Multivariate public-key cryptosystems (sometimes polynomial-based PKC’s or just multivariates) handle polynomials of many variables over relatively small fields instead of elements of a large ring or group. The “tame-like” or “sparse” class of multivariates are distinguished by the relatively few terms that they have per central equation. We explain how they differ from the “big-field” type of multivariates, represented by derivatives of C ∗ and HFE, how they are better, and give basic security criteria for them. The last is shown to be satisfied by efficient schemes called “Enhanced TTS” which is built on a combination of the Oil-and-Vinegar and Triangular ideas. Their security levels are estimated. In this process we summarize and in some cases, improve rank-based attacks, which seek linear combinations of certain matrices at given ranks. These attacks are responsible for breaking many prior multivariate designs.
