Paper 2017/909
Clarifying the subset-resilience problem
Jean-Philippe Aumasson and Guillaume Endignoux
Abstract
We investigate the subset-resilience problem, defined in 2002 by Reyzin and Reyzin to analyze their HORS signature scheme. We show that textbook HORS is insecure against adaptive attacks, and present a practical attack based on a greedy algorithm. We also describe weak messages for HORS, that map to smaller subsets than expected, and are thus easier to cover. This leads to an improved attack against HORS and to an improved classical attack against the signature scheme SPHINCS, of complexity
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- post-quantumsignatureshash functions
- Contact author(s)
- jeanphilippe aumasson @ gmail com
- History
- 2017-09-25: revised
- 2017-09-24: received
- See all versions
- Short URL
- https://ia.cr/2017/909
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/909, author = {Jean-Philippe Aumasson and Guillaume Endignoux}, title = {Clarifying the subset-resilience problem}, howpublished = {Cryptology {ePrint} Archive, Paper 2017/909}, year = {2017}, url = {https://eprint.iacr.org/2017/909} }