Paper 2018/1111

Cryptanalysis of the Wave Signature Scheme

Paulo S. L. M. Barreto and Edoardo Persichetti

Abstract

In this paper, we cryptanalyze the signature scheme \textsc{Wave}, which has recently appeared as a preprint. First, we show that there is a severe information leakage occurring from honestly-generated signatures. Then, we illustrate how to exploit this leakage to retrieve an alternative private key, which enables efficiently forging signatures for arbitrary messages. Our attack on the proposed 128-bit secure \textsc{Wave} parameters runs in about 13 minutes, most of which are actually spent collecting genuine signatures. We also explain how our attack applies to generalized versions of the scheme which could potentially be achieved using generalized admissible $(U,U+V)$ codes and larger field characteristics. Finally, as a target for further cryptanalysis, we describe a variant of \textsc{Wave} that we call \textsc{Tsunami}, which appears to thwart our attacks while keeping the positive aspects of that scheme.