Abstract
ℳultivariate 
uadratic public key schemes have been suggested as early as 1985 by Matsumoto and Imai as an alternative for the RSA scheme. Since then, several schemes have been proposed, for example hidden field equations, unbalanced oil and vinegar schemes, and stepwise triangular schemes. All these schemes have a rather large key space for a secure choice of parameters. Surprisingly, the question of equivalent keys has not been discussed in the open literature until recently. In this article, we show that for all basic classes mentioned above, it is possible to reduce the private – and hence the public – key space by several orders of magnitude, i.e. the size of the set of possible private and hence public keys can be reduced. For the Matsumoto–Imai scheme, we are even able to show that the reductions we found are the only ones possible, i.e. that these reductions are tight. While the theorems developed in this article are of independent interest themselves as they broaden our understanding of ℳultivariate uadratic public key systems, we see applications of our results both in cryptanalysis and in memory efficient implementations of 
-schemes.
© de Gruyter 2011
This article is distributed under the terms of the Creative Commons Attribution Non-Commercial License, which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.
