Cryptology ePrint Archive: Report 2019/548

About Wave Implementation and its Leakage Immunity

Thomas Debris-Alazard and Nicolas Sendrier and Jean-Pierre Tillich

Abstract: Wave is a recent digital signature scheme. It is based on a family of trapdoor one-way Preimage Sampleable Functions and is proven EUF-CMA in the random oracle model under two code-based computational assumptions. One of its key properties is to produce signatures uniformly distributed of fixed Hamming weight. This property implies that, if properly implemented, Wave is immune to leakage attack. We describe here the key stages for the implementation of the Wave trapdoor inverse function to integrate all the features to achieve leakage-freeness. A proof of concept implementation was made in SageMath. It allowed us to check that properly generated Wave signatures are uniformly distributed. In particular, we show that the signatures produced by this implementation defeat the Barreto-Persichetti attack. We show which features of the Wave specification were improperly put aside and explain why the claim of breaking Wave is incorrect.

Category / Keywords: public-key cryptography / preimage sampleable function, hash and sign signature, provable security, code-based crypto

Date: received 22 May 2019

Contact author: nicolas sendrier at inria fr,thomas debris@inria fr,jean-pierre tillich@inria fr

Available format(s): PDF | BibTeX Citation

Version: 20190523:063631 (All versions of this report)

Short URL: ia.cr/2019/548


[ Cryptology ePrint archive ]