Thus we expect HS-Sign have the same security level against direct attack as a regular UOV.
UOV reconciliation attack  could be viewed as an improved version of direct attack.
Consequently, Thomae and Wolf demonstrated that the attack is inapplicable for a non-multilayer construction, such as UOV.
Table 6 shows the performance requirements of HS-Sign and UOV.
In UOV, each signature needs to store the coefficients of all the central mapping polynomials and the affine invertible map, each polynomial contains (o * v + v * (v + 1)/2 + n + 1) + n * (n + 1)) elements, the affine invertible map contains n(n + 1) elements and the number of polynomials is o, so the private key size is (o * (o * v + v * (v + 1)/2 + n + 1)+n(n+1))L bits.
In UOV, each signature needs to store the total coefficients of all the public polynomials, we can find that these polynomials are randomly multivariate quadratic polynomials with n variate, so the public key size is o [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] bits.
The main computation of key generation in UOV is to randomly construct the map Q and P.
The main computation of signature generation in UOV is to evaluate the polynomials with the random v vinegar variables and solve o linear equations in the o variables.
Then, Table 7 compares HS-Sign with the baseline scheme UOV.
We compare HS-Sign with Gui , QUARTZ , UOV and Rainbow , which are current secure and promising multivariate signature schemes.
From Table 8 we can see that the signing time of HS-Sign is faster than that of UOV and QUARTZ, but a little slower than that of Gui and Rainbow scheme in the same security level, the reason is that both Gui and Rainbow are known for their quick computing but their security is questionable although they are secure now.
A highlight of this paper is that it is a good exploration of MPKC systems, since HS-Sign is focusing on the intuitive drawbacks of UOV and is basing on hyper-spheres.