Paper 2020/702
Rainbow Band Separation is Better than we Thought
Ray Perlner and Daniel Smith-Tone
Abstract
Currently the National Institute of Standards and Technology (NIST) is engaged in a post-quantum standardization effort, analyzing numerous candidate schemes to provide security against the advancing threat of quantum computers. Among the candidates in the second round of the standardization process is Rainbow, a roughly 15 year old digital signature scheme based on multivariate systems of equations. While there are many attack avenues for Rainbow, the parameters have to date seemed balanced in such a way to make every attack sufficiently costly that it meets the security levels specified by NIST in their standardization effort. One type of attack against Rainbow has historically outperformed empirically its theoretical complexity: the Rainbow Band Separation (RBS) attack. We explain this discrepancy by providing a tighter theoretical analysis of the attack complexity. While previous analyses assumed that the system of equations derived in the attack are generic, our analysis uses the fact that they are structured to justify tighter bounds on the complexity. As a result, we can prove under the same set of assumptions used to justify the analysis in the Rainbow submission specification that none of the parameters of Rainbow achieve their claimed security level. Specifically, the level I, III and V parameter sets fall short of their claimed security levels by at least 3, 6 and 10 bits, respectively. We then apply our analysis to suggest the small parameter changes necessary to guarantee that Rainbow can meet the NIST security levels.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- MultivariateDigital SignatureRainbow
- Contact author(s)
-
ray perlner @ nist gov
daniel smith @ nist gov - History
- 2020-06-11: received
- Short URL
- https://ia.cr/2020/702
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/702, author = {Ray Perlner and Daniel Smith-Tone}, title = {Rainbow Band Separation is Better than we Thought}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/702}, year = {2020}, url = {https://eprint.iacr.org/2020/702} }