The regular multivariate quadratic problem
Antoine Joux, Rocco Mora
TL;DR
The paper defines the Regular Multivariate Quadratic (RMQ) problem, a hard variant of the classical MQ problem requiring a regular solution structure, and proves its NP-completeness. It then comprehensively analyzes RMQ hardness using three main avenues: algebraic cryptanalysis (Hilbert series, degree of regularity, Gröbner bases, and hybrid methods), probabilistic polynomial methods (PPM) in various recursive forms, and an alternative modeling that maps blocks to higher-degree polynomials with fewer variables. Across boolean and larger finite fields, the authors derive asymptotic complexity bounds, demonstrate that algebraic approaches typically offer the strongest asymptotic guarantees, and show that hybrid methods can closely approach exhaustive search in practice. The work highlights RMQ’s potential cryptographic utility and outlines open questions around practical-instantiation costs and adaptive attacks, suggesting RMQ as a meaningful primitive for post-quantum cryptography research.
Abstract
In this work, we introduce a novel variant of the multivariate quadratic problem, which is at the core of one of the most promising post-quantum alternatives: multivariate cryptography. In this variant, the solution of a given multivariate quadratic system must also be regular, i.e. if it is split into multiple blocks of consecutive entries with the same fixed length, then each block has only one nonzero entry. We prove the NP-completeness of this variant and show similarities and differences with other computational problems used in cryptography. Then we analyze its hardness by reviewing the most common solvers for polynomial systems over finite fields, derive asymptotic formulas for the corresponding complexities and compare the different approaches.