Cryptology ePrint Archive: Report 2020/1172

Cryptanalysis of a round optimal lattice-based multisignature scheme

Zi-Yuan Liu and Yi-Fan Tseng and Raylin Tso

Abstract: Kansal and Dutta recently proposed a multisignature scheme at AFRICACRYPT 2020. This is the first lattice-based multisignature scheme that generates a multisignature in only a single round of interaction and supports public key aggregation. In this letter, we provide a cryptanalysis of this multisignature scheme and demonstrate that the scheme does not satisfy unforgeability requirements. We present an attack strategy to demonstrate that if an adversary obtains a sufficient number of signatures from a signer, he/she can recover the private key of the signer in polynomial time. We also uncover the root cause of the attack and provide a possible solution for this attack to aid future designs of secure multisignature schemes.

Category / Keywords: public-key cryptography / Cryptanalysis; Multisignature; Lattices; Unforgeability

Date: received 24 Sep 2020

Contact author: zyliu at cs nccu edu tw

Available format(s): PDF | BibTeX Citation

Version: 20200925:185128 (All versions of this report)

Short URL: ia.cr/2020/1172


[ Cryptology ePrint archive ]