\,(x'_1,\dots,x'_n)=\phi_1^{-1} \phi_2^{-1}\phi_3^{-1}\phi_4^{-1}(y'_1,\dots, y'_{n+r})$. The private key will be the set of maps $\{\phi_1,\phi_2,\phi_3,\phi_4\}$. The security of the system rests in part on the difficulty of finding the map $\pi$ from the partial informations provided by the map $\hat\pi$ and the factorization of the map $\pi$ into a product (i.e., composition) of tame transformations $\phi_i$'s.

Article information

Rev. Mat. Iberoamericana, Volume 19, Number 2 (2003), 667-685.

First available in Project Euclid: 8 September 2003

Permanent link to this document

Mathematical Reviews number (MathSciNet)

Zentralblatt MATH identifier

Primary: 14Qxx: Computational aspects in algebraic geometry [See also 12Y05, 13Pxx, 68W30] 68P25: Data encryption [See also 94A60, 81P94]

tame transformation public key system public key private key plaintext ciphertext signature master key error-detect


Moh, T. An Application of Algebraic Geometry to Encryption: Tame Transformation Method. Rev. Mat. Iberoamericana 19 (2003), no. 2, 667--685.

Export citation


  • Abhyankar, S. S. and Moh, T.: Embeddings of the line in the plane. J. Reine Angew. Math. 276 (1975), 148-166.
  • Bajaj, C., Garrity, T. and Warren, J.: On the Application of Multi-Equational Resultants. Purdue University, Dept of C. S. Technical Report CSD-TR-826, 1988.
  • Bass, H., Connell, E. H. and Wright, D.L.: The Jacobian conjecture: reduction of degree and formal expansion of the inverse. Bull. Amer. Math. Soc. 7 (1983), no. 2, 287-330.
  • Berlekamp, E. R.: Factoring polynomials over finite fields. Bell System Tech. J. 46 (1967), 1853-1859.
  • Brandstrom, H.: A public-key cryptosystem based upon equations over a finite field. Cryptologia 7 (1983), 347-358.
  • Brent, R. and Kung, H.: Fast Algorithms for Manipulating Formal Power Series. J. Assoc. Comput. Mach. 25 (1978), no. 4, 581-595.
  • Cohen, H.: A Course in Computational Algebraic Number Theory. Springer-Verlag, Berlin, 1993.
  • Courtois, N., Shamir, A., Patarin, J. and Klimov, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In Advances in cryptology --EUROCRYPT 2000 (Bruges), 392-407. Lecture Notes in Comput. Sci. 1807, Springer, Berlin, 2000.
  • Canny, John F.: Complexity of Robot Motion Planning. The MIT Press, Cambridge, Massachusetts, 1988.
  • Dickerson, M.: The inverse of an Automorphism in Polynomial Time. J. Symbolic Comput. 13 (1992), 209-220.
  • Von zur Gathen, J.: Functional decomposition of polynomials: the tame case. J. Symbolic Comput. 9 (1990), 281-299.
  • Von zur Gathen, J.: Functional decomposition of polynomials: the wild case. J. Symbolic Comput. 10 (1990), 437-452.
  • Goubin, L. and Courtois, N. T.: Cryptanalysis of the TTM cryptosystem. In Advances in cryptology --ASIACRYPT 2000 (Kyoto), 44-57. Lecture Notes in Comput. Sci. 1976, Springer, Berlin, 2000.
  • Imai, H. and Matsumoto, T.: Algebraic methods for constructing asymmetric cryptosystems. In Algebraic algorithms and error correcting codes (Grenoble, 1985), 108-119. Lecture Notes in Comput. Sci. 229, Springer, Berlin, 1986.
  • Van der Kulk, W.: On polynomial rings in two variables, Nieuw Arch. Wiskunde (3) 1 (1953), 33-41.
  • Lidl, R. and Niederreiter, H.: Finite fields. Encyclopedia of Mathematics and its Applications 20. Addison-Wesley Pub. Co., Reading, Massachusetts, 1983.
  • Lidl, R.: On cryptosystems based on polynomials and finite fields. In Advances in cryptology (Paris, 1984), 10-15. Lecture Notes in Comput. Sci. 209, Springer, Berlin, 1985.
  • Lucier, B.: Cryptography, Finite Fields, and AltiVec.
  • Moh, T.: On the Classification Problem of Embedded Lines in Characteristic $p$. In Algebraic Geometry and Commutative Algebra (in honor of M. Nagata), vol I, 267-280, Kinokuniya, Kyoto, Japan, 1988.
  • Moh, T.: A Public Key System with Signature and Master Key Functions. Comm. Algebra 27 (1999), no. 5, 2207-2222.
  • Moh, T.: A Fast Public Key System With Signature And Master Key Functions. In Cryptographic Techniques and E-Commerce, Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99). City University of Hong Kong Press, July, 1999.
  • Moh, T.: On the Method of XL and its Inefficiency against TTM.
  • Moh, T.: On the the Goubin-Courtois Attack on TTM. "Cryptology ePrint Archive", A copy can also be obtained at
  • Nagata, M: On the automorphism group of $\mathbfK[X,Y]$. Lectures in Mathematics 5. Kinokuniya, Tokyo, Japan, 1972.
  • Niederreiter, H.: New deterministic factorization algorithms for polynomials over finite fields. In Finite fields: theory, applications, and algorithms (Las Vegas, NV, 1993), 251-268, Contemp. Math. 168, Amer. Math. Soc., Providence, RI, 1994.
  • Patarin, J.: Cryptanalysis of the Matsumoto and Imai public key scheme of Eurocrypt '88. In Advances in cryptology --CRYPTO '95 (Santa Barbara, CA, 1995), 248-261. Lecture Notes in Comput. Sci. 963, Springer, Berlin, 1995.
  • Patarin, J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): two new families of asymmetric algorithms. In Advances in cryptology --EUROCRYPT 1996 (Zaragoza), 33-48. Lecture Notes in Comput. Sci. 1070 Springer-Verlag, 1996.
  • Rivest, R. L., Shamir, A. and Adleman, L. M.: A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Comm. ACM 21 (1978), no. 2, 120-126.