In certain cases, those polynomials could be defined over both a ground and an extension field.
If the polynomials have degree two, we talk about multivariate quadratics.
Solving systems of multivariate polynomial equations is proven to be NP-complete.
[1] That's why those schemes are often considered to be good candidates for post-quantum cryptography.
Multivariate cryptography has been very productive in terms of design and cryptanalysis.
Overall, the situation is now more stable and the strongest schemes have withstood the test of time.
It is commonly admitted that Multivariate cryptography turned out to be more successful as an approach to build signature schemes primarily because multivariate schemes provide the shortest signature among post-quantum algorithms.
Tsutomu Matsumoto and Hideki Imai (1988) presented their so-called C* scheme at the Eurocrypt conference.
Although C* has been broken by Jacques Patarin (1995), the general principle of Matsumoto and Imai has inspired a generation of improved proposals.
In later work, the "Hidden Monomial Cryptosystems" was developed by (in French) Jacques Patarin.
"Hidden Field Equations" (HFE), developed by Patarin in 1996, remains a popular multivariate scheme today [P96].
The plain version of HFE is considered to be practically broken, in the sense that secure parameters lead to an impractical scheme.
In addition to HFE, Patarin developed other schemes.
In 1997 he presented “Balanced Oil & Vinegar” and in 1999 “Unbalanced Oil and Vinegar”, in cooperation with Aviad Kipnis and Louis Goubin (Kipnis, Patarin & Goubin 1999).
Multivariate Quadratics involves a public and a private key.
The private key consists of two affine transformations, S and T, and an easy to invert quadratic map
The signature is The receiver of the signed document must have the public key P in possession.