在密碼學中，我們常常運用數學上的難題來確保安全性，而multivariate quadratic (MQ) problem 就是其中一個例子，它是在描述對於一組二次多項式，我們是否能在多項式時間找到一組解答來滿足上述該組中的所有二次多項式。目前已知的是MQ-problem的worst case是個NPC問題，而它的average case在某些特定情況下有多項是時間的演算法能破解[5][6]，而我們則試圖找尋使否有其他情況也能有好的演算法來找到答案。在這篇論文之中 ，我們將MQ-problem 中所有的二階項都轉變為一些線性方程式的平方和 ，接著我們計算出一般的MQ-problem有多高的機率是我們所期許的新形態，我們也證明了在worst case的狀況下，新型態的MQ-problem的難度跟原始的問題是一樣的，除此之外 ，我們也證明在low-complexity cryptographic hash functions[2]這篇論文中所提出的型態在worst case的狀況下，其難度是比原始問題來的簡單。

Multivariate quadratic (MQ) problem is a question about asking whether there exist a solution for a multiple quadratic polynomial system. It is well-known that MQ-problem is a NP-complete in the worst case. In the past, the average case of MQ-problem has been break in some special case [5][6]. Therefore we try to find another condition to break the MQ-problem. In this paper, We will transform MQ-problem to a new form such that the quadratic term of polynomial is a sum of square of linear functions. We also give the probability of the MQ-problems can be transform to new type and prove the hardness of new type is same as the MQ-problem in worst case. Otherwise, we also proved the hardness of the cases in the paper “low-complexity cryptographic hash functions” is easier than MQ-problem in worst case.

摘要
Abstract
誌謝
Introduction--------------------------------1
Probability of average case transformation--2
Hardness of worst case of TMQ-problem-------8
Hardness of worst case of MQ-assumption-----13
Conclusion and future work------------------15
Reference-----------------------------------16
Appendix------------------------------------17

1 Tsutomu Matsumoto and Hideki Imai. Public Quadratic Polynomial-Tuples for Effcient Signature-Verication and Message-Encryption. In Advances in Cryptology -EUROCRYPT '88, Workshop on the Theory and Application of Cryptographic Techniques, Davos, Switzerland, May 25-27, 1988, Proceedings, pages 419-453, 1988.
2 Benny Applebaum, Naama Haramaty, Yuval Ishai, Eyal Kushilevitz and Vinod Vaikuntanathan.Low-Complexity Cryptographic Hash Functions, 2017.
3 Ming-Shing Chen, Andreas Hulsing, Joost Rijneveld, Simona Samardjiska, and Peter Schwabe. From 5-pass MQ-based identication to MQ-based signatures. Advances in Cryptology - ASIACRYPT 2016, LNCS 10032, pp. 135-165, Springer, 2016.
4 M. R. Garey and David S. Johnson. Computers and Intractability: A Guide to the Theory of NP-Completeness, 1979.
5 Aviad Kipnis, Jacques Patarin and Louis Goubin. Unbalanced Oil and Vinegar Signature Schemes, 1999.
6 Aviad Kipnis and Adi Shamir. Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization, 1999.
7 Johannes Blomer, Richard Karp, and EmoWelzl. The rank of sparese random matrices over nite elds, 1997.